Is this file a valid file ? check based on file extension
| static public isValidDoc ( $filename ) | ||
| $filename | filename to clean | |
/**
* Private function : Recursivly get attached documents
*
* @param $mid message id
* @param $path temporary path
* @param $maxsize of document to be retrieved
* @param $structure of the message or part
* @param $part part for recursive
*
* Result is stored in $this->files
**/
function getRecursiveAttached($mid, $path, $maxsize, $structure, $part = "")
{
if ($structure->type == 1) {
// multipart
reset($structure->parts);
while (list($index, $sub) = each($structure->parts)) {
$this->getRecursiveAttached($mid, $path, $maxsize, $sub, $part ? $part . "." . ($index + 1) : $index + 1);
}
} else {
$filename = '';
if ($structure->ifdparameters) {
// get filename of attachment if present
// if there are any dparameters present in this part
if (count($structure->dparameters) > 0) {
foreach ($structure->dparameters as $dparam) {
if (Toolbox::strtoupper($dparam->attribute) == 'NAME' || Toolbox::strtoupper($dparam->attribute) == 'FILENAME') {
$filename = $dparam->value;
}
}
}
}
//if no filename found
if (empty($filename) && $structure->ifparameters) {
// if there are any parameters present in this part
if (count($structure->parameters) > 0) {
foreach ($structure->parameters as $param) {
if (Toolbox::strtoupper($param->attribute) == 'NAME' || Toolbox::strtoupper($param->attribute) == 'FILENAME') {
$filename = $param->value;
}
}
}
}
if (empty($filename) && $structure->type == 5 && $structure->subtype) {
// Embeded image come without filename - generate trivial one
$filename = "image_{$part}." . $structure->subtype;
}
// if no filename found, ignore this part
if (empty($filename)) {
return false;
}
//try to avoid conflict between inline image and attachment
$i = 2;
while (in_array($filename, $this->files)) {
//replace filename with name_(num).EXT by name_(num+1).EXT
$new_filename = preg_replace("/(.*)_([0-9])*(\\.[a-zA-Z0-9]*)\$/", "\$1_" . $i . "\$3", $filename);
if ($new_filename !== $filename) {
$filename = $new_filename;
} else {
//the previous regex didn't found _num pattern, so add it with this one
$filename = preg_replace("/(.*)(\\.[a-zA-Z0-9]*)\$/", "\$1_" . $i . "\$2", $filename);
}
$i++;
}
$filename = $this->decodeMimeString($filename);
if ($structure->bytes > $maxsize) {
$this->addtobody .= "\n\n" . sprintf(__('%1$s: %2$s'), __('Too large attached file'), sprintf(__('%1$s (%2$s)'), $filename, Toolbox::getSize($structure->bytes)));
return false;
}
if (!Document::isValidDoc($filename)) {
//TRANS: %1$s is the filename and %2$s its mime type
$this->addtobody .= "\n\n" . sprintf(__('%1$s: %2$s'), __('Invalid attached file'), sprintf(__('%1$s (%2$s)'), $filename, $this->get_mime_type($structure)));
return false;
}
if ($message = imap_fetchbody($this->marubox, $mid, $part)) {
switch ($structure->encoding) {
case 1:
$message = imap_8bit($message);
break;
case 2:
$message = imap_binary($message);
break;
case 3:
$message = imap_base64($message);
break;
case 4:
$message = quoted_printable_decode($message);
break;
}
if (file_put_contents($path . $filename, $message)) {
$this->files[$filename] = $filename;
// If embeded image, we add a tag
if ($structure->type == 5 && $structure->subtype) {
end($this->files);
$tag = Rule::getUuid();
$this->tags[$filename] = $tag;
// Link file based on id
if (isset($structure->id)) {
$clean = array('<' => '', '>' => '');
$this->altfiles[strtr($structure->id, $clean)] = $filename;
}
}
}
}
// fetchbody
}
// Single part
}
/**
* Private function : Recursivly get attached documents
*
* @param $mid : message id
* @param $path : temporary path
* @param $maxsize : of document to be retrieved
* @param $structure : of the message or part
* @param $part : part for recursive
*
* Result is stored in $this->files
*
*/
function getRecursiveAttached($mid, $path, $maxsize, $structure, $part = "")
