[1] | 1 | <?php |
---|
| 2 | /** |
---|
[362] | 3 | * The Strangecode Codebase - a general application development framework for PHP |
---|
| 4 | * For details visit the project site: <http://trac.strangecode.com/codebase/> |
---|
[396] | 5 | * Copyright 2001-2012 Strangecode, LLC |
---|
[468] | 6 | * |
---|
[362] | 7 | * This file is part of The Strangecode Codebase. |
---|
| 8 | * |
---|
| 9 | * The Strangecode Codebase is free software: you can redistribute it and/or |
---|
| 10 | * modify it under the terms of the GNU General Public License as published by the |
---|
| 11 | * Free Software Foundation, either version 3 of the License, or (at your option) |
---|
| 12 | * any later version. |
---|
[468] | 13 | * |
---|
[362] | 14 | * The Strangecode Codebase is distributed in the hope that it will be useful, but |
---|
| 15 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
---|
| 16 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
---|
| 17 | * details. |
---|
[468] | 18 | * |
---|
[362] | 19 | * You should have received a copy of the GNU General Public License along with |
---|
| 20 | * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. |
---|
| 21 | */ |
---|
| 22 | |
---|
| 23 | /** |
---|
[42] | 24 | * Upload.inc.php |
---|
[20] | 25 | * |
---|
[1] | 26 | * The Upload class provides an interface to deal with http uploaded files. |
---|
| 27 | * |
---|
| 28 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 29 | * @requires App.inc.php |
---|
[119] | 30 | * @version 1.4 |
---|
[1] | 31 | */ |
---|
| 32 | |
---|
[119] | 33 | // Upload error types. |
---|
| 34 | define('UPLOAD_USER_ERR_EMPTY_FILE', 100); |
---|
| 35 | define('UPLOAD_USER_ERR_NOT_UPLOADED_FILE', 101); |
---|
| 36 | define('UPLOAD_USER_ERR_INVALID_EXTENSION', 102); |
---|
| 37 | define('UPLOAD_USER_ERR_NOT_UNIQUE', 103); |
---|
| 38 | define('UPLOAD_USER_ERR_MOVE_FAILED', 104); |
---|
[37] | 39 | |
---|
[502] | 40 | class Upload |
---|
| 41 | { |
---|
[42] | 42 | |
---|
[1] | 43 | // General object parameters. |
---|
[484] | 44 | protected $_params = array( |
---|
[42] | 45 | |
---|
[37] | 46 | // Which messages do we pass to raiseMsg? |
---|
[119] | 47 | 'display_messages' => MSG_ALL, |
---|
[42] | 48 | |
---|
[20] | 49 | // Existing files will be overwritten when there is a name conflict? |
---|
[1] | 50 | 'allow_overwriting' => false, |
---|
[20] | 51 | |
---|
| 52 | // The filesystem path to the final upload directory. |
---|
| 53 | 'upload_path' => null, |
---|
| 54 | |
---|
| 55 | // The file permissions of the uploaded files. Remember, files will be owned by the web server user. |
---|
| 56 | 'dest_file_perms' => 0600, |
---|
| 57 | |
---|
[121] | 58 | // The file permissions of the uploaded files. Remember, files will be owned by the web server user. |
---|
| 59 | 'dest_dir_perms' => 0700, |
---|
| 60 | |
---|
[334] | 61 | // Require file to have one of the following file name extensions. |
---|
[20] | 62 | 'valid_file_extensions' => array('jpg', 'jpeg', 'gif', 'png', 'pdf', 'txt', 'text', 'html', 'htm'), |
---|
[1] | 63 | ); |
---|
| 64 | |
---|
| 65 | // Array of files with errors. |
---|
[468] | 66 | public $errors = array(); |
---|
[20] | 67 | |
---|
[22] | 68 | // Array of file name extensions and corresponding mime-types. |
---|
[595] | 69 | public $mime_extension_map = array( 'ez' => 'application/andrew-inset', 'hqx' => 'application/mac-binhex40', 'cpt' => 'application/mac-compactpro', 'doc' => 'application/msword', 'bin' => 'application/octet-stream', 'class' => 'application/octet-stream', 'dll' => 'application/octet-stream', 'dms' => 'application/octet-stream', 'exe' => 'application/octet-stream', 'lha' => 'application/octet-stream', 'lzh' => 'application/octet-stream', 'so' => 'application/octet-stream', 'oda' => 'application/oda', 'pdf' => 'application/pdf', 'ai' => 'application/postscript', 'eps' => 'application/postscript', 'ps' => 'application/postscript', 'smi' => 'application/smil', 'smil' => 'application/smil', 'mif' => 'application/vnd.mif', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', 'sxc' => 'application/vnd.sun.xml.calc', 'stc' => 'application/vnd.sun.xml.calc.template', 'sxd' => 'application/vnd.sun.xml.draw', 'std' => 'application/vnd.sun.xml.draw.template', 'sxi' => 'application/vnd.sun.xml.impress', 'sti' => 'application/vnd.sun.xml.impress.template', 'sxm' => 'application/vnd.sun.xml.math', 'sxw' => 'application/vnd.sun.xml.writer', 