/** * Check if file exists, both checking filtered filename and exact filename * * @param string $originalFile Filename * @return bool */ protected function checkFileExists($originalFile) { // Check both original and safely filtered filename $nameFilter = FileNameFilter::create(); $filteredFile = $nameFilter->filter($originalFile); // Resolve expected folder name $folderName = $this->getFolderName(); $folder = Folder::find_or_make($folderName); $parentPath = $folder ? $folder->getFilename() : ''; // check if either file exists return File::find($parentPath . $originalFile) || File::find($parentPath . $filteredFile); }
/** * Creates a single folder, within an optional parent folder. * * @param HTTPRequest $request * @return HTTPRequest|HTTPResponse */ public function apiCreateFolder(HTTPRequest $request) { $data = $request->postVars(); $class = 'SilverStripe\\Assets\\Folder'; // CSRF check $token = SecurityToken::inst(); if (empty($data[$token->getName()]) || !$token->check($data[$token->getName()])) { return new HTTPResponse(null, 400); } // check addchildren permissions /** @var Folder $parentRecord */ $parentRecord = null; if (!empty($data['ParentID']) && is_numeric($data['ParentID'])) { $parentRecord = DataObject::get_by_id($class, $data['ParentID']); } $data['Parent'] = $parentRecord; $data['ParentID'] = $parentRecord ? (int) $parentRecord->ID : 0; // Build filename $baseFilename = isset($data['Name']) ? basename($data['Name']) : _t('SilverStripe\\AssetAdmin\\Controller\\AssetAdmin.NEWFOLDER', "NewFolder"); if ($parentRecord && $parentRecord->ID) { $baseFilename = $parentRecord->getFilename() . '/' . $baseFilename; } // Ensure name is unique $nameGenerator = $this->getNameGenerator($baseFilename); $filename = null; foreach ($nameGenerator as $filename) { if (!File::find($filename)) { break; } } $data['Name'] = basename($filename); // Create record /** @var Folder $record */ $record = Injector::inst()->create($class); // check create permissions if (!$record->canCreate(null, $data)) { return (new HTTPResponse(null, 403))->addHeader('Content-Type', 'application/json'); } $record->ParentID = $data['ParentID']; $record->Name = $record->Title = basename($data['Name']); $record->write(); $result = $this->getObjectFromData($record); return (new HTTPResponse(json_encode($result)))->addHeader('Content-Type', 'application/json'); }