private function createReflectionRecord($source, $options, $desiredName)
{
$absoluteSource = realpath(ipFile('file/repository/' . $source));
if (!$absoluteSource || !is_file($absoluteSource)) {
throw new \Ip\Exception\Repository\Transform("File doesn't exist", array('filename' => $absoluteSource));
}
if (strpos($absoluteSource, realpath(ipFile('file/repository/'))) !== 0) {
throw new \Exception("Requested file (" . $source . ") is outside repository dir");
}
//if desired name ends with .jpg, .gif, etc., remove extension
$desiredPathInfo = pathinfo($desiredName);
if (!empty($desiredPathInfo['filename']) && isset($desiredPathInfo['extension']) && strlen($desiredPathInfo['extension']) <= 4) {
$desiredName = $desiredPathInfo['filename'];
}
//update destination file extension
$pathInfo = pathinfo($absoluteSource);
if (isset($pathInfo['extension'])) {
$ext = $pathInfo['extension'];
} else {
$ext = '';
}
$ext = ipFilter('ipReflectionExtension', $ext, array('source' => $absoluteSource, 'options' => $options));
if ($desiredName == '') {
$pathInfo = pathinfo($absoluteSource);
$desiredName = $pathInfo['filename'];
}
if ($ext != '') {
$desiredName = $desiredName . '.' . $ext;
}
$desiredName = \Ip\Internal\File\Functions::cleanupFileName($desiredName);
//remove double dots if file name. For security reasons.
$relativeDestinationPath = date('Y/m/d/');
$relativeDestinationPath = ipFilter('ipRepositoryNewReflectionFileName', $relativeDestinationPath, array('originalFile' => $source, 'options' => $options, 'desiredName' => $desiredName));
$destinationFileName = $this->getUnocupiedName($desiredName, $relativeDestinationPath);
$reflection = $relativeDestinationPath . $destinationFileName;
$this->storeReflectionRecord($source, $reflection, $options);
return $reflection;
}
/**
* @param string $url
* @return string
*/
protected function downloadFile($url, $title)
{
//download image to TMP dir and get $resultFilename
$net = new \Ip\Internal\NetHelper();
$tmpFilename = $net->downloadFile($url, ipFile('file/tmp/'), 'bigstock_' . time());
if (!$tmpFilename) {
return null;
}
//find out file mime type to know required extension
try {
$mime = \Ip\Internal\File\Functions::getMimeType(ipFile('file/tmp/' . $tmpFilename));
switch ($mime) {
case 'image/png':
$ext = '.jpg';
break;
case 'image/gif':
$ext = '.gif';
break;
case 'image/bmp':
$ext = '.bmp';
break;
case 'image/pjpeg':
case 'image/jpeg':
default:
$ext = '.jpg';
break;
}
} catch (\Ip\PhpException $e) {
$ext = '.jpg';
}
//get real nice new file name
$title = \Ip\Internal\File\Functions::cleanupFileName($title);
$words = explode(' ', $title);
$cleanTitle = '';
foreach ($words as $word) {
//limit file name to 30 symbols
if (strlen($cleanTitle . '_' . $word) > 30) {
break;
}
if ($cleanTitle != '') {
$cleanTitle .= '_';
}
$cleanTitle .= $word;
}
if ($cleanTitle == '') {
$cleanTitle = 'file';
}
$niceFileName = $cleanTitle . $ext;
$destinationDir = ipFile('file/repository/');
$destinationFileName = \Ip\Internal\File\Functions::genUnoccupiedName($niceFileName, $destinationDir);
copy(ipFile('file/tmp/' . $tmpFilename), $destinationDir . $destinationFileName);
unlink(ipFile('file/tmp/' . $tmpFilename));
$browserModel = \Ip\Internal\Repository\BrowserModel::instance();
$file = $browserModel->getFile($destinationFileName);
return $file;
}
/**
* Handle uploads made using PlUpload library
* @param bool $secureFolder
* @throws \Ip\Exception\Repository\Upload
*/
public function handlePlupload($secureFolder)
{
if (!$secureFolder && !ipAdminId()) {
throw new \Ip\Exception\Repository\Upload("Trying to upload image to temporary directory without permission.");
}
if ($secureFolder) {
$targetDir = ipFile('file/secure/tmp/');
} else {
$targetDir = ipFile('file/tmp/');
}
if ($secureFolder) {
$sizeLimit = ipGetOption('Repository.publicUploadLimit', 4000);
if ($this->folderSize($targetDir) > $sizeLimit * 1000000) {
//4000 Mb by default
