private function validateUploadedFile($file) { // check the POST data array if (empty($file)) { throw new InvalidArgumentException('Upload Failed: No data'); } // tmp name must exist if (empty($file['tmp_name'])) { throw new InvalidArgumentException('Upload Failed: No data'); } // check for tmp_name and is valid uploaded file if (!is_uploaded_file($file['tmp_name'])) { @unlink($file['tmp_name']); throw new InvalidArgumentException('Upload Failed: Not an uploaded file'); } $upload = $this->get('upload'); // remove exif data if (!empty($upload['remove_exif']) && preg_match('#\\.(jpg|jpeg|png)$#i', $file['name'])) { if (WFUtility::removeExifData($file['tmp_name']) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_EXIF_REMOVE_ERROR')); } } // check file for various issues if (WFUtility::isSafeFile($file) !== true) { @unlink($file['tmp_name']); throw new InvalidArgumentException('Upload Failed: Invalid file'); } // get extension $ext = WFUtility::getExtension($file['name']); // check extension is allowed $allowed = $this->getFileTypes('array'); if (is_array($allowed) && !empty($allowed) && in_array(strtolower($ext), $allowed) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR')); } $size = round(filesize($file['tmp_name']) / 1024); if (empty($upload['max_size'])) { $upload['max_size'] = 1024; } // validate size if ($size > (int) $upload['max_size']) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::sprintf('WF_MANAGER_UPLOAD_SIZE_ERROR', $file['name'], $size, $upload['max_size'])); } // validate mimetype if ($upload['validate_mimetype']) { wfimport('editor.libraries.classes.mime'); if (WFMimeType::check($file['name'], $file['tmp_name']) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_MIME_ERROR')); } } }
private function validateUploadedFile($file) { // check the POST data array if (empty($file)) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID UPLOAD DATA'); } // check for tmp_name and is valid uploaded file if (!isset($file['tmp_name']) || !is_uploaded_file($file['tmp_name'])) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID UPLOAD DATA'); } // Null byte check if (strstr($file['name'], "\\u0000")) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID UPLOAD DATA'); } // check for invalid extension in file name if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|html|shtml|sh|cgi)\\.#i', $file['name'])) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID FILE NAME'); } //clearstatcache(); // check the file sizes match /* if ((int) @filesize($file['tmp_name']) !== (int) $file['size']) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID FILE SIZE'); } */ // get extension $ext = WFUtility::getExtension($file['name']); // check extension is allowed $allowed = $this->getFileTypes('array'); if (is_array($allowed) && !empty($allowed) && in_array(strtolower($ext), $allowed) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR')); } // validate image if (preg_match('#\\.(jpeg|jpg|jpe|png|gif|wbmp|bmp|tiff|tif)$#i', $file['name'])) { if (@getimagesize($file['tmp_name']) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID IMAGE FILE'); } } $upload = $this->get('upload'); // validate mimetype if ($upload['validate_mimetype']) { wfimport('editor.libraries.classes.mime'); if (WFMimeType::check($file['name'], $file['tmp_name']) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID MIME TYPE'); } } // xss check $xss_check = JFile::read($file['tmp_name'], false, 256); // check for hidden php tags if (stripos($xss_check, '<?php') !== false) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID CODE IN FILE'); } // check for hidden short php tags if (preg_match('#\\.(inc|phps|class|php|php(3|4)|txt|dat|tpl|tmpl)$#i', $file['name'])) { if (stripos($xss_check, '<?') !== false) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID CODE IN FILE'); } } // check for html tags in some files (IE XSS bug) if (!preg_match('#\\.(txt|htm|html)$#i', $file['name'])) { $tags = 'a,abbr,acronym,address,area,b,base,bdo,big,blockquote,body,br,button,caption,cite,code,col,colgroup,dd,del,dfn,div,dl,dt,em,fieldset,form,h1,h2,h3,h4,h5,h6,head,hr,html,i,img,input,ins,kbd,label,legend,li,link,map,meta,noscript,object,ol,optgroup,option,p,param,pre,q,samp,script,select,small,span,strong,style,sub,sup,table,tbody,td,textarea,tfoot,th,thead,title,tr,tt,ul,var'; foreach (explode(',', $tags) as $tag) { // check for tag eg: <body> or <body if (stripos($xss_check, '<' . $tag . '>') !== false || stripos($xss_check, '<' . $tag . ' ') !== false) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID TAG IN FILE'); } } } }
