search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Multiple improvements from IPPF related to layouts. (#1081)
[openemr.git] / interface / super / manage_site_files.php
blob2543d7a4df0f28e070dee53cf1cb0abac3227fa8
1 <?php
2 // Copyright (C) 2010-2016 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 // This module provides for editing site-specific text files and
10 // for uploading site-specific image files.
11
12 require_once('../globals.php');
13 require_once($GLOBALS['srcdir'].'/acl.inc');
14 /* for formData() */
15
16 if (!acl_check('admin', 'super')) {
17 die(htmlspecialchars(xl('Not authorized')));
18 }
19
20 // Prepare array of names of editable files, relative to the site directory.
21 $my_files = array(
22 'config.php',
23 'faxcover.txt',
24 'faxtitle.eps',
25 'referral_template.html',
26 'statement.inc.php',
27 'letter_templates/custom_pdf.php',
28 );
29 // Append LBF plugin filenames to the array.
30 $lres = sqlStatement('SELECT grp_form_id FROM layout_group_properties ' .
31 "WHERE grp_form_id LIKE 'LBF%' AND grp_group_id = '' AND grp_activity = 1 ORDER BY grp_seq, grp_title");
32 while ($lrow = sqlFetchArray($lres)) {
33 $option_id = $lrow['grp_form_id']; // should start with LBF
34 $my_files[] = "LBF/$option_id.plugin.php";
35 }
36
37 $form_filename = strip_escape_custom($_REQUEST['form_filename']);
38 // Sanity check to prevent evildoing.
39 if (!in_array($form_filename, $my_files)) {
40 $form_filename = '';
41 }
42
43 $filepath = "$OE_SITE_DIR/$form_filename";
44
45 $imagedir = "$OE_SITE_DIR/images";
46 $educationdir = "$OE_SITE_DIR/documents/education";
47
48 if (!empty($_POST['bn_save'])) {
49 if ($form_filename) {
50 // Textareas, at least in Firefox, return a \r\n at the end of each line
51 // even though only \n was originally there. For consistency with
52 // normal OpenEMR usage we translate those back.
53 file_put_contents($filepath, str_replace(
54 "\r\n",
55 "\n",
56 $_POST['form_filedata']
57 ));
58 $form_filename = '';
59 }
60
61 // Handle image uploads.
62 if (is_uploaded_file($_FILES['form_image']['tmp_name']) && $_FILES['form_image']['size']) {
63 $form_dest_filename = $_POST['form_dest_filename'];
64 if ($form_dest_filename == '') {
65 $form_dest_filename = $_FILES['form_image']['name'];
66 }
67
68 $form_dest_filename = basename($form_dest_filename);
69 if ($form_dest_filename == '') {
70 die(htmlspecialchars(xl('Cannot find a destination filename')));
71 }
72
73 $imagepath = "$imagedir/$form_dest_filename";
74 // If the site's image directory does not yet exist, create it.
75 if (!is_dir($imagedir)) {
76 mkdir($imagedir);
77 }
78
79 if (is_file($imagepath)) {
80 unlink($imagepath);
81 }
82
83 $tmp_name = $_FILES['form_image']['tmp_name'];
84 if (!move_uploaded_file($_FILES['form_image']['tmp_name'], $imagepath)) {
85 die(htmlspecialchars(xl('Unable to create') . " '$imagepath'"));
86 }
87 }
88
89 // Handle PDF uploads for patient education.
90 if (is_uploaded_file($_FILES['form_education']['tmp_name']) && $_FILES['form_education']['size']) {
91 $form_dest_filename = $_FILES['form_education']['name'];
92 $form_dest_filename = strtolower(basename($form_dest_filename));
93 if (substr($form_dest_filename, -4) != '.pdf') {
94 die(xlt('Filename must end with ".pdf"'));
95 }
96
97 $educationpath = "$educationdir/$form_dest_filename";
98 // If the site's education directory does not yet exist, create it.
