search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ongoing new datepicker project
[openemr.git] / interface / super / manage_site_files.php
blob85c5fcb13594af32cbf05aeba113e36bba4de7c8
1 <?php
2 // Copyright (C) 2010-2016 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 // This module provides for editing site-specific text files and
10 // for uploading site-specific image files.
11
12 // Disable magic quotes and fake register globals.
13 $sanitize_all_escapes = true;
14 $fake_register_globals = false;
15
16 require_once('../globals.php');
17 require_once($GLOBALS['srcdir'].'/acl.inc');
18 /* for formData() */
19
20 if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
21
22 // Prepare array of names of editable files, relative to the site directory.
23 $my_files = array(
24 'config.php',
25 'faxcover.txt',
26 'faxtitle.eps',
27 'referral_template.html',
28 'statement.inc.php',
29 'letter_templates/custom_pdf.php',
30 );
31 // Append LBF plugin filenames to the array.
32 $lres = sqlStatement('SELECT * FROM list_options ' .
33 "WHERE list_id = 'lbfnames' AND activity = 1 ORDER BY seq, title");
34 while ($lrow = sqlFetchArray($lres)) {
35 $option_id = $lrow['option_id']; // should start with LBF
36 $title = $lrow['title'];
37 $my_files[] = "LBF/$option_id.plugin.php";
38 }
39
40 $form_filename = strip_escape_custom($_REQUEST['form_filename']);
41 // Sanity check to prevent evildoing.
42 if (!in_array($form_filename, $my_files)) $form_filename = '';
43 $filepath = "$OE_SITE_DIR/$form_filename";
44
45 $imagedir = "$OE_SITE_DIR/images";
46 $educationdir = "$OE_SITE_DIR/documents/education";
47
48 if (!empty($_POST['bn_save'])) {
49 if ($form_filename) {
50 // Textareas, at least in Firefox, return a \r\n at the end of each line
51 // even though only \n was originally there. For consistency with
52 // normal OpenEMR usage we translate those back.
53 file_put_contents($filepath, str_replace("\r\n", "\n",
54 $_POST['form_filedata']));
55 $form_filename = '';
56 }
57
58 // Handle image uploads.
59 if (is_uploaded_file($_FILES['form_image']['tmp_name']) && $_FILES['form_image']['size']) {
60 $form_dest_filename = $_POST['form_dest_filename'];
61 if ($form_dest_filename == '') {
62 $form_dest_filename = $_FILES['form_image']['name'];
63 }
64 $form_dest_filename = basename($form_dest_filename);
65 if ($form_dest_filename == '') {
66 die(htmlspecialchars(xl('Cannot find a destination filename')));
67 }
68 $imagepath = "$imagedir/$form_dest_filename";
69 // If the site's image directory does not yet exist, create it.
70 if (!is_dir($imagedir)) {
71 mkdir($imagedir);
72 }
73 if (is_file($imagepath)) unlink($imagepath);
74 $tmp_name = $_FILES['form_image']['tmp_name'];
75 if (!move_uploaded_file($_FILES['form_image']['tmp_name'], $imagepath)) {
76 die(htmlspecialchars(xl('Unable to create') . " '$imagepath'"));
77 }
78 }
79
80 // Handle PDF uploads for patient education.
81 if (is_uploaded_file($_FILES['form_education']['tmp_name']) && $_FILES['form_education']['size']) {
82 $form_dest_filename = $_FILES['form_education']['name'];
83 $form_dest_filename = strtolower(basename($form_dest_filename));
84 if (substr($form_dest_filename, -4) != '.pdf') {
85 die(xlt('Filename must end with ".pdf"'));
86 }
87 $educationpath = "$educationdir/$form_dest_filename";
88 // If the site's education directory does not yet exist, create it.
