first commit 2

plugin/editor/cheditor5/imageUpload/_common.php

@@ -0,0 +1,2 @@
+<?php
+include_once("../../../../common.php");

plugin/editor/cheditor5/imageUpload/config.php

@@ -0,0 +1,70 @@
+<?php
+include_once("_common.php");
+
+define("CHE_UPLOAD_IMG_CHECK", 1);  // 이미지 파일을 썸네일 할수 있는지 여부를 체크합니다. ( 해당 파일이 이미지 파일인지 체크합니다. 1이면 사용, 0이면 사용 안함 )
+
+// ---------------------------------------------------------------------------
+
+# 이미지가 저장될 디렉토리의 전체 경로를 설정합니다.
+# 끝에 슬래쉬(/)는 붙이지 않습니다.
+# 주의: 이 경로의 접근 권한은 쓰기, 읽기가 가능하도록 설정해 주십시오.
+
+# data/editor 디렉토리가 없는 경우가 있을수 있으므로 디렉토리를 생성하는 코드를 추가함. kagla 140305
+
+@mkdir(G5_DATA_PATH.'/'.G5_EDITOR_DIR, G5_DIR_PERMISSION);
+@chmod(G5_DATA_PATH.'/'.G5_EDITOR_DIR, G5_DIR_PERMISSION);
+
+$ym = date('ym', G5_SERVER_TIME);
+
+$data_dir = G5_DATA_PATH.'/'.G5_EDITOR_DIR.'/'.$ym;
+$data_url = G5_DATA_URL.'/'.G5_EDITOR_DIR.'/'.$ym;
+
+define("SAVE_DIR", $data_dir);
+
+@mkdir(SAVE_DIR, G5_DIR_PERMISSION);
+@chmod(SAVE_DIR, G5_DIR_PERMISSION);
+
+# 위에서 설정한 'SAVE_DIR'의 URL을 설정합니다.
+# 끝에 슬래쉬(/)는 붙이지 않습니다.
+
+define("SAVE_URL", $data_url);
+
+function che_get_user_id() {
+    global $member;
+
+    if(session_id() == '') {
+        @session_start();
+    }
+
+    $add_str = (isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : '';
+    return session_id().$add_str;
+}
+
+function che_get_file_passname(){
+    $tmp_name = che_get_user_id().$_SERVER['REMOTE_ADDR'];
+    $tmp_name = md5(sha1($tmp_name));
+    return $tmp_name;
+}
+
+function che_generateRandomString($length = 4) {
+    $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
+    $charactersLength = strlen($characters);
+    $randomString = '';
+    for ($i = 0; $i < $length; $i++) {
+        $randomString .= $characters[rand(0, $charactersLength - 1)];
+    }
+    return $randomString;
+}
+
+function che_replace_filename($filename){
+
+    $ext = pathinfo($filename, PATHINFO_EXTENSION);
+
+    $random_str = che_generateRandomString(4);
+
+    $passname = che_get_file_passname();
+    
+    $file_arr = explode('_', $filename);
+
+    return $file_arr[0].'_'.$passname.'_'.$random_str.'.'.$ext;
+}

plugin/editor/cheditor5/imageUpload/delete.php

@@ -0,0 +1,51 @@
+<?php
+require_once("config.php");
+
+if(!function_exists('ft_nonce_is_valid')){
+    include_once('../editor.lib.php');
+}
+
+$filesrc = isset($_POST["filesrc"]) ? preg_replace("/[ #\&\+\-%@=\/\\\:;,\'\"\^`~|\!\?\*$#<>()\[\]\{\}]/", "", $_POST["filesrc"]) : '';
+
+if( !$filesrc || ! preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $filesrc) || ! preg_match('/\.(gif|jpe?g|bmp|png)$/i', $filesrc) ){
+    die( false );
+}
+
+$is_editor_upload = false;
+
+$get_nonce = get_session('nonce_'.FT_NONCE_SESSION_KEY);
+
+if( $get_nonce && ft_nonce_is_valid( $get_nonce, 'cheditor' ) ){
+    $is_editor_upload = true;
+}
+
+if( !$is_editor_upload ){
+   die( false );
+}
+
+// ---------------------------------------------------------------------------
+
+$file_arr = explode('_', $filesrc );
+
+if( $file_arr[1] !== che_get_file_passname() ){
+    die( false );
+}
+
+$filepath = SAVE_DIR . '/' . $filesrc;
+$r = false;
+
+if( function_exists('run_event') ){
+    run_event('delete_editor_file', $filepath, $r);
+}
+
+if (file_exists($filepath)) {
+	$r = unlink($filepath);
+	if ($r) {
+		$thumbPath = dirname($filepath) . DIRECTORY_SEPARATOR . "thumb_" . basename($filepath);
+		if (file_exists($thumbPath)) {
+			unlink($thumbPath);
+		}
+	}
+}
+
+echo $r ? true : false;