'sxg' => 'application/vnd.sun.xml.writer.global', 'stw' => 'application/vnd.sun.xml.writer.template', 'vsd' => 'application/vnd.visio', 'wbxml' => 'application/vnd.wap.wbxml', 'wmlc' => 'application/vnd.wap.wmlc', 'wmlsc' => 'application/vnd.wap.wmlscriptc', 'bcpio' => 'application/x-bcpio', 'vcd' => 'application/x-cdlink', 'pgn' => 'application/x-chess-pgn', 'Z' => 'application/x-compress', 'cpio' => 'application/x-cpio', 'csh' => 'application/x-csh', 'dcr' => 'application/x-director', 'dir' => 'application/x-director', 'dxr' => 'application/x-director', 'dvi' => 'application/x-dvi', 'spl' => 'application/x-futuresplash', 'gtar' => 'application/x-gtar', 'tgz' => 'application/x-gtar', 'gz' => 'application/x-gzip', 'hdf' => 'application/x-hdf', 'php' => 'application/x-httpd-php', 'php3' => 'application/x-httpd-php3', 'js' => 'application/x-javascript', 'skd' => 'application/x-koan', 'skm' => 'application/x-koan', 'skp' => 'application/x-koan', 'skt' => 'application/x-koan', 'latex' => 'application/x-latex', 'wmd' => 'application/x-ms-wmd', 'wmz' => 'application/x-ms-wmz', 'cdf' => 'application/x-netcdf', 'nc' => 'application/x-netcdf', 'pl' => 'application/x-perl', 'pm' => 'application/x-perl', 'psd' => 'application/x-photoshop', 'sh' => 'application/x-sh', 'shar' => 'application/x-shar', 'swf' => 'application/x-shockwave-flash', 'sit' => 'application/x-stuffit', 'sv4cpio' => 'application/x-sv4cpio', 'sv4crc' => 'application/x-sv4crc', 'tar' => 'application/x-tar', 'tcl' => 'application/x-tcl', 'tex' => 'application/x-tex', 'texi' => 'application/x-texinfo', 'texinfo' => 'application/x-texinfo', 'roff' => 'application/x-troff', 't' => 'application/x-troff', 'tr' => 'application/x-troff', 'man' => 'application/x-troff-man', 'me' => 'application/x-troff-me', 'ms' => 'application/x-troff-ms', 'ustar' => 'application/x-ustar', 'src' => 'application/x-wais-source', 'xht' => 'application/xhtml+xml', 'xhtml' => 'application/xhtml+xml', 'xml' => 'application/xml', 'zip' => 'application/zip', 'au' => 'audio/basic', 'snd' => 'audio/basic', 'kar' => 'audio/midi', 'mid' => 'audio/midi', 'midi' => 'audio/midi', 'mp2' => 'audio/mpeg', 'mp3' => 'audio/mp3', 'mpga' => 'audio/mpeg', 'aif' => 'audio/x-aiff', 'aifc' => 'audio/x-aiff', 'aiff' => 'audio/x-aiff', 'm3u' => 'audio/x-mpegurl', 'wax' => 'audio/x-ms-wax', 'wma' => 'audio/x-ms-wma', 'ram' => 'audio/x-pn-realaudio', 'rm' => 'audio/x-pn-realaudio', 'rpm' => 'audio/x-pn-realaudio-plugin', 'ra' => 'audio/x-realaudio', 'wav' => 'audio/x-wav', 'pdb' => 'chemical/x-pdb', 'xyz' => 'chemical/x-xyz', 'bmp' => 'image/bmp', 'gif' => 'image/gif', 'ief' => 'image/ief', 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'png' => 'image/png', 'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'wbmp' => 'image/vnd.wap.wbmp', 'ras' => 'image/x-cmu-raster', 'pnm' => 'image/x-portable-anymap', 'pbm' => 'image/x-portable-bitmap', 'pgm' => 'image/x-portable-graymap', 'ppm' => 'image/x-portable-pixmap', 'rgb' => 'image/x-rgb', 'xbm' => 'image/x-xbitmap', 'xpm' => 'image/x-xpixmap', 'xwd' => 'image/x-xwindowdump', 'iges' => 'model/iges', 'igs' => 'model/iges', 'mesh' => 'model/mesh', 'msh' => 'model/mesh', 'silo' => 'model/mesh', 'vrml' => 'model/vrml', 'wrl' => 'model/vrml', 'ics' => 'text/calendar', 'ifb' => 'text/calendar', 'vcs' => 'text/calendar', 'vfb' => 'text/calendar', 'css' => 'text/css', 'csv' => 'text/csv', 'diff' => 'text/diff', 'patch' => 'text/diff', 'htm' => 'text/html', 'html' => 'text/html', 'shtml' => 'text/html', 'asc' => 'text/plain', 'log' => 'text/plain', 'po' => 'text/plain', 'txt' => 'text/plain', 'rtx' => 'text/richtext', 'rtf' => 'text/rtf', 'sgm' => 'text/sgml', 'sgml' => 'text/sgml', 'tsv' => 'text/tab-separated-values', 'wml' => 'text/vnd.wap.wml', 'wmls' => 'text/vnd.wap.wmlscript', 'etx' => 'text/x-setext', 'vcf' => 'text/x-vcard', 'xsl' => 'text/xml', 'mp4' => 'video/mp4', 'mpe' => 'video/mpeg', 'mpeg' => 'video/mpeg', 'mpg' => 'video/mpeg', 'mov' => 'video/quicktime', 'qt' => 'video/quicktime', 'mxu' => 'video/vnd.mpegurl', 'asf' => 'video/x-ms-asf', 'asx' => 'video/x-ms-asf', 'wm' => 'video/x-ms-wm', 'wmv' => 'video/x-ms-wmv', 'wmx' => 'video/x-ms-wmx', 'wvx' => 'video/x-ms-wvx', 'avi' => 'video/x-msvideo', 'movie' => 'video/x-sgi-movie', 'ice' => 'x-conference/x-cooltalk', ); |
---|
[42] | 70 | |
---|
[1] | 71 | /** |
---|
| 72 | * Set (or overwrite existing) parameters by passing an array of new parameters. |
