Context Navigation

← Previous Revision
Next Revision →
Normal
Revision Log

Upload.inc.php

Last change on this file was 806, checked in by anonymous, 4 months ago

File size: 31.3 KB

Rev	Line
[1]	1	<?php
	2	/**
[362]	3	* The Strangecode Codebase - a general application development framework for PHP
	4	* For details visit the project site: <http://trac.strangecode.com/codebase/>
[396]	5	* Copyright 2001-2012 Strangecode, LLC
[468]	6	*
[362]	7	* This file is part of The Strangecode Codebase.
	8	*
	9	* The Strangecode Codebase is free software: you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as published by the
	11	* Free Software Foundation, either version 3 of the License, or (at your option)
	12	* any later version.
[468]	13	*
[362]	14	* The Strangecode Codebase is distributed in the hope that it will be useful, but
	15	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	16	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
	17	* details.
[468]	18	*
[362]	19	* You should have received a copy of the GNU General Public License along with
	20	* The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
	21	*/
	22
	23	/**
[42]	24	* Upload.inc.php
[20]	25	*
[1]	26	* The Upload class provides an interface to deal with http uploaded files.
	27	*
	28	* @author Quinn Comendant <quinn@strangecode.com>
	29	* @requires App.inc.php
[119]	30	* @version 1.4
[1]	31	*/
	32
[119]	33	// Upload error types.
	34	define('UPLOAD_USER_ERR_EMPTY_FILE', 100);
	35	define('UPLOAD_USER_ERR_NOT_UPLOADED_FILE', 101);
	36	define('UPLOAD_USER_ERR_INVALID_EXTENSION', 102);
	37	define('UPLOAD_USER_ERR_NOT_UNIQUE', 103);
	38	define('UPLOAD_USER_ERR_MOVE_FAILED', 104);
[37]	39
[502]	40	class Upload
	41	{
[42]	42
[1]	43	// General object parameters.
[484]	44	protected $_params = array(
[42]	45
[37]	46	// Which messages do we pass to raiseMsg?
[119]	47	'display_messages' => MSG_ALL,
[42]	48
[20]	49	// Existing files will be overwritten when there is a name conflict?
[1]	50	'allow_overwriting' => false,
[20]	51
	52	// The filesystem path to the final upload directory.
	53	'upload_path' => null,
	54
	55	// The file permissions of the uploaded files. Remember, files will be owned by the web server user.
	56	'dest_file_perms' => 0600,
	57
[121]	58	// The file permissions of the uploaded files. Remember, files will be owned by the web server user.
	59	'dest_dir_perms' => 0700,
	60
[334]	61	// Require file to have one of the following file name extensions.
[20]	62	'valid_file_extensions' => array('jpg', 'jpeg', 'gif', 'png', 'pdf', 'txt', 'text', 'html', 'htm'),
[1]	63	);
	64
	65	// Array of files with errors.
[468]	66	public $errors = array();
[20]	67
[22]	68	// Array of file name extensions and corresponding mime-types.
[595]	69	public $mime_extension_map = array( 'ez' => 'application/andrew-inset', 'hqx' => 'application/mac-binhex40', 'cpt' => 'application/mac-compactpro', 'doc' => 'application/msword', 'bin' => 'application/octet-stream', 'class' => 'application/octet-stream', 'dll' => 'application/octet-stream', 'dms' => 'application/octet-stream', 'exe' => 'application/octet-stream', 'lha' => 'application/octet-stream', 'lzh' => 'application/octet-stream', 'so' => 'application/octet-stream', 'oda' => 'application/oda', 'pdf' => 'application/pdf', 'ai' => 'application/postscript', 'eps' => 'application/postscript', 'ps' => 'application/postscript', 'smi' => 'application/smil', 'smil' => 'application/smil', 'mif' => 'application/vnd.mif', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', 'sxc' => 