private function createReflectionRecord($source, $options, $desiredName) { $absoluteSource = realpath(ipFile('file/repository/' . $source)); if (!$absoluteSource || !is_file($absoluteSource)) { throw new \Ip\Exception\Repository\Transform("File doesn't exist", array('filename' => $absoluteSource)); } if (strpos($absoluteSource, realpath(ipFile('file/repository/'))) !== 0) { throw new \Exception("Requested file (" . $source . ") is outside repository dir"); } //if desired name ends with .jpg, .gif, etc., remove extension $desiredPathInfo = pathinfo($desiredName); if (!empty($desiredPathInfo['filename']) && isset($desiredPathInfo['extension']) && strlen($desiredPathInfo['extension']) <= 4) { $desiredName = $desiredPathInfo['filename']; } //update destination file extension $pathInfo = pathinfo($absoluteSource); if (isset($pathInfo['extension'])) { $ext = $pathInfo['extension']; } else { $ext = ''; } $ext = ipFilter('ipReflectionExtension', $ext, array('source' => $absoluteSource, 'options' => $options)); if ($desiredName == '') { $pathInfo = pathinfo($absoluteSource); $desiredName = $pathInfo['filename']; } if ($ext != '') { $desiredName = $desiredName . '.' . $ext; } $desiredName = \Ip\Internal\File\Functions::cleanupFileName($desiredName); //remove double dots if file name. For security reasons. $relativeDestinationPath = date('Y/m/d/'); $relativeDestinationPath = ipFilter('ipRepositoryNewReflectionFileName', $relativeDestinationPath, array('originalFile' => $source, 'options' => $options, 'desiredName' => $desiredName)); $destinationFileName = $this->getUnocupiedName($desiredName, $relativeDestinationPath); $reflection = $relativeDestinationPath . $destinationFileName; $this->storeReflectionRecord($source, $reflection, $options); return $reflection; }
/** * @param string $url * @return string */ protected function downloadFile($url, $title) { //download image to TMP dir and get $resultFilename $net = new \Ip\Internal\NetHelper(); $tmpFilename = $net->downloadFile($url, ipFile('file/tmp/'), 'bigstock_' . time()); if (!$tmpFilename) { return null; } //find out file mime type to know required extension try { $mime = \Ip\Internal\File\Functions::getMimeType(ipFile('file/tmp/' . $tmpFilename)); switch ($mime) { case 'image/png': $ext = '.jpg'; break; case 'image/gif': $ext = '.gif'; break; case 'image/bmp': $ext = '.bmp'; break; case 'image/pjpeg': case 'image/jpeg': default: $ext = '.jpg'; break; } } catch (\Ip\PhpException $e) { $ext = '.jpg'; } //get real nice new file name $title = \Ip\Internal\File\Functions::cleanupFileName($title); $words = explode(' ', $title); $cleanTitle = ''; foreach ($words as $word) { //limit file name to 30 symbols if (strlen($cleanTitle . '_' . $word) > 30) { break; } if ($cleanTitle != '') { $cleanTitle .= '_'; } $cleanTitle .= $word; } if ($cleanTitle == '') { $cleanTitle = 'file'; } $niceFileName = $cleanTitle . $ext; $destinationDir = ipFile('file/repository/'); $destinationFileName = \Ip\Internal\File\Functions::genUnoccupiedName($niceFileName, $destinationDir); copy(ipFile('file/tmp/' . $tmpFilename), $destinationDir . $destinationFileName); unlink(ipFile('file/tmp/' . $tmpFilename)); $browserModel = \Ip\Internal\Repository\BrowserModel::instance(); $file = $browserModel->getFile($destinationFileName); return $file; }
/** * Handle uploads made using PlUpload library * @param bool $secureFolder * @throws \Ip\Exception\Repository\Upload */ public function handlePlupload($secureFolder) { if (!