arthurmcneil /components/com_fabrik/helpers/uploader.php

Language PHP Lines 200
MD5 Hash ec7af520e19cb9d61f054121215828a2 Estimated Cost $2,661 (why?)
Repository https://github.com/chrisinammo/arthurmcneil.git View Raw File View Project SPDX
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
<?php

/**
* @package Joomla
* @subpackage Fabrik
* @copyright Copyright (C) 2005 Rob Clayburn. All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
*/

// Check to ensure this file is included in Joomla!
defined('_JEXEC') or die();

class uploader extends JObject {

	var $_groups = null;
	var $_form = null;
	var $moveError = false;

	function uploader( &$oForm )
	{
		$this->_form = $oForm;
		$this->_groups = &$oForm->_groups;
	}

	/**
	 * perform upload of files
	 * @return bol true if error occured
	 */

	function upload( )
	{
		foreach ($this->_form->_groups as $groupModel) {
			foreach ($groupModel->_aElements as $elementModel) {
				if ($elementModel->isUpload()) {
					$elementModel->processUpload( );
				}
			}
		}
	}

	/**
	 * moves  a file from one location to another
	 * @param string file to move
	 * @param string location to move file to
	 * @param bol do we overwrite any existing files found at pathTo?
	 */

	function move( $pathFrom , $pathTo, $overwrite = true )
	{
		if(file_exists($pathTo)) {
			if($overwrite){
				unlink($pathTo);
				$ok = rename($pathFrom, $pathTo);
			}else{
				$ok = false;
			}
		} else {
			$ok = rename($pathFrom, $pathTo);
		}
		return $ok;
	}

	/**
	 * @access private
	 * @param string path to folder - eg /images/stories
	 */


	function _makeRecursiveFolders( $folderPath, $mode = 0755 )
	{
		if (!JFolder::create($folderPath, $mode)) {
			return JError::raiseError(21, "Could not make dir $folderPath ");
		}
		//jimport('joomla.filesystem.path');
		//return JPath::setPermissions( $uploadFolder );
	}

	/**
	 * iterates through $_FILE data to see if any files have been uploaded
	 * @return bol true if files uploaded
	 */

	function check()
	{
		if (isset($_FILES) and !empty($_FILES)){
			foreach($_FILES as $f){
				if($f['name'] != ''){
					return true;
				}
			}
		}
		return false;
	}

	/**
	 * Checks if the file can be uploaded
	 *
	 * @param array File information
	 * @param string An error message to be returned
	 * @return boolean
	 */

	function canUpload( $file, &$err, &$params )
	{
		
		if (empty( $file['name'] )) {
			$err = 'Please input a file for upload';
			return false;
		}

		jimport('joomla.filesystem.file');
		$format = strtolower( JFile::getExt( $file['name'] ) );
		
		$allowable = explode( ',',$params->get( 'ul_file_types' ));
		
		$format = FabrikString::ltrimword( $format, '.' );
		$format2 = ".$format";
		if (!in_array( $format, $allowable ) && !in_array( $format2, $allowable))
		{
			$err = 'WARNFILETYPE';
			return false;
		}

		$maxSize = (int) $params->get( 'upload_maxsize', 0 );
		if ($maxSize > 0 && (int) $file['size'] > $maxSize)
		{
			$err = 'WARNFILETOOLARGE';
			return false;
		}
		$ignored = array();
		$user = JFactory::getUser();
		$imginfo = null;
		if($params->get('restrict_uploads',1) ) {
			$images = explode( ',', $params->get( 'image_extensions' ));
			if(in_array($format, $images)) { // if its an image run it through getimagesize
				if(($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
					$err = 'WARNINVALIDIMG';
					return false;
				}
			} else if(!in_array($format, $ignored)) {
				// if its not an image...and we're not ignoring it
				/*$allowed_mime = explode( ',', $upload_mime );
				$illegal_mime = explode( ',', $upload_mime_illegal );
				if(function_exists('finfo_open') && $params->get('check_mime',1)) {
					// We have fileinfo
					$finfo = finfo_open(FILEINFO_MIME);
					$type = finfo_file($finfo, $file['tmp_name']);
					if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
						$err = 'WARNINVALIDMIME';
						return false;
					}
					finfo_close($finfo);
				} else if(function_exists('mime_content_type') && $params->get('check_mime',1)) {
					// we have mime magic
					$type = mime_content_type($file['tmp_name']);
					if (strlen( $type ) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
						$err = 'WARNINVALIDMIME';
						return false;
					}
				}*/	
			}		
		}
		
		$xss_check =  JFile::read($file['tmp_name'],false,256);
		$html_tags = array('abbr','acronym','address','applet','area','audioscope','base','basefont','bdo','bgsound','big','blackface','blink','blockquote','body','bq','br','button','caption','center','cite','code','col','colgroup','comment','custom','dd','del','dfn','dir','div','dl','dt','em','embed','fieldset','fn','font','form','frame','frameset','h1','h2','h3','h4','h5','h6','head','hr','html','iframe','ilayer','img','input','ins','isindex','keygen','kbd','label','layer','legend','li','limittext','link','listing','map','marquee','menu','meta','multicol','nobr','noembed','noframes','noscript','nosmartquotes','object','ol','optgroup','option','param','plaintext','pre','rt','ruby','s','samp','script','select','server','shadow','sidebar','small','spacer','span','strike','strong','style','sub','sup','table','tbody','td','textarea','tfoot','th','thead','title','tr','tt','ul','var','wbr','xml','xmp','!DOCTYPE', '!--');
		foreach ($html_tags as $tag) {
			// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
			if (stristr( $xss_check, '<'.$tag.' ' ) || stristr( $xss_check, '<'.$tag.'>' )) {
				$err = 'WARNIEXSS';
				return false;
			}	
		}
		return true;
	}
	
	/**
	 * recursive file name incrementation untill no file with exsiting name
	 * exists
	 * @param string intial file name
	 * @param string this recursions file name
	 * @param int file version
	 * @return string new file name
	 */

	function incrementFileName( $origFileName, $newFileName, $version )
	{
		if ( JFile::exists( $newFileName ) ) {
			$bits = explode('.', $newFileName);
			$ext = array_pop($bits);
			$f = implode('.', $bits);
			$f = rtrim( $f, $version - 1);
			$newFileName = $f . $version . "." . $ext;
			$version ++;
			$newFileName = uploader::incrementFileName( $origFileName, $newFileName, $version );
		}
		return $newFileName;
	}

}
?>
Back to Top