XOOPS  2.6.0
MediaUploader.php
Go to the documentation of this file.
1 <?php
2 /*
3  You may not change or alter any portion of this comment or credits
4  of supporting developers from this source code or any supporting source code
5  which is considered copyrighted (c) material of the original comment or credit authors.
6 
7  This program is distributed in the hope that it will be useful,
8  but WITHOUT ANY WARRANTY; without even the implied warranty of
9  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 */
11 
12 namespace Xoops\Core;
13 
63 class MediaUploader
64 {
70  public $allowUnknownTypes = false;
71 
75  public $mediaName;
76 
80  public $mediaType;
81 
85  public $mediaSize;
86 
90  public $mediaTmpName;
91 
95  public $mediaError;
96 
100  public $mediaRealType = '';
101 
105  public $uploadDir = '';
106 
110  public $allowedMimeTypes = array();
111 
115  public $deniedMimeTypes = array(
116  'application/x-httpd-php'
117  );
118 
122  public $maxFileSize = 0;
123 
127  public $maxWidth;
128 
132  public $maxHeight;
133 
137  public $targetFileName;
138 
142  public $prefix;
143 
147  public $errors = array();
148 
152  public $savedDestination;
153 
157  public $savedFileName;
158 
162  //public $extensionToMime = array();
163 
167  public $checkImageType = true;
168 
172  public $extensionsToBeSanitized = array(
173  'php', 'phtml', 'phtm', 'php3', 'php4', 'cgi', 'pl', 'asp', 'php5'
174  );
175 
181  public $imageExtensions = array(
182  1 => 'gif', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tif', 9 => 'jpc',
183  10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swf', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm'
184  );
185 
195  public function __construct($uploadDir, $allowedMimeTypes, $maxFileSize = 0, $maxWidth = null, $maxHeight = null)
196  {
197  if (is_array($allowedMimeTypes)) {
198  $this->allowedMimeTypes = $allowedMimeTypes;
199  }
200  $this->uploadDir = $uploadDir;
201  $this->maxFileSize = intval($maxFileSize);
202  if (isset($maxWidth)) {
203  $this->maxWidth = intval($maxWidth);
204  }
205  if (isset($maxHeight)) {
206  $this->maxHeight = intval($maxHeight);
207  }
208  }
209 
218  public function fetchMedia($media_name, $index = null)
219  {
220  if (!isset($_FILES[$media_name])) {
221  $this->setErrors(\XoopsLocale::E_FILE_NOT_FOUND);
222  return false;
223  } else {
224  if (is_array($_FILES[$media_name]['name']) && isset($index)) {
225  $index = intval($index);
226  $this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($_FILES[$media_name]['name'][$index])
227  : $_FILES[$media_name]['name'][$index];
228  $this->mediaType = $_FILES[$media_name]['type'][$index];
229  $this->mediaSize = $_FILES[$media_name]['size'][$index];
230  $this->mediaTmpName = $_FILES[$media_name]['tmp_name'][$index];
231  $this->mediaError = !empty($_FILES[$media_name]['error'][$index])
232  ? $_FILES[$media_name]['error'][$index] : 0;
233  } else {
234  $media_name = $_FILES[$media_name];
235  $this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($media_name['name']) : $media_name['name'];
236  $this->mediaType = $media_name['type'];
237  $this->mediaSize = $media_name['size'];
238  $this->mediaTmpName = $media_name['tmp_name'];
239  $this->mediaError = !empty($media_name['error']) ? $media_name['error'] : 0;
