search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Highway to PSR2
[openemr.git] / interface / super / manage_site_files.php
blobd242354b4c4165db991b788ee9c4fc505a8e83bb
1 <?php
2 // Copyright (C) 2010-2016 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 // This module provides for editing site-specific text files and
10 // for uploading site-specific image files.
11
12 require_once('../globals.php');
13 require_once($GLOBALS['srcdir'].'/acl.inc');
14 /* for formData() */
15
16 if (!acl_check('admin', 'super')) {
17 die(htmlspecialchars(xl('Not authorized')));
18 }
19
20 // Prepare array of names of editable files, relative to the site directory.
21 $my_files = array(
22 'config.php',
23 'faxcover.txt',
24 'faxtitle.eps',
25 'referral_template.html',
26 'statement.inc.php',
27 'letter_templates/custom_pdf.php',
28 );
29 // Append LBF plugin filenames to the array.
30 $lres = sqlStatement('SELECT * FROM list_options ' .
31 "WHERE list_id = 'lbfnames' AND activity = 1 ORDER BY seq, title");
32 while ($lrow = sqlFetchArray($lres)) {
33 $option_id = $lrow['option_id']; // should start with LBF
34 $title = $lrow['title'];
35 $my_files[] = "LBF/$option_id.plugin.php";
36 }
37
38 $form_filename = strip_escape_custom($_REQUEST['form_filename']);
39 // Sanity check to prevent evildoing.
40 if (!in_array($form_filename, $my_files)) {
41 $form_filename = '';
42 }
43
44 $filepath = "$OE_SITE_DIR/$form_filename";
45
46 $imagedir = "$OE_SITE_DIR/images";
47 $educationdir = "$OE_SITE_DIR/documents/education";
48
49 if (!empty($_POST['bn_save'])) {
50 if ($form_filename) {
51 // Textareas, at least in Firefox, return a \r\n at the end of each line
52 // even though only \n was originally there. For consistency with
53 // normal OpenEMR usage we translate those back.
54 file_put_contents($filepath, str_replace(
55 "\r\n",
56 "\n",
57 $_POST['form_filedata']
58 ));
59 $form_filename = '';
60 }
61
62 // Handle image uploads.
63 if (is_uploaded_file($_FILES['form_image']['tmp_name']) && $_FILES['form_image']['size']) {
64 $form_dest_filename = $_POST['form_dest_filename'];
65 if ($form_dest_filename == '') {
66 $form_dest_filename = $_FILES['form_image']['name'];
67 }
68
69 $form_dest_filename = basename($form_dest_filename);
70 if ($form_dest_filename == '') {
71 die(htmlspecialchars(xl('Cannot find a destination filename')));
72 }
73
74 $imagepath = "$imagedir/$form_dest_filename";
75 // If the site's image directory does not yet exist, create it.
76 if (!is_dir($imagedir)) {
77 mkdir($imagedir);
78 }
79
80 if (is_file($imagepath)) {
81 unlink($imagepath);
82 }
83
84 $tmp_name = $_FILES['form_image']['tmp_name'];
85 if (!move_uploaded_file($_FILES['form_image']['tmp_name'], $imagepath)) {
86 die(htmlspecialchars(xl('Unable to create') . " '$imagepath'"));
87 }
88 }
89
90 // Handle PDF uploads for patient education.
91 if (is_uploaded_file($_FILES['form_education']['tmp_name']) && $_FILES['form_education']['size']) {
92 $form_dest_filename = $_FILES['form_education']['name'];
93 $form_dest_filename = strtolower(basename($form_dest_filename));
94 if (substr($form_dest_filename, -4) != '.pdf') {
95 die(xlt('Filename must end with ".pdf"'));
96 }
97
98 $educationpath = "$educationdir/$form_dest_filename";
99 // If the site's education directory does not yet exist, create it.
