public static function download($fileID = null)
{
if ($fileID == null) {
return null;
}
$upload = Upload::load($fileID);
return self::base() . '/download/' . $fileID . '/' . $upload->getOriginalName();
}
public function testInvalidFileExtensionValidatingMimeType()
{
// setup plaintext file with invalid extension
$tmpFileName = 'UploadTest-testUpload.jpg';
$tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName;
$tmpFileContent = '';
for ($i = 0; $i < 10000; $i++) {
$tmpFileContent .= '0';
}
file_put_contents($tmpFilePath, $tmpFileContent);
// emulates the $_FILES array
$tmpFile = array('name' => $tmpFileName, 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'jpg', 'error' => UPLOAD_ERR_OK);
$u = new Upload();
$u->setValidator(new MimeUploadValidator());
$result = $u->load($tmpFile);
$errors = $u->getErrors();
$this->assertFalse($result, 'Load failed because file extension does not match excepted MIME type');
$this->assertEquals('File extension does not match known MIME type', $errors[0]);
unlink($tmpFilePath);
}
$accepted->setStatus($status);
$accepted->save();
// log it
$logEvent = new Event(array('event_type_id' => 'edit_accepted_status', 'user_1_id' => Session::getUserID(), 'project_id' => $project->getID(), 'item_1_id' => $update->getID(), 'item_2_id' => $accepted->getID(), 'item_3_id' => $task->getID(), 'data_1' => $oldStatus, 'data_2' => $status));
$logEvent->save();
// set flag
$modified = true;
}
}
// are uploads deleted?
if (!empty($deleted)) {
$deletedIDs = '';
foreach ($deleted as $d) {
// save changes
$d = Filter::numeric($d);
$upload = Upload::load($d);
$upload->setDeleted(true);
$upload->save();
$deletedIDs .= $d . ',';
}
}
// are uploads added?
if (!empty($added)) {
$addedIDs = '';
foreach ($added as $stored => $orig) {
// save changes
$stored = Filter::text($stored);
$orig = Filter::text($orig);
$uploadID = Upload::saveToDatabase($orig, $stored, Upload::TYPE_UPDATE, $update->getID(), $project->getID());
$addedIDs .= $uploadID . ',';
}
function testUploadFileWithNoExtensionTwiceAppendsNumber()
{
// create tmp file
$tmpFileName = 'UploadTest-testUpload';
$tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName;
$tmpFileContent = '';
for ($i = 0; $i < 10000; $i++) {
$tmpFileContent .= '0';
}
file_put_contents($tmpFilePath, $tmpFileContent);
// emulates the $_FILES array
$tmpFile = array('name' => $tmpFileName, 'type' => 'text/plaintext', 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'txt', 'error' => UPLOAD_ERR_OK);
// Make sure there are none here, otherwise they get renamed incorrectly for the test.
