示例#1
0
 /**
  * Opens an Image file
  *
  * @param $src
  * @param $errors
  * @return mixed
  */
 public static function open($src, &$errors)
 {
     $file_ext = XApp_Image_Utils::imageExtension($src);
     if (!array_key_exists($file_ext, XApp_Image_Utils::$compatibleImageTypes)) {
         $errors[] = XAPP_TEXT_FORMATTED("IMAGE_TYPE_NOT_SUPPORTED", $file_ext);
         return false;
     }
     if (!file_exists($src)) {
         $errors[] = XAPP_TEXT_FORMATTED("FILE_DOESNT_EXISTS") . $src;
         return false;
     }
     $container = XApp_Image_Utils::$imageContainer;
     $container[XApp_Image_Utils::IMAGE_CONTAINER_SRC] = $src;
     $container[XApp_Image_Utils::IMAGE_CONTAINER_TYPE] = XApp_Image_Utils::$compatibleImageTypes[$file_ext];
     try {
         $container[XApp_Image_Utils::IMAGE_CONTAINER_DATA] = new Imagick($src);
     } catch (Exception $e) {
         $errors[] = $e->getMessage();
     }
     return $container;
 }
示例#2
0
 /**
  * @param $path
  * @param array $options
  * @param $error
  * @param $success
  */
 public function deleteFile($path, $options = array(), &$error, &$success)
 {
     if ($path == "/") {
         $error[] = XAPP_TEXT_FORMATTED("DIRECTORY_NOT_WRITEABLE", array($path));
     } else {
         XApp_File_Utils::deleteFile($this->toRealPath($path), $options, $error, $success);
     }
 }
示例#3
0
 /**
  *
  *  Validate using method
  *
  * @param $method         :   validation method
  * @param array $value    :   data for the validation
  * @param $options        :   options
  * @param $error
  * @param $success
  */
 public static function validate($method, $value, &$options, &$error, &$success)
 {
     $user = null;
     $method = strtoupper($method);
     switch ($method) {
         case self::ALLOW_IP:
             $client_ip = self::getClientIp();
             if ($client_ip !== null && !in_array($client_ip, $value)) {
                 $error[] = XAPP_TEXT_FORMATTED("IP_NOT_ALLOWED", array($client_ip));
             } else {
                 $success[] = XAPP_TEXT_FORMATTED("ALLOWED_IP", array($client_ip));
             }
             break;
         case self::DENY_IP:
             $client_ip = self::getClientIp();
             if ($client_ip !== null && in_array($client_ip, $value)) {
                 $error[] = XAPP_TEXT_FORMATTED("IP_DISALLOWED", array($client_ip));
             } else {
                 $success[] = XAPP_TEXT_FORMATTED("IP_NOT_DISALLOWED", array($client_ip));
             }
             break;
         case self::ALLOW_HOST:
             $host = self::getHost();
             if ($host !== null && !in_array($host, $value)) {
                 $error[] = XAPP_TEXT_FORMATTED("HOST_DENIED", array($host));
             } else {
                 $success[] = XAPP_TEXT_FORMATTED("HOST_ALLOWED", array($host));
             }
             break;
         case self::DENY_HOST:
             $host = self::getHost();
             if ($host !== null && in_array($host, $value)) {
                 $error[] = XAPP_TEXT_FORMATTED("HOST_DENIED", array($host));
             } else {
                 $success[] = XAPP_TEXT_FORMATTED("HOST_ALLOWED", array($host));
             }
             break;
         case self::ALLOW_REFERER:
             $referer = self::getReferer();
             $found = false;
             foreach ($value as $referer_url) {
                 $parsed_url = parse_url($referer_url, PHP_URL_HOST);
                 if ($parsed_url != '' && $parsed_url !== FALSE) {
                     $referer_url = $parsed_url;
                 }
                 $found = $found || $referer_url == $referer;
             }
             if (!$found) {
                 $error[] = XAPP_TEXT_FORMATTED("REFERER_NOT_ALLOWED", array($referer));
             } else {
                 $success[] = XAPP_TEXT_FORMATTED("ALLOWED_REFERER", array($referer));
             }
             break;
         case self::ALLOW_USER_AGENT:
             $user_agent = $_SERVER["HTTP_USER_AGENT"];
             if ($user_agent != null && !preg_match('/(' . implode('|', $value) . ')/i', $user_agent)) {
                 $error[] = XAPP_TEXT_FORMATTED("USER_AGENT_DENIED", array($user_agent));
             } else {
                 $success[] = XAPP_TEXT_FORMATTED("ALLOWED_USER_AGENT", array($user_agent));
             }
             break;
         case self::DENY_USER_AGENT:
             $user_agent = $_SERVER["HTTP_USER_AGENT"];
             if ($user_agent != null && preg_match('/(' . implode('|', $value) . ')/i', $user_agent)) {
                 $error[] = XAPP_TEXT_FORMATTED("USER_AGENT_DENIED", array($user_agent));
             } else {