---|
| 73 | * |
---|
| 74 | * @access public |
---|
| 75 | * @param array $params Array of parameters (key => val pairs). |
---|
| 76 | */ |
---|
[468] | 77 | public function setParam($params) |
---|
[1] | 78 | { |
---|
[479] | 79 | $app =& App::getInstance(); |
---|
[136] | 80 | |
---|
[1] | 81 | if (isset($params) && is_array($params)) { |
---|
[20] | 82 | // Enforce valid upload_path parameter. |
---|
| 83 | if (isset($params['upload_path'])) { |
---|
[152] | 84 | // Source must be directory. |
---|
[523] | 85 | if (!is_dir($params['upload_path'])) { |
---|
| 86 | $app->logMsg(sprintf('Attempting to auto-create upload directory: %s', $params['upload_path']), LOG_NOTICE, __FILE__, __LINE__); |
---|
| 87 | mkdir($params['upload_path'], isset($params['dest_dir_perms']) ? $params['dest_dir_perms'] : $this->getParam('dest_dir_perms'), true); |
---|
| 88 | if (is_dir($params['upload_path'])) { |
---|
| 89 | $app->logMsg(sprintf('Created upload directory: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__); |
---|
[152] | 90 | } else { |
---|
[523] | 91 | $app->logMsg(sprintf('Upload directory not found: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__); |
---|
| 92 | trigger_error(sprintf('Upload directory not found: %s', $params['upload_path']), E_USER_ERROR); |
---|
[152] | 93 | } |
---|
[20] | 94 | } |
---|
[152] | 95 | // Source must be writable. |
---|
[523] | 96 | if (!is_writable($params['upload_path'])) { |
---|
[136] | 97 | $app->logMsg(sprintf('Upload directory not writable: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__); |
---|
[20] | 98 | trigger_error(sprintf('Upload directory not writable: %s', $params['upload_path']), E_USER_ERROR); |
---|
| 99 | } |
---|
| 100 | } |
---|
[42] | 101 | |
---|
[1] | 102 | // Merge new parameters with old overriding only those passed. |
---|
| 103 | $this->_params = array_merge($this->_params, $params); |
---|
| 104 | } else { |
---|
[136] | 105 | $app->logMsg(sprintf('Parameters are not an array: %s', $params), LOG_ERR, __FILE__, __LINE__); |
---|
[1] | 106 | } |
---|
| 107 | } |
---|
| 108 | |
---|
| 109 | /** |
---|
| 110 | * Return the value of a parameter, if it exists. |
---|
| 111 | * |
---|
| 112 | * @access public |
---|
| 113 | * @param string $param Which parameter to return. |
---|
| 114 | * @return mixed Configured parameter value. |
---|
| 115 | */ |
---|
[468] | 116 | public function getParam($param) |
---|
[1] | 117 | { |
---|
[479] | 118 | $app =& App::getInstance(); |
---|
[468] | 119 | |
---|
[478] | 120 | if (array_key_exists($param, $this->_params)) { |
---|
[1] | 121 | return $this->_params[$param]; |
---|
| 122 | } else { |
---|
[146] | 123 | $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); |
---|
[1] | 124 | return null; |
---|
| 125 | } |
---|
| 126 | } |
---|
| 127 | |
---|
| 128 | /** |
---|
[37] | 129 | * Process uploaded files. Processes files existing within the specified $_FILES['form_name'] array. |
---|
[42] | 130 | * It tests for errors, cleans the filename, optionally sets custom file names. It will process |
---|
[37] | 131 | * multiple files automatically if the file form element is an array (<input type="file" name="myfiles[]" />). |
---|
[1] | 132 | * |
---|
[37] | 133 | * @access public |
---|
| 134 | * @param string $form_name The name of the form to process. |
---|
[256] | 135 | * @param string $custom_file_name The new name of the file. An array of filenames in the case of multiple files. |
---|
[334] | 136 | * @return mixed Returns FALSE if a major error occurred preventing any file uploads. |
---|
| 137 | * Returns an empty array if any minor errors occurred or no files were found. |
---|
| 138 | * Returns a multidimensional array of filenames, sizes and extensions, if one-or-more files succeeded uploading. |
---|
[37] | 139 | * Note: this last option presents a problem in the case of when some files uploaded successfully, and some failed. |
---|
| 140 | * In this case it is necessary to check the Upload::anyErrors method to discover if any did fail. |
---|
[1] | 141 | */ |
---|
[468] | 142 | public function process($form_name, $custom_file_name=null) |
---|
[1] | 143 | { |
---|
[479] | 144 | $app =& App::getInstance(); |
---|
[136] | 145 | |
---|
[1] | 146 | // Ensure we have a upload directory. |
---|
[20] | 147 | if (!$this->getParam('upload_path')) { |
---|
[136] | 148 | $app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); |