99 if (!is_dir($educationdir)) {
100 mkdir($educationdir);
101 }
102
103 if (is_file($educationpath)) {
104 unlink($educationpath);
105 }
106
107 $tmp_name = $_FILES['form_education']['tmp_name'];
108 if (!move_uploaded_file($tmp_name, $educationpath)) {
109 die(text(xl('Unable to create') . " '$educationpath'"));
110 }
111 }
112 }
113
114 /**
115 * Thumbnails generator
116 * generating thumbnail image to all images files from documents table
117 */
118
119 if (isset($_POST['generate_thumbnails'])) {
120 $thumb_generator = new ThumbnailGenerator();
121 $results = $thumb_generator->generate_all();
122
123 $thumbnail_msg = "<p style='color: green'>" . xlt('Generated thumbnail(s)') . " : " . text($results['sum_success']) . "</p>";
124 $thumbnail_msg .= "<p style='color: red'>" . xlt('Failed to generate') . " : " . text($results['sum_failed']) . "</p>";
125 foreach ($results['failed'] as $key => $file) {
126 $num = $key +1;
127 $thumbnail_msg .= "<p style='color: red; font-size: 11px'> " .text($num) . ". " . text($file) . "</p>";
128 }
129 } else {
130 $count_not_generated = ThumbnailGenerator::count_not_generated();
131
132 $thumbnail_msg = "<p>" . xlt('Files with empty thumbnail') . ": " . text($count_not_generated) . " </p>";
133 }
134
135
136 /**
137 * White list files.
138 * Security feature that enable to upload only file with mime-type from white list.
139 * Important to prevention upload of virus script.
140 * Dependence - turn on global setting 'secure_upload'
141 */
142
143 if ($GLOBALS['secure_upload']) {
144 $mime_types = array('image/*', 'text/*', 'audio/*', 'video/*');
145
146 // Get cURL resource
147 $curl = curl_init();
148
149 curl_setopt_array($curl, array(
150 CURLOPT_RETURNTRANSFER => 1,
151 CURLOPT_URL => 'https://cdn.rawgit.com/jshttp/mime-db/master/db.json',
152 CURLOPT_CONNECTTIMEOUT => 5,
153 CURLOPT_TIMEOUT => 5
154 ));
155 // Send the request & save response to $resp
156 $resp = curl_exec($curl);
157 $httpinfo = curl_getinfo($curl);
158 if ($resp && $httpinfo['http_code'] == 200 && $httpinfo['content_type'] == 'application/json;charset=utf-8') {
159 $all_mime_types = json_decode($resp, true);
160 foreach ($all_mime_types as $name => $value) {
161 $mime_types[] = $name;
162 }
163 } else {
164 error_log('Get list of mime-type error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
165 $mime_types_list = array(
166 'application/pdf',
167 'image/jpeg',
168 'image/png',
169 'image/gif',
170 'application/msword',
171 'application/vnd.oasis.opendocument.spreadsheet',
172 'text/plain'
173 );
174 $mime_types = array_merge($mime_types, $mime_types_list);
175 }
176
177 curl_close($curl);
178
179 if (isset($_POST['submit_form'])) {
180 $new_white_list = empty($_POST['white_list']) ? array() : $_POST['white_list'];
181
182 // truncate white list from list_options table
183 sqlStatement("DELETE FROM `list_options` WHERE `list_id` = 'files_white_list'");
184 foreach ($new_white_list as $mimetype) {
185 sqlStatement("INSERT INTO `list_options` (`list_id`, `option_id`, `title`, `activity`) VALUES ('files_white_list', ?, ?, 1)", array($mimetype, $mimetype));
186 }
187
188 $white_list = $new_white_list;
189 } else {
190 $white_list = array();
191 $lres = sqlStatement("SELECT option_id FROM list_options WHERE list_id = 'files_white_list' AND activity = 1");
192 while ($lrow = sqlFetchArray($lres)) {
193 $white_list[] = $lrow['option_id'];
194 }
195 }
196 }
197
198
199 ?>
200 <html>
201
202 <head>
203 <title><?php echo xlt('File management'); ?></title>
204 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
205
206 <style type="text/css">
207 .dehead { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:bold }
208 .detail { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:normal }
209 #generate_thumb, #file_type_whitelist{
210 width: 95%;
211 margin: 50px auto;
212 border: 2px solid dimgrey;
213 }
214 #generate_thumb table{
215 font-size: 14px;
216 text-align: center;
217 }
218 #generate_thumb table td{
219 border-right: 1px solid dimgrey;
220 padding: 0 15px;
221 }
222 </style>
223
224 <script type="text/javascript" src="<?php echo $GLOBALS['assets_static_relative'] ?>/jquery-min-3-1-1/index.js"></script>
225
226 <script language="JavaScript">
227 // This is invoked when a filename selection changes in the drop-list.
228 // In this case anything else entered into the form is discarded.
