protected function _process()
{
$return = array();
try {
$fileInfo = reset($_FILES);
if (empty($fileInfo)) {
throw new CM_Exception('Invalid file upload');
}
if (isset($fileInfo['error']) && $fileInfo['error'] !== UPLOAD_ERR_OK) {
throw new CM_Exception('File upload error: ' . self::$_uploadErrors[$fileInfo['error']]);
}
$fileTmp = new CM_File($fileInfo['tmp_name']);
if ($fileTmp->getSize() > self::MAX_FILE_SIZE) {
throw new CM_Exception_FormFieldValidation(new CM_I18n_Phrase('File too big'));
}
$file = CM_File_UserContent_Temp::create($fileInfo['name'], $fileTmp->read());
$fileTmp->delete();
$query = $this->_request->getQuery();
$preview = null;
if (isset($query['field'])) {
$field = CM_FormField_File::factory($query['field'], ['name' => 'file']);
$field->validateFile($file);
$preview = $this->getRender()->fetchViewTemplate($field, 'preview', array('file' => $file));
}
$return['success'] = array('id' => $file->getUniqid(), 'preview' => $preview);
} catch (CM_Exception_FormFieldValidation $ex) {
$return['error'] = array('type' => get_class($ex), 'msg' => $ex->getMessagePublic($this->getRender()));
}
$this->_setContent(json_encode($return, JSON_HEX_TAG));
// JSON decoding in IE-iframe needs JSON_HEX_TAG
}
public function testSanitize()
{
$malformedString = pack("H*", 'c32e');
$request = new CM_Http_Request_Post('http://foo.bar?baz=fooBar', null, null, '{ "foo" : "' . $malformedString . '" }');
$query = $request->getQuery();
$this->assertSame('fooBar', $query['baz']);
$this->assertArrayHasKey('foo', $query);
}