---|
[119] | 149 | $this->_raiseMsg(_("There was a problem with the file upload. Please try again later."), MSG_ERR, __FILE__, __LINE__); |
---|
[1] | 150 | return false; |
---|
| 151 | } |
---|
[42] | 152 | |
---|
[22] | 153 | // Ensure the file form element specified actually exists. |
---|
[1] | 154 | if (!isset($_FILES[$form_name])) { |
---|
[141] | 155 | $app->logMsg(sprintf('Form element %s does not exist.', $form_name), LOG_ERR, __FILE__, __LINE__); |
---|
[119] | 156 | $this->_raiseMsg(_("There was a problem with the file upload. Please try again later."), MSG_ERR, __FILE__, __LINE__); |
---|
[1] | 157 | return false; |
---|
| 158 | } |
---|
[42] | 159 | |
---|
[1] | 160 | if (is_array($_FILES[$form_name]['name'])) { |
---|
| 161 | $files = $_FILES[$form_name]; |
---|
| 162 | } else { |
---|
| 163 | // Convert variables to single-cell array so it will loop. |
---|
| 164 | $files = array( |
---|
| 165 | 'name' => array($_FILES[$form_name]['name']), |
---|
| 166 | 'type' => array($_FILES[$form_name]['type']), |
---|
| 167 | 'tmp_name' => array($_FILES[$form_name]['tmp_name']), |
---|
| 168 | 'error' => array($_FILES[$form_name]['error']), |
---|
| 169 | 'size' => array($_FILES[$form_name]['size']), |
---|
| 170 | ); |
---|
| 171 | } |
---|
| 172 | |
---|
| 173 | // To keep this script running even if user tries to stop browser. |
---|
[42] | 174 | ignore_user_abort(true); |
---|
[35] | 175 | ini_set('max_execution_time', 300); |
---|
| 176 | ini_set('max_input_time', 300); |
---|
[1] | 177 | |
---|
| 178 | $new_file_names = array(); |
---|
| 179 | |
---|
| 180 | $num = sizeof($files['name']); |
---|
| 181 | for ($i=0; $i<$num; $i++) { |
---|
| 182 | $file_path_name = ''; |
---|
| 183 | |
---|
[817] | 184 | if ('' === trim($files['name'][$i])) { |
---|
[1] | 185 | // User may not have attached a file. |
---|
[523] | 186 | $app->logMsg(sprintf('Skipping file %s with empty name', $i), LOG_DEBUG, __FILE__, __LINE__); |
---|
[1] | 187 | continue; |
---|
| 188 | } |
---|
[42] | 189 | |
---|
[22] | 190 | // Determine final file name. |
---|
[1] | 191 | if ($num == 1) { |
---|
| 192 | // Single upload. |
---|
[286] | 193 | if (isset($custom_file_name)) { |
---|
| 194 | if (is_array($custom_file_name) && sizeof($custom_file_name) == 1) { |
---|
| 195 | // Is an array, but just one value. Pull it out. |
---|
[485] | 196 | $file_name = current($custom_file_name); |
---|
[286] | 197 | $this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); |
---|
| 198 | $app->logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 199 | } else if (!is_array($custom_file_name) && '' != $custom_file_name) { |
---|
| 200 | // Valid custom file name. |
---|
| 201 | $file_name = $custom_file_name; |
---|
| 202 | $this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); |
---|
| 203 | $app->logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 204 | } else { |
---|
| 205 | // Invalid custom file name provided. Use uploaded file name. |
---|
| 206 | $file_name = $files['name'][$i]; |
---|
| 207 | $app->logMsg(sprintf('Custom filename invalid! Using uploaded file name: %s', $file_name), LOG_WARNING, __FILE__, __LINE__); |
---|
| 208 | } |
---|
[1] | 209 | } else { |
---|
[286] | 210 | // Normal case. Use uploaded file name. |
---|
[1] | 211 | $file_name = $files['name'][$i]; |
---|
[136] | 212 | $app->logMsg(sprintf('Using uploaded file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
[1] | 213 | } |
---|
| 214 | } else { |
---|
| 215 | // Multiple upload. Final file names must be array. |
---|
[256] | 216 | if (isset($custom_file_name) && is_array($custom_file_name) && '' != $custom_file_name[$i]) { |
---|
[1] | 217 | // Valid custom file name. |
---|
| 218 | $file_name = $custom_file_name[$i]; |
---|
[121] | 219 | $this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); |
---|
[136] | 220 | $app->logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
[1] | 221 | } else { |
---|
| 222 | // Invalid custom file name provided. Use uploaded file name. |
---|
| 223 | $file_name = $files['name'][$i]; |
---|
[136] | 224 | $app->logMsg(sprintf('Using uploaded file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
[1] | 225 | } |
---|
| 226 | } |
---|
| 227 | |
---|
[22] | 228 | // Check The php upload error messages. |
---|
[259] | 229 | if (UPLOAD_ERR_INI_SIZE === $files['error'][$i]) { // Error code 1 |
---|
