/** * Moves an uploaded file to a specified path * * Returns true if the file name is valid, the file type matches one of * the accepted file types, if specified, is not too large, and can be * moved successfully to its target folder. * Missing folders are created. If this fails, returns false. * Mind that the target path *MUST NOT* include ASCMS_PATH, and *SHOULD* * not include ASCMS_PATH_OFFSET. The latter will be cut off, however. * The $target_path argument, given by reference, is fixed accordingly. * If the file name found in $upload_field_name is empty, returns the * empty string. * Non-positive values for $maximum_size are ignored, as are empty * values for $accepted_types. * @param string $upload_field_name File input field name * @param string $target_path Target path, relative to the * document root, including the file * name, by reference. * @param integer $maximum_size The optional maximum allowed file size * @param string $accepted_types The optional allowed MIME type * @return boolean True on success, the empty string * if there is nothing to do, or * false otherwise * @author Reto Kohli <*****@*****.**> (Parts, fixed path handling) * @since 2.2.0 */ static function upload_file_http($upload_field_name, &$target_path, $maximum_size = 0, $accepted_types = false) { // Skip files that are not uploaded at all if (empty($_FILES[$upload_field_name])) { //DBG::log("File::upload_file_http($upload_field_name, $target_path, $maximum_size, $accepted_types): No file for index $upload_field_name<br />"); return ''; } self::path_relative_to_root($target_path); //DBG::log("File::upload_file_http($upload_field_name, $target_path, $maximum_size, $accepted_types): Fixed target path $target_path<br />"); if (empty($upload_field_name) || empty($target_path)) { //DBG::log("File::upload_file_http($upload_field_name, $target_path, $maximum_size, $accepted_types): Missing mandatory argument<br />"); self::$error = self::ERROR_MISSING_ARGUMENT; return false; } $tmp_path = $_FILES[$upload_field_name]['tmp_name']; $file_name = $_FILES[$upload_field_name]['name']; if ($accepted_types && !Filetype::matchMimetypes($file_name, $accepted_types)) { //DBG::log("File::upload_file_http(): Error: Found no matching MIME type for extension ($file_name)<br />"); self::$error = self::ERROR_INVALID_FILETYPE; return false; } if ($maximum_size > 0 && filesize($tmp_path) > $maximum_size) { //DBG::log("File::upload_file_http($upload_field_name, $target_path, $maximum_size, $accepted_types): Size greater than $maximum_size<br />"); self::$error = self::ERROR_FILESIZE_TOO_BIG; return false; } // Create the target folder if it doesn't exist if (!File::make_folder(dirname($target_path))) { //DBG::log("File::upload_file_http(): Failed to create folder ".dirname($target_path)." for $target_path<br />"); self::$error = self::ERROR_CANNOT_CREATE_FOLDER; return false; } if (move_uploaded_file($tmp_path, ASCMS_DOCUMENT_ROOT . '/' . $target_path)) { //DBG::log("File::upload_file_http($upload_field_name, $target_path, $maximum_size, $accepted_types): File successfully moved to $target_path<br />"); return true; } //DBG::log("File::upload_file_http($upload_field_name, $target_path, $maximum_size, $accepted_types): move_uploaded_file failed<br />"); self::$error = self::ERROR_CANNOT_MOVE_FILE; return false; }