public function upload($request) { if (!$request->headers->has('x-filename')) { return new Response('Filename is missing (header X-FILENAME)', 400); } $filename = base64_decode($request->headers->get('x-filename')); $pathinfo = pathinfo($filename); $dpath = Utils::resurl($this->draftPath . '/files', Utils::sanitizeFilename($pathinfo['filename']), null, null, $pathinfo['extension']); if (!$this->isSafeExtension($pathinfo['extension'])) { return $this->json($request, array('status' => 1, 'errMessage' => 'Forbidden file extension ' . $pathinfo['extension']), 200); } $res = $this->fs->writeStream($dpath, fopen("php://input", 'r')); if ($res === false) { return $this->json($request, array('status' => 1, 'errMessage' => 'Unable to upload file ' . $pathinfo['filename'] . '.' . $pathinfo['extension']), 200); } else { return $this->json($request, array('status' => 0, 'url' => $dpath), 200); } }
public function upload($request) { // obtain the uploaded file, load image and get its details (filename, extension) if (!$request->headers->has('x-filename')) { return new Response('Filename is missing (header X-FILENAME)', 400); } $filename = base64_decode($request->headers->get('x-filename')); $pathinfo = pathinfo($filename); if (!in_array(strtolower($pathinfo['extension']), self::$imageExtensions)) { return $this->json($request, array('status' => 1, 'errMessage' => "{$filename} is not an image file"), 200); } $filename = Utils::sanitizeFilename($pathinfo['filename']); $ext = $pathinfo['extension']; $img = WideImage::load("php://input"); // generate image set $res = $this->generateImageSet($img, $filename, $ext); $res = array('status' => 0, 'srcset' => $res['srcset'], 'ratio' => $res['ratio']); return $this->json($request, $res, 200); }
function test_sanitizeFilename() { $this->assertEquals("some-file-name", Utils::sanitizeFilename("some-file~name", "Unix")); $this->assertEquals("ssscccczz", Utils::sanitizeFilename("sŠšČčĆćĐđŽž", "Unix")); $this->assertEquals("jcukengshshzhfyvaproldzheyachsmitbyu", Utils::sanitizeFilename("йцукенгшщзхъфывапролджэячсмитьбю", "Unix")); $this->assertEquals("file", Utils::sanitizeFilename("׳קראטוןםפשדגכעיחלךףזסבהנמצתץ", "Unix")); $this->assertEquals("some-file-name", Utils::sanitizeFilename("some-file~name", "WINDOWS")); $this->assertEquals("ssscccczz", Utils::sanitizeFilename("sŠšČčĆćĐđŽž", "WINDOWS")); $this->assertEquals("jcukengshshzhfyvaproldzheyachsmitbyu", Utils::sanitizeFilename("йцукенгшщзхъфывапролджэячсмитьбю", "WINDOWS")); }