89 if (!is_dir($educationdir)) {
90 mkdir($educationdir);
91 }
92 if (is_file($educationpath)) unlink($educationpath);
93 $tmp_name = $_FILES['form_education']['tmp_name'];
94 if (!move_uploaded_file($tmp_name, $educationpath)) {
95 die(text(xl('Unable to create') . " '$educationpath'"));
96 }
97 }
98
99 }
100
101 /**
102 * Thumbnails generator
103 * generating thumbnail image to all images files from documents table
104 */
105
106 if(isset($_POST['generate_thumbnails'])) {
107
108 $thumb_generator = new ThumbnailGenerator();
109 $results = $thumb_generator->generate_all();
110
111 $thumbnail_msg = "<p style='color: green'>" . xlt('Generated thumbnail(s)') . " : " . text($results['sum_success']) . "</p>";
112 $thumbnail_msg .= "<p style='color: red'>" . xlt('Failed to generate') . " : " . text($results['sum_failed']) . "</p>";
113 foreach($results['failed'] as $key => $file){
114 $num = $key +1;
115 $thumbnail_msg .= "<p style='color: red; font-size: 11px'> " .text($num) . ". " . text($file) . "</p>";
116 }
117 } else {
118
119 $count_not_generated = ThumbnailGenerator::count_not_generated();
120
121 $thumbnail_msg = "<p>" . xlt('Files with empty thumbnail') . ": " . text($count_not_generated) . " </p>";
122 }
123
124
125 /**
126 * White list files.
127 * Security feature that enable to upload only file with mime-type from white list.
128 * Important to prevention upload of virus script.
129 * Dependence - turn on global setting 'secure_upload'
130 */
131
132 if($GLOBALS['secure_upload']){
133
134 $mime_types = array('image/*', 'text/*', 'audio/*', 'video/*');
135
136 // Get cURL resource
137 $curl = curl_init();
138
139 curl_setopt_array($curl, array(
140 CURLOPT_RETURNTRANSFER => 1,
141 CURLOPT_URL => 'https://cdn.rawgit.com/jshttp/mime-db/master/db.json',
142 CURLOPT_CONNECTTIMEOUT => 5,
143 CURLOPT_TIMEOUT => 5
144 ));
145 // Send the request & save response to $resp
146 $resp = curl_exec($curl);
147 $httpinfo = curl_getinfo($curl);
148 if($resp && $httpinfo['http_code'] == 200 && $httpinfo['content_type'] == 'application/json;charset=utf-8'){
149 $all_mime_types = json_decode($resp, true);
150 foreach ($all_mime_types as $name => $value){
151 $mime_types[] = $name;
152 }
153 } else {
154 error_log('Get list of mime-type error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
155 $mime_types_list = array(
156 'application/pdf',
157 'image/jpeg',
158 'image/png',
159 'image/gif',
160 'application/msword',
161 'application/vnd.oasis.opendocument.spreadsheet',
162 'text/plain'
163 );
164 $mime_types = array_merge($mime_types, $mime_types_list);
165 }
166 curl_close($curl);
167
168 if(isset($_POST['submit_form'])){
169
170 $new_white_list = empty($_POST['white_list']) ? array() : $_POST['white_list'];
171
172 // truncate white list from list_options table
173 sqlStatement("DELETE FROM `list_options` WHERE `list_id` = 'files_white_list'");
174 foreach ($new_white_list as $mimetype){
175 sqlStatement("INSERT INTO `list_options` (`list_id`, `option_id`, `title`, `activity`) VALUES ('files_white_list', ?, ?, 1)", array($mimetype, $mimetype));
176 }
177
178 $white_list = $new_white_list;
179 } else {
180 $white_list = array();
181 $lres = sqlStatement("SELECT option_id FROM list_options WHERE list_id = 'files_white_list' AND activity = 1");
182 while ($lrow = sqlFetchArray($lres)) {
183 $white_list[] = $lrow['option_id'];
184 }
185 }
186 }
187
188
189 ?>
190 <html>
191
192 <head>
193 <title><?php echo xlt('File management'); ?></title>
194 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
195
196 <style type="text/css">
197 .dehead { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:bold }
198 .detail { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:normal }
199 #generate_thumb, #file_type_whitelist{
200 width: 95%;
201 margin: 50px auto;
202 border: 2px solid dimgrey;
203 }
204 #generate_thumb table{
205 font-size: 14px;
206 text-align: center;
207 }
208 #generate_thumb table td{
209 border-right: 1px solid dimgrey;
210 padding: 0 15px;
211 }
212 </style>
213
214 <script type="text/javascript" src="<?php echo $GLOBALS['assets_static_relative'] ?>/jquery-min-3-1-1/index.js"></script>
215
216 <script language="JavaScript">
217 // This is invoked when a filename selection changes in the drop-list.
218 // In this case anything else entered into the form is discarded.