[121] | 230 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it exceeds the maximum allowed upload file size of %s."), $file_name, ini_get('upload_max_filesize')), MSG_ERR, __FILE__, __LINE__); |
---|
[203] | 231 | $app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_INI_SIZE (currently %s).', $file_name, ini_get('upload_max_filesize')), LOG_ERR, __FILE__, __LINE__); |
---|
[119] | 232 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_INI_SIZE); |
---|
[22] | 233 | continue; |
---|
| 234 | } |
---|
[259] | 235 | if (UPLOAD_ERR_FORM_SIZE === $files['error'][$i]) { // Error code 2 |
---|
[121] | 236 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it exceeds the maximum allowed upload file size of %s."), $file_name, $_POST['MAX_FILE_SIZE']), MSG_ERR, __FILE__, __LINE__); |
---|
[203] | 237 | $app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_FORM_SIZE (currently %s).', $file_name, $_POST['MAX_FILE_SIZE']), LOG_ERR, __FILE__, __LINE__); |
---|
[119] | 238 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_FORM_SIZE); |
---|
[22] | 239 | continue; |
---|
| 240 | } |
---|
[259] | 241 | if (UPLOAD_ERR_PARTIAL === $files['error'][$i]) { // Error code 3 |
---|
[121] | 242 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it was only partially uploaded."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
[203] | 243 | $app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_PARTIAL.', $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
[119] | 244 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_PARTIAL); |
---|
[22] | 245 | continue; |
---|
| 246 | } |
---|
[259] | 247 | if (UPLOAD_ERR_NO_FILE === $files['error'][$i]) { // Error code 4 |
---|
[121] | 248 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: no file was uploaded."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
[203] | 249 | $app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_NO_FILE.', $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
[119] | 250 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_NO_FILE); |
---|
[22] | 251 | continue; |
---|
| 252 | } |
---|
[259] | 253 | if (UPLOAD_ERR_NO_TMP_DIR === $files['error'][$i]) { // Error code 6 |
---|
[121] | 254 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: temporary upload directory missing."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
[203] | 255 | $app->logMsg(sprintf('The file %s failed uploading with PHP error UPLOAD_ERR_NO_TMP_DIR.', $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
[119] | 256 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_NO_TMP_DIR); |
---|
[22] | 257 | continue; |
---|
| 258 | } |
---|
[42] | 259 | |
---|
[22] | 260 | // Check to be sure it's an uploaded file. |
---|
| 261 | if (!is_uploaded_file($files['tmp_name'][$i])) { |
---|
[121] | 262 | $this->_raiseMsg(sprintf(_("The file %s failed uploading."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
[141] | 263 | $app->logMsg(sprintf('The file %s failed is_uploaded_file.', $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
[119] | 264 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_NOT_UPLOADED_FILE); |
---|
[22] | 265 | continue; |
---|
| 266 | } |
---|
[42] | 267 | |
---|
[22] | 268 | // Check to be sure the file is not empty. |
---|
[119] | 269 | if ($files['size'][$i] <= 0) { |
---|
[121] | 270 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it contains zero bytes."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
[141] | 271 | $app->logMsg(sprintf('The uploaded file %s contains zero bytes.', $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
[119] | 272 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_EMPTY_FILE); |
---|
[22] | 273 | continue; |
---|
| 274 | } |
---|
[42] | 275 | |
---|
[22] | 276 | // Check to be sure the file has a valid file name extension. |
---|
[468] | 277 | if (!in_array(mb_strtolower(self::getFilenameExtension($file_name)), $this->getParam('valid_file_extensions'))) { |
---|
[558] | 278 | // TODO: Add option to allow any extension to be uploaded. |
---|
[121] | 279 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it is an unrecognized type. Files must have one of the following file name extensions: %s."), $file_name, join(', ', $this->getParam('valid_file_extensions'))), MSG_ERR, __FILE__, __LINE__); |
---|
[141] | 280 | $app->logMsg(sprintf('The uploaded file %s has an unrecognized file name extension.', $file_name), LOG_WARNING, __FILE__, __LINE__); |
---|
