/**
* Process the data file info. Get its metadata and extension.
* If valid, use it to sanitize the item name and update the
* width, height, and mime type.
*/
private function _process_data_file_info()
{
try {
if ($this->is_photo()) {
list($this->width, $this->height, $this->mime_type, $extension) = photo::get_file_metadata($this->data_file);
} else {
if ($this->is_movie()) {
list($this->width, $this->height, $this->mime_type, $extension) = movie::get_file_metadata($this->data_file);
} else {
// Albums don't have data files.
$this->data_file = null;
return;
}
}
// Sanitize the name based on the idenified extension, but only set $this->name if different
// to ensure it isn't unnecessarily marked as "changed"
$name = legal_file::sanitize_filename($this->name, $extension, $this->type);
if ($this->name != $name) {
$this->name = $name;
}
// Data file valid - make sure the flag is reset to false.
$this->data_file_error = false;
} catch (Exception $e) {
// Data file invalid - set the flag so it's reported during item validation.
$this->data_file_error = true;
}
}
public function add()
{
access::verify_csrf();
$form = watermark::get_add_form();
// For TEST_MODE, we want to simulate a file upload. Because this is not a true upload, Forge's
// validation logic will correctly reject it. So, we skip validation when we're running tests.
if (TEST_MODE || $form->validate()) {
$file = $_POST["file"];
// Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness
$name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', basename($file));
try {
list($width, $height, $mime_type, $extension) = photo::get_file_metadata($file);
// Sanitize filename, which ensures a valid extension. This renaming prevents the issues
// addressed in ticket #1855, where an image that looked valid (header said jpg) with a
// php extension was previously accepted without changing its extension.
$name = legal_file::sanitize_filename($name, $extension, "photo");
} catch (Exception $e) {
message::error(t("Invalid or unidentifiable image file"));
system::delete_later($file);
return;
}
rename($file, VARPATH . "modules/watermark/{$name}");
module::set_var("watermark", "name", $name);
module::set_var("watermark", "width", $width);
module::set_var("watermark", "height", $height);
module::set_var("watermark", "mime_type", $mime_type);
module::set_var("watermark", "position", $form->add_watermark->position->value);
module::set_var("watermark", "transparency", $form->add_watermark->transparency->value);
$this->_update_graphics_rules();
system::delete_later($file);
message::success(t("Watermark saved"));
log::success("watermark", t("Watermark saved"));
json::reply(array("result" => "success", "location" => url::site("admin/watermarks")));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
// Override the application/json mime type for iframe compatibility. See ticket #2022.
header("Content-Type: text/plain; charset=" . Kohana::CHARSET);
}
public function add()
{
access::verify_csrf();
$form = watermark::get_add_form();
// For TEST_MODE, we want to simulate a file upload. Because this is not a true upload, Forge's
// validation logic will correctly reject it. So, we skip validation when we're running tests.
if (TEST_MODE || $form->validate()) {
$file = $_POST["file"];
// Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness
$name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', basename($file));
try {
list($width, $height, $mime_type, $extension) = photo::get_file_metadata($file);
// Sanitize filename, which ensures a valid extension. This renaming prevents the issues
// addressed in ticket #1855, where an image that looked valid (header said jpg) with a
// php extension was previously accepted without changing its extension.
$name = legal_file::sanitize_filename($name, $extension, "photo");
} catch (Exception $e) {
message::error(t("Invalid or unidentifiable image file"));
system::delete_later($file);
return;
}
rename($file, VARPATH . "modules/watermark/{$name}");
module::set_var("watermark", "name", $name);
module::set_var("watermark", "width", $width);
module::set_var("watermark", "height", $height);
module::set_var("watermark", "mime_type", $mime_type);
module::set_var("watermark", "position", $form->add_watermark->position->value);
module::set_var("watermark", "transparency", $form->add_watermark->transparency->value);
$this->_update_graphics_rules();
system::delete_later($file);
message::success(t("Watermark saved"));
log::success("watermark", t("Watermark saved"));
json::reply(array("result" => "success", "location" => url::site("admin/watermarks")));
} else {
// rawurlencode the results because the JS code that uploads the file buffers it in an
// iframe which entitizes the HTML and makes it difficult for the JS to process. If we url
// encode it now, it passes through cleanly. See ticket #797.
json::reply(array("result" => "error", "html" => rawurlencode((string) $form)));
}
// Override the application/json mime type. The dialog based HTML uploader uses an iframe to
// buffer the reply, and on some browsers (Firefox 3.6) it does not know what to do with the
// JSON that it gets back so it puts up a dialog asking the user what to do with it. So force
// the encoding type back to HTML for the iframe.
// See: http://jquery.malsup.com/form/#file-upload
header("Content-Type: text/html; charset=" . Kohana::CHARSET);
}
public function sanitize_filename_with_invalid_arguments_test()
{
foreach (array("flv" => "photo", "jpg" => "movie", "php" => "photo", null => "movie", "jpg" => "album", "jpg" => null) as $extension => $type) {
try {
legal_file::sanitize_filename("foo.jpg", $extension, $type);
$this->assert_true(false, "Shouldn't get here");
} catch (Exception $e) {
// pass
}
}
}