                 $success[] = XAPP_TEXT_FORMATTED("ALLOWED_USER_AGENT", array($user_agent));
             }
             break;
         case self::SIGNED_REQUEST:
             if ($value) {
                 if (!isset($options[self::SIGN_KEY])) {
                     $error[] = XAPP_TEXT_FORMATTED("SIGN_KEY_NOT_PROVIDED");
                 } else {
                     // Gather all required options (key, algo, token_field, salt)
                     $key = $options[self::SIGN_KEY];
                     $algo = isset($options[self::SIGN_ALGORITHM]) ? $options[self::SIGN_ALGORITHM] : self::DEFAULT_SIGN_ALGORITHM;
                     $token_field = isset($options[self::SIGNING_TOKEN_FIELD]) ? $options[self::SIGNING_TOKEN_FIELD] : self::DEFAULT_SIGNING_TOKEN_FIELD;
                     $salt = '';
                     if (array_key_exists(self::SIGN_SALT, $options)) {
                         $salt = $options[self::SIGN_SALT];
                     }
                     // Get token
                     $token = $value[$token_field];
                     if (!isset($token)) {
                         $error[] = XAPP_TEXT_FORMATTED("SIGNING_TOKEN_NOT_FOUND");
                     } else {
                         // Remove token itself from data
                         if (array_key_exists($token_field, $value)) {
                             unset($value[$token_field]);
                         }
                         // Repare string to be hashed
                         $data = $salt . implode("", $value);
                         // Generate sign using algorithm
                         $sign = hash_hmac($algo, $data, $key);
                         if ($sign != $token) {
                             $error[] = XAPP_TEXT_FORMATTED("SIGN_VALIDATION_FAIL");
                         } else {
                             $success[] = XAPP_TEXT_FORMATTED("SIGN_VALIDATION_SUCCESS");
                         }
                     }
                 }
             }
             break;
     }
 }
示例#4
0
 public function getContent($scope, $path)
 {
     xapp_import('xapp.Directory.Utils');
     xapp_import('xapp.Path.Utils');
     xapp_import('xapp.VFS.Local');
     xapp_import('xapp.Commons.Exceptions');
     $scope = $this->getScope($scope);
     //root
     $root = $scope->resolveAbsolute('__ROOT__') . DIRECTORY_SEPARATOR;
     $fullPath = $root . DIRECTORY_SEPARATOR . $path;
     if (!is_readable($fullPath)) {
         throw new XApp_File_Exception(XAPP_TEXT_FORMATTED('CAN_NOT_READ_FILE', array(basename($fullPath)), 55100));
     }
     if (file_exists($fullPath)) {
         if (($content = file_get_contents($fullPath)) !== false) {
             return $content;
         }
     } else {
         throw new XApp_File_Exception(XAPP_TEXT_FORMATTED('CAN_NOT_FIND_FILE', array(basename($fullPath)), 55100));
     }
     return null;
 }
示例#5
0
 /**
  * @return array
  * @throws Xapp_XFile_Exception
  */
 public function put()
 {
     xapp_import('xapp.Path.Utils');
     xapp_import('xapp.Utils.SystemTextEncoding');
     $vars = array_merge($_GET, $_POST);
     $dstIn = '/';
     $mount = '/';
     if (array_key_exists('dstDir', $vars)) {
         $dstIn = XApp_Path_Utils::decodeSecureMagic($vars['dstDir']);
     }
     if (array_key_exists('mount', $vars)) {
         $mount = preg_replace('@[/\\\\]@', '', XApp_Path_Utils::decodeSecureMagic($vars['mount']));
     }
     if ($dstIn === '.') {
         $dstIn = '/';
     }
     $vfs = $this->getFileSystem($mount);
     $destination = $vfs->toRealPath(XApp_Path_Utils::normalizePath($mount . DIRECTORY_SEPARATOR . $dstIn));
     $errors = array();
     if (!$this->isLocal($mount, $this->getFSResources())) {
         return $this->putRemote($mount, $destination);
     }
     //writable check
     if (!is_writable($destination)) {
         throw new Xapp_XFile_Exception(XAPP_TEXT_FORMATTED('DIRECTORY_NOT_WRITEABLE', array($destination), 55100));
     }
     //parse files
     $fileVars = $_FILES;
     foreach ($fileVars as $boxName => $boxData) {
         if (substr($boxName, 0, 9) != "userfile_") {
             continue;
         }
         $err = self::parseFileDataErrors($boxData);
         if ($err != null) {
             $errorMessage = $err[1];
             $errors[] = XAPP_TEXT_FORMATTED('Error with upload %s', array($errorMessage));
             continue;
         }
         //basic sanitize
         $userfile_name = $boxData["name"];
         $userfile_name = XApp_Path_Utils::sanitizeEx(XApp_SystemTextEncoding::fromPostedFileName($userfile_name), XApp_Path_Utils::SANITIZE_HTML_STRICT);
         $userfile_name = substr($userfile_name, 0, 128);
         //rename if needed!
