PageRenderTime 43ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/administrator/components/com_media/helpers/media.php

https://github.com/adothompson/ucsc-identity-joomla
PHP | 186 lines | 124 code | 20 blank | 42 comment | 42 complexity | 25a1ee4bf3b2001a4430d1375cd13579 MD5 | raw file
Possible License(s): LGPL-2.1
  1. <?php
  2. /**
  3. * @version $Id: media.php 10381 2008-06-01 03:35:53Z pasamio $
  4. * @package Joomla
  5. * @subpackage Media
  6. * @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
  7. * @license GNU/GPL, see LICENSE.php
  8. * Joomla! is free software. This version may have been modified pursuant to the
  9. * GNU General Public License, and as distributed it includes or is derivative
  10. * of works licensed under the GNU General Public License or other free or open
  11. * source software licenses. See COPYRIGHT.php for copyright notices and
  12. * details.
  13. */
  14. /**
  15. * @package Joomla
  16. * @subpackage Media
  17. */
  18. class MediaHelper
  19. {
  20. /**
  21. * Checks if the file is an image
  22. * @param string The filename
  23. * @return boolean
  24. */
  25. function isImage( $fileName )
  26. {
  27. static $imageTypes = 'xcf|odg|gif|jpg|png|bmp';
  28. return preg_match("/$imageTypes/i",$fileName);
  29. }
  30. /**
  31. * Checks if the file is an image
  32. * @param string The filename
  33. * @return boolean
  34. */
  35. function getTypeIcon( $fileName )
  36. {
  37. // Get file extension
  38. return strtolower(substr($fileName, strrpos($fileName, '.') + 1));
  39. }
  40. /**
  41. * Checks if the file can be uploaded
  42. *
  43. * @param array File information
  44. * @param string An error message to be returned
  45. * @return boolean
  46. */
  47. function canUpload( $file, &$err )
  48. {
  49. $params = &JComponentHelper::getParams( 'com_media' );
  50. if(empty($file['name'])) {
  51. $err = 'Please input a file for upload';
  52. return false;
  53. }
  54. jimport('joomla.filesystem.file');
  55. if ($file['name'] !== JFile::makesafe($file['name'])) {
  56. $err = 'WARNFILENAME';
  57. return false;
  58. }
  59. $format = strtolower(JFile::getExt($file['name']));
  60. $allowable = explode( ',', $params->get( 'upload_extensions' ));
  61. $ignored = explode(',', $params->get( 'ignore_extensions' ));
  62. if (!in_array($format, $allowable) && !in_array($format,$ignored))
  63. {
  64. $err = 'WARNFILETYPE';
  65. return false;
  66. }
  67. $maxSize = (int) $params->get( 'upload_maxsize', 0 );
  68. if ($maxSize > 0 && (int) $file['size'] > $maxSize)
  69. {
  70. $err = 'WARNFILETOOLARGE';
  71. return false;
  72. }
  73. $user = JFactory::getUser();
  74. $imginfo = null;
  75. if($params->get('restrict_uploads',1) ) {
  76. $images = explode( ',', $params->get( 'image_extensions' ));
  77. if(in_array($format, $images)) { // if its an image run it through getimagesize
  78. if(($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
  79. $err = 'WARNINVALIDIMG';
  80. return false;
  81. }
  82. } else if(!in_array($format, $ignored)) {
  83. // if its not an image...and we're not ignoring it
  84. $allowed_mime = explode(',', $params->get('upload_mime'));
  85. $illegal_mime = explode(',', $params->get('upload_mime_illegal'));
  86. if(function_exists('finfo_open') && $params->get('check_mime',1)) {
  87. // We have fileinfo
  88. $finfo = finfo_open(FILEINFO_MIME);
  89. $type = finfo_file($finfo, $file['tmp_name']);
  90. if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
  91. $err = 'WARNINVALIDMIME';
  92. return false;
  93. }
  94. finfo_close($finfo);
  95. } else if(function_exists('mime_content_type') && $params->get('check_mime',1)) {
  96. // we have mime magic
  97. $type = mime_content_type($file['tmp_name']);
  98. if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
  99. $err = 'WARNINVALIDMIME';
  100. return false;
  101. }
  102. } else if(!$user->authorize( 'login', 'administrator' )) {
  103. $err = 'WARNNOTADMIN';
  104. return false;
  105. }
  106. }
  107. }
  108. $xss_check = JFile::read($file['tmp_name'],false,256);
  109. $html_tags = array('abbr','acronym','address','applet','area','audioscope','base','basefont','bdo','bgsound','big','blackface','blink','blockquote','body','bq','br','button','caption','center','cite','code','col','colgroup','comment','custom','dd','del','dfn','dir','div','dl','dt','em','embed','fieldset','fn','font','form','frame','frameset','h1','h2','h3','h4','h5','h6','head','hr','html','iframe','ilayer','img','input','ins','isindex','keygen','kbd','label','layer','legend','li','limittext','link','listing','map','marquee','menu','meta','multicol','nobr','noembed','noframes','noscript','nosmartquotes','object','ol','optgroup','option','param','plaintext','pre','rt','ruby','s','samp','script','select','server','shadow','sidebar','small','spacer','span','strike','strong','style','sub','sup','table','tbody','td','textarea','tfoot','th','thead','title','tr','tt','ul','var','wbr','xml','xmp','!DOCTYPE', '!--');
  110. foreach($html_tags as $tag) {
  111. // A tag is '<tagname ', so we need to add < and a space or '<tagname>'
  112. if(stristr($xss_check, '<'.$tag.' ') || stristr($xss_check, '<'.$tag.'>')) {
  113. $err = 'WARNIEXSS';
  114. return false;
  115. }
  116. }
  117. return true;
  118. }
  119. function parseSize($size)
  120. {
  121. if ($size < 1024) {
  122. return $size . ' bytes';
  123. }
  124. else
  125. {
  126. if ($size >= 1024 && $size < 1024 * 1024) {
  127. return sprintf('%01.2f', $size / 1024.0) . ' Kb';
  128. } else {
  129. return sprintf('%01.2f', $size / (1024.0 * 1024)) . ' Mb';
  130. }
  131. }
  132. }
  133. function imageResize($width, $height, $target)
  134. {
  135. //takes the larger size of the width and height and applies the
  136. //formula accordingly...this is so this script will work
  137. //dynamically with any size image
  138. if ($width > $height) {
  139. $percentage = ($target / $width);
  140. } else {
  141. $percentage = ($target / $height);
  142. }
  143. //gets the new value and applies the percentage, then rounds the value
  144. $width = round($width * $percentage);
  145. $height = round($height * $percentage);
  146. return array($width, $height);
  147. }
  148. function countFiles( $dir )
  149. {
  150. $total_file = 0;
  151. $total_dir = 0;
  152. if (is_dir($dir)) {
  153. $d = dir($dir);
  154. while (false !== ($entry = $d->read())) {
  155. if (substr($entry, 0, 1) != '.' && is_file($dir . DIRECTORY_SEPARATOR . $entry) && strpos($entry, '.html') === false && strpos($entry, '.php') === false) {
  156. $total_file++;
  157. }
  158. if (substr($entry, 0, 1) != '.' && is_dir($dir . DIRECTORY_SEPARATOR . $entry)) {
  159. $total_dir++;
  160. }
  161. }
  162. $d->close();
  163. }
  164. return array ( $total_file, $total_dir );
  165. }
  166. }