'application/vnd.sun.xml.calc', 'stc' => 'application/vnd.sun.xml.calc.template', 'sxd' => 'application/vnd.sun.xml.draw', 'std' => 'application/vnd.sun.xml.draw.template', 'sxi' => 'application/vnd.sun.xml.impress', 'sti' => 'application/vnd.sun.xml.impress.template', 'sxm' => 'application/vnd.sun.xml.math', 'sxw' => 'application/vnd.sun.xml.writer', 'sxg' => 'application/vnd.sun.xml.writer.global', 'stw' => 'application/vnd.sun.xml.writer.template', 'vsd' => 'application/vnd.visio', 'wbxml' => 'application/vnd.wap.wbxml', 'wmlc' => 'application/vnd.wap.wmlc', 'wmlsc' => 'application/vnd.wap.wmlscriptc', 'bcpio' => 'application/x-bcpio', 'vcd' => 'application/x-cdlink', 'pgn' => 'application/x-chess-pgn', 'Z' => 'application/x-compress', 'cpio' => 'application/x-cpio', 'csh' => 'application/x-csh', 'dcr' => 'application/x-director', 'dir' => 'application/x-director', 'dxr' => 'application/x-director', 'dvi' => 'application/x-dvi', 'spl' => 'application/x-futuresplash', 'gtar' => 'application/x-gtar', 'tgz' => 'application/x-gtar', 'gz' => 'application/x-gzip', 'hdf' => 'application/x-hdf', 'php' => 'application/x-httpd-php', 'php3' => 'application/x-httpd-php3', 'js' => 'application/x-javascript', 'skd' => 'application/x-koan', 'skm' => 'application/x-koan', 'skp' => 'application/x-koan', 'skt' => 'application/x-koan', 'latex' => 'application/x-latex', 'wmd' => 'application/x-ms-wmd', 'wmz' => 'application/x-ms-wmz', 'cdf' => 'application/x-netcdf', 'nc' => 'application/x-netcdf', 'pl' => 'application/x-perl', 'pm' => 'application/x-perl', 'psd' => 'application/x-photoshop', 'sh' => 'application/x-sh', 'shar' => 'application/x-shar', 'swf' => 'application/x-shockwave-flash', 'sit' => 'application/x-stuffit', 'sv4cpio' => 'application/x-sv4cpio', 'sv4crc' => 'application/x-sv4crc', 'tar' => 'application/x-tar', 'tcl' => 'application/x-tcl', 'tex' => 'application/x-tex', 'texi' => 'application/x-texinfo', 'texinfo' => 'application/x-texinfo', 'roff' => 'application/x-troff', 't' => 'application/x-troff', 'tr' => 'application/x-troff', 'man' => 'application/x-troff-man', 'me' => 'application/x-troff-me', 'ms' => 'application/x-troff-ms', 'ustar' => 'application/x-ustar', 'src' => 'application/x-wais-source', 'xht' => 'application/xhtml+xml', 'xhtml' => 'application/xhtml+xml', 'xml' => 'application/xml', 'zip' => 'application/zip', 'au' => 'audio/basic', 'snd' => 'audio/basic', 'kar' => 'audio/midi', 'mid' => 'audio/midi', 'midi' => 'audio/midi', 'mp2' => 'audio/mpeg', 'mp3' => 'audio/mp3', 'mpga' => 'audio/mpeg', 'aif' => 'audio/x-aiff', 'aifc' => 'audio/x-aiff', 'aiff' => 'audio/x-aiff', 'm3u' => 'audio/x-mpegurl', 'wax' => 'audio/x-ms-wax', 'wma' => 'audio/x-ms-wma', 'ram' => 'audio/x-pn-realaudio', 'rm' => 'audio/x-pn-realaudio', 'rpm' => 'audio/x-pn-realaudio-plugin', 'ra' => 'audio/x-realaudio', 'wav' => 'audio/x-wav', 'pdb' => 'chemical/x-pdb', 'xyz' => 'chemical/x-xyz', 'bmp' => 'image/bmp', 'gif' => 'image/gif', 'ief' => 'image/ief', 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'png' => 'image/png', 'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'wbmp' => 'image/vnd.wap.wbmp', 'ras' => 'image/x-cmu-raster', 'pnm' => 'image/x-portable-anymap', 'pbm' => 'image/x-portable-bitmap', 'pgm' => 'image/x-portable-graymap', 'ppm' => 'image/x-portable-pixmap', 'rgb' => 'image/x-rgb', 'xbm' => 'image/x-xbitmap', 'xpm' => 'image/x-xpixmap', 'xwd' => 'image/x-xwindowdump', 'iges' => 'model/iges', 'igs' => 'model/iges', 'mesh' => 'model/mesh', 'msh' => 'model/mesh', 'silo' => 'model/mesh', 'vrml' => 