/** * Validate an uploaded file * * For validation if a upload specific config provided, then will be used. If not, Global config in * SecureUPloadConfig will be used. * * Valid upload code is 10. Other codes are invalid ones. More information: Upload Class * * @param Upload $Upload Upload object * @param SecureUPloadConfig $SecureUPloadConfig SecureUpload Config * @param UploadConfig|null $UploadConfig Specific upload config * * @return int */ public function validate(Upload $Upload, SecureUPloadConfig $SecureUPloadConfig, UploadConfig $UploadConfig = null) { if (is_null($UploadConfig)) { $min_filesize = $SecureUPloadConfig->get('min_filesize'); $max_filesize = $SecureUPloadConfig->get('max_filesize'); $accepted_extensions = array_keys($SecureUPloadConfig->get('file_types')); $accepted_file_types = $SecureUPloadConfig->get('file_types'); } else { $min_filesize = $UploadConfig->get('min_filesize'); $max_filesize = $UploadConfig->get('max_filesize'); $accepted_extensions = array_keys($UploadConfig->get('file_types')); $accepted_file_types = $UploadConfig->get('file_types'); } $Upload_tmp_name = $Upload->getTmpInfo('tmp_name'); if ($this->checkFileUploadedByPost($Upload_tmp_name) !== true) { return 11; } $Upload_size = $Upload->getTmpInfo('size'); if ($this->checkMinFileSize($Upload_size, $min_filesize) !== true) { return 12; } if ($this->checkMaxFileSize($Upload_size, $max_filesize) !== true) { return 13; } $Upload_name = $Upload->getTmpInfo('name'); $Upload_extension = $this->getExtByPath($Upload_name); if ($this->checkForbiddenExtensions($Upload_extension) !== true) { return 14; } if ($this->checkExtension($Upload_extension, $accepted_extensions) !== true) { return 15; } if ($this->checkMimeType($Upload_tmp_name, $Upload_extension, $accepted_file_types) !== true) { return 16; } return 10; }
/** * Save uploaded file into upload folder. * * @param Upload $Upload Upload object */ private function saveUpload(Upload $Upload) { $Upload_tmp_info_name = $Upload->getTmpInfo('name'); $Upload_tmp_info_tmp_name = $Upload->getTmpInfo('tmp_name'); $Upload_name = md5($Upload_tmp_info_name . time()); $Upload_extension = pathinfo($Upload_tmp_info_name, PATHINFO_EXTENSION); $Upload_path_array = $this->getUploadPathAsArray($Upload_extension); if (!empty($Upload_path_array)) { $Upload_path_string = implode($Upload_path_array, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR; } else { $Upload_path_string = ''; } if ($this->UploadFolder->moveUploadedFile($Upload_path_array, $Upload_path_string, $Upload_tmp_info_tmp_name, $Upload_name, $Upload_extension)) { $Upload->name = $Upload_name; $Upload->ext = $Upload_extension; $Upload->relative_path = $Upload_path_string . $Upload_name . '.' . $Upload_extension; $Upload->relative_url = str_replace(DIRECTORY_SEPARATOR, '/', $Upload->relative_path); $Upload->path = $this->SecureUPloadConfig->get('upload_folder') . $Upload->relative_path; $Upload->id = $this->getId($Upload); $Upload->size = $Upload->getTmpInfo('size'); $Upload->type = $this->getUploadType($Upload); } else { $Upload->status = 2; $Upload->error = 17; } }