$this->deleteTestUploadFiles("/UploadTest-testUpload.*/");
$v = new UploadTest_Validator();
$v->setAllowedExtensions(array(''));
// test upload into default folder
$u = new Upload();
$u->setValidator($v);
$u->load($tmpFile);
$file = $u->getFile();
$this->assertEquals('UploadTest-testUpload', $file->Name, 'File is uploaded without extension');
$u = new Upload();
$u->setValidator($v);
$u->load($tmpFile);
$file2 = $u->getFile();
$this->assertEquals('UploadTest-testUpload-2', $file2->Name, 'File receives a number attached to the end');
$file->delete();
$file2->delete();
}
public function testFileVersioningWithAnExistingFile()
{
$upload = function ($tmpFileName) {
// create tmp file
$tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName;
$tmpFileContent = '';
for ($i = 0; $i < 10000; $i++) {
$tmpFileContent .= '0';
}
file_put_contents($tmpFilePath, $tmpFileContent);
// emulates the $_FILES array
$tmpFile = array('name' => $tmpFileName, 'type' => 'text/plaintext', 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'jpg', 'error' => UPLOAD_ERR_OK);
$v = new UploadTest_Validator();
// test upload into default folder
$u = new Upload();
$u->setReplaceFile(false);
$u->setValidator($v);
$u->load($tmpFile);
return $u->getFile();
};
$file1 = $upload('UploadTest-testUpload.jpg');
$this->assertEquals('UploadTest-testUpload.jpg', $file1->Name, 'File does not receive new name');
$file2 = $upload('UploadTest-testUpload.jpg');
$this->assertEquals('UploadTest-testUpload2.jpg', $file2->Name, 'File does receive new name');
$file3 = $upload('UploadTest-testUpload.jpg');
$this->assertEquals('UploadTest-testUpload3.jpg', $file3->Name, 'File does receive new name');
$file4 = $upload('UploadTest-testUpload3.jpg');
$this->assertEquals('UploadTest-testUpload4.jpg', $file4->Name, 'File does receive new name');
$file1->delete();
$file2->delete();
$file3->delete();
$file4->delete();
}
private function buildScreenshots(Addon $addon, PackageInterface $package, $path)
{
$extra = $package->getExtra();
$screenshots = array();
$target = self::SCREENSHOTS_DIR . '/' . $addon->Name;
if (isset($extra['screenshots'])) {
$screenshots = (array) $extra['screenshots'];
} elseif (isset($extra['screenshot'])) {
$screenshots = (array) $extra['screenshot'];
}
// Delete existing screenshots.
foreach ($addon->Screenshots() as $screenshot) {
$screenshot->delete();
}
$addon->Screenshots()->removeAll();
foreach ($screenshots as $screenshot) {
if (!is_string($screenshot)) {
continue;
}
$scheme = parse_url($screenshot, PHP_URL_SCHEME);
// Handle absolute image URLs.
if ($scheme == 'http' || $scheme == 'https') {
$temp = TEMP_FOLDER . '/' . md5($screenshot);
if (!copy($screenshot, $temp)) {
continue;
}
$data = array('name' => basename($screenshot), 'size' => filesize($temp), 'tmp_name' => $temp, 'error' => 0);
} else {
$source = $path . '/' . ltrim($screenshot, '/');
// Prevent directory traversal.
if ($source != realpath($source)) {
continue;
}
if (!file_exists($source)) {
continue;
}
$data = array('name' => basename($source), 'size' => filesize($source), 'tmp_name' => $source, 'error' => 0);
}
$upload = new Upload();
$upload->setValidator(new AddonBuilderScreenshotValidator());
$upload->load($data, $target);
if ($file = $upload->getFile()) {
$addon->Screenshots()->add($file);
}
}
}
function formatEventDetails($event)
{
$details = '';
switch ($event->getEventTypeID()) {
case 'edit_update_uploads':
case 'edit_task_uploads':
$addedIDs = explode(',', $event->getData2());
$added = '';
foreach ($addedIDs as $a) {
if ($a == '') {
continue;
}
// skip blanks
$upload = Upload::load($a);
$added .= $upload->getOriginalName() . ' (' . formatFileSize($upload->getSize()) . ')<br /><br />';
}
if (!empty($added)) {
$details .= '<ins>' . $added . '</ins>';
}
$deletedIDs = explode(',', $event->getData1());
$deleted = '';
foreach ($deletedIDs as $d) {
if ($d == '') {
continue;
}
// skip blanks
$upload = Upload::load($d);
$deleted .= $upload->getOriginalName() . ' (' . formatFileSize($upload->getSize()) . ')<br /><br />';
