public static function download($fileID = null) { if ($fileID == null) { return null; } $upload = Upload::load($fileID); return self::base() . '/download/' . $fileID . '/' . $upload->getOriginalName(); }
public function testInvalidFileExtensionValidatingMimeType() { // setup plaintext file with invalid extension $tmpFileName = 'UploadTest-testUpload.jpg'; $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; $tmpFileContent = ''; for ($i = 0; $i < 10000; $i++) { $tmpFileContent .= '0'; } file_put_contents($tmpFilePath, $tmpFileContent); // emulates the $_FILES array $tmpFile = array('name' => $tmpFileName, 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'jpg', 'error' => UPLOAD_ERR_OK); $u = new Upload(); $u->setValidator(new MimeUploadValidator()); $result = $u->load($tmpFile); $errors = $u->getErrors(); $this->assertFalse($result, 'Load failed because file extension does not match excepted MIME type'); $this->assertEquals('File extension does not match known MIME type', $errors[0]); unlink($tmpFilePath); }
$accepted->setStatus($status); $accepted->save(); // log it $logEvent = new Event(array('event_type_id' => 'edit_accepted_status', 'user_1_id' => Session::getUserID(), 'project_id' => $project->getID(), 'item_1_id' => $update->getID(), 'item_2_id' => $accepted->getID(), 'item_3_id' => $task->getID(), 'data_1' => $oldStatus, 'data_2' => $status)); $logEvent->save(); // set flag $modified = true; } } // are uploads deleted? if (!empty($deleted)) { $deletedIDs = ''; foreach ($deleted as $d) { // save changes $d = Filter::numeric($d); $upload = Upload::load($d); $upload->setDeleted(true); $upload->save(); $deletedIDs .= $d . ','; } } // are uploads added? if (!empty($added)) { $addedIDs = ''; foreach ($added as $stored => $orig) { // save changes $stored = Filter::text($stored); $orig = Filter::text($orig); $uploadID = Upload::saveToDatabase($orig, $stored, Upload::TYPE_UPDATE, $update->getID(), $project->getID()); $addedIDs .= $uploadID . ','; }
function testUploadFileWithNoExtensionTwiceAppendsNumber() { // create tmp file $tmpFileName = 'UploadTest-testUpload'; $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; $tmpFileContent = ''; for ($i = 0; $i < 10000; $i++) { $tmpFileContent .= '0'; } file_put_contents($tmpFilePath, $tmpFileContent); // emulates the $_FILES array $tmpFile = array('name' => $tmpFileName, 'type' => 'text/plaintext', 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'txt', 'error' => UPLOAD_ERR_OK); // Make sure there are none here, otherwise they get renamed incorrectly for the test. $this->deleteTestUploadFiles("/UploadTest-testUpload.*/"); $v = new UploadTest_Validator(); $v->setAllowedExtensions(array('')); // test upload into default folder $u = new Upload(); $u->setValidator($v); $u->load($tmpFile); $file = $u->getFile(); $this->assertEquals('UploadTest-testUpload', $file->Name, 'File is uploaded without extension'); $u = new Upload(); $u->setValidator($v); $u->load($tmpFile); $file2 = $u->getFile(); $this->assertEquals('UploadTest-testUpload-2', $file2->Name, 'File receives a number attached to the end'); $file->delete(); $file2->delete(); }
