/**
* Checks given file for security
*
* @param SplFileInfo $file
* @access protected
* @return bool
*/
protected function checkOneFile($file)
{
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
$_aclConfig = $this->_config->getAccessControlConfig();
$directory = str_replace('\\', '/', $resourceTypeInfo->getDirectory());
$fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($file->getFilename());
if ($this->_config->forceAscii()) {
$fileName = QFinder_Connector_Utils_FileSystem::convertToAscii($fileName);
}
$pathName = str_replace('\\', '/', pathinfo($file->getPathname(), PATHINFO_DIRNAME));
$pathName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($pathName);
// acl
$aclMask = $_aclConfig->getComputedMask($this->_currentFolder->getResourceTypeName(), str_ireplace($directory, '', $pathName));
$isAuthorized = ($aclMask & QFINDER_CONNECTOR_ACL_FILE_VIEW) == QFINDER_CONNECTOR_ACL_FILE_VIEW;
if (!$isAuthorized) {
return false;
}
// if it is a folder fileName represents the dir
if ($file->isDir() && (!QFinder_Connector_Utils_FileSystem::checkFolderPath($fileName) || $resourceTypeInfo->checkIsHiddenPath($fileName))) {
return false;
}
// folder name
if (!QFinder_Connector_Utils_FileSystem::checkFolderPath($pathName)) {
return false;
}
// is hidden
if ($resourceTypeInfo->checkIsHiddenPath($pathName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) {
return false;
}
// extension
if (!$resourceTypeInfo->checkExtension($fileName) || !QFinder_Connector_Utils_FileSystem::checkFileName($fileName)) {
return false;
}
return true;
}