ipLog()->error("Repository.publicUploadLimitReached: IP: `{ip}`. CurrentLimit `{limit}Mb`. Please update Repository.publicUploadLimit option to increase the limits.", array('ip' => $_SERVER['REMOTE_ADDR'], 'limit' => $sizeLimit));
throw new \Ip\Exception("Upload limit reached");
}
}
// Get parameters
$chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0;
$chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0;
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
// Clean the fileName for security reasons
$fileName = \Ip\Internal\File\Functions::cleanupFileName($fileName);
// Make sure the fileName is unique but only if chunking is disabled
if ($chunks < 2 && file_exists($targetDir . $fileName)) {
$fileName = \Ip\Internal\File\Functions::genUnoccupiedName($fileName, $targetDir);
}
//security check
$fileExtension = strtolower(substr($fileName, strrpos($fileName, '.') + 1));
$whiteListExtensions = array('jpg', 'jpeg', 'jpe', 'gif', 'png', 'bmp', 'tif', 'tiff', 'ico', 'asf', 'asx', 'wmv', 'wmx', 'wm', 'avi', 'divx', 'flv', 'mov', 'qt', 'mpeg', 'mpg', 'mpe', 'mp4', 'm4v', 'ogv', 'webm', 'mkv', 'txt', 'asc', 'c', 'cc', 'h', 'csv', 'tsv', 'ics', 'rtx', 'css', 'htm', 'html', 'vtt', 'mp3', 'm4a', 'm4b', 'ra', 'ram', 'wav', 'ogg', 'oga', 'mid', 'midi', 'wma', 'wax', 'mka', 'rtf', 'js', 'pdf', 'class', 'tar', 'zip', 'gz', 'gzip', 'rar', '7z', 'doc', 'pot', 'pps', 'ppt', 'wri', 'xla', 'xls', 'xlt', 'xlw', 'mdb', 'mpp', 'docx', 'docm', 'dotx', 'dotm', 'eps', 'xlsx', 'xlsm', 'xlsb', 'xltx', 'xltm', 'xlam', 'pptx', 'pptm', 'ppsx', 'ppsm', 'potx', 'potm', 'ppam', 'sldx', 'sldm', 'onetoc', 'onetoc2', 'onetmp', 'onepkg', 'odt', 'odp', 'ods', 'odg', 'odc', 'odb', 'odf', 'wp', 'wpd', 'key', 'numbers', 'pages', 'xml', 'json', 'iso', 'aac', 'img', 'psd', 'ai', 'sql', 'swf', 'svg');
$whiteListExtensions = ipFilter('ipWhiteListExtensions', $whiteListExtensions);
if (!empty($fileExtension) && !in_array($fileExtension, $whiteListExtensions)) {
//security risk
throw new \Ip\Exception\Repository\Upload\ForbiddenFileExtension("Files with extension (." . esc($fileExtension) . ") are not permitted for security reasons.", array('extension' => $fileExtension, 'filename' => $fileName));
}
//end security check
// Look for the content type header
$contentType = null;
if (isset($_SERVER["HTTP_CONTENT_TYPE"])) {
$contentType = $_SERVER["HTTP_CONTENT_TYPE"];
}
if (isset($_SERVER["CONTENT_TYPE"])) {
$contentType = $_SERVER["CONTENT_TYPE"];
}
// Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
if (strpos($contentType, "multipart") !== false) {
if (!isset($_FILES['file']['tmp_name']) || !is_uploaded_file($_FILES['file']['tmp_name'])) {
throw new \Ip\Exception\Repository\Upload("Failed to move uploaded file.");
}
// Open temp file
$out = fopen($targetDir . $fileName, $chunk == 0 ? "wb" : "ab");
if (!$out) {
throw new \Ip\Exception\Repository\Upload("Failed to open output stream.");
}
//mark this file as uploaded by current user
$this->setFileUploadedByThisUser($targetDir . $fileName);
// Read binary input stream and append it to temp file
$in = fopen($_FILES['file']['tmp_name'], "rb");
if (!$in) {
throw new \Ip\Exception\Repository\Upload("Failed to open input stream.");
}
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
fclose($in);
fclose($out);
@unlink($_FILES['file']['tmp_name']);
} else {
// Open temp file
$out = fopen($targetDir . '/' . $fileName, $chunk == 0 ? "wb" : "ab");
if (!$out) {
throw new \Ip\Exception\Repository\Upload("Failed to open output stream.");
}
// Read binary input stream and append it to temp file
$in = fopen("php://input", "rb");
if (!$in) {
throw new \Ip\Exception\Repository\Upload("Failed to open input stream.");
}
while ($buff = fread($in, 4096)) {
if (function_exists('set_time_limit')) {
set_time_limit(30);
}
fwrite($out, $buff);
}
fclose($in);
fclose($out);
}
$this->uploadedFileName = $fileName;
$this->uploadedFile = $targetDir . $fileName;
$this->targetDir = $targetDir;
}