public function testFileVersioningWithAnExistingFile() { $upload = function ($tmpFileName) { // create tmp file $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; $tmpFileContent = ''; for ($i = 0; $i < 10000; $i++) { $tmpFileContent .= '0'; } file_put_contents($tmpFilePath, $tmpFileContent); // emulates the $_FILES array $tmpFile = array('name' => $tmpFileName, 'type' => 'text/plaintext', 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'jpg', 'error' => UPLOAD_ERR_OK); $v = new UploadTest_Validator(); // test upload into default folder $u = new Upload(); $u->setReplaceFile(false); $u->setValidator($v); $u->load($tmpFile); return $u->getFile(); }; $file1 = $upload('UploadTest-testUpload.jpg'); $this->assertEquals('UploadTest-testUpload.jpg', $file1->Name, 'File does not receive new name'); $file2 = $upload('UploadTest-testUpload.jpg'); $this->assertEquals('UploadTest-testUpload2.jpg', $file2->Name, 'File does receive new name'); $file3 = $upload('UploadTest-testUpload.jpg'); $this->assertEquals('UploadTest-testUpload3.jpg', $file3->Name, 'File does receive new name'); $file4 = $upload('UploadTest-testUpload3.jpg'); $this->assertEquals('UploadTest-testUpload4.jpg', $file4->Name, 'File does receive new name'); $file1->delete(); $file2->delete(); $file3->delete(); $file4->delete(); }
private function buildScreenshots(Addon $addon, PackageInterface $package, $path) { $extra = $package->getExtra(); $screenshots = array(); $target = self::SCREENSHOTS_DIR . '/' . $addon->Name; if (isset($extra['screenshots'])) { $screenshots = (array) $extra['screenshots']; } elseif (isset($extra['screenshot'])) { $screenshots = (array) $extra['screenshot']; } // Delete existing screenshots. foreach ($addon->Screenshots() as $screenshot) { $screenshot->delete(); } $addon->Screenshots()->removeAll(); foreach ($screenshots as $screenshot) { if (!is_string($screenshot)) { continue; } $scheme = parse_url($screenshot, PHP_URL_SCHEME); // Handle absolute image URLs. if ($scheme == 'http' || $scheme == 'https') { $temp = TEMP_FOLDER . '/' . md5($screenshot); if (!copy($screenshot, $temp)) { continue; } $data = array('name' => basename($screenshot), 'size' => filesize($temp), 'tmp_name' => $temp, 'error' => 0); } else { $source = $path . '/' . ltrim($screenshot, '/'); // Prevent directory traversal. if ($source != realpath($source)) { continue; } if (!file_exists($source)) { continue; } $data = array('name' => basename($source), 'size' => filesize($source), 'tmp_name' => $source, 'error' => 0); } $upload = new Upload(); $upload->setValidator(new AddonBuilderScreenshotValidator()); $upload->load($data, $target); if ($file = $upload->getFile()) { $addon->Screenshots()->add($file); } } }
function formatEventDetails($event) { $details = ''; switch ($event->getEventTypeID()) { case 'edit_update_uploads': case 'edit_task_uploads': $addedIDs = explode(',', $event->getData2()); $added = ''; foreach ($addedIDs as $a) { if ($a == '') { continue; } // skip blanks $upload = Upload::load($a); $added .= $upload->getOriginalName() . ' (' . formatFileSize($upload->getSize()) . ')<br /><br />'; } if (!empty($added)) { $details .= '<ins>' . $added . '</ins>'; } $deletedIDs = explode(',', $event->getData1()); $deleted = ''; foreach ($deletedIDs as $d) { if ($d == '') { continue; } // skip blanks $upload = Upload::load($d); $deleted .= $upload->getOriginalName() . ' (' . formatFileSize($upload->getSize()) . ')<br /><br />'; } if (!empty($deleted)) { $details .= '<del>' . $deleted . '</del>'; } break; case 'edit_pitch': case 'edit_specs': case 'edit_rules': case 'edit_task_description': case 'edit_update_message': $from = $event->getData1(); $to = $event->getData2(); $from = str_replace(' ', '<br />', $from); $to = str_replace(' ', '<br />', $to); $diff = new FineDiff($from, $to); $htmlDiff = $diff->renderDiffToHTML(); $htmlDiff = html_entity_decode($htmlDiff, ENT_QUOTES, 'UTF-8'); $htmlDiff = html_entity_decode($htmlDiff, ENT_QUOTES, 'UTF-8'); $details .