1 20 21 package com.fredck.FCKeditor.uploader; 22 23 import java.io.*; 24 import javax.servlet.*; 25 import javax.servlet.http.*; 26 import java.util.*; 27 28 29 import org.apache.commons.fileupload.*; 30 31 32 import javax.xml.parsers.*; 33 import org.w3c.dom.*; 34 import javax.xml.transform.*; 35 import javax.xml.transform.dom.DOMSource ; 36 import javax.xml.transform.stream.StreamResult ; 37 38 import com.Yasna.forum.util.SkinUtils; 39 import com.Yasna.forum.Authorization; 40 41 42 49 50 public class SimpleUploaderServlet extends HttpServlet { 51 52 private static String baseDir; 53 private static boolean debug=false; 54 private static boolean enabled=false; 55 private static Hashtable allowedExtensions; 56 private static Hashtable deniedExtensions; 57 58 65 public void init() throws ServletException { 66 67 debug=(new Boolean (getInitParameter("debug"))).booleanValue(); 68 69 if(debug) System.out.println("\r\n---- SimpleUploaderServlet initialization started ----"); 70 71 baseDir=getInitParameter("baseDir"); 72 enabled=(new Boolean (getInitParameter("enabled"))).booleanValue(); 73 if(baseDir==null) 74 baseDir="/UserFiles/"; 75 String realBaseDir=getServletContext().getRealPath(baseDir); 76 File baseFile=new File(realBaseDir); 77 if(!baseFile.exists()){ 78 baseFile.mkdir(); 79 } 80 81 allowedExtensions = new Hashtable(3); 82 deniedExtensions = new Hashtable(3); 83 84 allowedExtensions.put("File",stringToArrayList(getInitParameter("AllowedExtensionsFile"))); 85 deniedExtensions.put("File",stringToArrayList(getInitParameter("DeniedExtensionsFile"))); 86 87 allowedExtensions.put("Image",stringToArrayList(getInitParameter("AllowedExtensionsImage"))); 88 deniedExtensions.put("Image",stringToArrayList(getInitParameter("DeniedExtensionsImage"))); 89 90 allowedExtensions.put("Flash",stringToArrayList(getInitParameter("AllowedExtensionsFlash"))); 91 deniedExtensions.put("Flash",stringToArrayList(getInitParameter("DeniedExtensionsFlash"))); 92 93 94 if(debug) System.out.println("---- SimpleUploaderServlet Initialization completed ----\r\n"); 95 if(debug) System.out.println("---- Using the directory:"+realBaseDir); 96 97 } 98 99 100 109 public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 110 111 if (debug) System.out.println("--- BEGIN DOPOST ---"); 112 Authorization authToken = SkinUtils.getUserAuthorization(request,response); 113 String userdir=request.getRemoteAddr(); 114 if( authToken != null ) { 115 userdir = Integer.toString(authToken.getUserID()); 116 } 117 if (debug) System.out.println(userdir); 118 String realBaseDir=getServletContext().getRealPath(baseDir+userdir); 119 File baseFile=new File(realBaseDir); 120 if(!baseFile.exists()){ 121 baseFile.mkdir(); 122 } 123 if (debug) System.out.println(realBaseDir); 124 125 126 response.setContentType("text/html; charset=UTF-8"); 127 response.setHeader("Cache-Control","no-cache"); 128 PrintWriter out = response.getWriter(); 129 130 131 String typeStr=request.getParameter("Type"); 132 133 String currentPath=baseDir+userdir+"/"+typeStr; 134 String currentDirPath=getServletContext().getRealPath(currentPath); 135 currentPath=request.getContextPath()+currentPath; 136 137 if (debug) System.out.println(currentDirPath); 138 139 String retVal="0"; 140 String newName=""; 141 String fileUrl=""; 142 String errorMessage=""; 143 144 if(enabled) { 145 DiskFileUpload upload = new DiskFileUpload(); 146 try { 147 List items = upload.parseRequest(request); 148 149 Map fields=new HashMap(); 150 151 Iterator iter = items.iterator(); 152 while (iter.hasNext()) { 153 FileItem item = (FileItem) iter.next(); 154 if (item.isFormField()) 155 fields.put(item.getFieldName(),item.getString()); 156 else 157 fields.put(item.getFieldName(),item); 158 } 159 FileItem uplFile=(FileItem)fields.get("NewFile"); 160 String fileNameLong=uplFile.getName(); 161 fileNameLong=fileNameLong.replace('\\','/'); 162 String [] pathParts=fileNameLong.split("/"); 163 String fileName=pathParts[pathParts.length-1]; 164 165 String nameWithoutExt=getNameWithoutExtension(fileName); 166 String ext=getExtension(fileName); 167 File pathToSave=new File(currentDirPath,fileName); 168 fileUrl=currentPath+"/"+fileName; 169 if(extIsAllowed(typeStr,ext)) { 170 int counter=1; 171 while(pathToSave.exists()){ 172 newName=nameWithoutExt+"("+counter+")"+"."+ext; 173 fileUrl=currentPath+"/"+newName; 174 retVal="201"; 175 pathToSave=new File(currentDirPath,newName); 176 counter++; 177 } 178 uplFile.write(pathToSave); 179 } 180 else { 181 retVal="202"; 182 errorMessage=""; 183 if (debug) System.out.println("Invalid file type: " + ext); 184 } 185 }catch (Exception ex) { 186 if (debug) ex.printStackTrace(); 187 retVal="203"; 188 } 189 } 190 else { 191 retVal="1"; 192 errorMessage="This file uploader is disabled. Please check the WEB-INF/web.xml file"; 193 } 194 195 196 out.println("<script type=\"text/javascript\">"); 197 out.println("window.parent.OnUploadCompleted("+retVal+",'"+fileUrl+"','"+newName+"','"+errorMessage+"');"); 198 out.println("</script>"); 199 out.flush(); 200 out.close(); 201 202 if (debug) System.out.println("--- END DOPOST ---"); 203 204 } 205 206 207 210 private static String getNameWithoutExtension(String fileName) { 211 return fileName.substring(0, fileName.lastIndexOf(".")); 212 } 213 214 217 private String getExtension(String fileName) { 218 return fileName.substring(fileName.lastIndexOf(".")+1); 219 } 220 221 222 223 226 227 private ArrayList stringToArrayList(String str) { 228 229 if(debug) System.out.println(str); 230 String [] strArr=str.split("\\|"); 231 232 ArrayList tmp=new ArrayList(); 233 if(str.length()>0) { 234 for(int i=0;i<strArr.length;++i) { 235 if(debug) System.out.println(i +" - "+strArr[i]); 236 tmp.add(strArr[i].toLowerCase()); 237 } 238 } 239 return tmp; 240 } 241 242 243 246 247 private boolean extIsAllowed(String fileType, String ext) { 248 249 ext=ext.toLowerCase(); 250 251 ArrayList allowList=(ArrayList)allowedExtensions.get(fileType); 252 ArrayList denyList=(ArrayList)deniedExtensions.get(fileType); 253 254 if(allowList.size()==0) 255 if(denyList.contains(ext)) 256 return false; 257 else 258 return true; 259 260 if(denyList.size()==0) 261 if(allowList.contains(ext)) 262 return true; 263 else 264 return false; 265 266 return false; 267 } 268 269 } 270 271 | Popular Tags |