Пример #1
0
 /**
  * @override
  */
 public function handleRequest()
 {
     // HTTP headers for no cache etc
     header('Content-type: text/plain; charset=UTF-8');
     header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
     header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
     header("Cache-Control: no-store, no-cache, must-revalidate");
     header("Cache-Control: post-check=0, pre-check=0", false);
     header("Pragma: no-cache");
     // Get parameters
     $chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0;
     $chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0;
     $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
     $fileCount = $_GET['files'];
     if (\FWValidator::is_file_ending_harmless($fileName)) {
         try {
             $this->addChunk($fileName, $chunk, $chunks);
         } catch (UploaderException $e) {
             die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "' . $e->getMessage() . '"}, "id" : "id"}');
         }
     } else {
         if ($chunk == 0) {
             // only count first chunk
             // TODO: there must be a way to cancel the upload process on the client side
             $this->addHarmfulFileToResponse($fileName);
         }
     }
     if ($chunk == $chunks - 1) {
         //upload finished
         $this->handleCallback($fileCount);
     }
     die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
 }
Пример #2
0
 /**
  * @override
  */
 public function handleRequest()
 {
     global $_FILES;
     //get a writable directory
     $targetDir = '/upload_' . $this->uploadId;
     $tempPath = $_SESSION->getTempPath();
     $webTempPath = $_SESSION->getWebTempPath();
     //make sure target directory exists
     if (!file_exists($tempPath . $targetDir)) {
         \Cx\Lib\FileSystem\FileSystem::make_folder($webTempPath . $targetDir);
     }
     //move all uploaded file to this upload's temp directory
     foreach ($_FILES["uploaderFiles"]["error"] as $key => $error) {
         if ($error == UPLOAD_ERR_OK) {
             $tmpName = $_FILES["uploaderFiles"]["tmp_name"][$key];
             $name = $_FILES["uploaderFiles"]["name"][$key];
             if (!\FWValidator::is_file_ending_harmless($name)) {
                 die('Error:' . sprintf('The file %s was refused due to its file extension which is not allowed!', htmlentities($name, ENT_QUOTES, CONTREXX_CHARSET)));
             }
             //TODO: Uploader::addChunk does this also -> centralize in function
             // remember the "raw" file name, we want to store all original
             // file names in the session.
             $originalFileName = $name;
             // Clean the fileName for security reasons
             // we're using a-zA-Z0-9 instead of \w because of the umlauts.
             // linux excludes them from \w, windows includes them. we do not want different
             // behaviours on different operating systems.
             $name = preg_replace('/[^a-zA-Z0-9\\._-]+/', '', $name);
             $originalFileNames = array();
             if (isset($_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'])) {
                 $originalFileNames = $_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'];
             }
             $originalFileNames[$name] = $originalFileName;
             $_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'] = $originalFileNames;
             //end of TODO-region
             //move file somewhere we know both the web- and normal path...
             @move_uploaded_file($tmpName, ASCMS_TEMP_PATH . '/' . $name);
             //...then do a safe-mode-safe (yeah) move operation
             \Cx\Lib\FileSystem\FileSystem::move(ASCMS_TEMP_WEB_PATH . '/' . $name, $webTempPath . $targetDir . '/' . $name, true);
         }
     }
     //and call back.
     $this->notifyCallback();
     //redirect the user where he belongs
     $this->redirect();
 }
Пример #3
0
 /**
  * @override
  */
 public function handleRequest()
 {
     // Get parameters
     $chunk = $_POST['partitionIndex'];
     $chunks = $_POST['partitionCount'];
     $fileName = contrexx_stripslashes($_FILES['file']['name']);
     $fileCount = $_GET['files'];
     // check if the file has a valid file extension
     if (\FWValidator::is_file_ending_harmless($fileName)) {
         try {
             $this->addChunk($fileName, $chunk, $chunks);
         } catch (UploaderException $e) {
             die('Error:' . $e->getMessage());
         }
         if ($chunk == $chunks - 1) {
             //upload of current file finished
             $this->handleCallback($fileCount);
         }
     } else {
         $this->addHarmfulFileToResponse($fileName);
     }
     die(0);
 }
Пример #4
0
 /**
  * Process upload form
  *
  * @global     array    $_ARRAYLANG
  * @return     boolean  true if file uplod successfully and false if it failed
  */
 private function processFormUpload()
 {
     global $_ARRAYLANG;
     $objSession = \cmsSession::getInstance();
     $uploaderId = isset($_POST['media_upload_file']) ? contrexx_input2raw($_POST['media_upload_file']) : 0;
     if (empty($uploaderId)) {
         return false;
     }
     $tempPath = $objSession->getTempPath() . '/' . contrexx_input2raw($uploaderId);
     if (!\Cx\Lib\FileSystem\FileSystem::exists($tempPath)) {
         return false;
     }
     $errorMsg = array();
     foreach (glob($tempPath . '/*') as $file) {
         $i = 0;
         $fileName = basename($file);
         $path = $tempPath . '/' . $fileName;
         $file = $this->path . $fileName;
         $arrFile = pathinfo($file);
         while (file_exists($file)) {
             $suffix = '-' . (time() + ++$i);
             $file = $this->path . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
         }
         if (!\FWValidator::is_file_ending_harmless($path)) {
             $errorMsg[] = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
             continue;
         }
         try {
             $objFile = new \Cx\Lib\FileSystem\File($path);
             $objFile->move($file, false);
             $fileObj = new \File();
             $fileObj->setChmod($this->path, $this->webPath, basename($file));
         } catch (\Cx\Lib\FileSystem\FileSystemException $e) {
             \DBG::msg($e->getMessage());