229 function msfFileChanged() {
230 top.restoreSession();
231 document.forms[0].submit();
232 }
233 </script>
234
235 </head>
236
237 <body class="body_top">
238 <form method='post' action='manage_site_files.php' enctype='multipart/form-data'
239 onsubmit='return top.restoreSession()'>
240
241 <center>
242
243 <p>
244 <table border='1' width='95%'>
245
246 <tr bgcolor='#dddddd' class='dehead'>
247 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Edit File in') . " $OE_SITE_DIR"); ?></td>
248 </tr>
249
250 <tr>
251 <td valign='top' class='detail' nowrap>
252 <select name='form_filename' onchange='msfFileChanged()'>
253 <option value=''></option>
254 <?php
255 foreach ($my_files as $filename) {
256 echo " <option value='" . htmlspecialchars($filename, ENT_QUOTES) . "'";
257 if ($filename == $form_filename) {
258 echo " selected";
259 }
260
261 echo ">" . htmlspecialchars($filename) . "</option>\n";
262 }
263 ?>
264 </select>
265 <br />
266 <textarea name='form_filedata' rows='25' style='width:100%'><?php
267 if ($form_filename) {
268 echo htmlspecialchars(@file_get_contents($filepath));
269 }
270 ?></textarea>
271 </td>
272 </tr>
273
274 <tr bgcolor='#dddddd' class='dehead'>
275 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Upload Image to') . " $imagedir"); ?></td>
276 </tr>
277
278 <tr>
279 <td valign='top' class='detail' nowrap>
280 <?php echo htmlspecialchars(xl('Source File')); ?>:
281 <input type="hidden" name="MAX_FILE_SIZE" value="12000000" />
282 <input type="file" name="form_image" size="40" />&nbsp;
283 <?php echo htmlspecialchars(xl('Destination Filename')) ?>:
284 <select name='form_dest_filename'>
285 <option value=''>(<?php echo htmlspecialchars(xl('Use source filename')) ?>)</option>
286 <?php
287 // Generate an <option> for each file already in the images directory.
288 $dh = opendir($imagedir);
289 if (!$dh) {
290 die(htmlspecialchars(xl('Cannot read directory') . " '$imagedir'"));
291 }
292
293 $imagesslist = array();
294 while (false !== ($sfname = readdir($dh))) {
295 if (substr($sfname, 0, 1) == '.') {
296 continue;
297 }
298
299 if ($sfname == 'CVS') {
300 continue;
301 }
302
303 $imageslist[$sfname] = $sfname;
304 }
305
306 closedir($dh);
307 ksort($imageslist);
308 foreach ($imageslist as $sfname) {
309 echo " <option value='" . htmlspecialchars($sfname, ENT_QUOTES) . "'";
310 echo ">" . htmlspecialchars($sfname) . "</option>\n";
311 }
312 ?>
313 </select>
314 </td>
315 </tr>
316
317 <tr bgcolor='#dddddd' class='dehead'>
318 <td colspan='2' align='center'><?php echo text(xl('Upload Patient Education PDF to') . " $educationdir"); ?></td>
319 </tr>
320 <tr>
321 <td valign='top' class='detail' nowrap>
322 <?php echo xlt('Source File'); ?>:
323 <input type="file" name="form_education" size="40" />&nbsp;
324 <?php echo xlt('Name must be like codetype_code_language.pdf, for example icd9_274.11_en.pdf'); ?>
325 </td>
326 </tr>
327
328 </table>
329
330 <p>
331 <input type='submit' name='bn_save' value='<?php echo htmlspecialchars(xl('Save')) ?>' />
332 </p>
333
334 </center>
335
336 </form>
337
338 <div id="generate_thumb">
339 <table style="width: 100%">
340 <tr>
341 <td class="thumb_title" style="width: 33%">
342 <b><?php echo xlt('Generate Thumbnails')?></b>
343 </td>
344 <td class="thumb_msg" style="width: 50%">
345 <span><?php echo $thumbnail_msg ?></span>
346 </td>
347 <td class="thumb_form" style="width:17%;border-right:none">
348 <form method='post' action='manage_site_files.php#generate_thumb'>
349 <input style="margin-top: 10px" type="submit" name="generate_thumbnails" value="<?php echo xla('Generate') ?>">
350 </form>
351 </td>
352 </tr>
353 </table>
354 </div>
355
356 <?php if ($GLOBALS['secure_upload']) { ?>
357
358 <div id="file_type_whitelist">
359 <h2><?php echo xlt('Create custom white list of MIME content type of a files to secure your documents system');?></h2>
