/** * Handles an uploaded file, stores it to the correct folder, adds an entry * to the database and returns a \thebuggenie\core\entities\File object * * @param string $key The request parameter the file was sent as * * @return \thebuggenie\core\entities\File The File object */ public function handleUpload($key) { $apc_exists = self::CanGetUploadStatus(); if ($apc_exists && !array_key_exists($this->getParameter('APC_UPLOAD_PROGRESS'), $_SESSION['__upload_status'])) { $_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')] = array('id' => $this->getParameter('APC_UPLOAD_PROGRESS'), 'finished' => false, 'percent' => 0, 'total' => 0, 'complete' => 0); } try { if ($this->getUploadedFile($key) !== null) { $thefile = $this->getUploadedFile($key); if (Settings::isUploadsEnabled()) { Logging::log('Uploads enabled'); if ($thefile['error'] == UPLOAD_ERR_OK) { Logging::log('No upload errors'); if (filesize($thefile['tmp_name']) > Settings::getUploadsEffectiveMaxSize(true)) { throw new \Exception(Context::getI18n()->__('You cannot upload files bigger than %max_size MB', array('%max_size' => Settings::getUploadsEffectiveMaxSize()))); } Logging::log('Upload filesize ok'); $extension = mb_substr(basename($thefile['name']), mb_strrpos(basename($thefile['name']), '.')); if ($extension == '') { Logging::log('OOps, could not determine upload filetype', 'main', Logging::LEVEL_WARNING_RISK); //throw new \Exception(Context::getI18n()->__('Could not determine filetype')); } else { Logging::log('Checking uploaded file extension'); $extension = mb_substr($extension, 1); $upload_extensions = Settings::getUploadsExtensionsList(); if (Settings::getUploadsRestrictionMode() == 'blacklist') { Logging::log('... using blacklist'); foreach ($upload_extensions as $an_ext) { if (mb_strtolower(trim($extension)) == mb_strtolower(trim($an_ext))) { Logging::log('Upload extension not ok'); throw new \Exception(Context::getI18n()->__('This filetype is not allowed')); } } Logging::log('Upload extension ok'); } else { Logging::log('... using whitelist'); $is_ok = false; foreach ($upload_extensions as $an_ext) { if (mb_strtolower(trim($extension)) == mb_strtolower(trim($an_ext))) { Logging::log('Upload extension ok'); $is_ok = true; break; } } if (!$is_ok) { Logging::log('Upload extension not ok'); throw new \Exception(Context::getI18n()->__('This filetype is not allowed')); } } /*if (in_array(mb_strtolower(trim($extension)), array('php', 'asp'))) { Logging::log('Upload extension is php or asp'); throw new \Exception(Context::getI18n()->__('This filetype is not allowed')); }*/ } if (is_uploaded_file($thefile['tmp_name'])) { Logging::log('Uploaded file is uploaded'); $new_filename = Context::getUser()->getID() . '_' . NOW . '_' . basename($thefile['name']); if (Settings::getUploadStorage() == 'files') { $files_dir = Settings::getUploadsLocalpath(); $filename = $files_dir . $new_filename; } else { $filename = $thefile['tmp_name']; } Logging::log('Moving uploaded file to ' . $filename); if (Settings::getUploadStorage() == 'files' && !move_uploaded_file($thefile['tmp_name'], $filename)) { Logging::log('Moving uploaded file failed!'); throw new \Exception(Context::getI18n()->__('An error occured when saving the file')); } else { Logging::log('Upload complete and ok, storing upload status and returning filename ' . $new_filename); $content_type = File::getMimeType($filename); $file = new File(); $file->setRealFilename($new_filename); $file->setOriginalFilename(basename($thefile['name'])); $file->setContentType($content_type); $file->setDescription($this->getParameter($key . '_description')); $file->setUploadedBy(Context::getUser()); if (Settings::getUploadStorage() == 'database') { $file->setContent(file_get_contents($filename)); } $file->save(); if ($apc_exists) { $_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')] = array('id' => $this->getParameter('APC_UPLOAD_PROGRESS'), 'finished' => true, 'percent' => 100, 'total' => 0, 'complete' => 0, 'file_id' => $file->getID()); } return $file; } } else { Logging::log('Uploaded file was not uploaded correctly'); throw new \Exception(Context::getI18n()->__('The file was not uploaded correctly')); } } else { Logging::log('Upload error: ' . $thefile['error']); switch ($thefile['error']) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: throw new \Exception(Context::getI18n()->__('You cannot upload files bigger than %max_size MB', array('%max_size' => Settings::getUploadsEffectiveMaxSize()))); case UPLOAD_ERR_PARTIAL: throw new \Exception(Context::getI18n()->__('The upload was interrupted, please try again')); case UPLOAD_ERR_NO_FILE: throw new \Exception(Context::getI18n()->__('No file was uploaded')); default: throw new \Exception(Context::getI18n()->__('An unhandled error occured') . ': ' . $thefile['error']); } } } else { Logging::log('Uploads not enabled'); throw new \Exception(Context::getI18n()->__('Uploads are not enabled')); } } Logging::log('Could not find uploaded file' . $key); throw new \Exception(Context::getI18n()->__('Could not find the uploaded file. Please make sure that it is not too big.')); } catch (\Exception $e) { Logging::log('Upload exception: ' . $e->getMessage()); if ($apc_exists) { $_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')]['error'] = $e->getMessage(); $_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')]['finished'] = true; $_SESSION['__upload_status'][$this->getParameter('APC_UPLOAD_PROGRESS')]['percent'] = 100; } throw $e; } }
<option value="blacklist"<?php if (\thebuggenie\core\framework\Settings::getUploadsRestrictionMode() == 'blacklist') { ?> selected<?php } ?> ><?php echo __('Use a blacklist (allow everything except the following extensions)'); ?> </option> </select> </td> </tr> <tr> <td><label id="label_upload_extensions_list" for="upload_extensions_list"><?php if (\thebuggenie\core\framework\Settings::getUploadsRestrictionMode() == 'whitelist') { echo __('Allowed extensions'); } else { echo __('Denied extensions'); } ?> </label></td> <td> <input type="text" name="upload_extensions_list" id="upload_extensions_list" style="width: 250px;" value="<?php echo implode(',', \thebuggenie\core\framework\Settings::getUploadsExtensionsList()); ?> "<?php if (!\thebuggenie\core\framework\Settings::isUploadsEnabled()) { ?> disabled<?php }