             $errorMsg[] = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
         }
     }
     if (!empty($errorMsg)) {
         $this->_strErrorMessage = explode('<br>', $errorMsg);
         return false;
     }
     $this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_FILE_UPLOADED_SUCESSFULLY'];
     return true;
 }
 /**
  * Copy the Upload the image to the path
  * Note: validation should be done before calling this function
  * 
  * @param string $imagePath Temp path of the uploaded media
  * 
  * @return boolean|string relative path of the uploaded file, false otherwise
  */
 function uploadMedia($imagePath)
 {
     if ($imagePath == '' || !\FWValidator::is_file_ending_harmless($imagePath)) {
         return false;
     }
     // get extension
     $imageName = basename($imagePath);
     $arrImageInfo = pathinfo($imageName);
     $imageExtension = !empty($arrImageInfo['extension']) ? '.' . $arrImageInfo['extension'] : '';
     $imageBasename = $arrImageInfo['filename'];
     $randomSum = rand(10, 99);
     // encode filename
     if ($this->arrSettings['settingsEncryptFilenames'] == 1) {
         $imageName = md5($randomSum . $imageBasename) . $imageExtension;
     }
     // check filename
     if (file_exists($this->imagePath . 'images/' . $imageName)) {
         $imageName = $imageBasename . '_' . time() . $imageExtension;
     }
     // upload file
     if (\Cx\Lib\FileSystem\FileSystem::copy_file($imagePath, $this->imagePath . 'images/' . $imageName) === false) {
         return false;
     }
     $imageDimension = getimagesize($this->imagePath . 'images/' . $imageName);
     $intNewWidth = $imageDimension[0];
     $intNewHeight = $imageDimension[1];
     $imageFormat = $imageDimension[0] > $imageDimension[1] ? 1 : 0;
     $setNewSize = 0;
     if ($imageDimension[0] > 640 && $imageFormat == 1) {
         $doubleFactorDimension = 640 / $imageDimension[0];
         $intNewWidth = 640;
         $intNewHeight = round($doubleFactorDimension * $imageDimension[1], 0);
         $setNewSize = 1;
     } elseif ($imageDimension[1] > 480) {
         $doubleFactorDimension = 480 / $imageDimension[1];
         $intNewHeight = 480;
         $intNewWidth = round($doubleFactorDimension * $imageDimension[0], 0);
         $setNewSize = 1;
     }
     if ($setNewSize == 1) {
         $objImage = new \ImageManager();
         $objImage->loadImage($this->imagePath . 'images/' . $imageName);
         $objImage->resizeImage($intNewWidth, $intNewHeight, 100);
         $objImage->saveNewImage($this->imagePath . 'images/' . $imageName, true);
     }
     $objFile = new \File();
     $objFile->setChmod($this->imagePath, $this->imageWebPath, 'images/' . $imageName);
     // create thumbnail
     $this->checkThumbnail($this->imageWebPath . 'images/' . $imageName);
     return $this->imageWebPath . 'images/' . $imageName;
 }
Пример #6
0
 /**
  * Process upload form
  *
  * @global     array    $_ARRAYLANG
  * @return     boolean  true if file uplod successfully and false if it failed
  */
 private function processFormUpload()
 {
     global $_ARRAYLANG;
     $inputField = 'media_upload_file';
     if (!isset($_FILES[$inputField]) || !is_array($_FILES[$inputField])) {
         return false;
     }
     $fileName = !empty($_FILES[$inputField]['name']) ? contrexx_stripslashes($_FILES[$inputField]['name']) : '';
     $fileTmpName = !empty($_FILES[$inputField]['tmp_name']) ? $_FILES[$inputField]['tmp_name'] : '';
     if (MediaLibrary::isIllegalFileName($fileName)) {
         $this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_FILE_DONT_CREATE'];
         return false;
     }
     switch ($_FILES[$inputField]['error']) {
         case UPLOAD_ERR_INI_SIZE:
             $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_SIZE_EXCEEDS_LIMIT'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET), $this->getFormatedFileSize(\FWSystem::getMaxUploadFileSize()));
             break;
         case UPLOAD_ERR_FORM_SIZE:
             $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_TOO_LARGE'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
             break;
         case UPLOAD_ERR_PARTIAL:
             $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_CORRUPT'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
             break;
         case UPLOAD_ERR_NO_FILE:
             $this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_NO_FILE'];
             continue;
             break;
         default:
             if (!empty($fileTmpName)) {
                 $suffix = '';
                 $file = $this->path . $fileName;
                 $arrFile = pathinfo($file);
                 $i = 0;
                 while (file_exists($file)) {
                     $suffix = '-' . (time() + ++$i);
                     $file = $this->path . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
                 }
                 if (\FWValidator::is_file_ending_harmless($fileName)) {
                     $fileExtension = $arrFile['extension'];
                     if (@move_uploaded_file($fileTmpName, $file)) {
                         $fileName = $arrFile['filename'];
                         $obj_file = new \File();
                         $obj_file->setChmod($this->path, $this->webPath, $fileName);
                         $this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_FILE_UPLOADED_SUCESSFULLY'];
                         return true;
                     } else {
                         $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
                     }
                 } else {
                     $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
                 }
             }
             break;
     }
     return false;
 }
Пример #7
0
 function uploadPicture()
 {
     $status = "";
     $path = "pictures/";
     //check file array
     if (isset($_FILES) && !empty($_FILES)) {
         //get file info
         $tmpFile = $_FILES['pic']['tmp_name'];
         $fileName = $_FILES['pic']['name'];
         if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) {
             //check extension
             $info = pathinfo($fileName);
             $exte = $info['extension'];
             $exte = !empty($exte) ? '.' . $exte : '';
