private function validateUploadedFile($file) { // check the POST data array if (empty($file)) { throw new InvalidArgumentException('Upload Failed: No data'); } // tmp name must exist if (empty($file['tmp_name'])) { throw new InvalidArgumentException('Upload Failed: No data'); } // check for tmp_name and is valid uploaded file if (!is_uploaded_file($file['tmp_name'])) { @unlink($file['tmp_name']); throw new InvalidArgumentException('Upload Failed: Not an uploaded file'); } $upload = $this->get('upload'); // remove exif data if (!empty($upload['remove_exif']) && preg_match('#\\.(jpg|jpeg|png)$#i', $file['name'])) { if (WFUtility::removeExifData($file['tmp_name']) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_EXIF_REMOVE_ERROR')); } } // check file for various issues if (WFUtility::isSafeFile($file) !== true) { @unlink($file['tmp_name']); throw new InvalidArgumentException('Upload Failed: Invalid file'); } // get extension $ext = WFUtility::getExtension($file['name']); // check extension is allowed $allowed = $this->getFileTypes('array'); if (is_array($allowed) && !empty($allowed) && in_array(strtolower($ext), $allowed) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR')); } $size = round(filesize($file['tmp_name']) / 1024); if (empty($upload['max_size'])) { $upload['max_size'] = 1024; } // validate size if ($size > (int) $upload['max_size']) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::sprintf('WF_MANAGER_UPLOAD_SIZE_ERROR', $file['name'], $size, $upload['max_size'])); } // validate mimetype if ($upload['validate_mimetype']) { wfimport('editor.libraries.classes.mime'); if (WFMimeType::check($file['name'], $file['tmp_name']) === false) { @unlink($file['tmp_name']); throw new InvalidArgumentException(WFText::_('WF_MANAGER_UPLOAD_MIME_ERROR')); } } }