isValidDoc() static public method

Is this file a valid file ? check based on file extension
static public isValidDoc ( $filename )
$filename filename to clean
Ejemplo n.º 1
0
 /**
  * Private function : Recursivly get attached documents
  *
  * @param $mid          message id
  * @param $path         temporary path
  * @param $maxsize      of document to be retrieved
  * @param $structure    of the message or part
  * @param $part         part for recursive
  *
  * Result is stored in $this->files
  **/
 function getRecursiveAttached($mid, $path, $maxsize, $structure, $part = "")
 {
     if ($structure->type == 1) {
         // multipart
         reset($structure->parts);
         while (list($index, $sub) = each($structure->parts)) {
             $this->getRecursiveAttached($mid, $path, $maxsize, $sub, $part ? $part . "." . ($index + 1) : $index + 1);
         }
     } else {
         $filename = '';
         if ($structure->ifdparameters) {
             // get filename of attachment if present
             // if there are any dparameters present in this part
             if (count($structure->dparameters) > 0) {
                 foreach ($structure->dparameters as $dparam) {
                     if (Toolbox::strtoupper($dparam->attribute) == 'NAME' || Toolbox::strtoupper($dparam->attribute) == 'FILENAME') {
                         $filename = $dparam->value;
                     }
                 }
             }
         }
         //if no filename found
         if (empty($filename) && $structure->ifparameters) {
             // if there are any parameters present in this part
             if (count($structure->parameters) > 0) {
                 foreach ($structure->parameters as $param) {
                     if (Toolbox::strtoupper($param->attribute) == 'NAME' || Toolbox::strtoupper($param->attribute) == 'FILENAME') {
                         $filename = $param->value;
                     }
                 }
             }
         }
         if (empty($filename) && $structure->type == 5 && $structure->subtype) {
             // Embeded image come without filename - generate trivial one
             $filename = "image_{$part}." . $structure->subtype;
         }
         // if no filename found, ignore this part
         if (empty($filename)) {
             return false;
         }
         //try to avoid conflict between inline image and attachment
         $i = 2;
         while (in_array($filename, $this->files)) {
             //replace filename with name_(num).EXT by name_(num+1).EXT
             $new_filename = preg_replace("/(.*)_([0-9])*(\\.[a-zA-Z0-9]*)\$/", "\$1_" . $i . "\$3", $filename);
             if ($new_filename !== $filename) {
                 $filename = $new_filename;
             } else {
                 //the previous regex didn't found _num pattern, so add it with this one
                 $filename = preg_replace("/(.*)(\\.[a-zA-Z0-9]*)\$/", "\$1_" . $i . "\$2", $filename);
             }
             $i++;
         }
         $filename = $this->decodeMimeString($filename);
         if ($structure->bytes > $maxsize) {
             $this->addtobody .= "\n\n" . sprintf(__('%1$s: %2$s'), __('Too large attached file'), sprintf(__('%1$s (%2$s)'), $filename, Toolbox::getSize($structure->bytes)));
             return false;
         }
         if (!Document::isValidDoc($filename)) {
             //TRANS: %1$s is the filename and %2$s its mime type
             $this->addtobody .= "\n\n" . sprintf(__('%1$s: %2$s'), __('Invalid attached file'), sprintf(__('%1$s (%2$s)'), $filename, $this->get_mime_type($structure)));
             return false;
         }
         if ($message = imap_fetchbody($this->marubox, $mid, $part)) {
             switch ($structure->encoding) {
                 case 1:
                     $message = imap_8bit($message);
                     break;
                 case 2:
                     $message = imap_binary($message);
                     break;
                 case 3:
                     $message = imap_base64($message);
                     break;
                 case 4:
                     $message = quoted_printable_decode($message);
                     break;
             }
             if (file_put_contents($path . $filename, $message)) {
                 $this->files[$filename] = $filename;
                 // If embeded image, we add a tag
                 if ($structure->type == 5 && $structure->subtype) {
                     end($this->files);
                     $tag = Rule::getUuid();
                     $this->tags[$filename] = $tag;
                     // Link file based on id
                     if (isset($structure->id)) {
                         $clean = array('<' => '', '>' => '');
                         $this->altfiles[strtr($structure->id, $clean)] = $filename;
                     }
                 }
             }
         }
         // fetchbody