240  }
241  }
242 
243  $path_parts = pathinfo($this->mediaName);
244  $ext = (isset($path_parts['extension'])) ? $path_parts['extension'] : '';
245  $this->mediaRealType = \Xoops\Core\MimeTypes::findType($ext);
246 
247  $this->errors = array();
248  if (intval($this->mediaSize) < 0) {
249  $this->setErrors(\XoopsLocale::E_INVALID_FILE_SIZE);
250  return false;
251  }
252  if ($this->mediaName == '') {
253  $this->setErrors(\XoopsLocale::E_FILE_NAME_MISSING);
254  return false;
255  }
256  if ($this->mediaTmpName == 'none' || !is_uploaded_file($this->mediaTmpName)) {
257  $this->setErrors(\XoopsLocale::NO_FILE_UPLOADED);
258  return false;
259  }
260  if ($this->mediaError > 0) {
261  $this->setErrors(sprintf(\XoopsLocale::EF_UNEXPECTED_ERROR, $this->mediaError));
262  return false;
263  }
264  return true;
265  }
266 
274  public function setTargetFileName($value)
275  {
276  $this->targetFileName = strval(trim($value));
277  }
278 
286  public function setPrefix($value)
287  {
288  $this->prefix = strval(trim($value));
289  }
290 
296  public function getMediaName()
297  {
298  return $this->mediaName;
299  }
300 
306  public function getMediaType()
307  {
308  return $this->mediaType;
309  }
310 
316  public function getMediaSize()
317  {
318  return $this->mediaSize;
319  }
320 
326  public function getMediaTmpName()
327  {
328  return $this->mediaTmpName;
329  }
330 
336  public function getSavedFileName()
337  {
338  return $this->savedFileName;
339  }
340 
346  public function getSavedDestination()
347  {
348  return $this->savedDestination;
349  }
350 
358  public function upload($chmod = 0644)
359  {
360  if ($this->uploadDir == '') {
361  $this->setErrors(\XoopsLocale::E_UPLOAD_DIRECTORY_NOT_SET);
362  return false;
363  }
364  if (!is_dir($this->uploadDir)) {
365  $this->setErrors(sprintf(\XoopsLocale::EF_DIRECTORY_NOT_OPENED, $this->uploadDir));
366  return false;
367  }
368  if (!is_writeable($this->uploadDir)) {
369  $this->setErrors(sprintf(\XoopsLocale::EF_DIRECTORY_WITH_WRITE_PERMISSION_NOT_OPENED, $this->uploadDir));
370  return false;
371  }
372  $this->sanitizeMultipleExtensions();
373 
374  if (!$this->checkMaxFileSize()) {
375  return false;
376  }
377  if (!$this->checkMaxWidth()) {
378  return false;
379  }
380  if (!$this->checkMaxHeight()) {
381  return false;
382  }
383  if (!$this->checkMimeType()) {
384  return false;
385  }
386  if (!$this->checkImageType()) {
387  return false;
388  }
389  if (count($this->errors) > 0) {
390  return false;
391  }
392  return $this->copyFile($chmod);
393  }
394 
402  protected function copyFile($chmod)
403  {
404  $matched = array();
405  if (!preg_match("/\.([a-zA-Z0-9]+)$/", $this->mediaName, $matched)) {
406  $this->setErrors(\XoopsLocale::E_INVALID_FILE_NAME);
407  return false;
408  }
409  if (isset($this->targetFileName)) {
410  $this->savedFileName = $this->targetFileName;
411  } else {
412  if (isset($this->prefix)) {
413  $this->savedFileName = uniqid($this->prefix) . '.' . strtolower($matched[1]);
414  } else {
415  $this->savedFileName = strtolower($this->mediaName);
416  }
417  }
418 
419  $this->savedDestination = $this->uploadDir . '/' . $this->savedFileName;
420  if (!move_uploaded_file($this->mediaTmpName, $this->savedDestination)) {
