XCL Web Application Platform 2.5.0
The XoopsCube Legacy Project
Loading...
Searching...
No Matches
uploader.php
1<?php
13
36
37define('XCUBE_IMAGETYPE_ENUM_GIF', 1);
38define('XCUBE_IMAGETYPE_ENUM_JPG', 2);
39define('XCUBE_IMAGETYPE_ENUM_PNG', 3);
40define('XCUBE_IMAGETYPE_ENUM_BMP', 6);
41
42class XoopsMediaUploader
43{
47 public $allowUnknownTypes = false;
48 public $mediaName;
49 public $mediaType;
50 public $mediaSize;
51 public $mediaTmpName;
52 public $mediaError;
53 public $mediaRealType = '';
54 public $uploadDir = '';
55 public $allowedMimeTypes = [];
56 public $allowedExtensions = [];
57 public $maxFileSize = 0;
58 public $maxWidth;
59 public $maxHeight;
60 public $targetFileName;
61 public $prefix;
62 public $errors = [];
63 public $savedDestination;
64 public $savedFileName;
65 public $extensionToMime = [];
66
67 public $_strictCheckExtensions = [];
68
78 public function __construct($uploadDir, $allowedMimeTypes, $maxFileSize=0, $maxWidth=null, $maxHeight=null)
79 {
80 @$this->extensionToMime = include(XOOPS_ROOT_PATH . '/class/mimetypes.inc.php');
81 if (!is_array($this->extensionToMime)) {
82 $this->extensionToMime = [];
83 return false;
84 }
85 if (is_array($allowedMimeTypes)) {
86 $this->allowedMimeTypes =& $allowedMimeTypes;
87 }
88 $this->uploadDir = $uploadDir;
89 $this->maxFileSize = (int)$maxFileSize;
90 if (isset($maxWidth)) {
91 $this->maxWidth = (int)$maxWidth;
92 }
93 if (isset($maxHeight)) {
94 $this->maxHeight = (int)$maxHeight;
95 }
96
97 $this->_strictCheckExtensions = [
98 'gif' =>XCUBE_IMAGETYPE_ENUM_GIF,
99 'jpg' =>XCUBE_IMAGETYPE_ENUM_JPG,
100 'jpeg' =>XCUBE_IMAGETYPE_ENUM_JPG,
101 'png' =>XCUBE_IMAGETYPE_ENUM_PNG,
102 'bmp' =>XCUBE_IMAGETYPE_ENUM_BMP
103 ];
104 }
105
106 public function setAllowedExtensions($extensions)
107 {
108 $this->allowedExtensions = is_array($extensions) ? $extensions : [];
109 }
110
111 public function setStrictCheckExtensions($extensions)
112 {
113 $this->_strictCheckExtensions = $extensions;
114 }
115
123 public function fetchMedia($media_name, $index = null)
124 {
125 if (empty($this->extensionToMime)) {
126 $this->setErrors('Error loading mimetypes definition');
127 return false;
128 }
129 if (!isset($_FILES[$media_name])) {
130 $this->setErrors('File not found');
131 return false;
132 }
133
134 if (is_array($_FILES[$media_name]['name']) && isset($index)) {
135 $index = (int)$index;
136 $this->mediaName = $_FILES[$media_name]['name'][$index];
137 $this->mediaType = $_FILES[$media_name]['type'][$index];
138 $this->mediaSize = $_FILES[$media_name]['size'][$index];
139 $this->mediaTmpName = $_FILES[$media_name]['tmp_name'][$index];
140 $this->mediaError = !empty($_FILES[$media_name]['error'][$index]) ? $_FILES[$media_name]['errir'][$index] : 0;
141 } else {
142 $media_name =& $_FILES[$media_name];
143 $this->mediaName = $media_name['name'];
144 $this->mediaName = $media_name['name'];
145 $this->mediaType = $media_name['type'];
146 $this->mediaSize = $media_name['size'];
147 $this->mediaTmpName = $media_name['tmp_name'];
148 $this->mediaError = !empty($media_name['error']) ? $media_name['error'] : 0;
149 }
150 if (false !== ($ext = strrpos($this->mediaName, '.'))) {
151 $this->ext = strtolower(substr($this->mediaName, $ext + 1));
152 if (isset($this->extensionToMime[$this->ext])) {
153 $this->mediaRealType = $this->extensionToMime[$this->ext];
