/** * Opens an Image file * * @param $src * @param $errors * @return mixed */ public static function open($src, &$errors) { $file_ext = XApp_Image_Utils::imageExtension($src); if (!array_key_exists($file_ext, XApp_Image_Utils::$compatibleImageTypes)) { $errors[] = XAPP_TEXT_FORMATTED("IMAGE_TYPE_NOT_SUPPORTED", $file_ext); return false; } if (!file_exists($src)) { $errors[] = XAPP_TEXT_FORMATTED("FILE_DOESNT_EXISTS") . $src; return false; } $container = XApp_Image_Utils::$imageContainer; $container[XApp_Image_Utils::IMAGE_CONTAINER_SRC] = $src; $container[XApp_Image_Utils::IMAGE_CONTAINER_TYPE] = XApp_Image_Utils::$compatibleImageTypes[$file_ext]; try { $container[XApp_Image_Utils::IMAGE_CONTAINER_DATA] = new Imagick($src); } catch (Exception $e) { $errors[] = $e->getMessage(); } return $container; }
/** * @param $path * @param array $options * @param $error * @param $success */ public function deleteFile($path, $options = array(), &$error, &$success) { if ($path == "/") { $error[] = XAPP_TEXT_FORMATTED("DIRECTORY_NOT_WRITEABLE", array($path)); } else { XApp_File_Utils::deleteFile($this->toRealPath($path), $options, $error, $success); } }
/** * * Validate using method * * @param $method : validation method * @param array $value : data for the validation * @param $options : options * @param $error * @param $success */ public static function validate($method, $value, &$options, &$error, &$success) { $user = null; $method = strtoupper($method); switch ($method) { case self::ALLOW_IP: $client_ip = self::getClientIp(); if ($client_ip !== null && !in_array($client_ip, $value)) { $error[] = XAPP_TEXT_FORMATTED("IP_NOT_ALLOWED", array($client_ip)); } else { $success[] = XAPP_TEXT_FORMATTED("ALLOWED_IP", array($client_ip)); } break; case self::DENY_IP: $client_ip = self::getClientIp(); if ($client_ip !== null && in_array($client_ip, $value)) { $error[] = XAPP_TEXT_FORMATTED("IP_DISALLOWED", array($client_ip)); } else { $success[] = XAPP_TEXT_FORMATTED("IP_NOT_DISALLOWED", array($client_ip)); } break; case self::ALLOW_HOST: $host = self::getHost(); if ($host !== null && !in_array($host, $value)) { $error[] = XAPP_TEXT_FORMATTED("HOST_DENIED", array($host)); } else { $success[] = XAPP_TEXT_FORMATTED("HOST_ALLOWED", array($host)); } break; case self::DENY_HOST: $host = self::getHost(); if ($host !== null && in_array($host, $value)) { $error[] = XAPP_TEXT_FORMATTED("HOST_DENIED", array($host)); } else { $success[] = XAPP_TEXT_FORMATTED("HOST_ALLOWED", array($host)); } break; case self::ALLOW_REFERER: $referer = self::getReferer(); $found = false; foreach ($value as $referer_url) { $parsed_url = parse_url($referer_url, PHP_URL_HOST); if ($parsed_url != '' && $parsed_url !== FALSE) { $referer_url = $parsed_url; } $found = $found || $referer_url == $referer; } if (!$found) { $error[] = XAPP_TEXT_FORMATTED("REFERER_NOT_ALLOWED", array($referer)); } else { $success[] = XAPP_TEXT_FORMATTED("ALLOWED_REFERER", array($referer)); } break; case self::ALLOW_USER_AGENT: $user_agent = $_SERVER["HTTP_USER_AGENT"]; if ($user_agent != null && !preg_match('/(' . implode('|', $value) . ')/i', $user_agent)) { $error[] = XAPP_TEXT_FORMATTED("USER_AGENT_DENIED", array($user_agent)); } else { $success[] = XAPP_TEXT_FORMATTED("ALLOWED_USER_AGENT", array($user_agent)); } break; case self::DENY_USER_AGENT: $user_agent = $_SERVER["HTTP_USER_AGENT"]; if ($user_agent != null && preg_match('/(' . implode('|', $value) . ')/i', $user_agent)) { $error[] = XAPP_TEXT_FORMATTED("USER_AGENT_DENIED", array($user_agent)); } else { $success[] = XAPP_TEXT_FORMATTED("ALLOWED_USER_AGENT", array($user_agent)); } break; case self::SIGNED_REQUEST: if ($value) { if (!isset($options[self::SIGN_KEY])) { $error[] = XAPP_TEXT_FORMATTED("SIGN_KEY_NOT_PROVIDED"); } else { // Gather all required options (key, algo, token_field, salt) $key = $options[self::SIGN_KEY]; $algo = isset($options[self::SIGN_ALGORITHM]) ? $options[self::SIGN_ALGORITHM] : self::DEFAULT_SIGN_ALGORITHM; $token_field = isset($options[self::SIGNING_TOKEN_FIELD]) ? $options[self::SIGNING_TOKEN_FIELD] : self::DEFAULT_SIGNING_TOKEN_FIELD; $salt = ''; if (array_key_exists(self::SIGN_SALT, $options)) { $salt = $options[self::SIGN_SALT]; } // Get token $token = $value[$token_field]; if (!isset($token)) { $error[] = XAPP_TEXT_FORMATTED("SIGNING_TOKEN_NOT_FOUND"); } else { // Remove token itself from data if (array_key_exists($token_field, $value)) { unset($value[$token_field]); } // Repare string to be hashed $data = $salt . implode("", $value); // Generate sign using algorithm $sign = hash_hmac($algo, $data, $key); if ($sign != $token) { $error[] = XAPP_TEXT_FORMATTED("SIGN_VALIDATION_FAIL"); } else { $success[] = XAPP_TEXT_FORMATTED("SIGN_VALIDATION_SUCCESS"); } } } } break; } }
public function getContent($scope, $path) { xapp_import('xapp.Directory.Utils'); xapp_import('xapp.Path.Utils'); xapp_import('xapp.VFS.Local'); xapp_import('xapp.Commons.Exceptions'); $scope = $this->getScope($scope); //root $root = $scope->resolveAbsolute('__ROOT__') . DIRECTORY_SEPARATOR; $fullPath = $root . DIRECTORY_SEPARATOR . $path; if (!is_readable($fullPath)) { throw new XApp_File_Exception(XAPP_TEXT_FORMATTED('CAN_NOT_READ_FILE', array(basename($fullPath)), 55100)); } if (file_exists($fullPath)) { if (($content = file_get_contents($fullPath)) !== false) { return $content; } } else { throw new XApp_File_Exception(XAPP_TEXT_FORMATTED('CAN_NOT_FIND_FILE', array(basename($fullPath)), 55100)); } return null; }
/** * @return array * @throws Xapp_XFile_Exception */ public function put() { xapp_import('xapp.Path.Utils'); xapp_import('xapp.Utils.SystemTextEncoding'); $vars = array_merge($_GET, $_POST); $dstIn = '/'; $mount = '/'; if (array_key_exists('dstDir', $vars)) { $dstIn = XApp_Path_Utils::decodeSecureMagic($vars['dstDir']); } if (array_key_exists('mount', $vars)) { $mount = preg_replace('@[/\\\\]@', '', XApp_Path_Utils::decodeSecureMagic($vars['mount'])); } if ($dstIn === '.') { $dstIn = '/'; } $vfs = $this->getFileSystem($mount); $destination = $vfs->toRealPath(XApp_Path_Utils::normalizePath($mount . DIRECTORY_SEPARATOR . $dstIn)); $errors = array(); if (!$this->isLocal($mount, $this->getFSResources())) { return $this->putRemote($mount, $destination); } //writable check if (!is_writable($destination)) { throw new Xapp_XFile_Exception(XAPP_TEXT_FORMATTED('DIRECTORY_NOT_WRITEABLE', array($destination), 55100)); } //parse files $fileVars = $_FILES; foreach ($fileVars as $boxName => $boxData) { if (substr($boxName, 0, 9) != "userfile_") { continue; } $err = self::parseFileDataErrors($boxData); if ($err != null) { $errorMessage = $err[1]; $errors[] = XAPP_TEXT_FORMATTED('Error with upload %s', array($errorMessage)); continue; } //basic sanitize $userfile_name = $boxData["name"]; $userfile_name = XApp_Path_Utils::sanitizeEx(XApp_SystemTextEncoding::fromPostedFileName($userfile_name), XApp_Path_Utils::SANITIZE_HTML_STRICT); $userfile_name = substr($userfile_name, 0, 128); //rename if needed! $autorename = xapp_get_option(self::AUTO_RENAME); if ($autorename) { $userfile_name = self::autoRenameForDest($destination, $userfile_name); } /*** * file extension check */ $ext = pathinfo(strtolower($userfile_name), PATHINFO_EXTENSION); $allowable = explode(',', xapp_get_option(self::UPLOAD_EXTENSIONS, $this)); if ($ext == '' || $ext == false || !in_array($ext, $allowable)) { $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_EXTENSIONS_NOT_ALLOWED', array($userfile_name, $ext)); xapp_clog('file not allowed'); continue; } try { //no need anymore if (file_exists($destination . "/" . $userfile_name)) { } } catch (Exception $e) { $errorMessage = $e->getMessage(); $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage)); break; } if (isset($boxData["input_upload"])) { try { $input = fopen("php://input", "r"); $output = fopen("{$destination}/" . $userfile_name, "w"); $sizeRead = 0; while ($sizeRead < intval($boxData["size"])) { $chunk = fread($input, 4096); $sizeRead += strlen($chunk); fwrite($output, $chunk, strlen($chunk)); } fclose($input); fclose($output); } catch (Exception $e) { $errorMessage = $e->getMessage(); $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage)); break; } } else { $result = @move_uploaded_file($boxData["tmp_name"], "{$destination}/" . $userfile_name); if (!$result) { $realPath = $destination . DIRECTORY_SEPARATOR . $userfile_name; $result = move_uploaded_file($boxData["tmp_name"], $realPath); } if (!$result) { $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name)); break; } } } return $errors; }
/** * Validates an array of options using options metainformation * * @param $optionsValues array : options * @param $optionsMeta array : options meta: dictionary, rules, defaults and pre-processors * @param $errors array : returns errors found during validation */ public static function validate($optionsValues, $optionsMeta, &$errors) { // apply defaults if (array_key_exists(self::OPTIONS_DEFAULT, $optionsMeta)) { foreach ($optionsMeta[self::OPTIONS_DEFAULT] as $key => $default) { if (!isset($optionsValues[$key])) { $optionsValues[$key] = $default; } } } // apply pre-processors if (array_key_exists(self::OPTIONS_PREPROCESSORS, $optionsMeta)) { foreach ($optionsMeta[self::OPTIONS_PREPROCESSORS] as $key => $methods) { if (isset($optionsValues[$key])) { foreach ($methods as $method) { $optionsValues[$key] = call_user_func($method, $optionsValues[$key]); } } } } // check types if (array_key_exists(self::OPTIONS_DICT, $optionsMeta)) { foreach ($optionsMeta[self::OPTIONS_DICT] as $key => $type) { if (isset($optionsValues[$key])) { if (!xapp_is($type, $optionsValues[$key])) { $errors[] = XAPP_TEXT_FORMATTED("INCORRECT_OPTION_TYPE", array($optionsValues[$key], $type)); } } } } // check rules if (array_key_exists(self::OPTIONS_RULE, $optionsMeta)) { foreach ($optionsMeta[self::OPTIONS_RULE] as $key => $requested) { if (!isset($optionsValues[$key])) { $errors[] = XAPP_TEXT_FORMATTED("REQUIRED_OPTION_NOT_PROVIDED", array($key)); } } } }