421  $this->setErrors(sprintf(\XoopsLocale::EF_FILE_NOT_SAVED_TO, $this->savedDestination));
422  return false;
423  }
424  // Check IE XSS before returning success
425  $ext = strtolower(substr(strrchr($this->savedDestination, '.'), 1));
426  if (in_array($ext, $this->imageExtensions)) {
427  $info = @getimagesize($this->savedDestination);
428  if ($info === false || $this->imageExtensions[(int)$info[2]] != $ext) {
429  $this->setErrors(\XoopsLocale::E_SUSPICIOUS_IMAGE_UPLOAD_REFUSED);
430  @unlink($this->savedDestination);
431  return false;
432  }
433  }
434  @chmod($this->savedDestination, $chmod);
435  return true;
436  }
437 
443  public function checkMaxFileSize()
444  {
445  if (!isset($this->maxFileSize)) {
446  return true;
447  }
448  if ($this->mediaSize > $this->maxFileSize) {
449  $this->setErrors(sprintf(\XoopsLocale::EF_FILE_SIZE_TO_LARGE, $this->maxFileSize, $this->mediaSize));
450  return false;
451  }
452  return true;
453  }
454 
460  public function checkMaxWidth()
461  {
462  if (!isset($this->maxWidth)) {
463  return true;
464  }
465  if (false !== $dimension = getimagesize($this->mediaTmpName)) {
466  if ($dimension[0] > $this->maxWidth) {
467  $this->setErrors(sprintf(\XoopsLocale::EF_FILE_WIDTH_TO_LARGE, $this->maxWidth, $dimension[0]));
468  return false;
469  }
470  } else {
471  trigger_error(sprintf(\XoopsLocale::EF_IMAGE_SIZE_NOT_FETCHED, $this->mediaTmpName), E_USER_WARNING);
472  }
473  return true;
474  }
475 
481  public function checkMaxHeight()
482  {
483  if (!isset($this->maxHeight)) {
484  return true;
485  }
486  if (false !== $dimension = getimagesize($this->mediaTmpName)) {
487  if ($dimension[1] > $this->maxHeight) {
488  $this->setErrors(sprintf(\XoopsLocale::EF_FILE_HEIGHT_TO_LARGE, $this->maxHeight, $dimension[1]));
489  return false;
490  }
491  } else {
492  trigger_error(sprintf(\XoopsLocale::EF_IMAGE_SIZE_NOT_FETCHED, $this->mediaTmpName), E_USER_WARNING);
493  }
494  return true;
495  }
496 
502  public function checkMimeType()
503  {
504  if (empty($this->mediaRealType) && empty($this->allowUnknownTypes)) {
505  $this->setErrors(\XoopsLocale::E_FILE_TYPE_REJECTED);
506  return false;
507  }
508 
509  if ((!empty($this->allowedMimeTypes)
510  && !in_array($this->mediaRealType, $this->allowedMimeTypes))
511  || (!empty($this->deniedMimeTypes)
512  && in_array($this->mediaRealType, $this->deniedMimeTypes))
513  ) {
514  $this->setErrors(sprintf(\XoopsLocale::EF_FILE_MIME_TYPE_NOT_ALLOWED, $this->mediaType));
515  return false;
516  }
517  return true;
518  }
519 
525  public function checkImageType()
526  {
527  if (empty($this->checkImageType)) {
528  return true;
529  }
530 
531  if (('image' == substr($this->mediaType, 0, strpos($this->mediaType, '/')))
532  || (!empty($this->mediaRealType)
533  && 'image' == substr($this->mediaRealType, 0, strpos($this->mediaRealType, '/')))
534  ) {
535  if (!@getimagesize($this->mediaTmpName)) {
536  $this->setErrors(\XoopsLocale::E_INVALID_IMAGE_FILE);
537  return false;
538  }
539  }
540  return true;
541  }
542 
548  public function sanitizeMultipleExtensions()
549  {
550  if (empty($this->extensionsToBeSanitized)) {
551  return;
552  }
553 
554  $patterns = array();
555  $replaces = array();