'model/vrml', 'wrl' => 'model/vrml', 'ics' => 'text/calendar', 'ifb' => 'text/calendar', 'vcs' => 'text/calendar', 'vfb' => 'text/calendar', 'css' => 'text/css', 'csv' => 'text/csv', 'diff' => 'text/diff', 'patch' => 'text/diff', 'htm' => 'text/html', 'html' => 'text/html', 'shtml' => 'text/html', 'asc' => 'text/plain', 'log' => 'text/plain', 'po' => 'text/plain', 'txt' => 'text/plain', 'rtx' => 'text/richtext', 'rtf' => 'text/rtf', 'sgm' => 'text/sgml', 'sgml' => 'text/sgml', 'tsv' => 'text/tab-separated-values', 'wml' => 'text/vnd.wap.wml', 'wmls' => 'text/vnd.wap.wmlscript', 'etx' => 'text/x-setext', 'vcf' => 'text/x-vcard', 'xsl' => 'text/xml', 'mp4' => 'video/mp4', 'mpe' => 'video/mpeg', 'mpeg' => 'video/mpeg', 'mpg' => 'video/mpeg', 'mov' => 'video/quicktime', 'qt' => 'video/quicktime', 'mxu' => 'video/vnd.mpegurl', 'asf' => 'video/x-ms-asf', 'asx' => 'video/x-ms-asf', 'wm' => 'video/x-ms-wm', 'wmv' => 'video/x-ms-wmv', 'wmx' => 'video/x-ms-wmx', 'wvx' => 'video/x-ms-wvx', 'avi' => 'video/x-msvideo', 'movie' => 'video/x-sgi-movie', 'ice' => 'x-conference/x-cooltalk', );
[42]	70
[1]	71	/**
	72	* Set (or overwrite existing) parameters by passing an array of new parameters.
	73	*
	74	* @access public
	75	* @param array $params Array of parameters (key => val pairs).
	76	*/
[468]	77	public function setParam($params)
[1]	78	{
[479]	79	$app =& App::getInstance();
[136]	80
[1]	81	if (isset($params) && is_array($params)) {
[20]	82	// Enforce valid upload_path parameter.
	83	if (isset($params['upload_path'])) {
[152]	84	// Source must be directory.
[523]	85	if (!is_dir($params['upload_path'])) {
	86	$app->logMsg(sprintf('Attempting to auto-create upload directory: %s', $params['upload_path']), LOG_NOTICE, __FILE__, __LINE__);
	87	mkdir($params['upload_path'], isset($params['dest_dir_perms']) ? $params['dest_dir_perms'] : $this->getParam('dest_dir_perms'), true);
	88	if (is_dir($params['upload_path'])) {
	89	$app->logMsg(sprintf('Created upload directory: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__);
[152]	90	} else {
[523]	91	$app->logMsg(sprintf('Upload directory not found: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__);
	92	trigger_error(sprintf('Upload directory not found: %s', $params['upload_path']), E_USER_ERROR);
[152]	93	}
[20]	94	}
[152]	95	// Source must be writable.
[523]	96	if (!is_writable($params['upload_path'])) {
[136]	97	$app->logMsg(sprintf('Upload directory not writable: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__);
[20]	98	trigger_error(sprintf('Upload directory not writable: %s', $params['upload_path']), E_USER_ERROR);
	99	}
	100	}
[42]	101
[1]	102	// Merge new parameters with old overriding only those passed.
	103	$this->_params = array_merge($this->_params, $params);
	104	} else {
[136]	105	$app->logMsg(sprintf('Parameters are not an array: %s', $params), LOG_ERR, __FILE__, __LINE__);
[1]	106	}
	107	}
	108
	109	/**
	110	* Return the value of a parameter, if it exists.
	111	*
	112	* @access public
	113	* @param string $param Which parameter to return.
	114	* @return mixed Configured parameter value.
	115	*/
[468]	116	public function getParam($param)
[1]	117	{
[479]	118	$app =& App::getInstance();
[468]	119
[478]	120	if (array_key_exists($param, $this->_params)) {
[1]	121	return $this->_params[$param];
	122	} else {
[146]	123	$app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__);
[1]	124	return null;
	125	}
	126	}
	127
	128	/**
[37]	129	* Process uploaded files. Processes files existing within the specified $_FILES['form_name'] array.