private function validateUploadedFile($file, &$result) { // validate image if (preg_match('#\\.(jpeg|jpg|jpe|png|gif|wbmp|bmp|tiff|tif)$#i', $file['name'])) { if (@getimagesize($file['tmp_name']) === false) { $result->state = false; $result->message = WFText::_('WF_MANAGER_UPLOAD_INVALID_IMAGE_ERROR'); return false; } } $upload = $this->get('upload'); // validate mimetype if ($upload['validate_mimetype']) { wfimport('editor.libraries.classes.mime'); if (!WFMimeType::check($file['name'], $file['tmp_name'], $file['type'])) { $result->state = false; $result->message = WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR'); return false; } } // skip html and text files if (preg_match('#\\.(html|htm|txt)$#i', $file['name'])) { return true; } /** check for XSS * From MediaHelper::canUpload * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. * */ $xss_check = JFile::read($file['tmp_name'], false, 256); // check for hidden php tags if (stristr($xss_check, '<?php')) { $result->state = false; $result->message = WFText::_('WF_MANAGER_UPLOAD_RESTRICTED_ERROR'); return false; } $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--'); foreach ($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) { $result->state = false; $result->message = WFText::_('WF_MANAGER_UPLOAD_RESTRICTED_ERROR'); return false; } } return true; }
private function validateUploadedFile($file) { // check the POST data array if (empty($file)) { throw new InvalidArgumentException('INVALID UPLOAD DATA'); } // tmp name must exist if (empty($file['tmp_name'])) { throw new InvalidArgumentException('INVALID UPLOAD DATA'); } // check for tmp_name and is valid uploaded file if (!is_uploaded_file($file['tmp_name'])) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID UPLOAD DATA'); } if (WFUtility::isSafeFile($file) !== true) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID UPLOAD DATA'); } if (WFUtility::validateFileName($file['name']) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID UPLOAD DATA'); } // get extension $ext = WFUtility::getExtension($file['name']); // check extension is allowed $allowed = $this->getFileTypes('array'); if (is_array($allowed) && !empty($allowed) && in_array(strtolower($ext), $allowed) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR')); } // validate image if (preg_match('#\\.(jpeg|jpg|jpe|png|gif|wbmp|bmp|tiff|tif|webp|psd|swc|iff|jpc|jp2|jpx|jb2|xbm|ico|xcf|odg)$#i', $file['name'])) { if (@getimagesize($file['tmp_name']) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID IMAGE FILE'); } } $upload = $this->get('upload'); $size = round(filesize($file['tmp_name']) / 1024); if (empty($upload['max_size'])) { $upload['max_size'] = 1024; } // validate size if ($size > (int) $upload['max_size']) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::sprintf('WF_MANAGER_UPLOAD_SIZE_ERROR', $file['name'], $size, $upload['max_size'])); } // validate mimetype if ($upload['validate_mimetype']) { wfimport('editor.libraries.classes.mime'); if (WFMimeType::check($file['name'], $file['tmp_name']) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID MIME TYPE'); } } // check for html tags in files (IE XSS bug) if (!preg_match('#\\.(htm|html|xml|txt)$#i', $file['name'])) { $data = JFile::read($file['tmp_name'], false, 256); $tags = 'a,abbr,acronym,address,area,b,base,bdo,big,blockquote,body,br,button,caption,cite,code,col,colgroup,dd,del,dfn,div,dl,dt,em,fieldset,form,h1,h2,h3,h4,h5,h6,head,hr,html,i,img,input,ins,kbd,label,legend,li,link,map,meta,noscript,object,ol,optgroup,option,p,param,pre,q,samp,script,select,small,span,strong,style,sub,sup,table,tbody,td,textarea,tfoot,th,thead,title,tr,tt,ul,var'; foreach (explode(',', $tags) as $tag) { // check for tag eg: <body> or <body if (stripos($data, '<' . $tag . '>') !== false || stripos($data, '<' . $tag . ' ') !== false) { @unlink($file['tmp_name']); throw new InvalidArgumentException('INVALID TAG IN FILE'); } } } }