private function validateUploadedFile($file)
{
// check the POST data array
if (empty($file)) {
throw new InvalidArgumentException('Upload Failed: No data');
}
// tmp name must exist
if (empty($file['tmp_name'])) {
throw new InvalidArgumentException('Upload Failed: No data');
}
// check for tmp_name and is valid uploaded file
if (!is_uploaded_file($file['tmp_name'])) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('Upload Failed: Not an uploaded file');
}
$upload = $this->get('upload');
// remove exif data
if (!empty($upload['remove_exif']) && preg_match('#\\.(jpg|jpeg|png)$#i', $file['name'])) {
if (WFUtility::removeExifData($file['tmp_name']) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_EXIF_REMOVE_ERROR'));
}
}
// check file for various issues
if (WFUtility::isSafeFile($file) !== true) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('Upload Failed: Invalid file');
}
// get extension
$ext = WFUtility::getExtension($file['name']);
// check extension is allowed
$allowed = $this->getFileTypes('array');
if (is_array($allowed) && !empty($allowed) && in_array(strtolower($ext), $allowed) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR'));
}
$size = round(filesize($file['tmp_name']) / 1024);
if (empty($upload['max_size'])) {
$upload['max_size'] = 1024;
}
// validate size
if ($size > (int) $upload['max_size']) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException(WFText::sprintf('WF_MANAGER_UPLOAD_SIZE_ERROR', $file['name'], $size, $upload['max_size']));
}
// validate mimetype
if ($upload['validate_mimetype']) {
wfimport('editor.libraries.classes.mime');
if (WFMimeType::check($file['name'], $file['tmp_name']) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_MIME_ERROR'));
}
}
}
private function validateUploadedFile($file)
{
// check the POST data array
if (empty($file)) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID UPLOAD DATA');
}
// check for tmp_name and is valid uploaded file
if (!isset($file['tmp_name']) || !is_uploaded_file($file['tmp_name'])) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID UPLOAD DATA');
}
// Null byte check
if (strstr($file['name'], "\\u0000")) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID UPLOAD DATA');
}
// check for invalid extension in file name
if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|html|shtml|sh|cgi)\\.#i', $file['name'])) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID FILE NAME');
}
//clearstatcache();
// check the file sizes match
/* if ((int) @filesize($file['tmp_name']) !== (int) $file['size']) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID FILE SIZE');
} */
// get extension
$ext = WFUtility::getExtension($file['name']);
// check extension is allowed
$allowed = $this->getFileTypes('array');
if (is_array($allowed) && !empty($allowed) && in_array(strtolower($ext), $allowed) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR'));
}
// validate image
if (preg_match('#\\.(jpeg|jpg|jpe|png|gif|wbmp|bmp|tiff|tif)$#i', $file['name'])) {
if (@getimagesize($file['tmp_name']) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID IMAGE FILE');
}
}
$upload = $this->get('upload');
// validate mimetype
if ($upload['validate_mimetype']) {
wfimport('editor.libraries.classes.mime');
if (WFMimeType::check($file['name'], $file['tmp_name']) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID MIME TYPE');
}
}
// xss check
$xss_check = JFile::read($file['tmp_name'], false, 256);
// check for hidden php tags
if (stripos($xss_check, '<?php') !== false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID CODE IN FILE');
}
// check for hidden short php tags
if (preg_match('#\\.(inc|phps|class|php|php(3|4)|txt|dat|tpl|tmpl)$#i', $file['name'])) {
if (stripos($xss_check, '<?') !== false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID CODE IN FILE');
}
}
// check for html tags in some files (IE XSS bug)
if (!preg_match('#\\.(txt|htm|html)$#i', $file['name'])) {
$tags = 'a,abbr,acronym,address,area,b,base,bdo,big,blockquote,body,br,button,caption,cite,code,col,colgroup,dd,del,dfn,div,dl,dt,em,fieldset,form,h1,h2,h3,h4,h5,h6,head,hr,html,i,img,input,ins,kbd,label,legend,li,link,map,meta,noscript,object,ol,optgroup,option,p,param,pre,q,samp,script,select,small,span,strong,style,sub,sup,table,tbody,td,textarea,tfoot,th,thead,title,tr,tt,ul,var';
