/** * Validate an image path and extension * @param type $path Image path * @throws InvalidArgumentException */ private static function validateImagePath($path) { // nothing to validate if (empty($path)) { return false; } // check file WFUtility::checkPath($path); // check name for extensions if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|html|shtml|sh|cgi)\\b#i', basename($path))) { throw new InvalidArgumentException('Invalid file name'); } // check extension - must be an image if (preg_match('#\\.(jpeg|jpg|png|gif|bmp)$#', basename($path)) === false) { throw new InvalidArgumentException('Invalid file extension'); } }
/** * Copy a file. * @param string $files The relative file or comma seperated list of files * @param string $dest The relative path of the destination dir * @return string $error on failure */ public function moveItem($items, $destination) { // check for feature access if (!$this->checkFeature('move', 'folder') && !$this->checkFeature('move', 'file')) { JError::raiseError(403, 'Access to this resource is restricted'); } $filesystem = $this->getFileSystem(); $items = explode(",", rawurldecode($items)); // decode $destination = rawurldecode($destination); // check destination path WFUtility::checkPath($destination); // check for extension in destination name if (WFUtility::validateFileName($destination) === false) { JError::raiseError(403, 'INVALID PATH NAME'); } foreach ($items as $item) { // decode $item = rawurldecode($item); // check source path WFUtility::checkPath($item); if ($filesystem->is_file($item)) { if ($this->checkFeature('move', 'file') === false) { JError::raiseError(403, 'Access to this resource is restricted'); } } elseif ($filesystem->is_dir($item)) { if ($this->checkFeature('move', 'folder') === false) { JError::raiseError(403, 'Access to this resource is restricted'); } } $result = $filesystem->move($item, $destination); if ($result instanceof WFFileSystemResult) { if (!$result->state) { if ($result->message) { $this->setResult($result->message, 'error'); } else { $this->setResult(JText::sprintf('WF_MANAGER_MOVE_' . strtoupper($result->type) . '_ERROR', basename($item)), 'error'); } } else { $this->setResult($this->fireEvent('on' . ucfirst($result->type) . 'Move', array($item))); $this->setResult($destination, $result->type); } } } return $this->getResult(); }
public function loadTemplate($file) { $browser = $this->getBrowser(); $filesystem = $browser->getFileSystem(); // check path WFUtility::checkPath($file); $content = $filesystem->read($file); // Remove body etc. if (preg_match('/<body[^>]*>([\\s\\S]+?)<\\/body>/', $content, $matches)) { $content = trim($matches[1]); } // Replace variables $content = preg_replace_callback('/\\{\\$(.+?)\\}/i', array($this, 'replaceVars'), $content); return $content; }
/** * Copy a file. * @param string $files The relative file or comma seperated list of files * @param string $dest The relative path of the destination dir * @return string $error on failure */ public function moveItem($items, $destination) { // check for feature access if (!$this->checkFeature('move', 'folder') && !$this->checkFeature('move', 'file')) { JError::raiseError(403, 'RESTRICTED ACCESS'); } $filesystem = $this->getFileSystem(); $items = explode(",", rawurldecode($items)); // decode $destination = rawurldecode($destination); // check destination path WFUtility::checkPath($destination); foreach ($items as $item) { // decode $item = rawurldecode($item); // check source path WFUtility::checkPath($item); $result = $filesystem->move($item, $destination); if ($result instanceof WFFileSystemResult) { if (!$result->state) { if ($result->message) { $this->setResult($result->message, 'error'); } else { $this->setResult(JText::sprintf('WF_MANAGER_MOVE_' . strtoupper($result->type) . '_ERROR', basename($item)), 'error'); } } else { $this->setResult($this->fireEvent('on' . ucfirst($result->type) . 'Move', array($item))); $this->setResult($destination, $result->type); } } } return $this->getResult(); }
/** * New folder base function. A wrapper for the JFolder::create function * @param string $folder The folder to create * @return boolean true on success */ function folderCreate($folder) { // check folder path WFUtility::checkPath($folder); $filesystem = $this->getFileSystem(); return $filesystem->folderCreate($folder); }
function createCacheThumb($file) { jimport('joomla.filesystem.file'); $browser = $this->getBrowser(); $editor = $this->getImageEditor(); // check path WFUtility::checkPath($file); $file = WFUtility::makePath($browser->getBaseDir(), $file); // default for list thumbnails $width = 100; $height = 100; $quality = 75; $data = @getimagesize($file); $mime = $data['mime']; if ($data[0] < $width && $data[1] < $height) { return $this->outputImage($file, $mime); } // try exif thumbnail if ($mime == 'image/jpeg' || $mime == 'image/tiff') { $exif = exif_thumbnail($file, $width, $height, $type); if ($exif !== false) { header("Content-type: " . image_type_to_mime_type($type)); die($exif); } } $thumb = $this->getCacheThumbPath($file, $width, $height); if (JFile::exists($thumb)) { return $this->outputImage($thumb, $mime); } $coords = $this->cropThumbnail($dim[0], $dim[1], $width, $height); if ($this->checkMem($dim[0] * $dim[1])) { if ($editor->resize($file, $thumb, $width, $height, $quality, $coords['sx'], $coords['sy'], $coords['sw'], $coords['sh'])) { if (JFile::exists($thumb)) { return $this->outputImage($thumb, $mime); } } } // exit with no data exit; }