[42]	130	* It tests for errors, cleans the filename, optionally sets custom file names. It will process
[37]	131	* multiple files automatically if the file form element is an array (<input type="file" name="myfiles[]" />).
[1]	132	*
[37]	133	* @access public
	134	* @param string $form_name The name of the form to process.
[256]	135	* @param string $custom_file_name The new name of the file. An array of filenames in the case of multiple files.
[334]	136	* @return mixed Returns FALSE if a major error occurred preventing any file uploads.
	137	* Returns an empty array if any minor errors occurred or no files were found.
	138	* Returns a multidimensional array of filenames, sizes and extensions, if one-or-more files succeeded uploading.
[37]	139	* Note: this last option presents a problem in the case of when some files uploaded successfully, and some failed.
	140	* In this case it is necessary to check the Upload::anyErrors method to discover if any did fail.
[1]	141	*/
[468]	142	public function process($form_name, $custom_file_name=null)
[1]	143	{
[479]	144	$app =& App::getInstance();
[136]	145
[1]	146	// Ensure we have a upload directory.
[20]	147	if (!$this->getParam('upload_path')) {
[136]	148	$app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__);
[119]	149	$this->_raiseMsg(_("There was a problem with the file upload. Please try again later."), MSG_ERR, __FILE__, __LINE__);
[1]	150	return false;
	151	}
[42]	152
[22]	153	// Ensure the file form element specified actually exists.
[1]	154	if (!isset($_FILES[$form_name])) {
[141]	155	$app->logMsg(sprintf('Form element %s does not exist.', $form_name), LOG_ERR, __FILE__, __LINE__);
[119]	156	$this->_raiseMsg(_("There was a problem with the file upload. Please try again later."), MSG_ERR, __FILE__, __LINE__);
[1]	157	return false;
	158	}
[42]	159
[1]	160	if (is_array($_FILES[$form_name]['name'])) {
	161	$files = $_FILES[$form_name];
	162	} else {
	163	// Convert variables to single-cell array so it will loop.
	164	$files = array(
	165	'name' => array($_FILES[$form_name]['name']),
	166	'type' => array($_FILES[$form_name]['type']),
	167	'tmp_name' => array($_FILES[$form_name]['tmp_name']),
	168	'error' => array($_FILES[$form_name]['error']),
	169	'size' => array($_FILES[$form_name]['size']),
	170	);
	171	}
	172
	173	// To keep this script running even if user tries to stop browser.
[42]	174	ignore_user_abort(true);
[35]	175	ini_set('max_execution_time', 300);
	176	ini_set('max_input_time', 300);
[1]	177
	178	$new_file_names = array();
	179
	180	$num = sizeof($files['name']);
	181	for ($i=0; $i<$num; $i++) {
	182	$file_path_name = '';
	183
[49]	184	if ('' == trim($files['name'][$i])) {
[1]	185	// User may not have attached a file.
[523]	186	$app->logMsg(sprintf('Skipping file %s with empty name', $i), LOG_DEBUG, __FILE__, __LINE__);
[1]	187	continue;
	188	}
[42]	189
[22]	190	// Determine final file name.
[1]	191	if ($num == 1) {
	192	// Single upload.
[286]	193	if (isset($custom_file_name)) {
	194	if (is_array($custom_file_name) && sizeof($custom_file_name) == 1) {
	195	// Is an array, but just one value. Pull it out.
[485]	196	$file_name = current($custom_file_name);
[286]	197	$this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__);
	198	$app->logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__);
	199	} else if (!is_array($custom_file_name) && '' != $custom_file_name) {
	200	// Valid custom file name.
	201	$file_name = $custom_file_name;
	202	$this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__);
	203	$app->logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__);
	204	} else {
	205	// Invalid custom file name provided. Use uploaded file name.
	206	$file_name = $files['name'][$i];
	207	$app->logMsg(sprintf('Custom filename invalid! Using uploaded file name: %s', $file_name), LOG_WARNING, __FILE__, __LINE__);
	208	}
[1]	209	} else {
[286]	210	// Normal case. Use uploaded file name.
[1]	211	$file_name = $files['name'][$i];
[136]	212	$app->logMsg(sprintf('Using uploaded file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__);
[1]	213	}
	214	} else {
	215	// Multiple upload. Final file names must be array.
[256]	216	if (isset($custom_file_name) && is_array($custom_file_name) && '' != $custom_file_name[$i]) {
[1]	217	// Valid custom file name.
