protected function _process() { $return = array(); try { $fileInfo = reset($_FILES); if (empty($fileInfo)) { throw new CM_Exception('Invalid file upload'); } if (isset($fileInfo['error']) && $fileInfo['error'] !== UPLOAD_ERR_OK) { throw new CM_Exception('File upload error: ' . self::$_uploadErrors[$fileInfo['error']]); } $fileTmp = new CM_File($fileInfo['tmp_name']); if ($fileTmp->getSize() > self::MAX_FILE_SIZE) { throw new CM_Exception_FormFieldValidation(new CM_I18n_Phrase('File too big')); } $file = CM_File_UserContent_Temp::create($fileInfo['name'], $fileTmp->read()); $fileTmp->delete(); $query = $this->_request->getQuery(); $preview = null; if (isset($query['field'])) { $field = CM_FormField_File::factory($query['field'], ['name' => 'file']); $field->validateFile($file); $preview = $this->getRender()->fetchViewTemplate($field, 'preview', array('file' => $file)); } $return['success'] = array('id' => $file->getUniqid(), 'preview' => $preview); } catch (CM_Exception_FormFieldValidation $ex) { $return['error'] = array('type' => get_class($ex), 'msg' => $ex->getMessagePublic($this->getRender())); } $this->_setContent(json_encode($return, JSON_HEX_TAG)); // JSON decoding in IE-iframe needs JSON_HEX_TAG }
public function testSanitize() { $malformedString = pack("H*", 'c32e'); $request = new CM_Http_Request_Post('http://foo.bar?baz=fooBar', null, null, '{ "foo" : "' . $malformedString . '" }'); $query = $request->getQuery(); $this->assertSame('fooBar', $query['baz']); $this->assertArrayHasKey('foo', $query); }