219 function msfFileChanged() {
220 top.restoreSession();
221 document.forms[0].submit();
222 }
223 </script>
224
225 </head>
226
227 <body class="body_top">
228 <form method='post' action='manage_site_files.php' enctype='multipart/form-data'
229 onsubmit='return top.restoreSession()'>
230
231 <center>
232
233 <p>
234 <table border='1' width='95%'>
235
236 <tr bgcolor='#dddddd' class='dehead'>
237 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Edit File in') . " $OE_SITE_DIR"); ?></td>
238 </tr>
239
240 <tr>
241 <td valign='top' class='detail' nowrap>
242 <select name='form_filename' onchange='msfFileChanged()'>
243 <option value=''></option>
244 <?php
245 foreach ($my_files as $filename) {
246 echo " <option value='" . htmlspecialchars($filename, ENT_QUOTES) . "'";
247 if ($filename == $form_filename) echo " selected";
248 echo ">" . htmlspecialchars($filename) . "</option>\n";
249 }
250 ?>
251 </select>
252 <br />
253 <textarea name='form_filedata' rows='25' style='width:100%'><?php
254 if ($form_filename) {
255 echo htmlspecialchars(@file_get_contents($filepath));
256 }
257 ?></textarea>
258 </td>
259 </tr>
260
261 <tr bgcolor='#dddddd' class='dehead'>
262 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Upload Image to') . " $imagedir"); ?></td>
263 </tr>
264
265 <tr>
266 <td valign='top' class='detail' nowrap>
267 <?php echo htmlspecialchars(xl('Source File')); ?>:
268 <input type="hidden" name="MAX_FILE_SIZE" value="12000000" />
269 <input type="file" name="form_image" size="40" />&nbsp;
270 <?php echo htmlspecialchars(xl('Destination Filename')) ?>:
271 <select name='form_dest_filename'>
272 <option value=''>(<?php echo htmlspecialchars(xl('Use source filename')) ?>)</option>
273 <?php
274 // Generate an <option> for each file already in the images directory.
275 $dh = opendir($imagedir);
276 if (!$dh) die(htmlspecialchars(xl('Cannot read directory') . " '$imagedir'"));
277 $imagesslist = array();
278 while (false !== ($sfname = readdir($dh))) {
279 if (substr($sfname, 0, 1) == '.') continue;
280 if ($sfname == 'CVS' ) continue;
281 $imageslist[$sfname] = $sfname;
282 }
283 closedir($dh);
284 ksort($imageslist);
285 foreach ($imageslist as $sfname) {
286 echo " <option value='" . htmlspecialchars($sfname, ENT_QUOTES) . "'";
287 echo ">" . htmlspecialchars($sfname) . "</option>\n";
288 }
289 ?>
290 </select>
291 </td>
292 </tr>
293
294 <tr bgcolor='#dddddd' class='dehead'>
295 <td colspan='2' align='center'><?php echo text(xl('Upload Patient Education PDF to') . " $educationdir"); ?></td>
296 </tr>
297 <tr>
298 <td valign='top' class='detail' nowrap>
299 <?php echo xlt('Source File'); ?>:
300 <input type="file" name="form_education" size="40" />&nbsp;
301 <?php echo xlt('Name must be like codetype_code_language.pdf, for example icd9_274.11_en.pdf'); ?>
302 </td>
303 </tr>
304
305 </table>
306
307 <p>
308 <input type='submit' name='bn_save' value='<?php echo htmlspecialchars(xl('Save')) ?>' />
309 </p>
310
311 </center>
312
313 </form>
314
315 <div id="generate_thumb">
316 <table style="width: 100%">
317 <tr>
318 <td class="thumb_title" style="width: 33%">
319 <b><?php echo xlt('Generate Thumbnails')?></b>
320 </td>
321 <td class="thumb_msg" style="width: 50%">
322 <span><?php echo $thumbnail_msg ?></span>
323 </td>
324 <td class="thumb_form" style="width:17%;border-right:none">
325 <form method='post' action='manage_site_files.php#generate_thumb'>
326 <input style="margin-top: 10px" type="submit" name="generate_thumbnails" value="<?php echo xla('Generate') ?>">
327 </form>
328 </td>
329 </tr>
330 </table>
331 </div>
332
333 <?php if($GLOBALS['secure_upload']) { ?>
334
335 <div id="file_type_whitelist">
336 <h2><?php echo xlt('Create custom white list of MIME content type of a files to secure your documents system');?></h2>