154 //trigger_error( "XoopsMediaUploader: Set mediaRealType to {$this->mediaRealType} (file extension is ".$this->ext.")", E_USER_NOTICE );
155 }
156 } else {
157 $this->setErrors('Invalid Extension');
158 return false;
159 }
160 $this->errors = [];
161 if ((int)$this->mediaSize < 0) {
162 $this->setErrors('Invalid File Size');
163 return false;
164 }
165 if ('' == $this->mediaName) {
166 $this->setErrors('Filename Is Empty');
167 return false;
168 }
169 if ('none' === $this->mediaTmpName || !is_uploaded_file($this->mediaTmpName)) {
170 $this->setErrors('No file uploaded');
171 return false;
172 }
173 if ($this->mediaError > 0) {
174 $this->setErrors('Error occurred: Error #'.$this->mediaError);
175 return false;
176 }
177 return true;
178 }
179
185 public function setTargetFileName($value)
186 {
187 $this->targetFileName = (string)trim($value);
188 }
189
195 public function setPrefix($value)
196 {
197 $this->prefix = (string)trim($value);
198 }
199
205 public function getMediaName()
206 {
207 return $this->mediaName;
208 }
209
215 public function getMediaType()
216 {
217 return $this->mediaType;
218 }
219
225 public function getMediaSize()
226 {
227 return $this->mediaSize;
228 }
229
235 public function getMediaTmpName()
236 {
237 return $this->mediaTmpName;
238 }
239
245 public function getSavedFileName()
246 {
247 return $this->savedFileName;
248 }
249
255 public function getSavedDestination()
256 {
257 return $this->savedDestination;
258 }
259
266 public function upload($chmod = 0644)
267 {
268 if ('' == $this->uploadDir) {
269 $this->setErrors('Upload directory not set');
270 return false;
271 }
272 if (!is_dir($this->uploadDir)) {
273 $this->setErrors('Failed opening directory: '.$this->uploadDir);
274 }
275 if (!is_writable($this->uploadDir)) {
276 $this->setErrors('Failed opening directory with write permission: '.$this->uploadDir);
277 }
278 if (!$this->checkMaxFileSize()) {
279 $this->setErrors('File size too large: '.$this->mediaSize);
280 }
281 if (!$this->checkMaxWidth()) {
282 $this->setErrors(sprintf('File width must be smaller than %u', $this->maxWidth));
283 }
284 if (!$this->checkMaxHeight()) {
285 $this->setErrors(sprintf('File height must be smaller than %u', $this->maxHeight));
286 }
287 if (!$this->checkMimeType()) {
288 $this->setErrors('Invalid file type');
289 }
290 if (count($this->errors) > 0) {
291 return false;
292 }
293 if (!$this->_copyFile($chmod)) {
294 $this->setErrors('Failed uploading file: '.$this->mediaName);
295 return false;
296 }
297 return true;
298 }
299
306 public function _copyFile($chmod)
307 {
308 if (isset($this->targetFileName)) {
309 $this->savedFileName = $this->targetFileName;
310 } elseif (isset($this->prefix)) {
311 $this->savedFileName = uniqid($this->prefix, true).'.'.strtolower($this->ext);
312 } else {
313 $this->savedFileName = strtolower($this->mediaName);
314 }
315 $this->savedDestination = $this->uploadDir.'/'.$this->savedFileName;
316 if (!move_uploaded_file($this->mediaTmpName, $this->savedDestination)) {
317 return false;
318 }
319 @chmod($this->savedDestination, $chmod);
320 return true;
321 }
322
328 public function checkMaxFileSize()
329 {
330 return !($this->mediaSize > $this->maxFileSize);
331 }
332
338 public function checkMaxWidth()
339 {
340 if (!isset($this->maxWidth)) {
341 return true;
