PageRenderTime 44ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/src/Backend/Modules/Extensions/Actions/UploadTheme.php

http://github.com/forkcms/forkcms
PHP | 286 lines | 157 code | 49 blank | 80 comment | 24 complexity | c323309d6ec4486a5f5fd88aaa4c6e5a MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception, MIT, AGPL-3.0, LGPL-2.1, BSD-3-Clause 
    

  1. <?php
    2. 

  2. 

  3. namespace Backend\Modules\Extensions\Actions;
    4. 

  4. 

  5. use Backend\Core\Engine\Base\ActionAdd as BackendBaseActionAdd;
    6. 

  6. use Backend\Core\Engine\Form as BackendForm;
    7. 

  7. use Backend\Core\Language\Language as BL;
    8. 

  8. use Backend\Core\Engine\Model as BackendModel;
    9. 

  9. use Backend\Modules\Extensions\Engine\Model as BackendExtensionsModel;
    10. 

  10. use Exception;
    11. 

  11. use Symfony\Component\Filesystem\Filesystem;
    12. 

  12. use ZipArchive;
    13. 

  13. 

  14. /**
    15. 

  15.  * This is the theme upload-action.
    16. 

  16.  * It will install a theme via a compressed zip file.
    17. 

  17.  */
    18. 

  18. class UploadTheme extends BackendBaseActionAdd
    19. 

  19. {
    20. 

  20.     const INFO_FILE = 'info.xml';
    21. 

  21. 

  22.     private $ignoreList = ['__MACOSX'];
    23. 

  23. 

  24.     /**
    25. 

  25.      * @var array
    26. 

  26.      */
    27. 

  27.     private $info;
    28. 

  28. 

  29.     /**
    30. 

  30.      * @var string
    31. 

  31.      */
    32. 

  32.     private $infoFilePath;
    33. 

  33. 

  34.     /**
    35. 

  35.      * @var string
    36. 

  36.      */
    37. 

  37.     private $themeName;
    38. 

  38. 

  39.     /**
    40. 

  40.      * @var string
    41. 

  41.      */
    42. 

  42.     private $parentFolderName;
    43. 

  43. 

  44.     public function execute(): void
    45. 

  45.     {
    46. 

  46.         // Call parent, this will probably add some general CSS/JS or other required files
    47. 

  47.         parent::execute();
    48. 

  48. 

  49.         // Zip extension is required for theme upload
    50. 

  50.         if (!extension_loaded('zlib')) {
    51. 

  51.             $this->template->assign('zlibIsMissing', true);
    52. 

  52.         }
    53. 

  53. 

  54.         if (!$this->isWritable()) {
    55. 

  55.             // we need write rights to upload files
    56. 

  56.             $this->template->assign('notWritable', true);
    57. 

  57.         } else {
    58. 

  58.             // everything allright, we can upload
    59. 

  59.             $this->buildForm();
    60. 

  60.             $this->validateForm();
    61. 

  61.             $this->parse();
    62. 

  62.         }
    63. 

  63. 

  64.         // display the page
    65. 

  65.         $this->display();
    66. 

  66.     }
    67. 

  67. 

  68.     /**
    69. 

  69.      * Do we have write rights to the modules folders?
    70. 

  70.      *
    71. 

  71.      * @return bool
    72. 

  72.      */
    73. 

  73.     private function isWritable(): bool
    74. 

  74.     {
    75. 

  75.         return BackendExtensionsModel::isWritable(FRONTEND_PATH . '/Themes');
    76. 

  76.     }
    77. 

  77. 

  78.     private function buildForm(): void
    79. 

  79.     {
    80. 

  80.         // create form
    81. 

  81.         $this->form = new BackendForm('upload');
    82. 

  82. 

  83.         // create and add elements
    84. 

  84.         $this->form->addFile('file');
    85. 

  85.     }
    86. 

  86. 

  87.     private function validateForm(): void
    88. 

  88.     {
    89. 

  89.         // The form is submitted
    90. 

  90.         if (!$this->form->isSubmitted()) {
    91. 

  91.             return;
    92. 

  92.         }
    93. 

  93. 

  94.         /** @var $fileFile \SpoonFormFile */
    95. 

  95.         $fileFile = $this->form->getField('file');
    96. 

  96.         $zip = null;
    97. 

  97.         $zipFiles = null;
    98. 

  98. 

  99.         // Validate the file. Check if the file field is filled and if it's a zip.
    100. 

  100.         if ($fileFile->isFilled(BL::err('FieldIsRequired')) &&
    101. 