     }
     // Single part
 }
 /**
  * Private function : Recursivly get attached documents
  *
  * @param $mid : message id
  * @param $path : temporary path
  * @param $maxsize : of document to be retrieved
  * @param $structure : of the message or part
  * @param $part : part for recursive
  *
  * Result is stored in $this->files
  *
  */
 function getRecursiveAttached($mid, $path, $maxsize, $structure, $part = "")
 {
     global $LANG;
     if ($structure->type == 1) {
         // multipart
         reset($structure->parts);
         while (list($index, $sub) = each($structure->parts)) {
             $this->getRecursiveAttached($mid, $path, $maxsize, $sub, $part ? $part . "." . ($index + 1) : $index + 1);
         }
     } else {
         $filename = '';
         if ($structure->ifdparameters) {
             // get filename of attachment if present
             // if there are any dparameters present in this part
             if (count($structure->dparameters) > 0) {
                 foreach ($structure->dparameters as $dparam) {
                     if (utf8_strtoupper($dparam->attribute) == 'NAME' || utf8_strtoupper($dparam->attribute) == 'FILENAME') {
                         $filename = $dparam->value;
                     }
                 }
             }
         }
         //if no filename found
         if (empty($filename) && $structure->ifparameters) {
             // if there are any parameters present in this part
             if (count($structure->parameters) > 0) {
                 foreach ($structure->parameters as $param) {
                     if (utf8_strtoupper($param->attribute) == 'NAME' || utf8_strtoupper($param->attribute) == 'FILENAME') {
                         $filename = $param->value;
                     }
                 }
             }
         }
         if (empty($filename) && $structure->type == 5 && $structure->subtype) {
             // Embeded image come without filename - generate trivial one
             $filename = "image_{$part}." . $structure->subtype;
         }
         // if no filename found, ignore this part
         if (empty($filename)) {
             return false;
         }
         $filename = $this->decodeMimeString($filename);
         if ($structure->bytes > $maxsize) {
             $this->addtobody .= "<br>" . $LANG['mailgate'][6] . " (" . getSize($structure->bytes) . "): " . $filename;
             return false;
         }
         if (!Document::isValidDoc($filename)) {
             $this->addtobody .= "<br>" . $LANG['mailgate'][5] . " (" . $this->get_mime_type($structure) . ") : " . $filename;
             return false;
         }
         if ($message = imap_fetchbody($this->marubox, $mid, $part)) {
             switch ($structure->encoding) {
                 case 1:
                     $message = imap_8bit($message);
                     break;
                 case 2:
                     $message = imap_binary($message);
                     break;
                 case 3:
                     $message = imap_base64($message);
                     break;
                 case 4:
                     $message = quoted_printable_decode($message);
                     break;
             }
             if (file_put_contents($path . $filename, $message)) {
                 $this->files['multiple'] = true;
                 $j = count($this->files) - 1;
                 $this->files[$j]['filename']['size'] = $structure->bytes;
                 $this->files[$j]['filename']['name'] = $filename;
                 $this->files[$j]['filename']['tmp_name'] = $path . $filename;
                 $this->files[$j]['filename']['type'] = $this->get_mime_type($structure);
             }
         }
         // fetchbody
     }
     // Single part
 }
Ejemplo n.º 3
0
}
include_once GLPI_ROOT . "/inc/autoload.function.php";
include_once GLPI_ROOT . "/inc/db.function.php";
include_once GLPI_ROOT . "/config/config.php";
Session::checkLoginUser();
// Load Language file
Session::loadLanguage();
include_once GLPI_ROOT . '/lib/jqueryplugins/jquery-file-upload/server/php/UploadHandler.php';
$errors = array(1 => __('The uploaded file exceeds the upload_max_filesize directive in php.ini'), 2 => __('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'), 3 => __('The uploaded file was only partially uploaded'), 4 => __('No file was uploaded'), 6 => __('Missing a temporary folder'), 7 => __('Failed to write file to disk'), 8 => __('A PHP extension stopped the file upload'), 'post_max_size' => __('The uploaded file exceeds the post_max_size directive in php.ini'), 'max_file_size' => __('File is too big'), 'min_file_size' => __('File is too small'), 'accept_file_types' => __('Filetype not allowed'), 'max_number_of_files' => __('Maximum number of files exceeded'), 'max_width' => __('Image exceeds maximum width'), 'min_width' => __('Image requires a minimum width'), 'max_height' => __('Image exceeds maximum height'), 'min_height' => __('Image requires a minimum height'));