[119] | 281 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_INVALID_EXTENSION); |
---|
[22] | 282 | continue; |
---|
| 283 | } |
---|
[42] | 284 | |
---|
[22] | 285 | // Check to be sure the file has a unique file name. |
---|
| 286 | if (!$this->getParam('allow_overwriting') && $this->exists($file_name)) { |
---|
[121] | 287 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: a file with that name already exists."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
[142] | 288 | $app->logMsg(sprintf('The uploaded file %s does not have a unique filename.', $file_name), LOG_WARNING, __FILE__, __LINE__); |
---|
[119] | 289 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_NOT_UNIQUE); |
---|
[22] | 290 | continue; |
---|
| 291 | } |
---|
[42] | 292 | |
---|
[121] | 293 | // If the file name has no extension, use the mime-type to choose one. |
---|
| 294 | if (!preg_match('/\.[^.]{1,5}$/', $file_name) && function_exists('mime_content_type')) { |
---|
[558] | 295 | // TODO: will this run if an extension is filtered by 'valid_file_extensions'? |
---|
[121] | 296 | if ($ext = array_search(mime_content_type($files['tmp_name'][$i]), $this->mime_extension_map)) { |
---|
| 297 | $file_name .= ".$ext"; |
---|
| 298 | } |
---|
| 299 | } |
---|
| 300 | |
---|
| 301 | // Clean the file name of bad characters. |
---|
[593] | 302 | $file_name = self::cleanFileName($file_name); |
---|
[121] | 303 | |
---|
| 304 | // FINAL path and file name, lowercase extension. |
---|
[468] | 305 | $file_extension = mb_strtolower(self::getFilenameExtension($file_name)); |
---|
[247] | 306 | $file_name = sprintf('%s.%s', mb_substr($file_name, 0, mb_strrpos($file_name, '.')), $file_extension); |
---|
[121] | 307 | $file_path_name = sprintf('%s/%s', $this->getParam('upload_path'), $file_name); |
---|
| 308 | |
---|
[1] | 309 | // Move the file to the final place. |
---|
| 310 | if (move_uploaded_file($files['tmp_name'][$i], $file_path_name)) { |
---|
[20] | 311 | chmod($file_path_name, $this->getParam('dest_file_perms')); |
---|
[136] | 312 | $app->logMsg(sprintf('File uploaded: %s', $file_path_name), LOG_INFO, __FILE__, __LINE__); |
---|
[121] | 313 | $this->_raiseMsg(sprintf(_("The file %s uploaded successfully."), $file_name), MSG_SUCCESS, __FILE__, __LINE__); |
---|
[1] | 314 | if (!isset($custom_file_name) && $files['name'][$i] != $file_name) { |
---|
| 315 | // Notify user if uploaded file name was modified (unless a custom file name will be used anyways). |
---|
[121] | 316 | $this->_raiseMsg(sprintf(_("The file %s was renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); |
---|
[1] | 317 | } |
---|
| 318 | $new_file_names[] = array( |
---|
| 319 | 'name' => $file_name, |
---|
[121] | 320 | 'mime' => $files['type'][$i], |
---|
[1] | 321 | 'size' => filesize($file_path_name), |
---|
[121] | 322 | 'extension' => $file_extension, |
---|
| 323 | 'original_index' => $i, |
---|
[301] | 324 | 'original_name' => $files['name'][$i], |
---|
[1] | 325 | ); |
---|
| 326 | } else { |
---|
[121] | 327 | $this->_raiseMsg(sprintf(_("The file %s failed uploading."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
[141] | 328 | $app->logMsg(sprintf('Moving file failed: %s -> %s', $files['tmp_name'][$i], $file_path_name), LOG_ALERT, __FILE__, __LINE__); |
---|
[119] | 329 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_MOVE_FAILED); |
---|
[1] | 330 | } |
---|
[121] | 331 | |
---|
| 332 | // Check file extension with browsers interpretation of file type. |
---|
| 333 | if (isset($this->mime_extension_map[$file_extension]) && $files['type'][$i] != $this->mime_extension_map[$file_extension]) { |
---|
[595] | 334 | $app->logMsg(sprintf('File extension (%s) does not match mime type (%s).', $file_extension, $files['type'][$i]), LOG_DEBUG, __FILE__, __LINE__); |
---|
[121] | 335 | } |
---|
[1] | 336 | } |
---|
[42] | 337 | |
---|
[22] | 338 | // Return names of files uploaded (or empty array when none processed). |
---|
| 339 | return $new_file_names; |
---|
[1] | 340 | } |
---|
[42] | 341 | |
---|
[1] | 342 | /** |
---|
[37] | 343 | * Remove file within upload path. |
---|
[1] | 344 | * |
---|
[37] | 345 | * @access public |
---|
| 346 | * @param string $file_name A name of a file. |
---|
[301] | 347 | * @param bool $use_glob Set true to use glob to find the filename (using $file_name as a pattern) |
---|
[37] | 348 | * @return bool Success of operation. |
---|
[1] | 349 | */ |
---|