= $htmlDiff; break; case 'edit_task_title': case 'edit_update_title': $from = $event->getData1(); $to = $event->getData2(); $diff = new FineDiff($from, $to); $htmlDiff = $diff->renderDiffToHTML(); $htmlDiff = html_entity_decode($htmlDiff, ENT_QUOTES, 'UTF-8'); $htmlDiff = html_entity_decode($htmlDiff, ENT_QUOTES, 'UTF-8'); $details .= $htmlDiff; break; case 'edit_task_leader': $details .= 'Old Leader: <del>' . formatUserLink($event->getUser1ID(), $event->getProjectID()) . '</del><br /><br />'; $details .= 'New Leader: <ins>' . formatUserLink($event->getUser2ID(), $event->getProjectID()) . '</ins>'; break; case 'edit_task_num_needed': $old = $event->getData1() != null ? $event->getData1() : '∞'; $new = $event->getData2() != null ? $event->getData2() : '∞'; $details .= 'Old: <del>' . $old . '</del> people needed<br /><br />'; $details .= 'New: <ins>' . $new . '</ins> people needed'; break; case 'edit_task_deadline': case 'edit_project_deadline': $old = $event->getData1() != null ? formatTimeTag($event->getData1()) : '(none)'; $new = $event->getData2() != null ? formatTimeTag($event->getData2()) : '(none)'; $details .= 'Old Deadline: <del>' . $old . '</del><br /><br />'; $details .= 'New Deadline: <ins>' . $new . '</ins>'; break; case 'edit_project_status': $old = formatProjectStatus($event->getData1()); $new = formatProjectStatus($event->getData2()); $details .= 'Old Project Status: <del>' . $old . '</del><br /><br />'; $details .= 'New Project Status: <ins>' . $new . '</ins>'; break; case 'edit_accepted_status': $old = formatAcceptedStatus($event->getData1()); $new = formatAcceptedStatus($event->getData2()); $details .= 'Old Status: <del>' . $old . '</del><br /><br />'; $details .= 'New Status: <ins>' . $new . '</ins>'; break; case 'create_task_comment': case 'create_task_comment_reply': case 'create_update_comment': case 'create_update_comment_reply': $details .= formatComment($event->getData1()); break; case 'create_discussion': $details .= '<strong>' . $event->getData1() . '</strong><br /><br />'; $details .= formatDiscussionReply($event->getData2()); break; case 'create_discussion_reply': $details .= formatDiscussionReply($event->getData1()); break; case 'create_update': if ($event->getData1() != '') { $details .= '<strong>' . $event->getData1() . '</strong><br /><br />'; } if ($event->getData2() != '') { $details .= formatUpdate($event->getData2()); } break; case 'create_task': if ($event->getData1() != '') { $details .= '<strong>' . $event->getData1() . '</strong><br /><br />'; } if ($event->getData2() != '') { $details .= formatTaskDescription($event->getData2()); } break; } return $details; }
public function testDeleteResampledImagesOnUpload() { $tmpFileName = 'UploadTest-testUpload.jpg'; $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; $uploadImage = function () use($tmpFileName, $tmpFilePath) { copy(__DIR__ . '/gdtest/test_jpg.jpg', $tmpFilePath); // emulates the $_FILES array $tmpFile = array('name' => $tmpFileName, 'type' => 'text/plaintext', 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'jpg', 'error' => UPLOAD_ERR_OK); $v = new UploadTest_Validator(); // test upload into default folder $u = new Upload(); $u->setReplaceFile(true); $u->setValidator($v); $u->load($tmpFile); return $u->getFile(); }; // Image upload and generate a resampled image $image = $uploadImage(); $resampled = $image->ResizedImage(123, 456); $resampledPath = $resampled->getFullPath(); $this->assertTrue(file_exists($resampledPath)); // Re-upload the image, overwriting the original // Resampled images should removed when their parent file is overwritten $image = $uploadImage(); $this->assertFalse(file_exists($resampledPath)); unlink($tmpFilePath); $image->delete(); }