{
global $LANG;
if ($structure->type == 1) {
// multipart
reset($structure->parts);
while (list($index, $sub) = each($structure->parts)) {
$this->getRecursiveAttached($mid, $path, $maxsize, $sub, $part ? $part . "." . ($index + 1) : $index + 1);
}
} else {
$filename = '';
if ($structure->ifdparameters) {
// get filename of attachment if present
// if there are any dparameters present in this part
if (count($structure->dparameters) > 0) {
foreach ($structure->dparameters as $dparam) {
if (utf8_strtoupper($dparam->attribute) == 'NAME' || utf8_strtoupper($dparam->attribute) == 'FILENAME') {
$filename = $dparam->value;
}
}
}
}
//if no filename found
if (empty($filename) && $structure->ifparameters) {
// if there are any parameters present in this part
if (count($structure->parameters) > 0) {
foreach ($structure->parameters as $param) {
if (utf8_strtoupper($param->attribute) == 'NAME' || utf8_strtoupper($param->attribute) == 'FILENAME') {
$filename = $param->value;
}
}
}
}
if (empty($filename) && $structure->type == 5 && $structure->subtype) {
// Embeded image come without filename - generate trivial one
$filename = "image_{$part}." . $structure->subtype;
}
// if no filename found, ignore this part
if (empty($filename)) {
return false;
}
$filename = $this->decodeMimeString($filename);
if ($structure->bytes > $maxsize) {
$this->addtobody .= "<br>" . $LANG['mailgate'][6] . " (" . getSize($structure->bytes) . "): " . $filename;
return false;
}
if (!Document::isValidDoc($filename)) {
$this->addtobody .= "<br>" . $LANG['mailgate'][5] . " (" . $this->get_mime_type($structure) . ") : " . $filename;
return false;
}
if ($message = imap_fetchbody($this->marubox, $mid, $part)) {
switch ($structure->encoding) {
case 1:
$message = imap_8bit($message);
break;
case 2:
$message = imap_binary($message);
break;
case 3:
$message = imap_base64($message);
break;
case 4:
$message = quoted_printable_decode($message);
break;
}
if (file_put_contents($path . $filename, $message)) {
$this->files['multiple'] = true;
$j = count($this->files) - 1;
$this->files[$j]['filename']['size'] = $structure->bytes;
$this->files[$j]['filename']['name'] = $filename;
$this->files[$j]['filename']['tmp_name'] = $path . $filename;
$this->files[$j]['filename']['type'] = $this->get_mime_type($structure);
}
}
// fetchbody
}
// Single part
}
}
include_once GLPI_ROOT . "/inc/autoload.function.php";
include_once GLPI_ROOT . "/inc/db.function.php";
include_once GLPI_ROOT . "/config/config.php";
Session::checkLoginUser();
// Load Language file
Session::loadLanguage();
include_once GLPI_ROOT . '/lib/jqueryplugins/jquery-file-upload/server/php/UploadHandler.php';
$errors = array(1 => __('The uploaded file exceeds the upload_max_filesize directive in php.ini'), 2 => __('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'), 3 => __('The uploaded file was only partially uploaded'), 4 => __('No file was uploaded'), 6 => __('Missing a temporary folder'), 7 => __('Failed to write file to disk'), 8 => __('A PHP extension stopped the file upload'), 'post_max_size' => __('The uploaded file exceeds the post_max_size directive in php.ini'), 'max_file_size' => __('File is too big'), 'min_file_size' => __('File is too small'), 'accept_file_types' => __('Filetype not allowed'), 'max_number_of_files' => __('Maximum number of files exceeded'), 'max_width' => __('Image exceeds maximum width'), 'min_width' => __('Image requires a minimum width'), 'max_height' => __('Image exceeds maximum height'), 'min_height' => __('Image requires a minimum height'));
$upload_dir = GLPI_TMP_DIR . '/';
$upload_handler = new UploadHandler(array('upload_dir' => $upload_dir, 'param_name' => $_GET['name'], 'orient_image' => false, 'image_versions' => array()), false, $errors);
$response = $upload_handler->post(false);
// clean compute display filesize