         $autorename = xapp_get_option(self::AUTO_RENAME);
         if ($autorename) {
             $userfile_name = self::autoRenameForDest($destination, $userfile_name);
         }
         /***
          * file extension check
          */
         $ext = pathinfo(strtolower($userfile_name), PATHINFO_EXTENSION);
         $allowable = explode(',', xapp_get_option(self::UPLOAD_EXTENSIONS, $this));
         if ($ext == '' || $ext == false || !in_array($ext, $allowable)) {
             $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_EXTENSIONS_NOT_ALLOWED', array($userfile_name, $ext));
             xapp_clog('file not allowed');
             continue;
         }
         try {
             //no need anymore
             if (file_exists($destination . "/" . $userfile_name)) {
             }
         } catch (Exception $e) {
             $errorMessage = $e->getMessage();
             $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage));
             break;
         }
         if (isset($boxData["input_upload"])) {
             try {
                 $input = fopen("php://input", "r");
                 $output = fopen("{$destination}/" . $userfile_name, "w");
                 $sizeRead = 0;
                 while ($sizeRead < intval($boxData["size"])) {
                     $chunk = fread($input, 4096);
                     $sizeRead += strlen($chunk);
                     fwrite($output, $chunk, strlen($chunk));
                 }
                 fclose($input);
                 fclose($output);
             } catch (Exception $e) {
                 $errorMessage = $e->getMessage();
                 $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage));
                 break;
             }
         } else {
             $result = @move_uploaded_file($boxData["tmp_name"], "{$destination}/" . $userfile_name);
             if (!$result) {
                 $realPath = $destination . DIRECTORY_SEPARATOR . $userfile_name;
                 $result = move_uploaded_file($boxData["tmp_name"], $realPath);
             }
             if (!$result) {
                 $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name));
                 break;
             }
         }
     }
     return $errors;
 }
示例#6
0
 /**
  *  Validates an array of options using options metainformation
  *
  * @param $optionsValues    array  :   options
  * @param $optionsMeta      array  :   options meta: dictionary, rules, defaults and pre-processors
  * @param $errors           array  :   returns errors found during validation
  */
 public static function validate($optionsValues, $optionsMeta, &$errors)
 {
     // apply defaults
     if (array_key_exists(self::OPTIONS_DEFAULT, $optionsMeta)) {
         foreach ($optionsMeta[self::OPTIONS_DEFAULT] as $key => $default) {
             if (!isset($optionsValues[$key])) {
                 $optionsValues[$key] = $default;
             }
         }
     }
     // apply pre-processors
     if (array_key_exists(self::OPTIONS_PREPROCESSORS, $optionsMeta)) {
         foreach ($optionsMeta[self::OPTIONS_PREPROCESSORS] as $key => $methods) {
             if (isset($optionsValues[$key])) {
                 foreach ($methods as $method) {
                     $optionsValues[$key] = call_user_func($method, $optionsValues[$key]);
                 }
             }
         }
     }
     // check types
     if (array_key_exists(self::OPTIONS_DICT, $optionsMeta)) {
         foreach ($optionsMeta[self::OPTIONS_DICT] as $key => $type) {
             if (isset($optionsValues[$key])) {
                 if (!xapp_is($type, $optionsValues[$key])) {
                     $errors[] = XAPP_TEXT_FORMATTED("INCORRECT_OPTION_TYPE", array($optionsValues[$key], $type));
                 }
             }
         }
     }
     // check rules
     if (array_key_exists(self::OPTIONS_RULE, $optionsMeta)) {
         foreach ($optionsMeta[self::OPTIONS_RULE] as $key => $requested) {
             if (!isset($optionsValues[$key])) {
                 $errors[] = XAPP_TEXT_FORMATTED("REQUIRED_OPTION_NOT_PROVIDED", array($key));
             }
         }