}
if (!empty($deleted)) {
$details .= '<del>' . $deleted . '</del>';
}
break;
case 'edit_pitch':
case 'edit_specs':
case 'edit_rules':
case 'edit_task_description':
case 'edit_update_message':
$from = $event->getData1();
$to = $event->getData2();
$from = str_replace(' ', '<br />', $from);
$to = str_replace(' ', '<br />', $to);
$diff = new FineDiff($from, $to);
$htmlDiff = $diff->renderDiffToHTML();
$htmlDiff = html_entity_decode($htmlDiff, ENT_QUOTES, 'UTF-8');
$htmlDiff = html_entity_decode($htmlDiff, ENT_QUOTES, 'UTF-8');
$details .= $htmlDiff;
break;
case 'edit_task_title':
case 'edit_update_title':
$from = $event->getData1();
$to = $event->getData2();
$diff = new FineDiff($from, $to);
$htmlDiff = $diff->renderDiffToHTML();
$htmlDiff = html_entity_decode($htmlDiff, ENT_QUOTES, 'UTF-8');
$htmlDiff = html_entity_decode($htmlDiff, ENT_QUOTES, 'UTF-8');
$details .= $htmlDiff;
break;
case 'edit_task_leader':
$details .= 'Old Leader: <del>' . formatUserLink($event->getUser1ID(), $event->getProjectID()) . '</del><br /><br />';
$details .= 'New Leader: <ins>' . formatUserLink($event->getUser2ID(), $event->getProjectID()) . '</ins>';
break;
case 'edit_task_num_needed':
$old = $event->getData1() != null ? $event->getData1() : '∞';
$new = $event->getData2() != null ? $event->getData2() : '∞';
$details .= 'Old: <del>' . $old . '</del> people needed<br /><br />';
$details .= 'New: <ins>' . $new . '</ins> people needed';
break;
case 'edit_task_deadline':
case 'edit_project_deadline':
$old = $event->getData1() != null ? formatTimeTag($event->getData1()) : '(none)';
$new = $event->getData2() != null ? formatTimeTag($event->getData2()) : '(none)';
$details .= 'Old Deadline: <del>' . $old . '</del><br /><br />';
$details .= 'New Deadline: <ins>' . $new . '</ins>';
break;
case 'edit_project_status':
$old = formatProjectStatus($event->getData1());
$new = formatProjectStatus($event->getData2());
$details .= 'Old Project Status: <del>' . $old . '</del><br /><br />';
$details .= 'New Project Status: <ins>' . $new . '</ins>';
break;
case 'edit_accepted_status':
$old = formatAcceptedStatus($event->getData1());
$new = formatAcceptedStatus($event->getData2());
$details .= 'Old Status: <del>' . $old . '</del><br /><br />';
$details .= 'New Status: <ins>' . $new . '</ins>';
break;
case 'create_task_comment':
case 'create_task_comment_reply':
case 'create_update_comment':
case 'create_update_comment_reply':
$details .= formatComment($event->getData1());
break;
case 'create_discussion':
$details .= '<strong>' . $event->getData1() . '</strong><br /><br />';
$details .= formatDiscussionReply($event->getData2());
break;
case 'create_discussion_reply':
$details .= formatDiscussionReply($event->getData1());
break;
case 'create_update':
if ($event->getData1() != '') {
$details .= '<strong>' . $event->getData1() . '</strong><br /><br />';
}
if ($event->getData2() != '') {
$details .= formatUpdate($event->getData2());
}
break;
case 'create_task':
if ($event->getData1() != '') {
$details .= '<strong>' . $event->getData1() . '</strong><br /><br />';
}
if ($event->getData2() != '') {
$details .= formatTaskDescription($event->getData2());
}
break;
}
return $details;
}
public function testDeleteResampledImagesOnUpload()
{
$tmpFileName = 'UploadTest-testUpload.jpg';
$tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName;
$uploadImage = function () use($tmpFileName, $tmpFilePath) {
copy(__DIR__ . '/gdtest/test_jpg.jpg', $tmpFilePath);
// emulates the $_FILES array
$tmpFile = array('name' => $tmpFileName, 'type' => 'text/plaintext', 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'jpg', 'error' => UPLOAD_ERR_OK);
$v = new UploadTest_Validator();
// test upload into default folder
$u = new Upload();
$u->setReplaceFile(true);
$u->setValidator($v);
$u->load($tmpFile);
return $u->getFile();
};
// Image upload and generate a resampled image
$image = $uploadImage();
$resampled = $image->ResizedImage(123, 456);
$resampledPath = $resampled->getFullPath();
$this->assertTrue(file_exists($resampledPath));
