Minor fix to commit fff1980dd0a7cfd88dfbf2d8f1acb1f4b53a929a
[openemr.git] / interface / super / manage_site_files.php
blob0b257c1f378e94df6421cb5e2931ce21850054ac
1 <?php
2 // Copyright (C) 2010 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
9 // This module provides for editing site-specific text files and
10 // for uploading site-specific image files.
12 // Disable magic quotes and fake register globals.
13 $sanitize_all_escapes = true;
14 $fake_register_globals = false;
16 require_once('../globals.php');
17 require_once($GLOBALS['srcdir'].'/acl.inc');
18 require_once($GLOBALS['srcdir'].'/htmlspecialchars.inc.php');
19 /* for formData() */
20 require_once($GLOBALS['srcdir'].'/formdata.inc.php');
22 if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
24 // Prepare array of names of editable files, relative to the site directory.
25 $my_files = array(
26 'clickoptions.txt',
27 'config.php',
28 'faxcover.txt',
29 'faxtitle.eps',
30 'referral_template.html',
31 'statement.inc.php',
32 'letter_templates/custom_pdf.php',
34 // Append LBF plugin filenames to the array.
35 $lres = sqlStatement('SELECT * FROM list_options ' .
36 "WHERE list_id = 'lbfnames' ORDER BY seq, title");
37 while ($lrow = sqlFetchArray($lres)) {
38 $option_id = $lrow['option_id']; // should start with LBF
39 $title = $lrow['title'];
40 $my_files[] = "LBF/$option_id.plugin.php";
43 $form_filename = strip_escape_custom($_REQUEST['form_filename']);
44 // Sanity check to prevent evildoing.
45 if (!in_array($form_filename, $my_files)) $form_filename = '';
46 $filepath = "$OE_SITE_DIR/$form_filename";
48 $imagedir = "$OE_SITE_DIR/images";
50 if (!empty($_POST['bn_save'])) {
51 if ($form_filename) {
52 // Textareas, at least in Firefox, return a \r\n at the end of each line
53 // even though only \n was originally there. For consistency with
54 // normal OpenEMR usage we translate those back.
55 file_put_contents($filepath, str_replace("\r\n", "\n",
56 $_POST['form_filedata']));
57 $form_filename = '';
60 // Handle uploads.
61 if (is_uploaded_file($_FILES['form_image']['tmp_name']) && $_FILES['form_image']['size']) {
62 $form_dest_filename = $_POST['form_dest_filename'];
63 if ($form_dest_filename == '') {
64 $form_dest_filename = $_FILES['form_image']['name'];
66 $form_dest_filename = basename($form_dest_filename);
67 if ($form_dest_filename == '') {
68 die(htmlspecialchars(xl('Cannot find a destination filename')));
70 $imagepath = "$imagedir/$form_dest_filename";
71 // If the site's image directory does not yet exist, create it.
72 if (!is_dir($imagedir)) {
73 mkdir($imagedir);
75 if (is_file($imagepath)) unlink($imagepath);
76 $tmp_name = $_FILES['form_image']['tmp_name'];
77 if (!move_uploaded_file($_FILES['form_image']['tmp_name'], $imagepath)) {
78 die(htmlspecialchars(xl('Unable to create') . " '$imagepath'"));
83 <html>
85 <head>
86 <title><?php echo xlt('File management'); ?></title>
87 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
89 <style type="text/css">
90 .dehead { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:bold }
91 .detail { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:normal }
92 </style>
94 <script language="JavaScript">
95 // This is invoked when a filename selection changes in the drop-list.
96 // In this case anything else entered into the form is discarded.
97 function msfFileChanged() {
98 top.restoreSession();
99 document.forms[0].submit();
101 </script>
103 </head>
105 <body class="body_top">
106 <form method='post' action='manage_site_files.php' enctype='multipart/form-data'
107 onsubmit='return top.restoreSession()'>
109 <center>
112 <table border='1' width='95%'>
114 <tr bgcolor='#dddddd' class='dehead'>
115 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Edit File in') . " $OE_SITE_DIR"); ?></td>
116 </tr>
118 <tr>
119 <td valign='top' class='detail' nowrap>
120 <select name='form_filename' onchange='msfFileChanged()'>
121 <option value=''></option>
122 <?php
123 foreach ($my_files as $filename) {
124 echo " <option value='" . htmlspecialchars($filename, ENT_QUOTES) . "'";
125 if ($filename == $form_filename) echo " selected";
126 echo ">" . htmlspecialchars($filename) . "</option>\n";
129 </select>
130 <br />
131 <textarea name='form_filedata' rows='30' style='width:100%'><?php
132 if ($form_filename) {
133 echo htmlspecialchars(@file_get_contents($filepath));
135 ?></textarea>
136 </td>
137 </tr>
139 <tr bgcolor='#dddddd' class='dehead'>
140 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Upload Image to') . " $imagedir"); ?></td>
141 </tr>
143 <tr>
144 <td valign='top' class='detail' nowrap>
145 <?php echo htmlspecialchars(xl('Source File')); ?>:
146 <input type="hidden" name="MAX_FILE_SIZE" value="12000000" />
147 <input type="file" name="form_image" size="40" />&nbsp;
148 <?php echo htmlspecialchars(xl('Destination Filename')) ?>:
149 <select name='form_dest_filename'>
150 <option value=''>(<?php echo htmlspecialchars(xl('Use source filename')) ?>)</option>
151 <?php
152 // Generate an <option> for each file already in the images directory.
153 $dh = opendir($imagedir);
154 if (!$dh) die(htmlspecialchars(xl('Cannot read directory') . " '$imagedir'"));
155 $imagesslist = array();
156 while (false !== ($sfname = readdir($dh))) {
157 if (substr($sfname, 0, 1) == '.') continue;
158 if ($sfname == 'CVS' ) continue;
159 $imageslist[$sfname] = $sfname;
161 closedir($dh);
162 ksort($imageslist);
163 foreach ($imageslist as $sfname) {
164 echo " <option value='" . htmlspecialchars($sfname, ENT_QUOTES) . "'";
165 echo ">" . htmlspecialchars($sfname) . "</option>\n";
168 </select>
169 </td>
170 </tr>
172 </table>
175 <input type='submit' name='bn_save' value='<?php echo htmlspecialchars(xl('Save')) ?>' />
176 </p>
178 </center>
180 </form>
181 </body>
182 </html>