             $part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
             $rand = rand(10, 99);
             $fileName = md5($rand . $fileName) . $exte;
             //check file
             // TODO: $x is not defined
             $x = 0;
             if (file_exists($this->mediaPath . $path . $fileName)) {
                 $fileName = $rand . $part1 . '_' . (time() + $x) . $exte;
                 $fileName = md5($fileName) . $exte;
             }
             //upload file
             if (@move_uploaded_file($tmpFile, $this->mediaPath . $path . $fileName)) {
                 $objFile = new \File();
                 $objFile->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
                 $status = $fileName;
             } else {
                 $status = "error";
             }
         } else {
             $status = "error";
         }
     }
     return $status;
 }
Пример #8
0
 /**
  * Upload submitted files
  *
  * Move all files that are allowed to be uploaded in the folder that
  * has been specified in the configuration option "File upload deposition path"
  * @access private
  * @global array
  * @param array Files that have been submited
  * @see getSettings(), _cleanFileName(), errorMsg, FWSystem::getMaxUploadFileSize()
  * @return array A list of files that have been stored successfully in the system
  */
 function _uploadFilesLegacy($arrFields)
 {
     global $_ARRAYLANG;
     $arrSettings = $this->getSettings();
     $arrFiles = array();
     if (isset($_FILES) && is_array($_FILES)) {
         foreach (array_keys($_FILES) as $file) {
             $fileName = !empty($_FILES[$file]['name']) ? $this->_cleanFileName($_FILES[$file]['name']) : '';
             $fileTmpName = !empty($_FILES[$file]['tmp_name']) ? $_FILES[$file]['tmp_name'] : '';
             switch ($_FILES[$file]['error']) {
                 case UPLOAD_ERR_INI_SIZE:
                     //Die hochgeladene Datei überschreitet die in der Anweisung upload_max_filesize in php.ini festgelegte Grösse.
                     $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_SIZE_EXCEEDS_LIMIT'], $fileName, \FWSystem::getMaxUploadFileSize()) . '<br />';
                     break;
                 case UPLOAD_ERR_FORM_SIZE:
                     //Die hochgeladene Datei überschreitet die in dem HTML Formular mittels der Anweisung MAX_FILE_SIZE angegebene maximale Dateigrösse.
                     $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_TOO_LARGE'], $fileName) . '<br />';
                     break;
                 case UPLOAD_ERR_PARTIAL:
                     //Die Datei wurde nur teilweise hochgeladen.
                     $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_CORRUPT'], $fileName) . '<br />';
                     break;
                 case UPLOAD_ERR_NO_FILE:
                     //Es wurde keine Datei hochgeladen.
                     continue;
                     break;
                 default:
                     if (!empty($fileTmpName)) {
                         $arrFile = pathinfo($fileName);
                         $i = '';
                         $suffix = '';
                         $documentRootPath = \Env::get('cx')->getWebsiteDocumentRootPath();
                         $filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
                         while (file_exists($documentRootPath . $filePath)) {
                             $suffix = '-' . ++$i;
                             $filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
                         }
                         $arrMatch = array();
                         if (\FWValidator::is_file_ending_harmless($fileName)) {
                             if (@move_uploaded_file($fileTmpName, $documentRootPath . $filePath)) {
                                 $id = intval(substr($file, 17));
                                 $arrFiles[$id] = array('path' => $filePath, 'name' => $fileName);
                             } else {
                                 $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />';
                             }
                         } else {
                             $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />';
                         }
                     }
                     break;
             }
         }
     }
     return $arrFiles;
 }
 /**
  * upload media
  *
  * upload added media
  *
  * @access   public
  * @return   string  $fileName
  */
 function uploadMedia($name, $path)
 {
     //check file array
     if (isset($_FILES) && !empty($_FILES)) {
         //get file info
         $status = "";
         $tmpFile = $_FILES[$name]['tmp_name'];
         $fileName = $_FILES[$name]['name'];
         $fileType = $_FILES[$name]['type'];
         $this->fileSize = $_FILES[$name]['size'];
         if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) {
             //check extension
             $info = pathinfo($fileName);
             $exte = $info['extension'];
             $exte = !empty($exte) ? '.' . $exte : '';
             $part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
             $rand = rand(10, 99);
             $arrSettings = $this->getSettings();
             if ($arrSettings['encodeFilename']['value'] == 1) {
                 $fileName = md5($rand . $part1) . $exte;
             }
             //check file
             if (file_exists($this->mediaPath . $path . $fileName)) {
                 // TODO: $x is never set!
                 //                    $fileName = $part1 . '_' . (time() + $x) . $exte;
                 $fileName = $part1 . '_' . time() . $exte;
             }
             //check extension
             $info = pathinfo($fileName);
             $exte = $info['extension'];
             $exte = !empty($exte) ? '.' . $exte : '';
             $part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
             $rand = rand(10, 99);
             $arrSettings = $this->getSettings();
             if ($arrSettings['encodeFilename']['value'] == 1) {
                 $fileName = md5($rand . $part1) . $exte;
             }
             //check file
             if (file_exists($this->mediaPath . $path . $fileName)) {
                 // TODO: $x is never set!