[468] | 350 | public function deleteFile($file_name, $use_glob=false) |
---|
[1] | 351 | { |
---|
[479] | 352 | $app =& App::getInstance(); |
---|
[136] | 353 | |
---|
[1] | 354 | // Ensure we have a upload directory. |
---|
[20] | 355 | if (!$this->getParam('upload_path')) { |
---|
[136] | 356 | $app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); |
---|
[1] | 357 | return false; |
---|
| 358 | } |
---|
[42] | 359 | |
---|
[301] | 360 | $file_path_name = $this->getParam('upload_path') . '/' . ($use_glob ? $this->getFilenameGlob($file_name) : $file_name); |
---|
[1] | 361 | |
---|
| 362 | if (!is_file($file_path_name)) { |
---|
[806] | 363 | $app->logMsg(sprintf('Error deleting; not a file: %s', $file_path_name), LOG_ERR, __FILE__, __LINE__); |
---|
[1] | 364 | return false; |
---|
| 365 | } else if (unlink($file_path_name)) { |
---|
[136] | 366 | $app->logMsg(sprintf('Deleted file: %s', $file_path_name), LOG_INFO, __FILE__, __LINE__); |
---|
[301] | 367 | return true; |
---|
[1] | 368 | } else { |
---|
[121] | 369 | $this->_raiseMsg(sprintf(_("The file %s could not be deleted."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
[141] | 370 | $app->logMsg(sprintf('Failed deleting file: %s', $file_path_name), LOG_ERR, __FILE__, __LINE__); |
---|
[1] | 371 | return false; |
---|
| 372 | } |
---|
| 373 | } |
---|
[42] | 374 | |
---|
[1] | 375 | /** |
---|
[37] | 376 | * Renames a file within the upload path. |
---|
[1] | 377 | * |
---|
[37] | 378 | * @access public |
---|
| 379 | * @param string $old_name The currently existing file name. |
---|
| 380 | * @param string $new_name The new name for this file. |
---|
| 381 | * @return bool Success of operation. |
---|
[1] | 382 | */ |
---|
[468] | 383 | public function moveFile($old_name, $new_name) |
---|
[1] | 384 | { |
---|
[479] | 385 | $app =& App::getInstance(); |
---|
[136] | 386 | |
---|
[1] | 387 | // Ensure we have an upload directory. |
---|
[20] | 388 | if (!$this->getParam('upload_path')) { |
---|
[136] | 389 | $app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); |
---|
[1] | 390 | return false; |
---|
| 391 | } |
---|
[42] | 392 | |
---|
[20] | 393 | $old_file_path_name = $this->getParam('upload_path') . '/' . $old_name; |
---|
| 394 | $new_file_path_name = $this->getParam('upload_path') . '/' . $new_name; |
---|
[806] | 395 | if (file_exists($old_file_path_name) && is_file($old_file_path_name)) { |
---|
[20] | 396 | if (rename($old_file_path_name, $new_file_path_name)) { |
---|
[121] | 397 | $this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), basename($old_file_path_name), basename($new_file_path_name)), MSG_NOTICE, __FILE__, __LINE__); |
---|
[136] | 398 | $app->logMsg(sprintf('File renamed from %s to %s', $old_file_path_name, $new_file_path_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
[20] | 399 | } else { |
---|
[119] | 400 | $this->_raiseMsg(sprintf(_("Error renaming file to %s"), $new_file_path_name), MSG_WARNING, __FILE__, __LINE__); |
---|
[141] | 401 | $app->logMsg(sprintf('Error renaming file to %s', $new_file_path_name), LOG_WARNING, __FILE__, __LINE__); |
---|
[1] | 402 | return false; |
---|
| 403 | } |
---|
| 404 | } else { |
---|
[121] | 405 | $this->_raiseMsg(sprintf(_("Couldn't rename nonexistent file %s."), $old_name), MSG_WARNING, __FILE__, __LINE__); |
---|
[141] | 406 | $app->logMsg(sprintf('Error renaming nonexistent file: %s', $old_file_path_name), LOG_WARNING, __FILE__, __LINE__); |
---|
[1] | 407 | return false; |
---|
| 408 | } |
---|
| 409 | } |
---|
[42] | 410 | |
---|
[1] | 411 | /** |
---|
[37] | 412 | * Tests if a file exists within the current upload_path. |
---|
[1] | 413 | * |
---|
[37] | 414 | * @access public |
---|
| 415 | * @param string $file_name A name of a file. |
---|
| 416 | * @return bool Existence of file. |
---|
[1] | 417 | */ |
---|
[468] | 418 | public function exists($file_name) |
---|
[1] | 419 | { |
---|
[479] | 420 | $app =& App::getInstance(); |
---|
[136] | 421 | |
---|
[1] | 422 | // Ensure we have a upload directory. |
---|
[20] | 423 | if (!$this->getParam('upload_path')) { |
---|
[136] | 424 | $app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); |
---|
[1] | 425 | return false; |
---|
| 426 | } |
---|
[42] | 427 | |
---|
[20] | 428 | return file_exists($this->getParam('upload_path') . '/' . $file_name); |
---|
[1] | 429 | } |
---|
| 430 | |
---|
| 431 | /** |
---|
[42] | 432 | * Get filename by glob pattern. Searches a directory for an image that matches the |