360 <form id="whitelist_form" method="post">
361 <div class="subject-black-list">
362 <div class="top-list">
363 <h2><?php echo xlt('Black list'); ?></h2>
364 <b><?php echo xlt('Filter');?>:</b> <input type="text" id="filter-black-list" >
365 </div>
366 <select multiple="multiple" id='black-list' class="form-control">
367 <?php
368 foreach ($mime_types as $type) {
369 if (!in_array($type, $white_list)) {
370 echo "<option value='" . attr($type) . "'> " . text($type) . "</option>";
371 }
372 }
373 ?>
374 </select>
375 </div>
376
377 <div class="subject-info-arrows">
378 <input type="button" id="btnAllRight" value=">>" /><br />
379 <input type="button" id="btnRight" value=">" /><br />
380 <input type="button" id="btnLeft" value="<" /><br />
381 <input type="button" id="btnAllLeft" value="<<" />
382 </div>
383
384 <div class="subject-white-list">
385 <div class="top-list">
386 <h2><?php echo xlt('White list'); ?></h2>
387 <b><?php echo xlt('Add manually');?>:</b> <input type="text" id="add-manually-input"> <input type="button" id="add-manually" value="+">
388 </div>
389 <select name="white_list[]" multiple="multiple" id='white-list' class="form-control">
390 <?php
391 foreach ($white_list as $type) {
392 echo "<option value='" . attr($type) . "'> " . text($type) . "</option>";
393 }
394 ?>
395 </select>
396 </div>
397 <div class="subject-info-save">
398 <input type="button" id="submit-whitelist" value="<?php echo xlt('Save'); ?>" />
399 <input type="hidden" name="submit_form" value="1" />
400 </div>
401 </form>
402
403 </div>
404
405 <script>
406
407 (function () {
408 $('#btnRight').click(function (e) {
409 var selectedOpts = $('#black-list option:selected');
410 if (selectedOpts.length == 0) {
411 e.preventDefault();
412 }
413
414 $('#white-list').append($(selectedOpts).clone());
415 $(selectedOpts).remove();
416 e.preventDefault();
417 });
418
419 $('#btnAllRight').click(function (e) {
420 var selectedOpts = $('#black-list option');
421 if (selectedOpts.length == 0) {
422 e.preventDefault();
423 }
424
425 $('#white-list').append($(selectedOpts).clone());
426 $(selectedOpts).remove();
427 e.preventDefault();
428 });
429
430 $('#btnLeft').click(function (e) {
431 var selectedOpts = $('#white-list option:selected');
432 if (selectedOpts.length == 0) {
433 e.preventDefault();
434 }
435
436 $('#black-list').append($(selectedOpts).clone());
437 $(selectedOpts).remove();
438 e.preventDefault();
439 });
440
441 $('#btnAllLeft').click(function (e) {
442 var selectedOpts = $('#white-list option');
443 if (selectedOpts.length == 0) {
444 e.preventDefault();
445 }
446
447 $('#black-list').append($(selectedOpts).clone());
448 $(selectedOpts).remove();
449 e.preventDefault();
450 });
451
452 var storeElements = [];
453
454 $('#filter-black-list').on('keyup', function() {
455 var val = this.value.toLowerCase();
456
457 $('#black-list option').each(function(){
458
459 if(this.value.toLowerCase().indexOf( val ) == -1){
460 if(storeElements.indexOf(this) == -1){
461 storeElements.unshift(this)
462 }
463 $(this).remove();
464 }
465 });
466
467 $(storeElements).each(function(key, element){
468
469 if(element.value.toLowerCase().indexOf( val ) > -1){
470
471 $('#black-list').prepend(element);
472 storeElements.splice(key, 1)
473 }
474
475 });
476
477 });
478
479 $('#add-manually').on('click', function () {
480 var new_type = $("#add-manually-input").val();
481 if(new_type.length < 1)return;
482 $('#white-list').prepend("<option value="+new_type+">"+new_type+"</option>")
483 })
484
485 $('#submit-whitelist').on('click', function () {
486 $('#white-list option').prop('selected', true);
487 $('#whitelist_form').submit();
488 })
489
490 }(jQuery));
491
492 </script>
493
494
495 <?php } ?>
496
497 </body>
498 </html>
499
Mirror of official OpenEMR Sourceforge repository