100 if (!is_dir($educationdir)) {
101 mkdir($educationdir);
102 }
103
104 if (is_file($educationpath)) {
105 unlink($educationpath);
106 }
107
108 $tmp_name = $_FILES['form_education']['tmp_name'];
109 if (!move_uploaded_file($tmp_name, $educationpath)) {
110 die(text(xl('Unable to create') . " '$educationpath'"));
111 }
112 }
113 }
114
115 /**
116 * Thumbnails generator
117 * generating thumbnail image to all images files from documents table
118 */
119
120 if (isset($_POST['generate_thumbnails'])) {
121 $thumb_generator = new ThumbnailGenerator();
122 $results = $thumb_generator->generate_all();
123
124 $thumbnail_msg = "<p style='color: green'>" . xlt('Generated thumbnail(s)') . " : " . text($results['sum_success']) . "</p>";
125 $thumbnail_msg .= "<p style='color: red'>" . xlt('Failed to generate') . " : " . text($results['sum_failed']) . "</p>";
126 foreach ($results['failed'] as $key => $file) {
127 $num = $key +1;
128 $thumbnail_msg .= "<p style='color: red; font-size: 11px'> " .text($num) . ". " . text($file) . "</p>";
129 }
130 } else {
131 $count_not_generated = ThumbnailGenerator::count_not_generated();
132
133 $thumbnail_msg = "<p>" . xlt('Files with empty thumbnail') . ": " . text($count_not_generated) . " </p>";
134 }
135
136
137 /**
138 * White list files.
139 * Security feature that enable to upload only file with mime-type from white list.
140 * Important to prevention upload of virus script.
141 * Dependence - turn on global setting 'secure_upload'
142 */
143
144 if ($GLOBALS['secure_upload']) {
145 $mime_types = array('image/*', 'text/*', 'audio/*', 'video/*');
146
147 // Get cURL resource
148 $curl = curl_init();
149
150 curl_setopt_array($curl, array(
151 CURLOPT_RETURNTRANSFER => 1,
152 CURLOPT_URL => 'https://cdn.rawgit.com/jshttp/mime-db/master/db.json',
153 CURLOPT_CONNECTTIMEOUT => 5,
154 CURLOPT_TIMEOUT => 5
155 ));
156 // Send the request & save response to $resp
157 $resp = curl_exec($curl);
158 $httpinfo = curl_getinfo($curl);
159 if ($resp && $httpinfo['http_code'] == 200 && $httpinfo['content_type'] == 'application/json;charset=utf-8') {
160 $all_mime_types = json_decode($resp, true);
161 foreach ($all_mime_types as $name => $value) {
162 $mime_types[] = $name;
163 }
164 } else {
165 error_log('Get list of mime-type error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
166 $mime_types_list = array(
167 'application/pdf',
168 'image/jpeg',
169 'image/png',
170 'image/gif',
171 'application/msword',
172 'application/vnd.oasis.opendocument.spreadsheet',
173 'text/plain'
174 );
175 $mime_types = array_merge($mime_types, $mime_types_list);
176 }
177
178 curl_close($curl);
179
180 if (isset($_POST['submit_form'])) {
181 $new_white_list = empty($_POST['white_list']) ? array() : $_POST['white_list'];
182
183 // truncate white list from list_options table
184 sqlStatement("DELETE FROM `list_options` WHERE `list_id` = 'files_white_list'");
185 foreach ($new_white_list as $mimetype) {
186 sqlStatement("INSERT INTO `list_options` (`list_id`, `option_id`, `title`, `activity`) VALUES ('files_white_list', ?, ?, 1)", array($mimetype, $mimetype));
187 }
188
189 $white_list = $new_white_list;
190 } else {
191 $white_list = array();
192 $lres = sqlStatement("SELECT option_id FROM list_options WHERE list_id = 'files_white_list' AND activity = 1");
193 while ($lrow = sqlFetchArray($lres)) {
194 $white_list[] = $lrow['option_id'];
195 }
196 }
197 }
198
199
200 ?>
201 <html>
202
203 <head>
204 <title><?php echo xlt('File management'); ?></title>
205 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
206
207 <style type="text/css">
208 .dehead { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:bold }
209 .detail { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:normal }
210 #generate_thumb, #file_type_whitelist{
211 width: 95%;
212 margin: 50px auto;
213 border: 2px solid dimgrey;
214 }
215 #generate_thumb table{
216 font-size: 14px;
217 text-align: center;
218 }
219 #generate_thumb table td{
220 border-right: 1px solid dimgrey;
221 padding: 0 15px;
222 }
223 </style>
224
225 <script type="text/javascript" src="<?php echo $GLOBALS['assets_static_relative'] ?>/jquery-min-3-1-1/index.js"></script>
226
227 <script language="JavaScript">
228 // This is invoked when a filename selection changes in the drop-list.
229 // In this case anything else entered into the form is discarded.