$upload_dir = GLPI_TMP_DIR . '/';
$upload_handler = new UploadHandler(array('upload_dir' => $upload_dir, 'param_name' => $_GET['name'], 'orient_image' => false, 'image_versions' => array()), false, $errors);
$response = $upload_handler->post(false);
// clean compute display filesize
if (isset($response[$_GET['name']]) && is_array($response[$_GET['name']])) {
    foreach ($response[$_GET['name']] as $key => &$val) {
        if (Document::isValidDoc(addslashes($val->name))) {
            if (isset($val->name)) {
                $val->display = $val->name;
            }
            if (isset($val->size)) {
                $val->filesize = Toolbox::getSize($val->size);
                if (isset($_GET['showfilesize']) && $_GET['showfilesize']) {
                    $val->display = sprintf('%1$s %2$s', $val->display, $val->filesize);
                }
            }
        } else {
            // Unlink file
            $val->error = $errors['accept_file_types'];
            if (file_exists($upload_dir . $val->name)) {
                @unlink($upload_dir . $val->name);
            }
Ejemplo n.º 4
0
 /**
  * Add a document to a existing ticket
  * for an authenticated user
  *
  * @param $params array of options (ticket, uri, name, base64, comment)
  *        only one of uri and base64 must be set
  *        name is mandatory when base64 set, for extension check (filename)
  * @param $protocol     the communication protocol used
  *
  * @return array of hashtable
  **/
 static function methodAddTicketDocument($params, $protocol)
 {
     global $DB, $CFG_GLPI;
     if (isset($params['help'])) {
         return array('ticket' => 'integer,mandatory', 'name' => 'string,mandatory', 'uri' => 'string,optional', 'base64' => 'string,optional', 'content' => 'string,optional', 'close' => 'bool,optional', 'reopen' => 'bool,optional', 'source' => 'string,optional', 'private' => 'bool,optional', 'help' => 'bool,optional');
     }
     if (!Session::getLoginUserID()) {
         return self::Error($protocol, WEBSERVICES_ERROR_NOTAUTHENTICATED);
     }
     $ticket = new Ticket();
     if (!isset($params['ticket'])) {
         return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'ticket');
     }
     if (!is_numeric($params['ticket'])) {
         return self::Error($protocol, WEBSERVICES_ERROR_BADPARAMETER, '', 'ticket');
     }
     if (!isset($params['name'])) {
         return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'name');
     }
     if (!Document::isValidDoc($params['name'])) {
         return self::Error($protocol, WEBSERVICES_ERROR_BADPARAMETER, '', 'name');
     }
     if (!$ticket->can($params['ticket'], READ)) {
         return self::Error($protocol, WEBSERVICES_ERROR_NOTFOUND);
     }
     if (in_array($ticket->fields["status"], $ticket->getClosedStatusArray())) {
         return self::Error($protocol, WEBSERVICES_ERROR_NOTALLOWED, '', 'closed ticket');
     }
     if (!$ticket->canAddFollowups()) {
         return self::Error($protocol, WEBSERVICES_ERROR_NOTALLOWED, '', 'access denied');
     }
     $filepath = GLPI_TMP_DIR . "/" . $params['name'];
     file_put_contents($filepath, null);
     $response = parent::uploadDocument($params, $protocol, $filepath);
     //An error occured during document upload
     if (parent::isError($protocol, $response)) {
         return $response;
     }
     $doc = new Document();
     $documentitem = new Document_Item();
     $docid = $doc->getFromDBbyContent($ticket->fields["entities_id"], $filepath);
     if ($docid) {
         $input = array('itemtype' => $ticket->getType(), 'items_id' => $ticket->getID(), 'documents_id' => $doc->getID());
         if ($DB->request('glpi_documents_items', $input)->numrows()) {
             return self::Error($protocol, WEBSERVICES_ERROR_FAILED, '', 'document already associated to this ticket');
         }
         $new = $documentitem->add($input);
     } else {
         $input = array('itemtype' => $ticket->getType(), 'items_id' => $ticket->getID(), 'tickets_id' => $ticket->getID(), 'entities_id' => $ticket->getEntityID(), 'is_recursive' => $ticket->isRecursive(), '_filename' => array(basename($params['name'])), 'documentcategories_id' => $CFG_GLPI["documentcategories_id_forticket"]);
         $new = $doc->add($input);
     }
     // to not add it twice during followup
     unset($_FILES['filename']);
     if (!$new) {
         return self::Error($protocol, WEBSERVICES_ERROR_FAILED, '', self::getDisplayError());
     }
     if (isset($params['comment']) && !empty($params['comment'])) {
         $params['content'] = $params['comment'];
         unset($params['comment']);
     }
     if (isset($params['content']) && !empty($params['content'])) {
         return self::methodAddTicketFollowup($params, $protocol);
     }
     return self::methodGetTicket(array('ticket' => $params['ticket']), $protocol);
 }