     }
 }
示例#7
0
 /**
  *
  *  Creates a ZIP file $dest_file with the contents of $source_dir
  *
  * @param $source_dir       :   path to be added at the ZIP file
  * @param $dest_file        :   file to be created
  * @param $inclusionMask    :   null means all, if its a string : it must compatible to a scandir query, if its a string its a regular expression
  * @param $exclusionMask    :   null means all, if its a string : it must compatible to a scandir query, if its a string its a regular expression
  * @param $error            :   reference to array of error messages
  * @param $success          :   reference to array of success messages
  */
 public static function zipDir($source_dir, $dest_file, $inclusionMask = array(), $exclusionMask = array(), &$error, &$success)
 {
     ini_set('memory_limit', '128M');
     $zipSelection = self::getFilteredDirList($source_dir, $inclusionMask, $exclusionMask, array(self::OPTION_RECURSIVE => true));
     $archive = new ZipArchive();
     $error_count = Count($error);
     $source_dir = self::normalizePath($source_dir, true);
     if ($archive->open($dest_file, ZIPARCHIVE::CREATE) === TRUE) {
         foreach ($zipSelection as $path) {
             set_time_limit(400);
             // reset counter and set timeout 400s
             $dest_path = substr($path, strlen($source_dir));
             if (is_dir($path)) {
                 if ($archive->addEmptyDir($dest_path) === FALSE) {
                     $error[] = XAPP_TEXT_FORMATTED('COULD_NOT_CREATE_FILE', array($dest_path)) . XAPP_TEXT_FORMATTED('INTO_ZIP', array($dest_file));
                 }
             } else {
                 if ($archive->addFile($path, $dest_path) === FALSE) {
                     $error[] = XAPP_TEXT_FORMATTED('COULD_NOT_CREATE_FILE', array($dest_path)) . XAPP_TEXT_FORMATTED('INTO_ZIP', array($dest_file));
                 } else {
                     $success[] = XAPP_TEXT_FORMATTED('ZIP_FILE_SUCCESS', array($path));
                 }
             }
         }
         if ($archive->close() === TRUE) {
             if ($error_count == Count($error)) {
                 $success[] = XAPP_TEXT_FORMATTED('ZIP_SUCCESS', array($dest_file));
             } else {
                 $success[] = XAPP_TEXT_FORMATTED('ZIP_RELATIVE_SUCCESS', array($dest_file));
             }
         }
     } else {
         $error[] = XAPP_TEXT_FORMATTED('COULD_NOT_CREATE_FILE', array($dest_file));
     }
 }
示例#8
0
 public static function output($container)
 {
     // imagejpeg, imagegif of imagepng
     $save_function = "image" . $container[XApp_Image_Utils::IMAGE_CONTAINER_TYPE];
     if (function_exists($save_function)) {
         ob_start();
         $save_function($container[XApp_Image_Utils::IMAGE_CONTAINER_DATA]);
         return ob_get_clean();
     } else {
         $errors[] = XAPP_TEXT_FORMATTED("IMAGE_MANIPULATION_FUNCTION_NOT_FOUND", $save_function);
         return false;
     }
 }
示例#9
0
 /**
  * Login an user into the session storage
  *
  * @param $userName
  * @param $password
  * @param $errors   :  array of errors
  * @return bool     :  true if login is successful
  */
 public function login($userName, $password, &$errors = array())
 {
     if ($this->sessionStorage == null) {
         $this->initSessionStorage();
     }
     $this->sessionStorage->logout();
     $result = false;
     try {
         // we try to log the user in
         $result = $this->sessionStorage->login($userName, $password);
         // Trigger HOOK_LOGIN
         Xapp_Hook::trigger(self::HOOK_LOGIN, array('userName' => $userName, 'instance' => $this));
         $result = true;
     } catch (XApp_Security_AuthenticationException $e) {
         $errors[] = XAPP_TEXT_FORMATTED('LOGIN_ERROR', array($userName, $e->getMessage()));
     }
     if ($result === true) {
         $user = $this->getUser($userName);
         $section = $this->getSession()->getSection('user');
         $section->user = $user;
     } else {
         //flush session variable
         $section = $this->getSession()->getSection('user');
         $section->user = null;
     }
     return $result;
 }