                 //                    $fileName = $part1 . '_' . (time() + $x) . $exte;
                 $fileName = $part1 . '_' . time() . $exte;
             }
             //upload file
             if (@move_uploaded_file($tmpFile, $this->mediaPath . $path . $fileName)) {
                 $obj_file = new \File();
                 $obj_file->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
                 $status = $fileName;
             } else {
                 $status = "error";
             }
             //make thumb
             if (($fileType == "image/gif" || $fileType == "image/jpeg" || $fileType == "image/jpg" || $fileType == "image/png") && $path != "uploads/") {
                 $this->createThumb($fileName, $path);
             }
         } else {
             $status = "error";
         }
     }
     return $status;
 }
Пример #10
0
 /**
  * Checks if a customized version of a file exists in the website data
  * repository and returns its path if it exists.
  *
  * @param   string  $file       Path of file to look for a customized
  *                              version for.
  * @param   boolean $webPath    Whether or not to return the relative web
  *                              path instead of the absolute file system
  *                              path (default).
  * @param   boolean $isWebsite  If $isWebsite is provided, then it is set
  *                              to TRUE if the file can be located in the
  *                              website data repository. Otherwise it is
  *                              set to FALSE.
  * @return  mixed               Path (as string) to customized version of
  *                              file or FALSE if none exists.
  */
 public function getFileFromWebsiteRepository($file, $webPath = false, &$isWebsite = false)
 {
     // When the LegacyClassLoader is not initialized you cant load the FWValidator class
     // which is needed for the security check following next
     if (!$this->legacyClassLoader) {
         return false;
     }
     // Checks if the file is a harmless one, because you can upload anything
     // over the ftp which probably not should be executed
     if (!\FWValidator::is_file_ending_harmless($file)) {
         return false;
     }
     // check if customized version of file exists
     if (!file_exists($this->cx->getWebsiteDocumentRootPath() . $file)) {
         return false;
     }
     // customized version of file found in website's data repository
     $isWebsite = true;
     return ($webPath ? $this->cx->getWebsiteOffsetPath() : $this->cx->getWebsiteDocumentRootPath()) . $file;
 }
Пример #11
0
 /**
  * Upload a Csv File
  *
  * @param String $name File name
  * @param String $path uploading file path
  *
  * @return String
  */
 function uploadCSV($name, $path)
 {
     //check file array
     if (isset($_FILES) && !empty($_FILES)) {
         //get file info
         $status = "";
         $tmpFile = $_FILES[$name]['tmp_name'];
         $fileName = $_FILES[$name]['name'];
         $fileType = $_FILES[$name]['type'];
         $fileSize = $_FILES[$name]['size'];
         if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) {
             //check extension
             $info = pathinfo($fileName);
             $exte = $info['extension'];
             $exte = !empty($exte) ? '.' . $exte : '';
             $fileName = time() . $exte;
             //upload file
             if (@move_uploaded_file($tmpFile, $path . $fileName)) {
                 @chmod($path . $fileName, '0777');
                 $status = $fileName;
             } else {
                 $status = "error";
             }
         } else {
             $status = "error";
         }
     }
     return $status;
 }
Пример #12
0
 /**
  * Move the uploaded image to destination path from the temp path
  *
  * @return mixed $status | false
  */
 public function uploadPicture()
 {
     $status = "";
     $path = "pictures/";
     //check file array
     $uploaderId = isset($_POST['marketUploaderId']) ? contrexx_input2raw($_POST['marketUploaderId']) : 0;
     $fileName = isset($_POST['uploadImage']) ? contrexx_input2raw($_POST['uploadImage']) : 0;
     if (empty($uploaderId) || empty($fileName)) {
         return false;
     }
     //get file info
     $objSession = \cmsSession::getInstance();
     $tmpFile = $objSession->getTempPath() . '/' . $uploaderId . '/' . $fileName;
     if (!\Cx\Lib\FileSystem\FileSystem::exists($tmpFile)) {
         return false;
     }
     if ($fileName != '' && \FWValidator::is_file_ending_harmless($fileName)) {
         //check extension
         $info = pathinfo($fileName);
         $exte = $info['extension'];
         $exte = !empty($exte) ? '.' . $exte : '';
         $part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
         $rand = rand(10, 99);
         $fileName = md5($rand . $fileName) . $exte;
         //check file
         // TODO: $x is not defined
         $x = 0;
         if (file_exists($this->mediaPath . $path . $fileName)) {
             $fileName = $rand . $part1 . '_' . (time() + $x) . $exte;
             $fileName = md5($fileName) . $exte;
         }
         //Move the uploaded file to the path specified in the variable $this->mediaPath
         try {
             $objFile = new \Cx\Lib\FileSystem\File($tmpFile);
             if ($objFile->move($this->mediaPath . $path . $fileName, false)) {
                 $objFile = new \File();
                 $objFile->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
                 $status = $fileName;
             } else {
                 $status = "error";
             }
         } catch (\Cx\Lib\FileSystem\FileSystemException $e) {
             \DBG::msg($e->getMessage());
         }
     } else {
