<option value="blacklist"<?php
if (TBGSettings::getUploadsRestrictionMode() == 'blacklist') {
?>
selected<?php
}
?>
><?php
echo __('Use a blacklist (allow everything except the following extensions)');
?>
</option>
</select>
</td>
</tr>
<tr>
<td><label id="label_upload_extensions_list" for="upload_extensions_list"><?php
if (TBGSettings::getUploadsRestrictionMode() == 'whitelist') {
echo __('Allowed extensions');
} else {
echo __('Denied extensions');
}
?>
</label></td>
<td>
<input type="text" name="upload_extensions_list" id="upload_extensions_list" style="width: 250px;" value="<?php
echo implode(',', TBGSettings::getUploadsExtensionsList());
?>
"<?php
if (!TBGSettings::isUploadsEnabled()) {
?>
disabled<?php
}
/**
* Handles an uploaded file, stores it to the correct folder, adds an entry
* to the database and returns a TBGFile object
*
* @param string $thefile The request parameter the file was sent as
*
* @return TBGFile The TBGFile object
*/
public function handleUpload($key)
{
$apc_exists = self::CanGetUploadStatus();
if ($apc_exists && !array_key_exists($this->getParameter('APC_UPLOAD_PROGRESS'), $_SESSION['__upload_status'])) {
$_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')] = array('id' => $this->getParameter('APC_UPLOAD_PROGRESS'), 'finished' => false, 'percent' => 0, 'total' => 0, 'complete' => 0);
}
try {
if ($this->getUploadedFile($key) !== null) {
$thefile = $this->getUploadedFile($key);
if (TBGSettings::isUploadsEnabled()) {
TBGLogging::log('Uploads enabled');
if ($thefile['error'] == UPLOAD_ERR_OK) {
TBGLogging::log('No upload errors');
if (filesize($thefile['tmp_name']) > TBGSettings::getUploadsMaxSize(true) && TBGSettings::getUploadsMaxSize() > 0) {
throw new Exception(TBGContext::getI18n()->__('You cannot upload files bigger than %max_size% MB', array('%max_size%' => TBGSettings::getUploadsMaxSize())));
}
TBGLogging::log('Upload filesize ok');
$extension = substr(basename($thefile['name']), strpos(basename($thefile['name']), '.'));
if ($extension == '') {
TBGLogging::log('OOps, could not determine upload filetype', 'main', TBGLogging::LEVEL_WARNING_RISK);
//throw new Exception(TBGContext::getI18n()->__('Could not determine filetype'));
} else {
TBGLogging::log('Checking uploaded file extension');
$extension = substr($extension, 1);
$upload_extensions = TBGSettings::getUploadsExtensionsList();
if (TBGSettings::getUploadsRestrictionMode() == 'blacklist') {
TBGLogging::log('... using blacklist');
foreach ($upload_extensions as $an_ext) {
if (strtolower(trim($extension)) == strtolower(trim($an_ext))) {
TBGLogging::log('Upload extension not ok');
throw new Exception(TBGContext::getI18n()->__('This filetype is not allowed'));
}
}
TBGLogging::log('Upload extension ok');
} else {
TBGLogging::log('... using whitelist');
$is_ok = false;
foreach ($upload_extensions as $an_ext) {
if (strtolower(trim($extension)) == strtolower(trim($an_ext))) {
TBGLogging::log('Upload extension ok');
$is_ok = true;
break;
}
}
if (!$is_ok) {
TBGLogging::log('Upload extension not ok');
throw new Exception(TBGContext::getI18n()->__('This filetype is not allowed'));
}
}
/*if (in_array(strtolower(trim($extension)), array('php', 'asp')))
{
TBGLogging::log('Upload extension is php or asp');
throw new Exception(TBGContext::getI18n()->__('This filetype is not allowed'));
}*/
}
if (is_uploaded_file($thefile['tmp_name'])) {
TBGLogging::log('Uploaded file is uploaded');
$files_dir = TBGSettings::getUploadsLocalpath();
$new_filename = TBGContext::getUser()->getID() . '_' . NOW . '_' . basename($thefile['name']);
TBGLogging::log('Moving uploaded file to ' . $new_filename);
if (!move_uploaded_file($thefile['tmp_name'], $files_dir . $new_filename)) {
TBGLogging::log('Moving uploaded file failed!');
throw new Exception(TBGContext::getI18n()->__('An error occured when saving the file'));
} else {
TBGLogging::log('Upload complete and ok, storing upload status and returning filename ' . $new_filename);
$content_type = TBGFile::getMimeType($files_dir . $new_filename);
$file = new TBGFile();
$file->setRealFilename($new_filename);
$file->setOriginalFilename(basename($thefile['name']));
$file->setContentType($content_type);
$file->setDescription($this->getParameter($key . '_description'));
if (TBGSettings::getUploadStorage() == 'database') {
$file->setContent(file_get_contents($files_dir . $new_filename));
}
$file->save();
//$file = TBGFile::createNew($new_filename, basename($thefile['name']), $content_type, $this->getParameter($key.'_description'), ((TBGSettings::getUploadStorage() == 'database') ? file_get_contents($files_dir.$new_filename) : null));
if ($apc_exists) {
$_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')] = array('id' => $this->getParameter('APC_UPLOAD_PROGRESS'), 'finished' => true, 'percent' => 100, 'total' => 0, 'complete' => 0, 'file_id' => $file->getID());
}
return $file;
}
} else {
TBGLogging::log('Uploaded file was not uploaded correctly');
throw new Exception(TBGContext::getI18n()->__('The file was not uploaded correctly'));
}
} else {
TBGLogging::log('Upload error: ' . $thefile['error']);
switch ($thefile['error']) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
throw new Exception(TBGContext::getI18n()->__('You cannot upload files bigger than %max_size% MB', array('%max_size%' => TBGSettings::getUploadsMaxSize())));
break;
case UPLOAD_ERR_PARTIAL:
throw new Exception(TBGContext::getI18n()->__('The upload was interrupted, please try again'));
break;
case UPLOAD_ERR_NO_FILE:
throw new Exception(TBGContext::getI18n()->__('No file was uploaded'));
break;
default:
throw new Exception(TBGContext::getI18n()->__('An unhandled error occured') . ': ' . $thefile['error']);
break;
}
}
} else {
TBGLogging::log('Uploads not enabled');
throw new Exception(TBGContext::getI18n()->__('Uploads are not enabled'));
}
TBGLogging::log('Uploaded file could not be uploaded');
throw new Exception(TBGContext::getI18n()->__('The file could not be uploaded'));
}
TBGLogging::log('Could not find uploaded file' . $key);
throw new Exception(TBGContext::getI18n()->__('Could not find the uploaded file. Please make sure that it is not too big.'));
} catch (Exception $e) {
TBGLogging::log('Upload exception: ' . $e->getMessage());
if ($apc_exists) {
$_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')]['error'] = $e->getMessage();
$_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')]['finished'] = true;
$_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')]['percent'] = 100;
}
throw $e;
}
}