  101.             $fileFile->isAllowedExtension(['zip'], sprintf(BL::getError('ExtensionNotAllowed'), 'zip'))
    102. 

  102.         ) {
    103. 

  103.             // Create ziparchive instance
    104. 

  104.             $zip = new ZipArchive();
    105. 

  105. 

  106.             // Try and open it
    107. 

  107.             if ($zip->open($fileFile->getTempFileName()) === true) {
    108. 

  108.                 // zip file needs to contain some files
    109. 

  109.                 if ($zip->numFiles > 0) {
    110. 

  110.                     $infoXml = $this->findInfoFileInZip($zip);
    111. 

  111. 

  112.                     // Throw error if info.xml is not found
    113. 

  113.                     if ($infoXml === null) {
    114. 

  114.                         $fileFile->addError(
    115. 

  115.                             sprintf(BL::getError('NoInformationFile'), $fileFile->getFileName())
    116. 

  116.                         );
    117. 

  117. 

  118.                         return;
    119. 

  119.                     }
    120. 

  120. 

  121.                     // Parse xml
    122. 

  122.                     try {
    123. 

  123.                         // Load info.xml
    124. 

  124.                         $infoXml = @new \SimpleXMLElement($infoXml, LIBXML_NOCDATA, false);
    125. 

  125. 

  126.                         // Convert xml to useful array
    127. 

  127.                         $this->info = BackendExtensionsModel::processThemeXml($infoXml);
    128. 

  128. 

  129.                         // Empty data (nothing useful)
    130. 

  130.                         if (empty($this->info)) {
    131. 

  131.                             $fileFile->addError(BL::getMessage('InformationFileIsEmpty'));
    132. 

  132. 

  133.                             return;
    134. 

  134.                         }
    135. 

  135. 

  136.                         // Define the theme name, based on the info.xml file.
    137. 

  137.                         $this->themeName = $this->info['name'];
    138. 

  138.                     } catch (Exception $e) {
    139. 

  139.                         // Warning that the information file is corrupt
    140. 

  140.                         $fileFile->addError(BL::getMessage('InformationFileCouldNotBeLoaded'));
    141. 

  141. 

  142.                         return;
    143. 

  143.                     }
    144. 

  144. 

  145.                     // Wow wow, you are trying to upload an already existing theme
    146. 

  146.                     if (BackendExtensionsModel::existsTheme($this->themeName)) {
    147. 

  147.                         $fileFile->addError(sprintf(BL::getError('ThemeAlreadyExists'), $this->themeName));
    148. 

  148. 

  149.                         return;
    150. 

  150.                     }
    151. 

  151. 

  152.                     $zipFiles = $this->getValidatedFilesList($zip);
    153. 

  153.                 } else {
    154. 

  154.                     // Empty zip file
    155. 

  155.                     $fileFile->addError(BL::getError('FileIsEmpty'));
    156. 

  156.                 }
    157. 

  157.             } else {
    158. 

  158.                 // Something went very wrong, probably corrupted
    159. 

  159.                 $fileFile->addError(BL::getError('CorruptedFile'));
    160. 

  160. 

  161.                 return;
    162. 

  162.             }
    163. 

  163.         }
    164. 

  164. 

  165.         // Passed all validation
    166. 

  166.         if ($zip !== null && $this->form->isCorrect()) {
    167. 

  167.             // Unpack the zip. If the files were not found inside a parent directory, we create the theme directory.
    168. 

  168.             $themePath = FRONTEND_PATH . '/Themes';
    169. 

  169.             if ($this->parentFolderName === null) {
    170. 

  170.                 $themePath .= "/{$this->themeName}";
    171. 

  171.             }
    172. 

  172.             $zip->extractTo($themePath, $zipFiles);
    173. 

  173. 

  174.             // Rename the original name of the parent folder from the zip to the correct theme foldername.
    175. 

  175.             $fs = new Filesystem();
    176. 

  176.             $parentZipFolderPath = $themePath . '/' . $this->parentFolderName;
    177. 

  177.             if ($this->parentFolderName !== $this->themeName &&
    178. 

  178.                 $this->parentFolderName !== null &&
    179. 

  179.                 $fs->exists($parentZipFolderPath)
    180. 

  180.             ) {
    181. 

  181.                 $fs->rename($parentZipFolderPath, "$themePath/{$this->themeName}");
    182. 

  182.             }
    183. 

  183. 

  184.             // Run installer
    185. 

  185.             BackendExtensionsModel::installTheme($this->themeName);
    186. 

  186. 

  187.             // Redirect with fireworks
    188. 

  188.             $this->redirect(
    189. 