         $status = "error";
     }
     return $status;
 }
Пример #13
0
 /**
  * Move the uploaded images into place and link to the user
  *
  * @param \User  $objUser    \User object
  * @param array  $arrProfile Array profile data
  * @param array  $arrImages  Uploaded images array
  * @param string $uploaderId Uploader id
  *
  * @return boolean TRUE on success false otherwise
  */
 protected function addUploadedImagesToProfile($objUser, &$arrProfile, $arrImages, $uploaderId)
 {
     global $_CORELANG;
     $objSession = \cmsSession::getInstance();
     $arrErrorMsg = array();
     foreach ($arrImages as $attribute => $arrHistories) {
         foreach ($arrHistories as $historyId => $data) {
             $arrUploadedImages = array();
             if ($historyId === 'new') {
                 foreach ($data as $historyIndex => $filePath) {
                     $arrUploadedImages[] = array('path' => contrexx_input2raw($filePath), 'history_index' => $historyIndex);
                 }
             } else {
                 $arrUploadedImages[] = array('path' => contrexx_input2raw($data));
             }
             foreach ($arrUploadedImages as $arrImage) {
                 $fileName = basename($arrImage['path']);
                 $path = $objSession->getTempPath() . '/' . contrexx_input2raw($uploaderId) . '/' . $fileName;
                 if (!\Cx\Lib\FileSystem\FileSystem::exists($path) || !\FWValidator::is_file_ending_harmless($path)) {
                     continue;
                 }
                 $fileSize = filesize($path);
                 if (!$this->isImageWithinAllowedSize($fileSize, $attribute == 'picture')) {
                     $objAttribute = $objUser->objAttribute->getById($attribute);
                     $arrErrorMsg[] = sprintf($_CORELANG['TXT_ACCESS_PIC_TOO_BIG'], htmlentities($objAttribute->getName(), ENT_QUOTES, CONTREXX_CHARSET));
                     continue;
                 }
                 // resize image and put it into place (ASCMS_ACCESS_PHOTO_IMG_PATH / ASCMS_ACCESS_PROFILE_IMG_PATH)
                 if (($imageName = $this->moveUploadedImageInToPlace($objUser, $path, $fileName, $attribute == 'picture')) === false) {
                     continue;
                 }
                 // create thumbnail
                 if ($this->createThumbnailOfImage($imageName, $attribute == 'picture') !== false) {
                     if ($historyId === 'new') {
                         $arrProfile[$attribute][$historyId][$arrImage['history_index']] = $imageName;
                     } else {
                         $arrProfile[$attribute][$historyId] = $imageName;
                     }
                 }
             }
         }
     }
     if (count($arrErrorMsg)) {
         return $arrErrorMsg;
     } else {
         return true;
     }
 }
Пример #14
0
 /**
  * Upload the media files
  *
  * @param string $fileName   name of the media file
  * @param string $path       folder path
  * @param string $uploaderId uploader id
  *
  * @return string $status name of the uploaded file / error
  */
 function uploadMedia($fileName, $path, $uploaderId)
 {
     if (empty($uploaderId) || empty($fileName)) {
         return 'error';
     }
     $cx = \Cx\Core\Core\Controller\Cx::instanciate();
     $objSession = $cx->getComponent('Session')->getSession();
     $tempPath = $objSession->getTempPath() . '/' . $uploaderId . '/' . $fileName;
     //Check the uploaded file exists in /tmp folder
     if (!\Cx\Lib\FileSystem\FileSystem::exists($tempPath)) {
         //If the file still exists in the mediaPath then return the filename
         if (\Cx\Lib\FileSystem\FileSystem::exists($this->mediaPath . $path . $fileName)) {
             return $fileName;
         }
         return 'error';
     }
     $info = pathinfo($fileName);
     $exte = $info['extension'];
     $extension = !empty($exte) ? '.' . $exte : '';
     $file = substr($fileName, 0, strlen($fileName) - strlen($extension));
     $rand = rand(10, 99);
     $arrSettings = $this->getSettings();
     if ($arrSettings['encodeFilename']['value'] == 1) {
         $fileName = md5($rand . $file) . $extension;
     }
     //Rename the file if the filename already exists
     while (\Cx\Lib\FileSystem\FileSystem::exists($this->mediaPath . $path . $fileName)) {
         $fileName = $file . '_' . time() . $extension;
     }
     $filePath = $this->mediaPath . $path . $fileName;
     if (!\FWValidator::is_file_ending_harmless($filePath)) {
         return 'error';
     }
     //Move the file from /tmp folder into mediaPath and set the permission
     try {
         $objFile = new \Cx\Lib\FileSystem\File($tempPath);
         if ($objFile->move($filePath, false)) {
             $fileObj = new \File();
             $fileObj->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
             $status = $fileName;
         }
     } catch (\Cx\Lib\FileSystem\FileSystemException $e) {
         \DBG::msg($e->getMessage());
         $status = 'error';
     }
     //make the thumb
     if (($exte == "gif" || $exte == "jpeg" || $exte == "jpg" || $exte == "png") && $path != "uploads/") {
         $this->createThumb($fileName, $path);
     }
     return $status;
 }
Пример #15
0
 public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos)
 {
     global $objDatabase, $_ARRAYLANG, $_CONFIG;
     $originalNames = $fileInfos['originalFileNames'];
     $path = $data['path'];
     $webPath = $data['webPath'];
     $objCategory = Category::getCategory($data['category_id']);
     // check for sufficient permissions
     if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) {
         return;
     }
     //we remember the names of the uploaded files here. they are stored in the session afterwards,
     //so we can later display them highlighted.