public function testFileVersioningWithAnExistingFile() { $upload = function ($tmpFileName) { // create tmp file $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; $tmpFileContent = ''; for ($i = 0; $i < 10000; $i++) { $tmpFileContent .= '0'; } file_put_contents($tmpFilePath, $tmpFileContent); // emulates the $_FILES array $tmpFile = array('name' => $tmpFileName, 'type' => 'text/plaintext', 'size' => filesize($tmpFilePath), 'tmp_name' => $tmpFilePath, 'extension' => 'jpg', 'error' => UPLOAD_ERR_OK); $v = new UploadTest_Validator(); // test upload into default folder $u = new Upload(); $u->setReplaceFile(false); $u->setValidator($v); $u->load($tmpFile); return $u->getFile(); }; // test empty file version prefix $originalVersionPrefix = Config::inst()->get('Upload', 'version_prefix'); Config::inst()->update('Upload', 'version_prefix', ''); $file1 = $upload('UploadTest-IMG001.jpg'); $this->assertEquals('UploadTest-IMG001.jpg', $file1->Name, 'File does not receive new name'); $file2 = $upload('UploadTest-IMG001.jpg'); $this->assertEquals('UploadTest-IMG2.jpg', $file2->Name, 'File does receive new name'); $file3 = $upload('UploadTest-IMG001.jpg'); $this->assertEquals('UploadTest-IMG3.jpg', $file3->Name, 'File does receive new name'); $file4 = $upload('UploadTest-IMG3.jpg'); $this->assertEquals('UploadTest-IMG4.jpg', $file4->Name, 'File does receive new name'); $file1->delete(); $file2->delete(); $file3->delete(); $file4->delete(); // test '-v' file version prefix Config::inst()->update('Upload', 'version_prefix', '-v'); $file1 = $upload('UploadTest2-IMG001.jpg'); $this->assertEquals('UploadTest2-IMG001.jpg', $file1->Name, 'File does not receive new name'); $file2 = $upload('UploadTest2-IMG001.jpg'); $this->assertEquals('UploadTest2-IMG001-v2.jpg', $file2->Name, 'File does receive new name'); $file3 = $upload('UploadTest2-IMG001.jpg'); $this->assertEquals('UploadTest2-IMG001-v3.jpg', $file3->Name, 'File does receive new name'); $file4 = $upload('UploadTest2-IMG001-v3.jpg'); $this->assertEquals('UploadTest2-IMG001-v4.jpg', $file4->Name, 'File does receive new name'); $file1->delete(); $file2->delete(); $file3->delete(); $file4->delete(); Config::inst()->update('Upload', 'version_prefix', $originalVersionPrefix); }
/** * Save an file passed from a form post into this object. * File names are filtered through {@link FileNameFilter}, see class documentation * on how to influence this behaviour. * * @param $tmpFile array Indexed array that PHP generated for every file it uploads. * @param $folderPath string Folder path relative to /assets * @return Boolean|string Either success or error-message. */ public function load($tmpFile, $folderPath = false) { if ($tmpFile && is_array($tmpFile)) { // Override user name by a generic name $tmpFile['name'] = $this->name . '_' . time() . '.' . strtolower(pathinfo($tmpFile['name'], PATHINFO_EXTENSION)); } return parent::load($tmpFile, $folderPath); }