foreach (explode(',', $tags) as $tag) {
// check for tag eg: <body> or <body
if (stripos($xss_check, '<' . $tag . '>') !== false || stripos($xss_check, '<' . $tag . ' ') !== false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID TAG IN FILE');
}
}
}
}
private function validateUploadedFile($file, &$result)
{
// validate image
if (preg_match('#\\.(jpeg|jpg|jpe|png|gif|wbmp|bmp|tiff|tif)$#i', $file['name'])) {
if (@getimagesize($file['tmp_name']) === false) {
$result->state = false;
$result->message = WFText::_('WF_MANAGER_UPLOAD_INVALID_IMAGE_ERROR');
return false;
}
}
$upload = $this->get('upload');
// validate mimetype
if ($upload['validate_mimetype']) {
wfimport('editor.libraries.classes.mime');
if (!WFMimeType::check($file['name'], $file['tmp_name'], $file['type'])) {
$result->state = false;
$result->message = WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR');
return false;
}
}
// skip html and text files
if (preg_match('#\\.(html|htm|txt)$#i', $file['name'])) {
return true;
}
/** check for XSS
* From MediaHelper::canUpload
* @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
* */
$xss_check = JFile::read($file['tmp_name'], false, 256);
// check for hidden php tags
if (stristr($xss_check, '<?php')) {
$result->state = false;
$result->message = WFText::_('WF_MANAGER_UPLOAD_RESTRICTED_ERROR');
return false;
}
$html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
foreach ($html_tags as $tag) {
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
$result->state = false;
$result->message = WFText::_('WF_MANAGER_UPLOAD_RESTRICTED_ERROR');
return false;
}
}
return true;
}
private function validateUploadedFile($file)
{
// check the POST data array
if (empty($file)) {
throw new InvalidArgumentException('INVALID UPLOAD DATA');
}
// tmp name must exist
if (empty($file['tmp_name'])) {
throw new InvalidArgumentException('INVALID UPLOAD DATA');
}
// check for tmp_name and is valid uploaded file
if (!is_uploaded_file($file['tmp_name'])) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID UPLOAD DATA');
}
if (WFUtility::isSafeFile($file) !== true) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID UPLOAD DATA');
}
if (WFUtility::validateFileName($file['name']) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID UPLOAD DATA');
}
// get extension
$ext = WFUtility::getExtension($file['name']);
// check extension is allowed
$allowed = $this->getFileTypes('array');
if (is_array($allowed) && !empty($allowed) && in_array(strtolower($ext), $allowed) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR'));
}
// validate image
if (preg_match('#\\.(jpeg|jpg|jpe|png|gif|wbmp|bmp|tiff|tif|webp|psd|swc|iff|jpc|jp2|jpx|jb2|xbm|ico|xcf|odg)$#i', $file['name'])) {
if (@getimagesize($file['tmp_name']) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID IMAGE FILE');
}
}
$upload = $this->get('upload');
$size = round(filesize($file['tmp_name']) / 1024);
if (empty($upload['max_size'])) {
$upload['max_size'] = 1024;
}
// validate size
if ($size > (int) $upload['max_size']) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException(WFText::sprintf('WF_MANAGER_UPLOAD_SIZE_ERROR', $file['name'], $size, $upload['max_size']));
}
// validate mimetype
if ($upload['validate_mimetype']) {
wfimport('editor.libraries.classes.mime');
if (WFMimeType::check($file['name'], $file['tmp_name']) === false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID MIME TYPE');
}
}
// check for html tags in files (IE XSS bug)
if (!preg_match('#\\.(htm|html|xml|txt)$#i', $file['name'])) {
$data = JFile::read($file['tmp_name'], false, 256);
$tags = 'a,abbr,acronym,address,area,b,base,bdo,big,blockquote,body,br,button,caption,cite,code,col,colgroup,dd,del,dfn,div,dl,dt,em,fieldset,form,h1,h2,h3,h4,h5,h6,head,hr,html,i,img,input,ins,kbd,label,legend,li,link,map,meta,noscript,object,ol,optgroup,option,p,param,pre,q,samp,script,select,small,span,strong,style,sub,sup,table,tbody,td,textarea,tfoot,th,thead,title,tr,tt,ul,var';
foreach (explode(',', $tags) as $tag) {
// check for tag eg: <body> or <body
if (stripos($data, '<' . $tag . '>') !== false || stripos($data, '<' . $tag . ' ') !== false) {
@unlink($file['tmp_name']);
throw new InvalidArgumentException('INVALID TAG IN FILE');
}
}
}
}