/** * * Creates a ZIP file $dest_file with the contents of $source_dir * * @param $source_dir : path to be added at the ZIP file * @param $dest_file : file to be created * @param $inclusionMask : null means all, if its a string : it must compatible to a scandir query, if its a string its a regular expression * @param $exclusionMask : null means all, if its a string : it must compatible to a scandir query, if its a string its a regular expression * @param $error : reference to array of error messages * @param $success : reference to array of success messages */ public static function zipDir($source_dir, $dest_file, $inclusionMask = array(), $exclusionMask = array(), &$error, &$success) { ini_set('memory_limit', '128M'); $zipSelection = self::getFilteredDirList($source_dir, $inclusionMask, $exclusionMask, array(self::OPTION_RECURSIVE => true)); $archive = new ZipArchive(); $error_count = Count($error); $source_dir = self::normalizePath($source_dir, true); if ($archive->open($dest_file, ZIPARCHIVE::CREATE) === TRUE) { foreach ($zipSelection as $path) { set_time_limit(400); // reset counter and set timeout 400s $dest_path = substr($path, strlen($source_dir)); if (is_dir($path)) { if ($archive->addEmptyDir($dest_path) === FALSE) { $error[] = XAPP_TEXT_FORMATTED('COULD_NOT_CREATE_FILE', array($dest_path)) . XAPP_TEXT_FORMATTED('INTO_ZIP', array($dest_file)); } } else { if ($archive->addFile($path, $dest_path) === FALSE) { $error[] = XAPP_TEXT_FORMATTED('COULD_NOT_CREATE_FILE', array($dest_path)) . XAPP_TEXT_FORMATTED('INTO_ZIP', array($dest_file)); } else { $success[] = XAPP_TEXT_FORMATTED('ZIP_FILE_SUCCESS', array($path)); } } } if ($archive->close() === TRUE) { if ($error_count == Count($error)) { $success[] = XAPP_TEXT_FORMATTED('ZIP_SUCCESS', array($dest_file)); } else { $success[] = XAPP_TEXT_FORMATTED('ZIP_RELATIVE_SUCCESS', array($dest_file)); } } } else { $error[] = XAPP_TEXT_FORMATTED('COULD_NOT_CREATE_FILE', array($dest_file)); } }
public static function output($container) { // imagejpeg, imagegif of imagepng $save_function = "image" . $container[XApp_Image_Utils::IMAGE_CONTAINER_TYPE]; if (function_exists($save_function)) { ob_start(); $save_function($container[XApp_Image_Utils::IMAGE_CONTAINER_DATA]); return ob_get_clean(); } else { $errors[] = XAPP_TEXT_FORMATTED("IMAGE_MANIPULATION_FUNCTION_NOT_FOUND", $save_function); return false; } }
/** * Login an user into the session storage * * @param $userName * @param $password * @param $errors : array of errors * @return bool : true if login is successful */ public function login($userName, $password, &$errors = array()) { if ($this->sessionStorage == null) { $this->initSessionStorage(); } $this->sessionStorage->logout(); $result = false; try { // we try to log the user in $result = $this->sessionStorage->login($userName, $password); // Trigger HOOK_LOGIN Xapp_Hook::trigger(self::HOOK_LOGIN, array('userName' => $userName, 'instance' => $this)); $result = true; } catch (XApp_Security_AuthenticationException $e) { $errors[] = XAPP_TEXT_FORMATTED('LOGIN_ERROR', array($userName, $e->getMessage())); } if ($result === true) { $user = $this->getUser($userName); $section = $this->getSession()->getSection('user'); $section->user = $user; } else { //flush session variable $section = $this->getSession()->getSection('user'); $section->user = null; } return $result; }