PageRenderTime 104ms CodeModel.GetById 40ms app.highlight 12ms RepoModel.GetById 48ms app.codeStats 1ms

/administrator/components/com_media/helpers/media.php

https://bitbucket.org/izubizarreta/https-bitbucket.org-bityvip-alpes
PHP | 184 lines | 128 code | 21 blank | 35 comment | 36 complexity | fa3f42bdbbad5db8e998afa8cbb2b79b MD5 | raw file
  1<?php
  2/**
  3 * @copyright	Copyright (C) 2005 - 2012 Open Source Matters, Inc. All rights reserved.
  4 * @license		GNU General Public License version 2 or later; see LICENSE.txt
  5 */
  6
  7defined('_JEXEC') or die;
  8
  9/**
 10 * @package		Joomla.Administrator
 11 * @subpackage	com_media
 12 */
 13abstract class MediaHelper
 14{
 15	/**
 16	 * Checks if the file is an image
 17	 * @param string The filename
 18	 * @return boolean
 19	 */
 20	public static function isImage($fileName)
 21	{
 22		static $imageTypes = 'xcf|odg|gif|jpg|png|bmp';
 23		return preg_match("/\.(?:$imageTypes)$/i", $fileName);
 24	}
 25
 26	/**
 27	 * Checks if the file is an image
 28	 * @param string The filename
 29	 * @return boolean
 30	 */
 31	public static function getTypeIcon($fileName)
 32	{
 33		// Get file extension
 34		return strtolower(substr($fileName, strrpos($fileName, '.') + 1));
 35	}
 36
 37	/**
 38	 * Checks if the file can be uploaded
 39	 *
 40	 * @param array File information
 41	 * @param string An error message to be returned
 42	 * @return boolean
 43	 */
 44	public static function canUpload($file, &$err)
 45	{
 46		$params = JComponentHelper::getParams('com_media');
 47
 48		if (empty($file['name'])) {
 49			$err = 'COM_MEDIA_ERROR_UPLOAD_INPUT';
 50			return false;
 51		}
 52
 53		jimport('joomla.filesystem.file');
 54		if ($file['name'] !== JFile::makesafe($file['name'])) {
 55			$err = 'COM_MEDIA_ERROR_WARNFILENAME';
 56			return false;
 57		}
 58
 59		$format = strtolower(JFile::getExt($file['name']));
 60
 61		$allowable = explode(',', $params->get('upload_extensions'));
 62		$ignored = explode(',', $params->get('ignore_extensions'));
 63		if (!in_array($format, $allowable) && !in_array($format, $ignored))
 64		{
 65			$err = 'COM_MEDIA_ERROR_WARNFILETYPE';
 66			return false;
 67		}
 68
 69		$maxSize = (int) ($params->get('upload_maxsize', 0) * 1024 * 1024);
 70		if ($maxSize > 0 && (int) $file['size'] > $maxSize)
 71		{
 72			$err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE';
 73			return false;
 74		}
 75
 76		$user = JFactory::getUser();
 77		$imginfo = null;
 78		if ($params->get('restrict_uploads', 1)) {
 79			$images = explode(',', $params->get('image_extensions'));
 80			if (in_array($format, $images)) { // if its an image run it through getimagesize
 81				// if tmp_name is empty, then the file was bigger than the PHP limit
 82				if (!empty($file['tmp_name'])) {
 83					if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
 84						$err = 'COM_MEDIA_ERROR_WARNINVALID_IMG';
 85						return false;
 86					}
 87				} else {
 88					$err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE';
 89					return false;
 90				}
 91			} elseif (!in_array($format, $ignored)) {
 92				// if its not an image...and we're not ignoring it
 93				$allowed_mime = explode(',', $params->get('upload_mime'));
 94				$illegal_mime = explode(',', $params->get('upload_mime_illegal'));
 95				if (function_exists('finfo_open') && $params->get('check_mime', 1)) {
 96					// We have fileinfo
 97					$finfo = finfo_open(FILEINFO_MIME);
 98					$type = finfo_file($finfo, $file['tmp_name']);
 99					if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
100						$err = 'COM_MEDIA_ERROR_WARNINVALID_MIME';
101						return false;
102					}
103					finfo_close($finfo);
104				} elseif (function_exists('mime_content_type') && $params->get('check_mime', 1)) {
105					// we have mime magic
106					$type = mime_content_type($file['tmp_name']);
107					if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
108						$err = 'COM_MEDIA_ERROR_WARNINVALID_MIME';
109						return false;
110					}
111				} elseif (!$user->authorise('core.manage')) {
112					$err = 'COM_MEDIA_ERROR_WARNNOTADMIN';
113					return false;
114				}
115			}
116		}
117
118		$xss_check =  JFile::read($file['tmp_name'], false, 256);
119		$html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
120		foreach($html_tags as $tag) {
121			// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
122			if (stristr($xss_check, '<'.$tag.' ') || stristr($xss_check, '<'.$tag.'>')) {
123				$err = 'COM_MEDIA_ERROR_WARNIEXSS';
124				return false;
125			}
126		}
127		return true;
128	}
129
130	public static function parseSize($size)
131	{
132		if ($size < 1024) {
133			return JText::sprintf('COM_MEDIA_FILESIZE_BYTES', $size);
134		}
135		elseif ($size < 1024 * 1024) {
136			return JText::sprintf('COM_MEDIA_FILESIZE_KILOBYTES', sprintf('%01.2f', $size / 1024.0));
137		}
138		else {
139			return JText::sprintf('COM_MEDIA_FILESIZE_MEGABYTES', sprintf('%01.2f', $size / (1024.0 * 1024)));
140		}
141	}
142
143	public static function imageResize($width, $height, $target)
144	{
145		//takes the larger size of the width and height and applies the
146		//formula accordingly...this is so this script will work
147		//dynamically with any size image
148		if ($width > $height) {
149			$percentage = ($target / $width);
150		} else {
151			$percentage = ($target / $height);
152		}
153
154		//gets the new value and applies the percentage, then rounds the value
155		$width = round($width * $percentage);
156		$height = round($height * $percentage);
157
158		return array($width, $height);
159	}
160
161	public static function countFiles($dir)
162	{
163		$total_file = 0;
164		$total_dir = 0;
165
166		if (is_dir($dir)) {
167			$d = dir($dir);
168
169			while (false !== ($entry = $d->read())) {
170				if (substr($entry, 0, 1) != '.' && is_file($dir . DIRECTORY_SEPARATOR . $entry) && strpos($entry, '.html') === false && strpos($entry, '.php') === false) {
171					$total_file++;
172				}
173				if (substr($entry, 0, 1) != '.' && is_dir($dir . DIRECTORY_SEPARATOR . $entry)) {
174					$total_dir++;
175				}
176			}
177
178			$d->close();
179		}
180
181		return array ($total_file, $total_dir);
182	}
183
184}