plugin/editor/cheditor5/imageUpload/upload.php

@@ -0,0 +1,154 @@
+<?php
+require_once("config.php");
+
+if (!function_exists('ft_nonce_is_valid')) {
+    include_once('../editor.lib.php');
+}
+
+if (!function_exists('che_reprocessImage')) {
+    function che_reprocessImage($file_path, $callback)
+    {
+        $MIME_TYPES_PROCESSORS = array(
+            "image/gif" => array("imagecreatefromgif", "imagegif"),
+            "image/jpg" => array("imagecreatefromjpeg", "imagejpeg"),
+            "image/jpeg" => array("imagecreatefromjpeg", "imagejpeg"),
+            "image/png" => array("imagecreatefrompng", "imagepng"),
+            "image/webp" => array("imagecreatefromwebp", "imagewebp"),
+            "image/bmp" => array("imagecreatefromwbmp", "imagewbmp")
+        );
+
+        // Extracting mime type using getimagesize
+        try {
+            $image_info = getimagesize($file_path);
+            if ($image_info === null) {
+                //throw new Exception("Invalid image type");
+                return false;
+            }
+
+            $mime_type = $image_info["mime"];
+
+            if (!array_key_exists($mime_type, $MIME_TYPES_PROCESSORS)) {
+                //throw new Exception("Invalid image MIME type");
+                return false;
+            }
+
+            $image_from_file = $MIME_TYPES_PROCESSORS[$mime_type][0];
+            $image_to_file = $MIME_TYPES_PROCESSORS[$mime_type][1];
+
+            $reprocessed_image = @$image_from_file($file_path);
+
+            if (!$reprocessed_image) {
+                //throw new Exception("Unable to create reprocessed image from file");
+                return false;
+            }
+
+            // Calling callback(if set) with path of image as a parameter
+            if ($callback !== null) {
+                $callback($reprocessed_image);
+            }
+
+            // Freeing up memory
+            imagedestroy($reprocessed_image);
+        } catch (Exception $e) {
+            unlink($file_path);
+            return false;
+        }
+
+        return true;
+    }
+}
+
+$is_editor_upload = false;
+
+$get_nonce = get_session('nonce_' . FT_NONCE_SESSION_KEY);
+
+if ($get_nonce && ft_nonce_is_valid($get_nonce, 'cheditor')) {
+    $is_editor_upload = true;
+}
+
+if (!$is_editor_upload) {
+    exit;
+}
+
+run_event('cheditor_photo_upload', $data_dir, $data_url);
+
+//----------------------------------------------------------------------------
+//
+//
+$tempfile = $_FILES['file']['tmp_name'];
+$filename = $_FILES['file']['name'];
+$filename_len = strrpos($filename, ".");
+$type = substr($filename, strrpos($filename, ".") + 1);
+$found = false;
+switch ($type) {
+    case "jpg":
+    case "jpeg":
+    case "gif":
+    case "png":
+    case "webp":
+        $found = true;
+}
+
+if ($found != true || $filename_len != 23) {
+    exit;
+}
+
+// 저장 파일 이름: 년월일시분초_렌덤문자8자
+// 20140327125959_abcdefghi.jpg
+// 원본 파일 이름: $_POST["origname"]
+
+$filename = che_replace_filename($filename);
+$savefile = SAVE_DIR . '/' . $filename;
+
+move_uploaded_file($tempfile, $savefile);
+$imgsize = getimagesize($savefile);
+$filesize = filesize($savefile);
+
+if (!$imgsize) {
+    $filesize = 0;
+    $random_name = '-ERR';
+    unlink($savefile);
+}
+
+if (CHE_UPLOAD_IMG_CHECK && !che_reprocessImage($savefile, null)) {
+    $filesize = 0;
+    $random_name = '-ERR';
+    unlink($savefile);
+}
+
+try {
+    if (defined('G5_FILE_PERMISSION')) {
+        chmod($savefile, G5_FILE_PERMISSION);
+    }
+} catch (Exception $e) {
+}
+
+$file_url = SAVE_URL . '/' . $filename;
+
+if (function_exists('run_replace')) {
+    $fileInfo = new \stdClass();
+    $fileInfo->name = (string) $filename;
+    $fileInfo->size = (int) $filesize;
+    $fileInfo->url = (string) $file_url;
+
+    if (isset($_POST['origname'])) {
+        $fileInfo->oriname = (string) $_POST['origname'];
+    }
+
+    if ($imgsize) {
+        $fileInfo->width = (int) $imgsize[0];
+        $fileInfo->height = (int) $imgsize[1];
+        $fileInfo->type = (string) $imgsize['mime'];
+    }
+
+    $file_url = run_replace('get_editor_upload_url', $file_url, $savefile, $fileInfo);
+}
+
+$rdata = sprintf(
+    '{"fileUrl": "%s", "fileName": "%s", "fileSize": "%d" }',
+    $file_url,
+    $filename,
+    $filesize
+);
+
+echo $rdata;