4 * Copyright (C) 2016-2017 Jerry Padgett <sjpadgett@gmail.com>
6 * LICENSE: This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
16 * You should have received a copy of the GNU Affero General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 * @author Jerry Padgett <sjpadgett@gmail.com>
21 * @link http://www.open-emr.org
25 require_once("../interface/globals.php");
27 if ($_POST['mode'] == 'get') {
28 if (validateFile($_POST['docid'])) {
29 echo file_get_contents($_POST['docid']);
32 die(xlt('Invalid File'));
34 } else if ($_POST['mode'] == 'save') {
35 if (validateFile($_POST['docid'])) {
36 if (stripos($_POST['content'], "<?php") === false) {
37 file_put_contents($_POST['docid'], $_POST['content']);
40 die(xlt('Invalid Content'));
43 die(xlt('Invalid File'));
45 } else if ($_POST['mode'] == 'delete') {
46 if (validateFile($_POST['docid'])) {
47 unlink($_POST['docid']);
50 die(xlt('Invalid File'));
55 if (!isset($_POST['up_dir'])) {
56 define("UPLOAD_DIR", $GLOBALS['OE_SITE_DIR'] . '/documents/onsite_portal_documents/templates/');
58 if ($_POST['up_dir'] > 0) {
59 define("UPLOAD_DIR", $GLOBALS['OE_SITE_DIR'] . '/documents/onsite_portal_documents/templates/' . $_POST['up_dir'] . '/');
61 define("UPLOAD_DIR", $GLOBALS['OE_SITE_DIR'] . '/documents/onsite_portal_documents/templates/');
65 if (!empty($_FILES["tplFile"])) {
66 $tplFile = $_FILES["tplFile"];
68 if ($tplFile["error"] !== UPLOAD_ERR_OK
) {
69 header("refresh:2;url= import_template_ui.php");
70 echo "<p>" . xlt("An error occurred: Missing file to upload: Use back button!") . "</p>";
74 // ensure a safe filename
75 $name = preg_replace("/[^A-Z0-9._-]/i", "_", $tplFile["name"]);
76 if (preg_match("/(.*)\.(php|php3|php4|php5|php7)$/i", $name) !== 0) {
77 die(xlt('Executables not allowed'));
79 $parts = pathinfo($name);
80 $name = $parts["filename"] . '.tpl';
81 // don't overwrite an existing file
82 while (file_exists(UPLOAD_DIR
. $name)) {
84 $newname = $parts["filename"] . "-" . $i . "." . $parts["extension"] . ".replaced";
85 rename(UPLOAD_DIR
. $name, UPLOAD_DIR
. $newname);
88 // preserve file from temporary directory
89 $success = move_uploaded_file($tplFile["tmp_name"], UPLOAD_DIR
. $name);
91 echo "<p>" . xlt("Unable to save file: Use back button!") . "</p>";
95 // set proper permissions on the new file
96 chmod(UPLOAD_DIR
. $name, 0644);
97 header("location: " . $_SERVER['HTTP_REFERER']);
100 function validateFile($filename = '')
103 $filePath = $GLOBALS['OE_SITE_DIR'] . '/documents/onsite_portal_documents/templates/';
104 if (stripos($filename, $filePath) === false ||
!realpath($filename)) {
107 if (preg_match("/(.*)\.(php|php3|php4|php5|php7)$/i", $filename) === 0) {
108 if (preg_match("/(.*)\.(tpl)$/i", $filename) === 1) {