	218	$file_name = $custom_file_name[$i];
[121]	219	$this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__);
[136]	220	$app->logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__);
[1]	221	} else {
	222	// Invalid custom file name provided. Use uploaded file name.
	223	$file_name = $files['name'][$i];
[136]	224	$app->logMsg(sprintf('Using uploaded file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__);
[1]	225	}
	226	}
	227
[22]	228	// Check The php upload error messages.
[259]	229	if (UPLOAD_ERR_INI_SIZE === $files['error'][$i]) { // Error code 1
[121]	230	$this->_raiseMsg(sprintf(_("The file %s failed uploading: it exceeds the maximum allowed upload file size of %s."), $file_name, ini_get('upload_max_filesize')), MSG_ERR, __FILE__, __LINE__);
[203]	231	$app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_INI_SIZE (currently %s).', $file_name, ini_get('upload_max_filesize')), LOG_ERR, __FILE__, __LINE__);
[119]	232	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_INI_SIZE);
[22]	233	continue;
	234	}
[259]	235	if (UPLOAD_ERR_FORM_SIZE === $files['error'][$i]) { // Error code 2
[121]	236	$this->_raiseMsg(sprintf(_("The file %s failed uploading: it exceeds the maximum allowed upload file size of %s."), $file_name, $_POST['MAX_FILE_SIZE']), MSG_ERR, __FILE__, __LINE__);
[203]	237	$app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_FORM_SIZE (currently %s).', $file_name, $_POST['MAX_FILE_SIZE']), LOG_ERR, __FILE__, __LINE__);
[119]	238	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_FORM_SIZE);
[22]	239	continue;
	240	}
[259]	241	if (UPLOAD_ERR_PARTIAL === $files['error'][$i]) { // Error code 3
[121]	242	$this->_raiseMsg(sprintf(_("The file %s failed uploading: it was only partially uploaded."), $file_name), MSG_ERR, __FILE__, __LINE__);
[203]	243	$app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_PARTIAL.', $file_name), LOG_ERR, __FILE__, __LINE__);
[119]	244	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_PARTIAL);
[22]	245	continue;
	246	}
[259]	247	if (UPLOAD_ERR_NO_FILE === $files['error'][$i]) { // Error code 4
[121]	248	$this->_raiseMsg(sprintf(_("The file %s failed uploading: no file was uploaded."), $file_name), MSG_ERR, __FILE__, __LINE__);
[203]	249	$app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_NO_FILE.', $file_name), LOG_ERR, __FILE__, __LINE__);
[119]	250	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_NO_FILE);
[22]	251	continue;
	252	}
[259]	253	if (UPLOAD_ERR_NO_TMP_DIR === $files['error'][$i]) { // Error code 6
[121]	254	$this->_raiseMsg(sprintf(_("The file %s failed uploading: temporary upload directory missing."), $file_name), MSG_ERR, __FILE__, __LINE__);
[203]	255	$app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_NO_TMP_DIR.', $file_name), LOG_ERR, __FILE__, __LINE__);
[119]	256	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_NO_TMP_DIR);
[22]	257	continue;
	258	}
[42]	259
[22]	260	// Check to be sure it's an uploaded file.
	261	if (!is_uploaded_file($files['tmp_name'][$i])) {
[121]	262	$this->_raiseMsg(sprintf(_("The file %s failed uploading."), $file_name), MSG_ERR, __FILE__, __LINE__);
[141]	263	$app->logMsg(sprintf('The file %s failed is_uploaded_file.', $file_name), LOG_ERR, __FILE__, __LINE__);
[119]	264	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_NOT_UPLOADED_FILE);
[22]	265	continue;
	266	}
[42]	267
[22]	268	// Check to be sure the file is not empty.
[119]	269	if ($files['size'][$i] <= 0) {
[121]	270	$this->_raiseMsg(sprintf(_("The file %s failed uploading: it contains zero bytes."), $file_name), MSG_ERR, __FILE__, __LINE__);
[141]	271	$app->logMsg(sprintf('The uploaded file %s contains zero bytes.', $file_name), LOG_ERR, __FILE__, __LINE__);
[119]	272	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_EMPTY_FILE);
[22]	273	continue;
	274	}
[42]	275
[22]	276	// Check to be sure the file has a valid file name extension.
