From 3a6abc666fe815c789fbb5068d011acd8766e1e7 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Sat, 9 Nov 2013 18:31:40 +0100
Subject: Add custom config.tgz upload functionality

---
 inc/message.inc.php          |  3 +++
 modules/sysconfig.inc.php    | 27 ++++++++++++++++++++++++++-
 templates/page-tgz-list.html | 12 +++++++++++-
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/inc/message.inc.php b/inc/message.inc.php
index 5896d092..d39f0f9b 100644
--- a/inc/message.inc.php
+++ b/inc/message.inc.php
@@ -15,6 +15,9 @@ $error_text = array(
 	'invalid-action'      => 'Ungültige Aktion: {{0}}',
 	'remote-timeout'      => 'Konnte Ressource {{0}} nicht herunterladen',
 	'remote-parse-failed' => 'Parsen der empfangenen Daten fehlgeschlagen ({{0}})',
+	'missing-file'        => 'Es wurde keine Datei ausgewählt!',
+	'upload-complete'     => 'Upload von {{0}} war erfolgreich',
+	'upload-failed'       => 'Upload von {{0}} schlug fehl!',
 );
 
 class Message
diff --git a/modules/sysconfig.inc.php b/modules/sysconfig.inc.php
index e4751ec4..d5300194 100644
--- a/modules/sysconfig.inc.php
+++ b/modules/sysconfig.inc.php
@@ -2,6 +2,31 @@
 
 User::load();
 
+if (isset($_POST['action']) && $_POST['action'] === 'upload') {
+	if (!Util::verifyToken()) {
+		Util::redirect('?do=sysconfig');
+	}
+	if (!User::hasPermission('superadmin')) {
+		Message::addError('no-permission');
+		Util::redirect('?do=sysconfig');
+	}
+	if (!isset($_FILES['customtgz'])) {
+		Message::addError('missing-file');
+		Util::redirect('?do=sysconfig');
+	}
+	$dest = $_FILES['customtgz']['name'];
+	$dest = preg_replace('/[^a-z0-9\-_]/', '', $dest);
+	$dest = substr($dest, 0, 30);
+	if (substr($dest, -3) !== 'tgz') $dest .= '.tgz';
+	# TODO: Validate its a (compressed) tar?
+	if (move_uploaded_file($_FILES['customtgz']['tmp_name'], CONFIG_TGZ_LIST_DIR . '/' . $dest)) {
+		Message::addSuccess('upload-complete', $dest);
+	} else {
+		Message::addError('upload-failed', $dest);
+	}
+	Util::redirect('?do=sysconfig');
+}
+
 function render_module()
 {
 	if (!isset($_REQUEST['action'])) $_REQUEST['action'] = 'list';
@@ -30,7 +55,7 @@ function list_configs()
 			'file' => $file
 		);
 	}
-	Render::addTemplate('page-tgz-list', array('files' => $files));
+	Render::addTemplate('page-tgz-list', array('files' => $files, 'token' => Session::get('token')));
 }
 
 function list_remote_configs()
diff --git a/templates/page-tgz-list.html b/templates/page-tgz-list.html
index fec5af63..65654766 100644
--- a/templates/page-tgz-list.html
+++ b/templates/page-tgz-list.html
@@ -6,5 +6,15 @@
 		<div class="row well well-sm">Keine Konfigurationspakete gefunden!</div>
 	{{/files}}
 	<a class="btn btn-lg btn-primary" href="?do=sysconfig&amp;action=remotelist">Konfigurationen herunterladen</a>
-	<a class="btn btn-lg btn-primary" href="?do=sysconfig&amp;action=upload">Eigene Konfiguration hochladen</a>
+	<a class="btn btn-lg btn-primary" href="#" data-toggle="collapse" data-target="#uploadform">Eigene Konfiguration hochladen</a>
+	<div class="collapse" id="uploadform">
+		<div class="well well-sm" style="margin: 5px 0px">
+			<form method="post" action="?do=sysconfig" enctype="multipart/form-data">
+				<input type="file" size="40" class="form-control" name="customtgz">
+				<input type="hidden" name="action" value="upload">
+				<input type="hidden" name="token" value="{{token}}">
+				<button class="btn btn-primary form-control-addon" type="submit">Hochladen</button>
+			</form>
+		</div>
+	</div>
 </div>
-- 
cgit v1.2.3-55-g7522