230 function msfFileChanged() {
231 top.restoreSession();
232 document.forms[0].submit();
233 }
234 </script>
235
236 </head>
237
238 <body class="body_top">
239 <form method='post' action='manage_site_files.php' enctype='multipart/form-data'
240 onsubmit='return top.restoreSession()'>
241
242 <center>
243
244 <p>
245 <table border='1' width='95%'>
246
247 <tr bgcolor='#dddddd' class='dehead'>
248 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Edit File in') . " $OE_SITE_DIR"); ?></td>
249 </tr>
250
251 <tr>
252 <td valign='top' class='detail' nowrap>
253 <select name='form_filename' onchange='msfFileChanged()'>
254 <option value=''></option>
255 <?php
256 foreach ($my_files as $filename) {
257 echo " <option value='" . htmlspecialchars($filename, ENT_QUOTES) . "'";
258 if ($filename == $form_filename) {
259 echo " selected";
260 }
261
262 echo ">" . htmlspecialchars($filename) . "</option>\n";
263 }
264 ?>
265 </select>
266 <br />
267 <textarea name='form_filedata' rows='25' style='width:100%'><?php
268 if ($form_filename) {
269 echo htmlspecialchars(@file_get_contents($filepath));
270 }
271 ?></textarea>
272 </td>
273 </tr>
274
275 <tr bgcolor='#dddddd' class='dehead'>
276 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Upload Image to') . " $imagedir"); ?></td>
277 </tr>
278
279 <tr>
280 <td valign='top' class='detail' nowrap>
281 <?php echo htmlspecialchars(xl('Source File')); ?>:
282 <input type="hidden" name="MAX_FILE_SIZE" value="12000000" />
283 <input type="file" name="form_image" size="40" />&nbsp;
284 <?php echo htmlspecialchars(xl('Destination Filename')) ?>:
285 <select name='form_dest_filename'>
286 <option value=''>(<?php echo htmlspecialchars(xl('Use source filename')) ?>)</option>
287 <?php
288 // Generate an <option> for each file already in the images directory.
289 $dh = opendir($imagedir);
290 if (!$dh) {
291 die(htmlspecialchars(xl('Cannot read directory') . " '$imagedir'"));
292 }
293
294 $imagesslist = array();
295 while (false !== ($sfname = readdir($dh))) {
296 if (substr($sfname, 0, 1) == '.') {
297 continue;
298 }
299
300 if ($sfname == 'CVS') {
301 continue;
302 }
303
304 $imageslist[$sfname] = $sfname;
305 }
306
307 closedir($dh);
308 ksort($imageslist);
309 foreach ($imageslist as $sfname) {
310 echo " <option value='" . htmlspecialchars($sfname, ENT_QUOTES) . "'";
311 echo ">" . htmlspecialchars($sfname) . "</option>\n";
312 }
313 ?>
314 </select>
315 </td>
316 </tr>
317
318 <tr bgcolor='#dddddd' class='dehead'>
319 <td colspan='2' align='center'><?php echo text(xl('Upload Patient Education PDF to') . " $educationdir"); ?></td>
320 </tr>
321 <tr>
322 <td valign='top' class='detail' nowrap>
323 <?php echo xlt('Source File'); ?>:
324 <input type="file" name="form_education" size="40" />&nbsp;
325 <?php echo xlt('Name must be like codetype_code_language.pdf, for example icd9_274.11_en.pdf'); ?>
326 </td>
327 </tr>
328
329 </table>
330
331 <p>
332 <input type='submit' name='bn_save' value='<?php echo htmlspecialchars(xl('Save')) ?>' />
333 </p>
334
335 </center>
336
337 </form>
338
339 <div id="generate_thumb">
340 <table style="width: 100%">
341 <tr>
342 <td class="thumb_title" style="width: 33%">
343 <b><?php echo xlt('Generate Thumbnails')?></b>
344 </td>
345 <td class="thumb_msg" style="width: 50%">
346 <span><?php echo $thumbnail_msg ?></span>
347 </td>
348 <td class="thumb_form" style="width:17%;border-right:none">
349 <form method='post' action='manage_site_files.php#generate_thumb'>
350 <input style="margin-top: 10px" type="submit" name="generate_thumbnails" value="<?php echo xla('Generate') ?>">
351 </form>
352 </td>
353 </tr>
354 </table>
355 </div>
356
357 <?php if ($GLOBALS['secure_upload']) { ?>
358
359 <div id="file_type_whitelist">
360 <h2><?php echo xlt('Create custom white list of MIME content type of a files to secure your documents system');?></h2>