[468]	277	if (!in_array(mb_strtolower(self::getFilenameExtension($file_name)), $this->getParam('valid_file_extensions'))) {
[558]	278	// TODO: Add option to allow any extension to be uploaded.
[121]	279	$this->_raiseMsg(sprintf(_("The file %s failed uploading: it is an unrecognized type. Files must have one of the following file name extensions: %s."), $file_name, join(', ', $this->getParam('valid_file_extensions'))), MSG_ERR, __FILE__, __LINE__);
[141]	280	$app->logMsg(sprintf('The uploaded file %s has an unrecognized file name extension.', $file_name), LOG_WARNING, __FILE__, __LINE__);
[119]	281	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_INVALID_EXTENSION);
[22]	282	continue;
	283	}
[42]	284
[22]	285	// Check to be sure the file has a unique file name.
	286	if (!$this->getParam('allow_overwriting') && $this->exists($file_name)) {
[121]	287	$this->_raiseMsg(sprintf(_("The file %s failed uploading: a file with that name already exists."), $file_name), MSG_ERR, __FILE__, __LINE__);
[142]	288	$app->logMsg(sprintf('The uploaded file %s does not have a unique filename.', $file_name), LOG_WARNING, __FILE__, __LINE__);
[119]	289	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_NOT_UNIQUE);
[22]	290	continue;
	291	}
[42]	292
[121]	293	// If the file name has no extension, use the mime-type to choose one.
	294	if (!preg_match('/\.[^.]{1,5}$/', $file_name) && function_exists('mime_content_type')) {
[558]	295	// TODO: will this run if an extension is filtered by 'valid_file_extensions'?
[121]	296	if ($ext = array_search(mime_content_type($files['tmp_name'][$i]), $this->mime_extension_map)) {
	297	$file_name .= ".$ext";
	298	}
	299	}
	300
	301	// Clean the file name of bad characters.
[593]	302	$file_name = self::cleanFileName($file_name);
[121]	303
	304	// FINAL path and file name, lowercase extension.
[468]	305	$file_extension = mb_strtolower(self::getFilenameExtension($file_name));
[247]	306	$file_name = sprintf('%s.%s', mb_substr($file_name, 0, mb_strrpos($file_name, '.')), $file_extension);
[121]	307	$file_path_name = sprintf('%s/%s', $this->getParam('upload_path'), $file_name);
	308
[1]	309	// Move the file to the final place.
	310	if (move_uploaded_file($files['tmp_name'][$i], $file_path_name)) {
[20]	311	chmod($file_path_name, $this->getParam('dest_file_perms'));
[136]	312	$app->logMsg(sprintf('File uploaded: %s', $file_path_name), LOG_INFO, __FILE__, __LINE__);
[121]	313	$this->_raiseMsg(sprintf(_("The file %s uploaded successfully."), $file_name), MSG_SUCCESS, __FILE__, __LINE__);
[1]	314	if (!isset($custom_file_name) && $files['name'][$i] != $file_name) {
	315	// Notify user if uploaded file name was modified (unless a custom file name will be used anyways).
[121]	316	$this->_raiseMsg(sprintf(_("The file %s was renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__);
[1]	317	}
	318	$new_file_names[] = array(
	319	'name' => $file_name,
[121]	320	'mime' => $files['type'][$i],
[1]	321	'size' => filesize($file_path_name),
[121]	322	'extension' => $file_extension,
	323	'original_index' => $i,
[301]	324	'original_name' => $files['name'][$i],
[1]	325	);
	326	} else {
[121]	327	$this->_raiseMsg(sprintf(_("The file %s failed uploading."), $file_name), MSG_ERR, __FILE__, __LINE__);
[141]	328	$app->logMsg(sprintf('Moving file failed: %s -> %s', $files['tmp_name'][$i], $file_path_name), LOG_ALERT, __FILE__, __LINE__);
[119]	329	$this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_MOVE_FAILED);
[1]	330	}
[121]	331
	332	// Check file extension with browsers interpretation of file type.
	333	if (isset($this->mime_extension_map[$file_extension]) && $files['type'][$i] != $this->mime_extension_map[$file_extension]) {
[595]	334	$app->logMsg(sprintf('File extension (%s) does not match mime type (%s).', $file_extension, $files['type'][$i]), LOG_DEBUG, __FILE__, __LINE__);
[121]	335	}
[1]	336	}
[42]	337
[22]	338	// Return names of files uploaded (or empty array when none processed).
