search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PP2 Update (#1758)
[openemr.git] / portal / import_template.php
blobdd1c92d6787a94cf9c0dbbe0c84b7066389ed1fc
1 <?php
2 /**
3 *
4 * Copyright (C) 2016-2017 Jerry Padgett <sjpadgett@gmail.com>
5 *
6 * LICENSE: This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
15 *
16 * You should have received a copy of the GNU Affero General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 *
19 * @package OpenEMR
20 * @author Jerry Padgett <sjpadgett@gmail.com>
21 * @link http://www.open-emr.org
22 */
23
24
25 require_once("../interface/globals.php");
26
27 if ($_POST['mode'] == 'get') {
28 if (validateFile($_POST['docid'])) {
29 echo file_get_contents($_POST['docid']);
30 exit();
31 } else {
32 die(xlt('Invalid File'));
33 }
34 } else if ($_POST['mode'] == 'save') {
35 if (validateFile($_POST['docid'])) {
36 if (stripos($_POST['content'], "<?php") !== false) {
37 file_put_contents($_POST['docid'], $_POST['content']);
38 exit(true);
39 } else {
40 die(xlt('Invalid Content'));
41 }
42 } else {
43 die(xlt('Invalid File'));
44 }
45 } else if ($_POST['mode'] == 'delete') {
46 if (validateFile($_POST['docid'])) {
47 unlink($_POST['docid']);
48 exit(true);
49 } else {
50 die(xlt('Invalid File'));
51 }
52 }
53
54 // so it is an import
55 if (!isset($_POST['up_dir'])) {
56 define("UPLOAD_DIR", $GLOBALS['OE_SITE_DIR'] . '/documents/onsite_portal_documents/templates/');
57 } else {
58 if ($_POST['up_dir'] > 0) {
59 define("UPLOAD_DIR", $GLOBALS['OE_SITE_DIR'] . '/documents/onsite_portal_documents/templates/' . $_POST['up_dir'] . '/');
60 } else {
61 define("UPLOAD_DIR", $GLOBALS['OE_SITE_DIR'] . '/documents/onsite_portal_documents/templates/');
62 }
63 }
64
65 if (!empty($_FILES["tplFile"])) {
66 $tplFile = $_FILES["tplFile"];
67
68 if ($tplFile["error"] !== UPLOAD_ERR_OK) {
69 header("refresh:2;url= import_template_ui.php");
70 echo "<p>" . xlt("An error occurred: Missing file to upload: Use back button!") . "</p>";
71 exit;
72 }
73
74 // ensure a safe filename
75 $name = preg_replace("/[^A-Z0-9._-]/i", "_", $tplFile["name"]);
76 if (preg_match("/(.*)\.(php|php3|php4|php5|php7)$/i", $name) !== 0) {
77 die(xlt('Executables not allowed'));
78 }
79 $parts = pathinfo($name);
80 $name = $parts["filename"] . '.tpl';
81 // don't overwrite an existing file
82 while (file_exists(UPLOAD_DIR . $name)) {
83 $i = rand(0, 128);
84 $newname = $parts["filename"] . "-" . $i . "." . $parts["extension"] . ".replaced";
85 rename(UPLOAD_DIR . $name, UPLOAD_DIR . $newname);
86 }
87
88 // preserve file from temporary directory
89 $success = move_uploaded_file($tplFile["tmp_name"], UPLOAD_DIR . $name);
90 if (!$success) {
91 echo "<p>" . xlt("Unable to save file: Use back button!") . "</p>";
92 exit;
93 }
94
95 // set proper permissions on the new file
96 chmod(UPLOAD_DIR . $name, 0644);
97 header("location: " . $_SERVER['HTTP_REFERER']);
98 }
99
100 function validateFile($filename = '')
101 {
102 $valid = false;
103 $filePath = $GLOBALS['OE_SITE_DIR'] . '/documents/onsite_portal_documents/templates';
104 if (stripos($filename, $filePath) === false) {
105 return false;
106 }
107 if (preg_match("/(.*)\.(php|php3|php4|php5|php7)$/i", $filename) === 0) {
108 if (preg_match("/(.*)\.(tpl)$/i", $filename) === 1) {
109 $valid = true;
110 }
111 }
112 return $valid;
113 }
Mirror of official OpenEMR Sourceforge repository