361 <form id="whitelist_form" method="post">
362 <div class="subject-black-list">
363 <div class="top-list">
364 <h2><?php echo xlt('Black list'); ?></h2>
365 <b><?php echo xlt('Filter');?>:</b> <input type="text" id="filter-black-list" >
366 </div>
367 <select multiple="multiple" id='black-list' class="form-control">
368 <?php
369 foreach ($mime_types as $type) {
370 if (!in_array($type, $white_list)) {
371 echo "<option value='" . attr($type) . "'> " . text($type) . "</option>";
372 }
373 }
374 ?>
375 </select>
376 </div>
377
378 <div class="subject-info-arrows">
379 <input type="button" id="btnAllRight" value=">>" /><br />
380 <input type="button" id="btnRight" value=">" /><br />
381 <input type="button" id="btnLeft" value="<" /><br />
382 <input type="button" id="btnAllLeft" value="<<" />
383 </div>
384
385 <div class="subject-white-list">
386 <div class="top-list">
387 <h2><?php echo xlt('White list'); ?></h2>
388 <b><?php echo xlt('Add manually');?>:</b> <input type="text" id="add-manually-input"> <input type="button" id="add-manually" value="+">
389 </div>
390 <select name="white_list[]" multiple="multiple" id='white-list' class="form-control">
391 <?php
392 foreach ($white_list as $type) {
393 echo "<option value='" . attr($type) . "'> " . text($type) . "</option>";
394 }
395 ?>
396 </select>
397 </div>
398 <div class="subject-info-save">
399 <input type="button" id="submit-whitelist" value="<?php echo xlt('Save'); ?>" />
400 <input type="hidden" name="submit_form" value="1" />
401 </div>
402 </form>
403
404 </div>
405
406 <script>
407
408 (function () {
409 $('#btnRight').click(function (e) {
410 var selectedOpts = $('#black-list option:selected');
411 if (selectedOpts.length == 0) {
412 e.preventDefault();
413 }
414
415 $('#white-list').append($(selectedOpts).clone());
416 $(selectedOpts).remove();
417 e.preventDefault();
418 });
419
420 $('#btnAllRight').click(function (e) {
421 var selectedOpts = $('#black-list option');
422 if (selectedOpts.length == 0) {
423 e.preventDefault();
424 }
425
426 $('#white-list').append($(selectedOpts).clone());
427 $(selectedOpts).remove();
428 e.preventDefault();
429 });
430
431 $('#btnLeft').click(function (e) {
432 var selectedOpts = $('#white-list option:selected');
433 if (selectedOpts.length == 0) {
434 e.preventDefault();
435 }
436
437 $('#black-list').append($(selectedOpts).clone());
438 $(selectedOpts).remove();
439 e.preventDefault();
440 });
441
442 $('#btnAllLeft').click(function (e) {
443 var selectedOpts = $('#white-list option');
444 if (selectedOpts.length == 0) {
445 e.preventDefault();
446 }
447
448 $('#black-list').append($(selectedOpts).clone());
449 $(selectedOpts).remove();
450 e.preventDefault();
451 });
452
453 var storeElements = [];
454
455 $('#filter-black-list').on('keyup', function() {
456 var val = this.value.toLowerCase();
457
458 $('#black-list option').each(function(){
459
460 if(this.value.toLowerCase().indexOf( val ) == -1){
461 if(storeElements.indexOf(this) == -1){
462 storeElements.unshift(this)
463 }
464 $(this).remove();
465 }
466 });
467
468 $(storeElements).each(function(key, element){
469
470 if(element.value.toLowerCase().indexOf( val ) > -1){
471
472 $('#black-list').prepend(element);
473 storeElements.splice(key, 1)
474 }
475
476 });
477
478 });
479
480 $('#add-manually').on('click', function () {
481 var new_type = $("#add-manually-input").val();
482 if(new_type.length < 1)return;
483 $('#white-list').prepend("<option value="+new_type+">"+new_type+"</option>")
484 })
485
486 $('#submit-whitelist').on('click', function () {
487 $('#white-list option').prop('selected', true);
488 $('#whitelist_form').submit();
489 })
490
491 }(jQuery));
492
493 </script>
494
495
496 <?php } ?>
497
498 </body>
499 </html>
500
Mirror of official OpenEMR Sourceforge repository