  189.                 BackendModel::createUrlForAction('Themes') . '&report=theme-installed&var=' . $this->themeName
    190. 

  190.             );
    191. 

  191.         }
    192. 

  192.     }
    193. 

  193. 

  194.     /**
    195. 

  195.      * Two ideal situations possible: we have a zip with files including info.xml, or we have a zip with the theme-folder.
    196. 

  196.      *
    197. 

  197.      * @param ZipArchive $zip
    198. 

  198.      *
    199. 

  199.      * @return string|null
    200. 

  200.      */
    201. 

  201.     private function findInfoFileInZip(ZipArchive $zip): ?string
    202. 

  202.     {
    203. 

  203.         for ($i = 0; $i < $zip->numFiles; ++$i) {
    204. 

  204.             if (mb_stripos($zip->getNameIndex($i), self::INFO_FILE) !== false) {
    205. 

  205.                 $infoFile = $zip->statIndex($i);
    206. 

  206. 

  207.                 // Check that the file is not found inside a directory to ignore.
    208. 

  208.                 if ($this->checkIfPathContainsIgnoredWord($infoFile['name'])) {
    209. 

  209.                     continue;
    210. 

  210.                 }
    211. 

  211. 

  212.                 $this->infoFilePath = $infoFile['name'];
    213. 

  213.                 $this->info = $zip->getFromName($this->infoFilePath);
    214. 

  214.                 break;
    215. 

  215.             }
    216. 

  216.         }
    217. 

  217. 

  218.         return $this->info;
    219. 

  219.     }
    220. 

  220. 

  221.     /**
    222. 

  222.      * Create a list of files. These are the files that will actuall be unpacked to the Themes folder.
    223. 

  223.      * Either we have a zip that contains 1 parent directory with files inside (directory not necessarily named like
    224. 

  224.      * the theme) and we extract those files. Or we have a zip that directly contains the theme files and we should
    225. 

  225.      * prepend them with the theme folder.
    226. 

  226.      *
    227. 

  227.      * @param ZipArchive $zip
    228. 

  228.      *
    229. 

  229.      * @return string[]
    230. 

  230.      */
    231. 

  231.     private function getValidatedFilesList(ZipArchive $zip): array
    232. 

  232.     {
    233. 

  233.         $this->parentFolderName = $this->extractFolderNameBasedOnInfoFile($this->infoFilePath);
    234. 

  234. 

  235.         // Check every file in the zip
    236. 

  236.         $files = [];
    237. 

  237.         for ($i = 0; $i < $zip->numFiles; ++$i) {
    238. 

  238.             // Get the file name
    239. 

  239.             $file = $zip->statIndex($i);
    240. 

  240.             $fileName = $file['name'];
    241. 

  241. 

  242.             // We skip all the files that are outside of the theme folder or on the ignore list.
    243. 

  243.             if ($this->checkIfPathContainsIgnoredWord($fileName) ||
    244. 

  244.                 (!empty($this->parentFolderName) && mb_stripos($fileName, $this->parentFolderName) !== 0)
    245. 

  245.             ) {
    246. 

  246.                 continue;
    247. 

  247.             }
    248. 

  248. 

  249.             $files[] = $fileName;
    250. 

  250.         }
    251. 

  251. 

  252.         return $files;
    253. 

  253.     }
    254. 

  254. 

  255.     /**
    256. 

  256.      * @param string $infoFilePath
    257. 

  257.      *
    258. 

  258.      * @return string|null
    259. 

  259.      */
    260. 

  260.     private function extractFolderNameBasedOnInfoFile(string $infoFilePath): ?string
    261. 

  261.     {
    262. 

  262.         $pathParts = explode('/', $infoFilePath);
    263. 

  263. 

  264.         if (count($pathParts) > 1) {
    265. 

  265.             return $pathParts[0];
    266. 

  266.         }
    267. 

  267. 

  268.         return null;
    269. 

  269.     }
    270. 

  270. 

  271.     /**
    272. 

  272.      * @param string $path contains a to-be-ignored word.
    273. 

  273.      *
    274. 

  274.      * @return bool
    275. 

  275.      */
    276. 

  276.     private function checkIfPathContainsIgnoredWord(string $path): bool
    277. 

  277.     {
    278. 

  278.         foreach ($this->ignoreList as $ignoreItem) {
    279. 

  279.             if (mb_stripos($path, $ignoreItem) !== false) {
    280. 

  280.                 return true;
    281. 

  281.             }
    282. 

  282.         }
    283. 

  283. 

  284.         return false;
    285. 

  285.     }
    286. 

  286. }
    287. 

  287.