342 }
343 if (false !== $dimension = getimagesize($this->mediaTmpName)) {
344 if ($dimension[0] > $this->maxWidth) {
345 return false;
346 }
347 } else {
348 trigger_error(sprintf('Failed fetching image size of %s, skipping max width check..', $this->mediaTmpName), E_USER_WARNING);
349 }
350 return true;
351 }
352
358 public function checkMaxHeight()
359 {
360 if (!isset($this->maxHeight)) {
361 return true;
362 }
363 if (false !== $dimension = getimagesize($this->mediaTmpName)) {
364 if ($dimension[1] > $this->maxHeight) {
365 return false;
366 }
367 } else {
368 trigger_error(sprintf('Failed fetching image size of %s, skipping max height check..', $this->mediaTmpName), E_USER_WARNING);
369 }
370 return true;
371 }
372
378 public function checkMimeType()
379 {
380 if (!empty($this->allowedExtensions)) {
381 if (!in_array($this->ext, $this->allowedExtensions)) {
382 $this->setErrors('File extension not allowed');
383 return false;
384 }
385 // Since the file extension is already checked against
386 // allowed file extension values, it is safe to use
387 // $this->mediaType for the allowed mime type check as was in
388 // <= 2.0.9.2
389 if (!empty($this->allowedMimeTypes)&& !in_array($this->mediaType, $this->allowedMimeTypes, true)) {
390 $this->setErrors('Unexpected MIME Type');
391 return false;
392 }
393 } else {
394 // use $this->mediaRealType for the allowed mime type check to
395 // make it more restrictive/secure
396 if (empty($this->mediaRealType) && !$this->allowUnknownTypes) {
397 return false;
398 }
399 if (!empty($this->allowedMimeTypes)&& !in_array($this->mediaRealType, $this->allowedMimeTypes, true)) {
400 $this->setErrors('Unexpected MIME Type');
401 return false;
402 }
403 }
404
405 // If this extension need strict check, call method for it.
406 if (isset($this->_strictCheckExtensions[$this->ext])) {
407 return $this->_checkStrict();
408 } else {
409 return true;
410 }
411 }
412
413 public function _checkStrict()
414 {
415 $parseValue = getimagesize($this->mediaTmpName);
416
417 if (false === $parseValue) {
418 return false;
419 }
420
421 return $parseValue[2]==$this->_strictCheckExtensions[$this->ext];
422 }
423
429 public function checkExpectedMimeType()
430 {
431 if (empty($this->mediaRealType) && !$this->allowUnknownTypes) {
432 return false;
433 }
434
435 return (empty($this->allowedMimeTypes) || in_array($this->mediaRealType, $this->allowedMimeTypes, true));
436 }
437
443 public function setErrors($error)
444 {
445 $this->errors[] = trim($error);
446 }
447
455 public function &getErrors($ashtml = true)
456 {
457 if (!$ashtml) {
458 return $this->errors;
459 }
460
461 $ret = '';
462 if (count($this->errors) > 0) {
463 $ret = '<h4>Errors Returned While Uploading</h4>';
464 foreach ($this->errors as $error) {
465 $ret .= $error.'<br>';
466 }
467 }
468 return $ret;
469 }
470}
XoopsMediaUploader\upload
upload($chmod=0644)
Definition uploader.php:266
XoopsMediaUploader\setTargetFileName
setTargetFileName($value)
Definition uploader.php:185
XoopsMediaUploader\__construct
__construct($uploadDir, $allowedMimeTypes, $maxFileSize=0, $maxWidth=null, $maxHeight=null)
Definition uploader.php:78
XoopsMediaUploader\fetchMedia
fetchMedia($media_name, $index=null)
Definition uploader.php:123
XoopsMediaUploader\getErrors
& getErrors($ashtml=true)
Definition uploader.php:455