     $arrFiles = array();
     //rename files, delete unwanted
     $arrFilesToRename = array();
     //used to remember the files we need to rename
     $h = opendir($tempPath);
     while (false !== ($file = readdir($h))) {
         //skip . and ..
         if ($file == '.' || $file == '..') {
             continue;
         }
         //delete potentially malicious files
         if (!\FWValidator::is_file_ending_harmless($file)) {
             @unlink($tempPath . '/' . $file);
             continue;
         }
         $info = pathinfo($file);
         $cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file);
         if ($cleanFile != $file) {
             rename($tempPath . '/' . $file, $tempPath . '/' . $cleanFile);
             $file = $cleanFile;
         }
         //check if file needs to be renamed
         $newName = '';
         $suffix = '';
         if (file_exists($path . '/' . $file)) {
             if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) {
                 $suffix = '_' . time();
                 $newName = $info['filename'] . $suffix . '.' . $info['extension'];
                 $arrFilesToRename[$file] = $newName;
                 array_push($arrFiles, $newName);
             }
         }
         if (!isset($arrFilesToRename[$file])) {
             //file will keep this name - create thumb
             \ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $file);
         }
         $objDownloads = new downloads('');
         $objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $originalNames[$file]);
     }
     //rename files where needed
     foreach ($arrFilesToRename as $oldName => $newName) {
         rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName);
         //file will keep this name - create thumb
         \ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $newName);
     }
     //remeber the uploaded files
     $_SESSION['media_upload_files_' . $uploadId] = $arrFiles;
     /* unwanted files have been deleted, unallowed filenames corrected.
        we can now simply return the desired target path, as only valid
        files are present in $tempPath */
     return array($path, $webPath);
 }
Пример #16
0
 public function moveFile(File $file, $destination)
 {
     global $_ARRAYLANG;
     if (!empty($destination) || !\FWValidator::is_file_ending_harmless($destination)) {
         if (is_dir($this->getFullPath($file) . $file->getFullName())) {
             $fileName = $this->getFullPath($file) . $file->getFullName();
             $destinationFileName = $this->getFullPath($file) . $destination;
         } else {
             $fileName = $this->getFullPath($file) . $file->getFullName();
             $destinationFileName = $this->getFullPath($file) . $destination . '.' . $file->getExtension();
         }
         if ($fileName == $destinationFileName) {
             return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_SUCCESSFULLY_RENAMED'], $file->getName());
         }
         $destinationFolder = realpath(pathinfo($this->getFullPath($file) . $destination, PATHINFO_DIRNAME));
         if (!MediaSourceManager::isSubdirectory($this->rootPath, $destinationFolder)) {
             return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_UNSUCCESSFULLY_RENAMED'], $file->getName());
         }
         $this->removeThumbnails($file);
         if (!\Cx\Lib\FileSystem\FileSystem::move($fileName, $destinationFileName, false)) {
             return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_UNSUCCESSFULLY_RENAMED'], $file->getName());
         }
         return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_SUCCESSFULLY_RENAMED'], $file->getName());
     } else {
         return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_UNSUCCESSFULLY_RENAMED'], $file->getName());
     }
 }
Пример #17
0
 /**
  * Upload Finished callback
  *
  * This is called as soon as uploads have finished.
  * takes care of moving them to the right folder
  *
  * @param string $tempPath    Path to the temporary directory containing the files at this moment
  * @param string $tempWebPath Points to the same folder as tempPath, but relative to the webroot
  * @param array  $data        Data given to setData() when creating the uploader
  * @param string $uploadId    unique session id for the current upload
  * @param array  $fileInfos   uploaded file informations
  * @param array  $response    uploaded status
  *
  * @return array path and webpath
  */
 public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos, $response)
 {
     $path = $data['path'];
     $webPath = $data['webPath'];
     $objCategory = Category::getCategory($data['category_id']);
     // check for sufficient permissions
     if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) {
         return;
     }
     //we remember the names of the uploaded files here. they are stored in the session afterwards,
     //so we can later display them highlighted.
     $arrFiles = array();
     $uploadFiles = array();
     //rename files, delete unwanted
     $arrFilesToRename = array();
     //used to remember the files we need to rename
     $h = opendir($tempPath);
     if (!$h) {
         return array($path, $webPath);
     }
     while (false !== ($file = readdir($h))) {
         //skip . and ..
         if ($file == '.' || $file == '..') {
             continue;
         }
         try {
             //delete potentially malicious files
             $objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $file);
             if (!\FWValidator::is_file_ending_harmless($file)) {
                 $objTempFile->delete();
                 continue;
             }
             $cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file);
             if ($cleanFile != $file) {
                 $objTempFile->rename($tempPath . '/' . $cleanFile, false);
                 $file = $cleanFile;
             }
             $info = pathinfo($file);
             //check if file needs to be renamed
             $newName = '';
             $suffix = '';
             if (file_exists($path . '/' . $file)) {
                 $suffix = '_' . time();
                 $newName = $info['filename'] . $suffix . '.' . $info['extension'];
                 $arrFilesToRename[$file] = $newName;
                 array_push($arrFiles, $newName);
             }
             if (!isset($arrFilesToRename[$file])) {
                 array_push($uploadFiles, $file);
             }
             //rename files where needed
             foreach ($arrFilesToRename as $oldName => $newName) {
                 $objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $oldName);
                 $objTempFile->rename($tempPath . '/' . $newName, false);
                 array_push($uploadFiles, $newName);
             }
             //move file from temp path into target folder
             $objImage = new \ImageManager();
             foreach ($uploadFiles as $fileName) {
                 $objFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $fileName);
                 $objFile->move($path . '/' . $fileName, false);
                 \Cx\Core\Core\Controller\Cx::instanciate()->getMediaSourceManager()->getThumbnailGenerator()->createThumbnailFromPath($path . '/' . $fileName);
             }
         } catch (\Cx\Lib\FileSystem\FileSystemException $e) {
             \DBG::msg($e->getMessage());
         }
         $objDownloads = new downloads('');
         $objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $fileInfos['name']);
     }
     return array($path, $webPath);
 }
Пример #18
0
 /**
  * create new file or folder
  * 
  * @param array $params supplied arguments from JsonData-request
  * @return string
  */
 public function newWithin($params)
 {
     global $_ARRAYLANG, $objInit;
     $_ARRAYLANG = $objInit->loadLanguageData('ViewManager');
     if (empty($params['post']['theme']) || empty($params['post']['name'])) {
         return array('status' => 'error', 'message' => $_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_EMPTY_NAME']);
     }
     if ($params['post']['isFolder'] && preg_match('/^\\./', trim($params['post']['name']))) {
         // folder name should not start with dot(.)
         return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_FOLDER_NAME_NOT_ALLOWED'], contrexx_input2xhtml($params['post']['name'])));
     }
     $matches = null;
     preg_match('@{([0-9A-Za-z._-]+)(:([_a-zA-Z][A-Za-z_0-9]*))?}@sm', $params['post']['name'], $matches);
     if (!empty($matches)) {
         return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_NAME_NOT_ALLOWED'], contrexx_input2xhtml($params['post']['newName'])));
     }
     // Cannot rename the virtual directory
     $virtualDirs = array('/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_CORE_MODULE, '/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_MODULE, '/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_CORE);
     $currentThemeFolderDirPath = \Env::get('cx')->getWebsiteThemesPath() . '/' . $params['post']['theme'] . '/';
     // Create the theme folder, if it does not exist
     if (!\Cx\Lib\FileSystem\FileSystem::exists($currentThemeFolderDirPath)) {
         if (!\Cx\Lib\FileSystem\FileSystem::make_folder($currentThemeFolderDirPath)) {
             return array('status' => 'error', 'reload' => false, 'message' => $_ARRAYLANG['TXT_THEME_NEWFILE_FAILED']);
         }
     }
     $newFileName = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($params['post']['name']);
     if (!\FWValidator::is_file_ending_harmless($newFileName)) {
         return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_FILE_EXTENSION_NOT_ALLOWED'], contrexx_input2xhtml($newFileName)));
     }
     if (in_array('/' . $newFileName, $virtualDirs)) {
         return array('status' => 'error', 'reload' => false, 'message' => $_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_VIRTUAL_FOLDER']);
     }
     if (!\Cx\Lib\FileSystem\FileSystem::exists($currentThemeFolderDirPath . $newFileName)) {
         if ($params['post']['isFolder']) {
             $status = \Cx\Lib\FileSystem\FileSystem::make_folder($currentThemeFolderDirPath . $newFileName);
             $succesMessage = sprintf($_ARRAYLANG['TXT_THEME_FOLDER_CREATE_SUCCESS'], contrexx_input2xhtml($newFileName));
         } else {
             $status = \Cx\Lib\FileSystem\FileSystem::touch($currentThemeFolderDirPath . $newFileName);
             $succesMessage = sprintf($_ARRAYLANG['TXT_THEME_FILE_CREATE_SUCCESS'], contrexx_input2xhtml($newFileName));
         }
         if (!$status) {
             return array('status' => 'error', 'message' => $_ARRAYLANG['TXT_THEME_NEWFILE_FAILED']);
         }
         return array('status' => 'success', 'reload' => true, 'message' => $succesMessage, 'path' => '/' . $newFileName);
     }
     return array('status' => 'error', 'message' => sprintf($_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_FILE_ALREADY_EXITS'], contrexx_input2xhtml($newFileName)));
 }
Пример #19
0
 /**
  * this is called as soon as uploads have finished.
  * takes care of moving them to the right folder
  * 
  * @return string the directory to move to
  */
 public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos)
 {
     $path = $data['path'];
     $webPath = $data['webPath'];
     //we remember the names of the uploaded files here. they are stored in the session afterwards,
     //so we can later display them highlighted.
     $arrFiles = array();
     //rename files, delete unwanted
     $arrFilesToRename = array();
     //used to remember the files we need to rename
     $h = opendir($tempPath);
     while (false !== ($file = readdir($h))) {
         $info = pathinfo($file);
         //skip . and ..
         if ($file == '.' || $file == '..') {
             continue;
         }
         $file = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file);
         //delete potentially malicious files
         if (!\FWValidator::is_file_ending_harmless($file)) {
             @unlink($tempPath . '/' . $file);
             continue;
         }
         //check if file needs to be renamed
         $newName = '';
         $suffix = '';
         if (file_exists($path . $file)) {
             $suffix = '_' . time();
             if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) {
                 $newName = $info['filename'] . $suffix . '.' . $info['extension'];
                 $arrFilesToRename[$file] = $newName;
                 array_push($arrFiles, $newName);
             }
         } else {
             array_push($arrFiles, $file);
         }
     }
     //rename files where needed
     foreach ($arrFilesToRename as $oldName => $newName) {
         rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName);
     }
     //create thumbnails
     //        foreach($arrFiles as $file) {
     //            $fileType = pathinfo($file);
     //            if ($fileType['extension'] == 'jpg' || $fileType['extension'] == 'jpeg' || $fileType['extension'] == 'png' || $fileType['extension'] == 'gif') {
     //                $objFile = new File();
     //                $_objImage = new ImageManager();
     //                $_objImage->_createThumbWhq($tempPath.'/', $tempWebPath.'/', $file, 1e10, 80, 90);
     //
     //                if ($objFile->setChmod($tempPath, $tempWebPath, ImageManager::getThumbnailFilename($file)))
     //                    $this->_pushStatusMessage(sprintf($_ARRAYLANG['TXT_FILEBROWSER_THUMBNAIL_SUCCESSFULLY_CREATED'], $strWebPath.$file));
     //            }
     //        }
     //remember the uploaded files
     if (isset($_SESSION["filebrowser_upload_files_{$uploadId}"])) {
         //do not overwrite already uploaded files
         $arrFiles = array_merge($_SESSION["filebrowser_upload_files_{$uploadId}"], $arrFiles);
     }
     $_SESSION["filebrowser_upload_files_{$uploadId}"] = $arrFiles;
     /* unwanted files have been deleted, unallowed filenames corrected.
        we can now simply return the desired target path, as only valid
        files are present in $tempPath */
     return array($path, $webPath);
 }
Пример #20
0
 /**
  * this is called as soon as uploads have finished.
  * takes care of moving them to the right folder
  *
  * @return string the directory to move to
  */
 public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos, $response)
 {
     $path = $data['path'];
     $webPath = $data['webPath'];
     //we remember the names of the uploaded files here. they are stored in the session afterwards,
     //so we can later display them highlighted.
     $arrFiles = array();
     //rename files, delete unwanted
     $arrFilesToRename = array();
     //used to remember the files we need to rename
     $h = opendir($tempPath);
     if ($h) {
         while (false !== ($file = readdir($h))) {
             //delete potentially malicious files
             // TODO: this is probably an overhead, because the uploader might already to this. doesn't it?
             if (!\FWValidator::is_file_ending_harmless($file)) {
                 @unlink($file);
                 continue;
             }
             if (self::isIllegalFileName($file)) {
                 $response->addMessage(\Cx\Core_Modules\Upload\Controller\UploadResponse::STATUS_ERROR, "You are not able to create the requested file.");
                 \Cx\Lib\FileSystem\FileSystem::delete_file($tempPath . '/' . $file);
                 continue;
             }
             //skip . and ..
             if ($file == '.' || $file == '..') {
                 continue;
             }
             //clean file name
             $newName = $file;
             \Cx\Lib\FileSystem\FileSystem::clean_path($newName);
             //check if file needs to be renamed
             if (file_exists($path . $newName)) {
                 $info = pathinfo($newName);
                 $exte = $info['extension'];
                 $exte = !empty($exte) ? '.' . $exte : '';
                 $part1 = $info['filename'];
                 if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) {
                     $newName = $part1 . '_' . time() . $exte;
                 }
             }
             //if the name has changed, the file needs to be renamed afterwards
             if ($newName != $file) {
                 $arrFilesToRename[$file] = $newName;
             }
             array_push($arrFiles, $newName);
         }
     }
     //rename files where needed
     foreach ($arrFilesToRename as $oldName => $newName) {
         rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName);
     }
     //remeber the uploaded files
     $files = $_SESSION["media_upload_files_{$uploadId}"];
     $_SESSION["media_upload_files_{$uploadId}"] = array_merge($arrFiles, $files ? $files->toArray() : []);
     /* unwanted files have been deleted, unallowed filenames corrected.
        we can now simply return the desired target path, as only valid
        files are present in $tempPath                                   */
     return array($data['path'], $data['webPath']);
 }
 /**
  * Copy the Upload the image to the path
  * Note: validation should be done before calling this function
  *
  * @param string $filePath Temp path of the uploaded media
  *
  * @return boolean|string relative path of the uploaded file, false otherwise
  */
 function uploadMedia($filePath)
 {
     if ($filePath == '' || !\FWValidator::is_file_ending_harmless($filePath)) {
         return false;
     }
     $fileName = basename($filePath);
     //get extension
     $arrFileInfo = pathinfo($fileName);
     $fileExtension = !empty($arrFileInfo['extension']) ? '.' . $arrFileInfo['extension'] : '';
     $fileBasename = $arrFileInfo['filename'];
     $randomSum = rand(10, 99);
     //encode filename
     if ($this->arrSettings['settingsEncryptFilenames'] == 1) {
         $fileName = md5($randomSum . $fileBasename) . $fileExtension;
     }
     //check filename
     if (file_exists($this->imagePath . 'uploads/' . $fileName)) {
         $fileName = $fileBasename . '_' . time() . $fileExtension;
     }
     //upload file
     if (\Cx\Lib\FileSystem\FileSystem::copy_file($filePath, $this->imagePath . 'uploads/' . $fileName) !== false) {
         $objFile = new \File();
         $objFile->setChmod($this->imagePath, $this->imageWebPath, 'uploads/' . $fileName);
         return $this->imageWebPath . 'uploads/' . $fileName;
     } else {
         return false;
     }
 }
Пример #22
0
 /**
  * Sanitizes the filename by adding a .txt file extension to files with
  * bad extensions and by removing strange characters.
  *
  * @param string $filename The filename to be sanitized
  *
  * @return string The sanitized filename
  */
 public static function sanitizeFileName($filename)
 {
     $filename = FileSystem::replaceCharacters(filter_var($filename, FILTER_SANITIZE_URL));
     $fileInfo = pathinfo($filename);
     if (empty($filename)) {
         $filename = 'file' . date('Y-m-d H:i:s');
     }
     if (!isset($fileInfo['extension'])) {
         $filename = $filename . '.txt';
     }
     if (!\FWValidator::is_file_ending_harmless($filename)) {
         $filename = $filename . '.txt';
     }
     return $filename;
 }