if (isset($response[$_GET['name']]) && is_array($response[$_GET['name']])) {
foreach ($response[$_GET['name']] as $key => &$val) {
if (Document::isValidDoc(addslashes($val->name))) {
if (isset($val->name)) {
$val->display = $val->name;
}
if (isset($val->size)) {
$val->filesize = Toolbox::getSize($val->size);
if (isset($_GET['showfilesize']) && $_GET['showfilesize']) {
$val->display = sprintf('%1$s %2$s', $val->display, $val->filesize);
}
}
} else {
// Unlink file
$val->error = $errors['accept_file_types'];
if (file_exists($upload_dir . $val->name)) {
@unlink($upload_dir . $val->name);
}
/**
* Add a document to a existing ticket
* for an authenticated user
*
* @param $params array of options (ticket, uri, name, base64, comment)
* only one of uri and base64 must be set
* name is mandatory when base64 set, for extension check (filename)
* @param $protocol the communication protocol used
*
* @return array of hashtable
**/
static function methodAddTicketDocument($params, $protocol)
{
global $DB, $CFG_GLPI;
if (isset($params['help'])) {
return array('ticket' => 'integer,mandatory', 'name' => 'string,mandatory', 'uri' => 'string,optional', 'base64' => 'string,optional', 'content' => 'string,optional', 'close' => 'bool,optional', 'reopen' => 'bool,optional', 'source' => 'string,optional', 'private' => 'bool,optional', 'help' => 'bool,optional');
}
if (!Session::getLoginUserID()) {
return self::Error($protocol, WEBSERVICES_ERROR_NOTAUTHENTICATED);
}
$ticket = new Ticket();
if (!isset($params['ticket'])) {
return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'ticket');
}
if (!is_numeric($params['ticket'])) {
return self::Error($protocol, WEBSERVICES_ERROR_BADPARAMETER, '', 'ticket');
}
if (!isset($params['name'])) {
return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'name');
}
if (!Document::isValidDoc($params['name'])) {
return self::Error($protocol, WEBSERVICES_ERROR_BADPARAMETER, '', 'name');
}
if (!$ticket->can($params['ticket'], READ)) {
return self::Error($protocol, WEBSERVICES_ERROR_NOTFOUND);
}
if (in_array($ticket->fields["status"], $ticket->getClosedStatusArray())) {
return self::Error($protocol, WEBSERVICES_ERROR_NOTALLOWED, '', 'closed ticket');
}
if (!$ticket->canAddFollowups()) {
return self::Error($protocol, WEBSERVICES_ERROR_NOTALLOWED, '', 'access denied');
}
$filepath = GLPI_TMP_DIR . "/" . $params['name'];
file_put_contents($filepath, null);
$response = parent::uploadDocument($params, $protocol, $filepath);
//An error occured during document upload
if (parent::isError($protocol, $response)) {
return $response;
}
$doc = new Document();
$documentitem = new Document_Item();
$docid = $doc->getFromDBbyContent($ticket->fields["entities_id"], $filepath);
if ($docid) {
$input = array('itemtype' => $ticket->getType(), 'items_id' => $ticket->getID(), 'documents_id' => $doc->getID());
if ($DB->request('glpi_documents_items', $input)->numrows()) {
return self::Error($protocol, WEBSERVICES_ERROR_FAILED, '', 'document already associated to this ticket');
}
$new = $documentitem->add($input);
} else {
$input = array('itemtype' => $ticket->getType(), 'items_id' => $ticket->getID(), 'tickets_id' => $ticket->getID(), 'entities_id' => $ticket->getEntityID(), 'is_recursive' => $ticket->isRecursive(), '_filename' => array(basename($params['name'])), 'documentcategories_id' => $CFG_GLPI["documentcategories_id_forticket"]);
$new = $doc->add($input);
}
// to not add it twice during followup
unset($_FILES['filename']);
if (!$new) {
return self::Error($protocol, WEBSERVICES_ERROR_FAILED, '', self::getDisplayError());
}
if (isset($params['comment']) && !empty($params['comment'])) {
$params['content'] = $params['comment'];
unset($params['comment']);
}
if (isset($params['content']) && !empty($params['content'])) {
return self::methodAddTicketFollowup($params, $protocol);
}
return self::methodGetTicket(array('ticket' => $params['ticket']), $protocol);
}