	339	return $new_file_names;
[1]	340	}
[42]	341
[1]	342	/**
[37]	343	* Remove file within upload path.
[1]	344	*
[37]	345	* @access public
	346	* @param string $file_name A name of a file.
[301]	347	* @param bool $use_glob Set true to use glob to find the filename (using $file_name as a pattern)
[37]	348	* @return bool Success of operation.
[1]	349	*/
[468]	350	public function deleteFile($file_name, $use_glob=false)
[1]	351	{
[479]	352	$app =& App::getInstance();
[136]	353
[1]	354	// Ensure we have a upload directory.
[20]	355	if (!$this->getParam('upload_path')) {
[136]	356	$app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__);
[1]	357	return false;
	358	}
[42]	359
[301]	360	$file_path_name = $this->getParam('upload_path') . '/' . ($use_glob ? $this->getFilenameGlob($file_name) : $file_name);
[1]	361
	362	if (!is_file($file_path_name)) {
[806]	363	$app->logMsg(sprintf('Error deleting; not a file: %s', $file_path_name), LOG_ERR, __FILE__, __LINE__);
[1]	364	return false;
	365	} else if (unlink($file_path_name)) {
[136]	366	$app->logMsg(sprintf('Deleted file: %s', $file_path_name), LOG_INFO, __FILE__, __LINE__);
[301]	367	return true;
[1]	368	} else {
[121]	369	$this->_raiseMsg(sprintf(_("The file %s could not be deleted."), $file_name), MSG_ERR, __FILE__, __LINE__);
[141]	370	$app->logMsg(sprintf('Failed deleting file: %s', $file_path_name), LOG_ERR, __FILE__, __LINE__);
[1]	371	return false;
	372	}
	373	}
[42]	374
[1]	375	/**
[37]	376	* Renames a file within the upload path.
[1]	377	*
[37]	378	* @access public
	379	* @param string $old_name The currently existing file name.
	380	* @param string $new_name The new name for this file.
	381	* @return bool Success of operation.
[1]	382	*/
[468]	383	public function moveFile($old_name, $new_name)
[1]	384	{
[479]	385	$app =& App::getInstance();
[136]	386
[1]	387	// Ensure we have an upload directory.
[20]	388	if (!$this->getParam('upload_path')) {
[136]	389	$app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__);
[1]	390	return false;
	391	}
[42]	392
[20]	393	$old_file_path_name = $this->getParam('upload_path') . '/' . $old_name;
	394	$new_file_path_name = $this->getParam('upload_path') . '/' . $new_name;
[806]	395	if (file_exists($old_file_path_name) && is_file($old_file_path_name)) {
[20]	396	if (rename($old_file_path_name, $new_file_path_name)) {
[121]	397	$this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), basename($old_file_path_name), basename($new_file_path_name)), MSG_NOTICE, __FILE__, __LINE__);
[136]	398	$app->logMsg(sprintf('File renamed from %s to %s', $old_file_path_name, $new_file_path_name), LOG_DEBUG, __FILE__, __LINE__);
[20]	399	} else {
[119]	400	$this->_raiseMsg(sprintf(_("Error renaming file to %s"), $new_file_path_name), MSG_WARNING, __FILE__, __LINE__);
[141]	401	$app->logMsg(sprintf('Error renaming file to %s', $new_file_path_name), LOG_WARNING, __FILE__, __LINE__);
[1]	402	return false;
	403	}
	404	} else {
[121]	405	$this->_raiseMsg(sprintf(_("Couldn't rename nonexistent file %s."), $old_name), MSG_WARNING, __FILE__, __LINE__);
[141]	406	$app->logMsg(sprintf('Error renaming nonexistent file: %s', $old_file_path_name), LOG_WARNING, __FILE__, __LINE__);
[1]	407	return false;
	408	}
	409	}
[42]	410
[1]	411	/**
[37]	412	* Tests if a file exists within the current upload_path.
[1]	413	*
[37]	414	* @access public
	415	* @param string $file_name A name of a file.
	416	* @return bool Existence of file.
[1]	417	*/
[468]	418	public function exists($file_name)
[1]	419	{
[479]	420	$app =& App::getInstance();
[136]	421
[1]	422	// Ensure we have a upload directory.
