public static function canUpload( $file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) {
$paramsC = JComponentHelper::getParams( 'com_phocadownload' );
if ($frontEnd == 1) {
$aft = $paramsC->get( 'allowed_file_types_upload', PhocaDownloadSettings::getDefaultAllowedMimeTypesUpload() );
$dft = $paramsC->get( 'disallowed_file_types_upload', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $params->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4 ) {
$ignoreUploadCh = 1;
}
} else {
$aft = $paramsC->get( 'allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload() );
$dft = $paramsC->get( 'disallowed_file_types_download', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $paramsC->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 5 || $ignoreUploadCheck == 5 ) {
$ignoreUploadCh = 1;
}
}
$paramsL = array();
$group = PhocaDownloadSettings::getManagerGroup($manager);
if ($group['f'] == 2) {
$paramsL['upload_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['image_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png';
$paramsL['upload_mime_illegal'] ='application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
} else {
$paramsL['upload_extensions'] = $allowedMimeType['ext'];
$paramsL['image_extensions'] = 'bmp,gif,jpg,png,jpeg';
$paramsL['upload_mime'] = $allowedMimeType['mime'];
$paramsL['upload_mime_illegal'] = $disallowedMimeType['mime'];
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
}
// The file doesn't exist
if(empty($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNING_INPUT_FILE_UPLOAD';
return false;
}
// Not safe file
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
if ($ignoreUploadCh == 1) {
} else {
$allowable = explode( ',', $paramsL['upload_extensions']);
$notAllowable = explode( ',', $paramsL['upload_ext_illegal']);
if(in_array($format, $notAllowable)) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED';
return false;
}
//if (!in_array($format, $allowable)) {
if ($format == '' || $format == false || (!in_array($format, $allowable))) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_NOT_ALLOWED';
return false;
}
}
// Max size of image
// If chunk method is used, we need to get computed size
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
if ((int)$frontEnd > 0) {
$maxSize = $paramsC->get( 'user_file_upload_size', 3145728 );
} else {
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
}
if ($chunkEnabled == 1) {
if ((int)$maxSize > 0 && (int)$realSize > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
} else {
if ((int)$maxSize > 0 && (int)$file['size'] > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
}
// User (only in ucp) - Check the size of all files by users
if ($frontEnd == 2) {
$user = JFactory::getUser();
$maxUserUploadSize = (int)$paramsC->get( 'user_files_max_size', 20971520 );
$maxUserUploadCount = (int)$paramsC->get( 'user_files_max_count', 5 );
$allFile = PhocaDownloadUser:: getUserFileInfo($file, $user->id);
if ($chunkEnabled == 1) {
$fileSize = $realSize;
} else {
$fileSize = $file['size'];
}
if ((int)$maxUserUploadSize > 0 && (int) $allFile['size'] > $maxUserUploadSize) {
$err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOLARGE');
return false;
}
if ((int) $allFile['count'] > $maxUserUploadCount) {
$err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOMUCH');
return false;
}
}
// Image check
$imginfo = null;
$images = explode( ',', $paramsL['image_extensions']);
if(in_array($format, $images)) { // if its an image run it through getimagesize
$group = PhocaDownloadSettings::getManagerGroup($manager);
if($group['i'] == 1) {
if ($chunkEnabled != 1) {
if(($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDIMG';
$err = $imginfo[0];
return false;
}
}
}
} else if(!in_array($format, $images)) { // if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $paramsL['upload_mime']);
$illegal_mime = explode(',', $paramsL['upload_mime_illegal']);
if(function_exists('finfo_open')) {// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
finfo_close($finfo);
} else if(function_exists('mime_content_type')) { // we have mime magic
$type = mime_content_type($file['tmp_name']);
if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
}
}
// XSS Check
$xss_check = JFile::read($file['tmp_name'],false,256);
$html_tags = PhocaDownloadSettings::getHTMLTagsUpload();
foreach($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if(stristr($xss_check, '<'.$tag.' ') || stristr($xss_check, '<'.$tag.'>')) {
$err = 'COM_PHOCADOWNLOAD_WARNIEXSS';
return false;
}
}
return true;
}