337 <form id="whitelist_form" method="post">
338 <div class="subject-black-list">
339 <div class="top-list">
340 <h2><?php echo xlt('Black list'); ?></h2>
341 <b><?php echo xlt('Filter');?>:</b> <input type="text" id="filter-black-list" >
342 </div>
343 <select multiple="multiple" id='black-list' class="form-control">
344 <?php
345 foreach ($mime_types as $type) {
346 if(!in_array($type, $white_list)){
347 echo "<option value='" . attr($type) . "'> " . text($type) . "</option>";
348 }
349 }
350 ?>
351 </select>
352 </div>
353
354 <div class="subject-info-arrows">
355 <input type="button" id="btnAllRight" value=">>" /><br />
356 <input type="button" id="btnRight" value=">" /><br />
357 <input type="button" id="btnLeft" value="<" /><br />
358 <input type="button" id="btnAllLeft" value="<<" />
359 </div>
360
361 <div class="subject-white-list">
362 <div class="top-list">
363 <h2><?php echo xlt('White list'); ?></h2>
364 <b><?php echo xlt('Add manually');?>:</b> <input type="text" id="add-manually-input"> <input type="button" id="add-manually" value="+">
365 </div>
366 <select name="white_list[]" multiple="multiple" id='white-list' class="form-control">
367 <?php
368 foreach ($white_list as $type) {
369 echo "<option value='" . attr($type) . "'> " . text($type) . "</option>";
370 }
371 ?>
372 </select>
373 </div>
374 <div class="subject-info-save">
375 <input type="button" id="submit-whitelist" value="<?php echo xlt('Save'); ?>" />
376 <input type="hidden" name="submit_form" value="1" />
377 </div>
378 </form>
379
380 </div>
381
382 <script>
383
384 (function () {
385 $('#btnRight').click(function (e) {
386 var selectedOpts = $('#black-list option:selected');
387 if (selectedOpts.length == 0) {
388 e.preventDefault();
389 }
390
391 $('#white-list').append($(selectedOpts).clone());
392 $(selectedOpts).remove();
393 e.preventDefault();
394 });
395
396 $('#btnAllRight').click(function (e) {
397 var selectedOpts = $('#black-list option');
398 if (selectedOpts.length == 0) {
399 e.preventDefault();
400 }
401
402 $('#white-list').append($(selectedOpts).clone());
403 $(selectedOpts).remove();
404 e.preventDefault();
405 });
406
407 $('#btnLeft').click(function (e) {
408 var selectedOpts = $('#white-list option:selected');
409 if (selectedOpts.length == 0) {
410 e.preventDefault();
411 }
412
413 $('#black-list').append($(selectedOpts).clone());
414 $(selectedOpts).remove();
415 e.preventDefault();
416 });
417
418 $('#btnAllLeft').click(function (e) {
419 var selectedOpts = $('#white-list option');
420 if (selectedOpts.length == 0) {
421 e.preventDefault();
422 }
423
424 $('#black-list').append($(selectedOpts).clone());
425 $(selectedOpts).remove();
426 e.preventDefault();
427 });
428
429 var storeElements = [];
430
431 $('#filter-black-list').on('keyup', function() {
432 var val = this.value.toLowerCase();
433
434 $('#black-list option').each(function(){
435
436 if(this.value.toLowerCase().indexOf( val ) == -1){
437 if(storeElements.indexOf(this) == -1){
438 storeElements.unshift(this)
439 }
440 $(this).remove();
441 }
442 });
443
444 $(storeElements).each(function(key, element){
445
446 if(element.value.toLowerCase().indexOf( val ) > -1){
447
448 $('#black-list').prepend(element);
449 storeElements.splice(key, 1)
450 }
451
452 });
453
454 });
455
456 $('#add-manually').on('click', function () {
457 var new_type = $("#add-manually-input").val();
458 if(new_type.length < 1)return;
459 $('#white-list').prepend("<option value="+new_type+">"+new_type+"</option>")
460 })
461
462 $('#submit-whitelist').on('click', function () {
463 $('#white-list option').prop('selected', true);
464 $('#whitelist_form').submit();
465 })
466
467 }(jQuery));
468
469 </script>
470
471
472 <?php } ?>
473
474 </body>
475 </html>
476
Mirror of official OpenEMR Sourceforge repository