2 // Copyright (C) 2010 Rod Roark <rod@sunsetsystems.com>
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
9 // This module provides for editing site-specific text files and
10 // for uploading site-specific image files.
12 // Disable magic quotes and fake register globals.
13 $sanitize_all_escapes = true;
14 $fake_register_globals = false;
16 require_once('../globals.php');
17 require_once($GLOBALS['srcdir'].'/acl.inc');
18 require_once($GLOBALS['srcdir'].'/htmlspecialchars.inc.php');
20 require_once($GLOBALS['srcdir'].'/formdata.inc.php');
22 if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
24 // Prepare array of names of editable files, relative to the site directory.
30 'referral_template.html',
32 'letter_templates/custom_pdf.php',
34 // Append LBF plugin filenames to the array.
35 $lres = sqlStatement('SELECT * FROM list_options ' .
36 "WHERE list_id = 'lbfnames' ORDER BY seq, title");
37 while ($lrow = sqlFetchArray($lres)) {
38 $option_id = $lrow['option_id']; // should start with LBF
39 $title = $lrow['title'];
40 $my_files[] = "LBF/$option_id.plugin.php";
43 $form_filename = strip_escape_custom($_REQUEST['form_filename']);
44 // Sanity check to prevent evildoing.
45 if (!in_array($form_filename, $my_files)) $form_filename = '';
46 $filepath = "$OE_SITE_DIR/$form_filename";
48 $imagedir = "$OE_SITE_DIR/images";
50 if (!empty($_POST['bn_save'])) {
52 // Textareas, at least in Firefox, return a \r\n at the end of each line
53 // even though only \n was originally there. For consistency with
54 // normal OpenEMR usage we translate those back.
55 file_put_contents($filepath, str_replace("\r\n", "\n",
56 $_POST['form_filedata']));
61 if (is_uploaded_file($_FILES['form_image']['tmp_name']) && $_FILES['form_image']['size']) {
62 $form_dest_filename = $_POST['form_dest_filename'];
63 if ($form_dest_filename == '') {
64 $form_dest_filename = $_FILES['form_image']['name'];
66 $form_dest_filename = basename($form_dest_filename);
67 if ($form_dest_filename == '') {
68 die(htmlspecialchars(xl('Cannot find a destination filename')));
70 $imagepath = "$imagedir/$form_dest_filename";
71 // If the site's image directory does not yet exist, create it.
72 if (!is_dir($imagedir)) {
75 if (is_file($imagepath)) unlink($imagepath);
76 $tmp_name = $_FILES['form_image']['tmp_name'];
77 if (!move_uploaded_file($_FILES['form_image']['tmp_name'], $imagepath)) {
78 die(htmlspecialchars(xl('Unable to create') . " '$imagepath'"));
86 <title
><?php
echo xlt('File management'); ?
></title
>
87 <link rel
="stylesheet" href
='<?php echo $css_header ?>' type
='text/css'>
89 <style type
="text/css">
90 .dehead
{ color
:#000000; font-family:sans-serif; font-size:10pt; font-weight:bold }
91 .detail
{ color
:#000000; font-family:sans-serif; font-size:10pt; font-weight:normal }
94 <script language
="JavaScript">
95 // This is invoked when a filename selection changes in the drop-list.
96 // In this case anything else entered into the form is discarded.
97 function msfFileChanged() {
99 document
.forms
[0].submit();
105 <body
class="body_top">
106 <form method
='post' action
='manage_site_files.php' enctype
='multipart/form-data'
107 onsubmit
='return top.restoreSession()'>
112 <table border
='1' width
='95%'>
114 <tr bgcolor
='#dddddd' class='dehead'>
115 <td colspan
='2' align
='center'><?php
echo htmlspecialchars(xl('Edit File in') . " $OE_SITE_DIR"); ?
></td
>
119 <td valign
='top' class='detail' nowrap
>
120 <select name
='form_filename' onchange
='msfFileChanged()'>
121 <option value
=''></option
>
123 foreach ($my_files as $filename) {
124 echo " <option value='" . htmlspecialchars($filename, ENT_QUOTES
) . "'";
125 if ($filename == $form_filename) echo " selected";
126 echo ">" . htmlspecialchars($filename) . "</option>\n";
131 <textarea name
='form_filedata' rows
='30' style
='width:100%'><?php
132 if ($form_filename) {
133 echo htmlspecialchars(@file_get_contents
($filepath));
139 <tr bgcolor
='#dddddd' class='dehead'>
140 <td colspan
='2' align
='center'><?php
echo htmlspecialchars(xl('Upload Image to') . " $imagedir"); ?
></td
>
144 <td valign
='top' class='detail' nowrap
>
145 <?php
echo htmlspecialchars(xl('Source File')); ?
>:
146 <input type
="hidden" name
="MAX_FILE_SIZE" value
="12000000" />
147 <input type
="file" name
="form_image" size
="40" /> 
;
148 <?php
echo htmlspecialchars(xl('Destination Filename')) ?
>:
149 <select name
='form_dest_filename'>
150 <option value
=''>(<?php
echo htmlspecialchars(xl('Use source filename')) ?
>)</option
>
152 // Generate an <option> for each file already in the images directory.
153 $dh = opendir($imagedir);
154 if (!$dh) die(htmlspecialchars(xl('Cannot read directory') . " '$imagedir'"));
155 $imagesslist = array();
156 while (false !== ($sfname = readdir($dh))) {
157 if (substr($sfname, 0, 1) == '.') continue;
158 if ($sfname == 'CVS' ) continue;
159 $imageslist[$sfname] = $sfname;
163 foreach ($imageslist as $sfname) {
164 echo " <option value='" . htmlspecialchars($sfname, ENT_QUOTES
) . "'";
165 echo ">" . htmlspecialchars($sfname) . "</option>\n";
175 <input type
='submit' name
='bn_save' value
='<?php echo htmlspecialchars(xl('Save
')) ?>' />