public function saveappletupload($request) { $location = (int) $request->postVar('Location'); if ($location) { $folder = DataObject::get_by_id('Folder', $location); if (isset($_FILES) && isset($_FILES['screenshot'])) { $upload = new Upload(); if ($upload->load($_FILES['screenshot'], substr($folder->Filename, 7))) { // need to base64decode the file data $data = file_get_contents($upload->getFile()->getFullPath()); file_put_contents($upload->getFile()->getFullPath(), base64_decode($data)); $upload->getFile()->ClassName = 'Image'; $upload->getFile()->write(); return '{"file": ' . Convert::raw2json($upload->getFile()->toMap()) . '}'; } } } }
* > 0 * > {id},{YYYY-MM-DD HH:MM:SS},{http://pointer/url},{filename.jpg},{views},{unknown} * * - Response (failure): * > -1 */ $pFunctions->requireRequest("k", "i"); /** * Prepare our objects first... */ $pUser = new User(); $pUpload = new Upload(); if (!$pUser->loadAPIKey($_REQUEST["k"])) { throw new Exception("Invalid API key."); } if (!$pUpload->load($_REQUEST["i"])) { throw new Exception("Invalid upload identifier."); } if ($pUpload->users_id != $pUser->id) { throw new Exception("The requesting API key does not have permission to use this call."); } /** * We'll just start removing things. */ $pDatabase->exec("UPDATE [uploads] SET is_deleted = '1' WHERE [rowid] = ? AND [users_id] = ?", array($pUpload->id, $pUser->id)); /** * We'll just browse our uploaded files, casually display things. */ $aArguments = array("params" => array("users_id = '{$pUser->id}'", "is_deleted = '0'"), "sort" => array("timestamp" => "DESC"), "p" => 0, "rpp" => 10); $aUploads = $pUpload->find($aArguments); echo "0\r\n";
* Now we need to do some funny things involving moving things. */ $aFileReference = $_FILES["f"]; $sTargetScope = $pUser->email_address; $sTargetDirectory = $aGlobalConfiguration["files"]["upload"]; $sFileLocation = "{$sTargetScope}/" . uniqid(); $sExtension = pathinfo($aFileReference["name"], PATHINFO_EXTENSION); if ($sExtension) { $sFileLocation .= "." . $sExtension; } $sHash = md5_file($aFileReference["tmp_name"]); if ($sHash != $_REQUEST["c"]) { throw new Exception("Invalid hash comparison"); } if (!is_dir("{$sTargetDirectory}/{$sTargetScope}")) { mkdir("{$sTargetDirectory}/{$sTargetScope}"); } move_uploaded_file($aFileReference["tmp_name"], "{$sTargetDirectory}/{$sFileLocation}"); /** * Now we've successfully moved things, we need to get all sorts of meta data for it. */ $aDatabaseEntry = array("users_id" => $pUser->id, "alias" => $pUpload->generateAlias(), "file_name" => $aFileReference["name"], "file_location" => $sFileLocation, "file_size" => filesize("{$sTargetDirectory}/{$sFileLocation}"), "file_hash" => $sHash, "mime_type" => $pFunctions->getMimeType("{$sTargetDirectory}/{$sFileLocation}"), "timestamp" => time(), "ip_address" => $_SERVER["REMOTE_ADDR"], "views" => 0); $iIdentifier = $pDatabase->insert("uploads", $aDatabaseEntry); /** * Now we have our database entry, we'll just re-load it back. If it worked, it shouldn't error. * Hah! */ $pUpload->load($iIdentifier); $aOutput = array("1", $pUpload->web_url, $pUpload->id, $pUpload->file_size); echo implode(",", $aOutput); return;
<?php require_once "../../global.php"; $fileID = Filter::numeric($_GET['fi']); $fileName = Filter::text($_GET['fn']); $upload = Upload::load($fileID); if ($upload == null || $fileName != $upload->getOriginalName() || $upload->getDeleted() == true) { header('Location: ' . Url::error()); exit; } $fileURL = Url::uploads() . '/' . $upload->getStoredName(); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header('Content-Type: ' . $upload->getMime() . '"'); header('Content-Disposition: attachment; filename="' . $upload->getOriginalName() . '"'); header("Content-Transfer-Encoding: binary"); header('Content-Length: ' . $upload->getSize()); readfile($fileURL);