[20]	423	if (!$this->getParam('upload_path')) {
[136]	424	$app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__);
[1]	425	return false;
	426	}
[42]	427
[20]	428	return file_exists($this->getParam('upload_path') . '/' . $file_name);
[1]	429	}
	430
	431	/**
[42]	432	* Get filename by glob pattern. Searches a directory for an image that matches the
[20]	433	* specified glob pattern and returns the filename of the first file found.
[1]	434	*
[20]	435	* @access public
	436	* @param string $pattern Pattern to match filename.
	437	* @return string filename on success, empty string on failure.
	438	* @author Quinn Comendant <quinn@strangecode.com>
	439	* @since 15 Nov 2005 20:55:22
[1]	440	*/
[468]	441	public function getFilenameGlob($pattern)
[20]	442	{
	443	$file_list = glob(sprintf('%s/%s', $this->getParam('upload_path'), $pattern));
	444	if (isset($file_list[0])) {
	445	return basename($file_list[0]);
	446	} else {
	447	return '';
	448	}
	449	}
	450
	451	/**
[37]	452	* Returns an array of file names that failed uploading.
[20]	453	*
[37]	454	* @access public
	455	* @return array List of file names.
[20]	456	*/
[468]	457	public function getErrors()
[1]	458	{
	459	return $this->errors;
	460	}
	461
	462	/**
[334]	463	* Determines if any errors occurred while calling the Upload::process method.
[1]	464	*
[37]	465	* @access public
[1]	466	*/
[468]	467	public function anyErrors()
[22]	468	{
	469	return sizeof($this->errors) > 0;
	470	}
	471
	472	/**
[519]	473	* Returns the extension of a file name, or an empty string if none exists.
[1]	474	*
[37]	475	* @access public
[334]	476	* @param string $file_name A name of a file, with extension after a dot.
[37]	477	* @return string The value found after the dot
[1]	478	*/
[468]	479	static public function getFilenameExtension($file_name)
[1]	480	{
[37]	481	preg_match('/.*?\.(\w+)$/i', trim($file_name), $ext);
[22]	482	return isset($ext[1]) ? $ext[1] : '';
[1]	483	}
[42]	484
[1]	485	/**
[136]	486	* An alias for $app->raiseMsg that only sends messages configured by display_messages.
[1]	487	*
	488	* @access public
	489	*
	490	* @param string $message The text description of the message.
	491	* @param int $type The type of message: MSG_NOTICE,
	492	* MSG_SUCCESS, MSG_WARNING, or MSG_ERR.
	493	* @param string $file __FILE__.
	494	* @param string $line __LINE__.
	495	*/
[468]	496	public function _raiseMsg($message, $type, $file, $line)
[1]	497	{
[479]	498	$app =& App::getInstance();
[136]	499
[485]	500	if ($this->getParam('display_messages') === true \|\| (is_int($this->getParam('display_messages')) && ($this->getParam('display_messages') & $type) > 0)) {
[136]	501	$app->raiseMsg($message, $type, $file, $line);
[1]	502	}
	503	}
[530]	504
	505	/**
	506	* Remove unsafe characters from filename.
	507	* While this function has been moved to Utilities.inc.php, it should remain here for backwards compatibility.
	508	*
	509	* @access public
	510	* @param string $file_name A name of a file.
	511	* @return string The same name, but cleaned.
	512	*/
	513	public function cleanFileName($file_name)
	514	{
	515	$app =& App::getInstance();
	516
	517	$file_name = preg_replace(array(
[724]	518	'/&([a-z]{1,2})(?:acute\|cedil\|circ\|grave\|lig\|orn\|ring\|slash\|th\|tilde\|uml\|caron);/i' . $app->getParam('preg_u'),
	519	'/&(?:amp);/i' . $app->getParam('preg_u'),
	520	'/[&;]+/' . $app->getParam('preg_u'),
	521	'/[^a-zA-Z0-9()@._=+-]+/' . $app->getParam('preg_u'),
	522	'/^_+\|_+$/' . $app->getParam('preg_u')
[530]	523	), array(
	524	'$1',
	525	'and',
	526	'',
	527	'_',
	528	''
	529	), htmlentities($file_name, ENT_NOQUOTES \| ENT_IGNORE, $app->getParam('character_set')));
	530	return mb_substr($file_name, 0, 250);
	531	}
[1]	532	}
	533

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/lib/Upload.inc.php

Download in other formats: