/**
* Returns a reference to the a Table object, always creating it
*
* @param type $type The table type to instantiate
* @param string $prefix A prefix for the table class name. Optional.
* @param array $options Configuration array for model. Optional.
* @return database A database object
* @since 1.5
*/
function &getInstance($type, $prefix = 'FiveTable', $config = array())
{
$false = false;
$type = preg_replace('/[^A-Z0-9_\\.-]/i', '', $type);
$tableClass = $prefix . ucfirst($type);
if (!class_exists($tableClass)) {
if ($path = FivePath::find(FiveTable::addIncludePath(), strtolower($type) . '.php')) {
require_once $path;
if (!class_exists($tableClass)) {
trigger_error('Table class ' . $tableClass . ' not found in file.', E_USER_WARNING);
return $false;
}
} else {
trigger_error('Table ' . $type . ' not supported. File not found.', E_USER_WARNING);
return $false;
}
}
//Make sure we are returning a DBO object
if (array_key_exists('dbo', $config)) {
$db =& $config['dbo'];
} else {
$db =& FiveFactory::getDBO();
}
$instance = new $tableClass($db);
$instance->_type = $type;
return $instance;
}
/**
* Function is responsible for validating a safe file and saving it to the
* associated directory, then returning the target path
*
* @param array $fileArray
* @param string $type
* @param string $directory
* @return string
*/
function save_file($fileArray, $type = null, $directory = '')
{
//reasons to fail
if (!BRequest::get('files', false) || !is_array($fileArray)) {
return false;
}
if (!file_is_safe($fileArray, $type)) {
return false;
}
//initializing
$parts = pathinfo($fileArray['name']);
$original_name = $parts['basename'];
$target_path = FivePath::clean(strtolower(UPLOADS . DS . $directory . DS . create_guid() . '.' . $parts['extension']));
if (!move_uploaded_file($fileArray['tmp_name'], $target_path)) {
return false;
}
//success
return str_replace(ABSPATH, '', $target_path);
}
/**
* Searches the directory paths for a given file.
*
* @access protected
* @param array|string $path An path or array of path to search in
* @param string $file The file name to look for.
* @return mixed The full path and file name for the target file, or boolean false if the file is not found in any of the paths.
* @since 1.5
*/
function files_find($paths, $file)
{
settype($paths, 'array');
//force to array
// start looping through the path set
foreach ($paths as $path) {
// get the path to the file
$fullname = FivePath::clean($path . DS . $file);
// is the path based on a stream?
if (strpos($path, '://') === false) {
// not a stream, so do a realpath() to avoid directory
// traversal attempts on the local file system.
$path = realpath($path);
// needed for substr() later
$fullname = realpath($fullname);
}
// the substr() check added to make sure that the realpath()
// results in a directory registered so that
// non-registered directores are not accessible via directory
// traversal attempts.
if (file_exists($fullname) && substr($fullname, 0, strlen($path)) == $path) {
return $fullname;
}
}
// could not find the file in the set of paths
return false;
}
/**
* Checks for snooping outside of the file system root
*
* @param string $path A file system path to check
* @return string A cleaned version of the path
* @since 1.5
*/
function check($path)
{
if (strpos($path, '..') !== false) {
trigger_error('FivePath::check Use of relative paths not permitted', E_USER_WARNING);
// don't translate
exit;
}
$path = FivePath::clean($path);
if (strpos($path, FivePath::clean(ABSPATH)) !== 0) {
trigger_error('FivePath::check Snooping out of bounds @ ' . $path, E_USER_WARNING);
// don't translate
exit;
}
}