556  foreach ($this->extensionsToBeSanitized as $ext) {
557  $patterns[] = "/\." . preg_quote($ext) . "\./i";
558  $replaces[] = "_" . $ext . ".";
559  }
560  $this->mediaName = preg_replace($patterns, $replaces, $this->mediaName);
561  }
562 
570  public function setErrors($error)
571  {
572  $this->errors[] = trim($error);
573  }
574 
582  public function getErrors($ashtml = true)
583  {
584  if (!$ashtml) {
585  return $this->errors;
586  } else {
587  $ret = '';
588  if (count($this->errors) > 0) {
589  $ret = '<h4>'
590  . sprintf(\XoopsLocale::EF_ERRORS_RETURNED_WHILE_UPLOADING_FILE, $this->mediaName) . '</h4>';
591  foreach ($this->errors as $error) {
592  $ret .= $error . '<br />';
593  }
594  }
595  return $ret;
596  }
597  }
598 }
$error
if(empty($settings['ROOT_PATH'])) elseif(empty($settings['DB_PARAMETERS'])) $error
Definition: page_configsave.php:41
XoopsLocaleEn_US\NO_FILE_UPLOADED
const NO_FILE_UPLOADED
Definition: en_US.php:864
XoopsLocaleEn_US\EF_DIRECTORY_NOT_OPENED
const EF_DIRECTORY_NOT_OPENED
Definition: en_US.php:233
XoopsLocaleEn_US\EF_FILE_MIME_TYPE_NOT_ALLOWED
const EF_FILE_MIME_TYPE_NOT_ALLOWED
Definition: en_US.php:243
$index
$index
Definition: menu.php:41
$path_parts
if($mtime===false) if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) $path_parts
Definition: browse.php:86
XoopsLocaleEn_US\E_UPLOAD_DIRECTORY_NOT_SET
const E_UPLOAD_DIRECTORY_NOT_SET
Definition: en_US.php:372
XoopsLocaleEn_US\EF_FILE_NOT_SAVED_TO
const EF_FILE_NOT_SAVED_TO
Definition: en_US.php:246
XoopsLocaleEn_US\E_INVALID_FILE_SIZE
const E_INVALID_FILE_SIZE
Definition: en_US.php:336
XoopsLocaleEn_US\EF_FILE_HEIGHT_TO_LARGE
const EF_FILE_HEIGHT_TO_LARGE
Definition: en_US.php:241
XoopsLocaleEn_US\EF_FILE_SIZE_TO_LARGE
const EF_FILE_SIZE_TO_LARGE
Definition: en_US.php:248
XoopsLocaleEn_US\E_INVALID_IMAGE_FILE
const E_INVALID_IMAGE_FILE
Definition: en_US.php:337
XoopsLocaleEn_US\EF_IMAGE_SIZE_NOT_FETCHED
const EF_IMAGE_SIZE_NOT_FETCHED
Definition: en_US.php:254
XoopsLocaleEn_US\E_FILE_NOT_FOUND
const E_FILE_NOT_FOUND
Definition: en_US.php:327
Xoops\Core\MediaUploader\__construct
__construct($uploadDir, $allowedMimeTypes, $maxFileSize=0, $maxWidth=null, $maxHeight=null)
Definition: MediaUploader.php:195
XoopsLocaleEn_US\EF_UNEXPECTED_ERROR
const EF_UNEXPECTED_ERROR
Definition: en_US.php:274
$info
if(isset($_POST['name'])) $info
Definition: execute.php:57
Xoops\Core\MediaUploader\fetchMedia
fetchMedia($media_name, $index=null)
Definition: MediaUploader.php:218
XoopsLocaleEn_US\EF_DIRECTORY_WITH_WRITE_PERMISSION_NOT_OPENED
const EF_DIRECTORY_WITH_WRITE_PERMISSION_NOT_OPENED
Definition: en_US.php:234
$ext
$ext
Definition: browse.php:87
XoopsLocaleEn_US\EF_ERRORS_RETURNED_WHILE_UPLOADING_FILE
const EF_ERRORS_RETURNED_WHILE_UPLOADING_FILE
Definition: en_US.php:239
XoopsLocaleEn_US\E_INVALID_FILE_NAME
const E_INVALID_FILE_NAME
Definition: en_US.php:335
XoopsLocaleEn_US\E_FILE_TYPE_REJECTED
const E_FILE_TYPE_REJECTED
Definition: en_US.php:328
XoopsLocaleEn_US\EF_FILE_WIDTH_TO_LARGE
const EF_FILE_WIDTH_TO_LARGE
Definition: en_US.php:249
XoopsLocaleEn_US\E_SUSPICIOUS_IMAGE_UPLOAD_REFUSED
const E_SUSPICIOUS_IMAGE_UPLOAD_REFUSED
Definition: en_US.php:367
XoopsLocaleEn_US\E_FILE_NAME_MISSING
const E_FILE_NAME_MISSING
Definition: en_US.php:326