// Re-upload the image, overwriting the original
// Resampled images should removed when their parent file is overwritten
$image = $uploadImage();
$this->assertFalse(file_exists($resampledPath));
unlink($tmpFilePath);
$image->delete();
}
public function testFileVersioningWithAnExistingFile()
{
$upload = function ($tmpFileName) {
// create tmp file
$tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName;
$tmpFileContent = '';
for ($i = 0; $i < 10000; $i++) {
$tmpFileContent .= '0';
}
file_put_contents($tmpFilePath, $tmpFileContent);
// emulates the $_FILES array
$tmpFile = array('name' => $tmpFileName, 'type' => 'text/plaintext', 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'jpg', 'error' => UPLOAD_ERR_OK);
$v = new UploadTest_Validator();
// test upload into default folder
$u = new Upload();
$u->setReplaceFile(false);
$u->setValidator($v);
$u->load($tmpFile);
return $u->getFile();
};
// test empty file version prefix
$originalVersionPrefix = Config::inst()->get('Upload', 'version_prefix');
Config::inst()->update('Upload', 'version_prefix', '');
$file1 = $upload('UploadTest-IMG001.jpg');
$this->assertEquals('UploadTest-IMG001.jpg', $file1->Name, 'File does not receive new name');
$file2 = $upload('UploadTest-IMG001.jpg');
$this->assertEquals('UploadTest-IMG2.jpg', $file2->Name, 'File does receive new name');
$file3 = $upload('UploadTest-IMG001.jpg');
$this->assertEquals('UploadTest-IMG3.jpg', $file3->Name, 'File does receive new name');
$file4 = $upload('UploadTest-IMG3.jpg');
$this->assertEquals('UploadTest-IMG4.jpg', $file4->Name, 'File does receive new name');
$file1->delete();
$file2->delete();
$file3->delete();
$file4->delete();
// test '-v' file version prefix
Config::inst()->update('Upload', 'version_prefix', '-v');
$file1 = $upload('UploadTest2-IMG001.jpg');
$this->assertEquals('UploadTest2-IMG001.jpg', $file1->Name, 'File does not receive new name');
$file2 = $upload('UploadTest2-IMG001.jpg');
$this->assertEquals('UploadTest2-IMG001-v2.jpg', $file2->Name, 'File does receive new name');
$file3 = $upload('UploadTest2-IMG001.jpg');
$this->assertEquals('UploadTest2-IMG001-v3.jpg', $file3->Name, 'File does receive new name');
$file4 = $upload('UploadTest2-IMG001-v3.jpg');
$this->assertEquals('UploadTest2-IMG001-v4.jpg', $file4->Name, 'File does receive new name');
$file1->delete();
$file2->delete();
$file3->delete();
$file4->delete();
Config::inst()->update('Upload', 'version_prefix', $originalVersionPrefix);
}
/**
* Save an file passed from a form post into this object.
* File names are filtered through {@link FileNameFilter}, see class documentation
* on how to influence this behaviour.
*
* @param $tmpFile array Indexed array that PHP generated for every file it uploads.
* @param $folderPath string Folder path relative to /assets
* @return Boolean|string Either success or error-message.
*/
public function load($tmpFile, $folderPath = false)
{
if ($tmpFile && is_array($tmpFile)) {
// Override user name by a generic name
$tmpFile['name'] = $this->name . '_' . time() . '.' . strtolower(pathinfo($tmpFile['name'], PATHINFO_EXTENSION));
}
return parent::load($tmpFile, $folderPath);
}
public function saveappletupload($request)
{
$location = (int) $request->postVar('Location');
if ($location) {
$folder = DataObject::get_by_id('Folder', $location);
if (isset($_FILES) && isset($_FILES['screenshot'])) {
$upload = new Upload();
if ($upload->load($_FILES['screenshot'], substr($folder->Filename, 7))) {
// need to base64decode the file data
$data = file_get_contents($upload->getFile()->getFullPath());
file_put_contents($upload->getFile()->getFullPath(), base64_decode($data));
$upload->getFile()->ClassName = 'Image';
$upload->getFile()->write();
return '{"file": ' . Convert::raw2json($upload->getFile()->toMap()) . '}';
}
}
}
}
* > 0
* > {id},{YYYY-MM-DD HH:MM:SS},{http://pointer/url},{filename.jpg},{views},{unknown}
*
* - Response (failure):
* > -1
*/
$pFunctions->requireRequest("k", "i");
/**
* Prepare our objects first...