$secureFolder && !ipAdminId()) { throw new \Ip\Exception\Repository\Upload("Trying to upload image to temporary directory without permission."); } if ($secureFolder) { $targetDir = ipFile('file/secure/tmp/'); } else { $targetDir = ipFile('file/tmp/'); } if ($secureFolder) { $sizeLimit = ipGetOption('Repository.publicUploadLimit', 4000); if ($this->folderSize($targetDir) > $sizeLimit * 1000000) { //4000 Mb by default ipLog()->error("Repository.publicUploadLimitReached: IP: `{ip}`. CurrentLimit `{limit}Mb`. Please update Repository.publicUploadLimit option to increase the limits.", array('ip' => $_SERVER['REMOTE_ADDR'], 'limit' => $sizeLimit)); throw new \Ip\Exception("Upload limit reached"); } } // Get parameters $chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0; $chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0; $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : ''; // Clean the fileName for security reasons $fileName = \Ip\Internal\File\Functions::cleanupFileName($fileName); // Make sure the fileName is unique but only if chunking is disabled if ($chunks < 2 && file_exists($targetDir . $fileName)) { $fileName = \Ip\Internal\File\Functions::genUnoccupiedName($fileName, $targetDir); } //security check $fileExtension = strtolower(substr($fileName, strrpos($fileName, '.') + 1)); $whiteListExtensions = array('jpg', 'jpeg', 'jpe', 'gif', 'png', 'bmp', 'tif', 'tiff', 'ico', 'asf', 'asx', 'wmv', 'wmx', 'wm', 'avi', 'divx', 'flv', 'mov', 'qt', 'mpeg', 'mpg', 'mpe', 'mp4', 'm4v', 'ogv', 'webm', 'mkv', 'txt', 'asc', 'c', 'cc', 'h', 'csv', 'tsv', 'ics', 'rtx', 'css', 'htm', 'html', 'vtt', 'mp3', 'm4a', 'm4b', 'ra', 'ram', 'wav', 'ogg', 'oga', 'mid', 'midi', 'wma', 'wax', 'mka', 'rtf', 'js', 'pdf', 'class', 'tar', 'zip', 'gz', 'gzip', 'rar', '7z', 'doc', 'pot', 'pps', 'ppt', 'wri', 'xla', 'xls', 'xlt', 'xlw', 'mdb', 'mpp', 'docx', 'docm', 'dotx', 'dotm', 'eps', 'xlsx', 'xlsm', 'xlsb', 'xltx', 'xltm', 'xlam', 'pptx', 'pptm', 'ppsx', 'ppsm', 'potx', 'potm', 'ppam', 'sldx', 'sldm', 'onetoc', 'onetoc2', 'onetmp', 'onepkg', 'odt', 'odp', 'ods', 'odg', 'odc', 'odb', 'odf', 'wp', 'wpd', 'key', 'numbers', 'pages', 'xml', 'json', 'iso', 'aac', 'img', 'psd', 'ai', 'sql', 'swf', 'svg'); $whiteListExtensions = ipFilter('ipWhiteListExtensions', $whiteListExtensions); if (!empty($fileExtension) && !in_array($fileExtension, $whiteListExtensions)) { //security risk throw new \Ip\Exception\Repository\Upload\ForbiddenFileExtension("Files with extension (." . esc($fileExtension) . ") are not permitted for security reasons.", array('extension' => $fileExtension, 'filename' => $fileName)); } //end security check // Look for the content type header $contentType = null; if (isset($_SERVER["HTTP_CONTENT_TYPE"])) { $contentType = $_SERVER["HTTP_CONTENT_TYPE"]; } if (isset($_SERVER["CONTENT_TYPE"])) { $contentType = $_SERVER["CONTENT_TYPE"]; } // Handle non multipart uploads older WebKit versions didn't support multipart in HTML5 if (strpos($contentType, "multipart") !== false) { if (!isset($_FILES['file']['tmp_name']) || !is_uploaded_file($_FILES['file']['tmp_name'])) { throw new \Ip\Exception\Repository\Upload("Failed to move uploaded file."); } // Open temp file $out = fopen($targetDir . $fileName, $chunk == 0 ? "wb" : "ab"); if (!$out) { throw new \Ip\Exception\Repository\Upload("Failed to open output stream."); } //mark this file as uploaded by current user $this->setFileUploadedByThisUser($targetDir . $fileName); // Read binary input stream and append it to temp file $in = fopen($_FILES['file']['tmp_name'], "rb"); if (!$in) { throw new \Ip\Exception\Repository\Upload("Failed to open input stream."); } while ($buff = fread($in, 4096)) { fwrite($out, $buff); } fclose($in); fclose($out); @unlink($_FILES['file']['tmp_name']); } else { // Open temp file $out = fopen($targetDir . '/' . $fileName, $chunk == 0 ? "wb" : "ab"); if (!$out) { throw new \Ip\Exception\Repository\Upload("Failed to open output stream."); } // Read binary input stream and append it to temp file $in = fopen("php://input", "rb"); if (!$in) { throw new \Ip\Exception\Repository\Upload("Failed to open input stream."); } while ($buff = fread($in, 4096)) { if (function_exists('set_time_limit')) { set_time_limit(30); } fwrite($out, $buff); } fclose($in); fclose($out); } $this->uploadedFileName = $fileName; $this->uploadedFile = $targetDir . $fileName; $this->targetDir = $targetDir; }