---|
[20] | 433 | * specified glob pattern and returns the filename of the first file found. |
---|
[1] | 434 | * |
---|
[20] | 435 | * @access public |
---|
| 436 | * @param string $pattern Pattern to match filename. |
---|
| 437 | * @return string filename on success, empty string on failure. |
---|
| 438 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 439 | * @since 15 Nov 2005 20:55:22 |
---|
[1] | 440 | */ |
---|
[468] | 441 | public function getFilenameGlob($pattern) |
---|
[20] | 442 | { |
---|
| 443 | $file_list = glob(sprintf('%s/%s', $this->getParam('upload_path'), $pattern)); |
---|
| 444 | if (isset($file_list[0])) { |
---|
| 445 | return basename($file_list[0]); |
---|
| 446 | } else { |
---|
| 447 | return ''; |
---|
| 448 | } |
---|
| 449 | } |
---|
| 450 | |
---|
| 451 | /** |
---|
[37] | 452 | * Returns an array of file names that failed uploading. |
---|
[20] | 453 | * |
---|
[37] | 454 | * @access public |
---|
| 455 | * @return array List of file names. |
---|
[20] | 456 | */ |
---|
[468] | 457 | public function getErrors() |
---|
[1] | 458 | { |
---|
| 459 | return $this->errors; |
---|
| 460 | } |
---|
| 461 | |
---|
| 462 | /** |
---|
[334] | 463 | * Determines if any errors occurred while calling the Upload::process method. |
---|
[1] | 464 | * |
---|
[37] | 465 | * @access public |
---|
[1] | 466 | */ |
---|
[468] | 467 | public function anyErrors() |
---|
[22] | 468 | { |
---|
| 469 | return sizeof($this->errors) > 0; |
---|
| 470 | } |
---|
| 471 | |
---|
| 472 | /** |
---|
[519] | 473 | * Returns the extension of a file name, or an empty string if none exists. |
---|
[1] | 474 | * |
---|
[37] | 475 | * @access public |
---|
[334] | 476 | * @param string $file_name A name of a file, with extension after a dot. |
---|
[37] | 477 | * @return string The value found after the dot |
---|
[1] | 478 | */ |
---|
[468] | 479 | static public function getFilenameExtension($file_name) |
---|
[1] | 480 | { |
---|
[37] | 481 | preg_match('/.*?\.(\w+)$/i', trim($file_name), $ext); |
---|
[22] | 482 | return isset($ext[1]) ? $ext[1] : ''; |
---|
[1] | 483 | } |
---|
[42] | 484 | |
---|
[1] | 485 | /** |
---|
[136] | 486 | * An alias for $app->raiseMsg that only sends messages configured by display_messages. |
---|
[1] | 487 | * |
---|
| 488 | * @access public |
---|
| 489 | * |
---|
| 490 | * @param string $message The text description of the message. |
---|
| 491 | * @param int $type The type of message: MSG_NOTICE, |
---|
| 492 | * MSG_SUCCESS, MSG_WARNING, or MSG_ERR. |
---|
| 493 | * @param string $file __FILE__. |
---|
| 494 | * @param string $line __LINE__. |
---|
| 495 | */ |
---|
[468] | 496 | public function _raiseMsg($message, $type, $file, $line) |
---|
[1] | 497 | { |
---|
[479] | 498 | $app =& App::getInstance(); |
---|
[136] | 499 | |
---|
[485] | 500 | if ($this->getParam('display_messages') === true || (is_int($this->getParam('display_messages')) && ($this->getParam('display_messages') & $type) > 0)) { |
---|
[136] | 501 | $app->raiseMsg($message, $type, $file, $line); |
---|
[1] | 502 | } |
---|
| 503 | } |
---|
[530] | 504 | |
---|
| 505 | /** |
---|
| 506 | * Remove unsafe characters from filename. |
---|
| 507 | * While this function has been moved to Utilities.inc.php, it should remain here for backwards compatibility. |
---|
| 508 | * |
---|
| 509 | * @access public |
---|
| 510 | * @param string $file_name A name of a file. |
---|
| 511 | * @return string The same name, but cleaned. |
---|
| 512 | */ |
---|
| 513 | public function cleanFileName($file_name) |
---|
| 514 | { |
---|
| 515 | $app =& App::getInstance(); |
---|
| 516 | |
---|
| 517 | $file_name = preg_replace(array( |
---|
[724] | 518 | '/&([a-z]{1,2})(?:acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml|caron);/i' . $app->getParam('preg_u'), |
---|
| 519 | '/&(?:amp);/i' . $app->getParam('preg_u'), |
---|
| 520 | '/[&;]+/' . $app->getParam('preg_u'), |
---|
| 521 | '/[^a-zA-Z0-9()@._=+-]+/' . $app->getParam('preg_u'), |
---|
| 522 | '/^_+|_+$/' . $app->getParam('preg_u') |
---|
[530] | 523 | ), array( |
---|
| 524 | '$1', |
---|
| 525 | 'and', |
---|
| 526 | '', |
---|
| 527 | '_', |
---|
| 528 | '' |
---|
| 529 | ), htmlentities($file_name, ENT_NOQUOTES | ENT_IGNORE, $app->getParam('character_set'))); |
---|
| 530 | return mb_substr($file_name, 0, 250); |
---|
| 531 | } |
---|
[1] | 532 | } |
---|
| 533 | |
---|