*/
$pUser = new User();
$pUpload = new Upload();
if (!$pUser->loadAPIKey($_REQUEST["k"])) {
throw new Exception("Invalid API key.");
}
if (!$pUpload->load($_REQUEST["i"])) {
throw new Exception("Invalid upload identifier.");
}
if ($pUpload->users_id != $pUser->id) {
throw new Exception("The requesting API key does not have permission to use this call.");
}
/**
* We'll just start removing things.
*/
$pDatabase->exec("UPDATE [uploads] SET is_deleted = '1' WHERE [rowid] = ? AND [users_id] = ?", array($pUpload->id, $pUser->id));
/**
* We'll just browse our uploaded files, casually display things.
*/
$aArguments = array("params" => array("users_id = '{$pUser->id}'", "is_deleted = '0'"), "sort" => array("timestamp" => "DESC"), "p" => 0, "rpp" => 10);
$aUploads = $pUpload->find($aArguments);
echo "0\r\n";
* Now we need to do some funny things involving moving things.
*/
$aFileReference = $_FILES["f"];
$sTargetScope = $pUser->email_address;
$sTargetDirectory = $aGlobalConfiguration["files"]["upload"];
$sFileLocation = "{$sTargetScope}/" . uniqid();
$sExtension = pathinfo($aFileReference["name"], PATHINFO_EXTENSION);
if ($sExtension) {
$sFileLocation .= "." . $sExtension;
}
$sHash = md5_file($aFileReference["tmp_name"]);
if ($sHash != $_REQUEST["c"]) {
throw new Exception("Invalid hash comparison");
}
if (!is_dir("{$sTargetDirectory}/{$sTargetScope}")) {
mkdir("{$sTargetDirectory}/{$sTargetScope}");
}
move_uploaded_file($aFileReference["tmp_name"], "{$sTargetDirectory}/{$sFileLocation}");
/**
* Now we've successfully moved things, we need to get all sorts of meta data for it.
*/
$aDatabaseEntry = array("users_id" => $pUser->id, "alias" => $pUpload->generateAlias(), "file_name" => $aFileReference["name"], "file_location" => $sFileLocation, "file_size" => filesize("{$sTargetDirectory}/{$sFileLocation}"), "file_hash" => $sHash, "mime_type" => $pFunctions->getMimeType("{$sTargetDirectory}/{$sFileLocation}"), "timestamp" => time(), "ip_address" => $_SERVER["REMOTE_ADDR"], "views" => 0);
$iIdentifier = $pDatabase->insert("uploads", $aDatabaseEntry);
/**
* Now we have our database entry, we'll just re-load it back. If it worked, it shouldn't error.
* Hah!
*/
$pUpload->load($iIdentifier);
$aOutput = array("1", $pUpload->web_url, $pUpload->id, $pUpload->file_size);
echo implode(",", $aOutput);
return;
<?php
require_once "../../global.php";
$fileID = Filter::numeric($_GET['fi']);
$fileName = Filter::text($_GET['fn']);
$upload = Upload::load($fileID);
if ($upload == null || $fileName != $upload->getOriginalName() || $upload->getDeleted() == true) {
header('Location: ' . Url::error());
exit;
}
$fileURL = Url::uploads() . '/' . $upload->getStoredName();
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header('Content-Type: ' . $upload->getMime() . '"');
header('Content-Disposition: attachment; filename="' . $upload->getOriginalName() . '"');
header("Content-Transfer-Encoding: binary");
header('Content-Length: ' . $upload->getSize());
readfile($fileURL);
