diff options
Diffstat (limited to 'h-source/Library/Files/Upload.php')
-rwxr-xr-x | h-source/Library/Files/Upload.php | 82 |
1 files changed, 64 insertions, 18 deletions
diff --git a/h-source/Library/Files/Upload.php b/h-source/Library/Files/Upload.php index f06c1c8..7dbc7d1 100755 --- a/h-source/Library/Files/Upload.php +++ b/h-source/Library/Files/Upload.php @@ -60,10 +60,12 @@ class Files_Upload 'maxFileSize' => 3000000, 'language' => 'En', 'allowedExtensions' => 'jpg,jpeg,png,gif,txt', + 'allowedMimeTypes' => '', 'fileUploadKey' => 'userfile', 'fileUploadBehaviour' => 'add_token', //can be none or add_token 'fileUploadBeforeTokenChar' => '_', 'functionUponFileNane' => 'none', + 'createImage' => false, ); //set the $this->scaffold->params array @@ -226,15 +228,23 @@ class Files_Upload //get the extension of the file public function getFileExtension($file) { - return strtolower(end(explode('.', $file))); + if (strstr($file,'.')) + { + return strtolower(end(explode('.', $file))); + } + return ''; } //get the file name without the extension public function getNameWithoutFileExtension($file) { - $copy = explode('.', $file); - array_pop($copy); - return implode('.',$copy); + if (strstr($file,'.')) + { + $copy = explode('.', $file); + array_pop($copy); + return implode('.',$copy); + } + return $file; } //get a not existing file name if the one retrieved from the upload process already exists in the current directory @@ -243,7 +253,10 @@ class Files_Upload $fileNameWithoutExt = $this->getNameWithoutFileExtension($file); $extension = $this->getFileExtension($file); $token = $int === 0 ? null : $this->params['fileUploadBeforeTokenChar'].$int; - $newName = $fileNameWithoutExt.$token.".$extension"; + + $dotExt = strcmp($extension,'') !== 0 ? ".$extension" : null; + + $newName = $fileNameWithoutExt.$token.$dotExt; if (!file_exists($this->base.$this->directory.$newName)) { return $newName; @@ -465,14 +478,22 @@ class Files_Upload $ext = $this->getFileExtension($nameFromUpload); $nameWithoutExtension = $this->getNameWithoutFileExtension($nameFromUpload); + $dotExt = strcmp($ext,'') !== 0 ? ".$ext" : null; + + //check if the "functionUponFileNane" function exists if (!function_exists($this->params['functionUponFileNane'])) { throw new Exception('Error in <b>'.__METHOD__.'</b>: function <b>'.$this->params['functionUponFileNane']. '</b> does not exist'); } + //check if the fileinfo extension is loaded + if (strcmp($this->params['allowedMimeTypes'],'') !== 0 and !extension_loaded('fileinfo')) { + throw new Exception('Error in <b>'.__METHOD__.'</b>: no MIME type check is possible because the <b>fileinfo</b> extension is not loaded'); + } + $nameWithoutExtension = call_user_func($this->params['functionUponFileNane'],$nameWithoutExtension); - - $fileName = isset($fileName) ? $fileName.".$ext" : $nameWithoutExtension.".$ext"; - + + $fileName = isset($fileName) ? $fileName.$dotExt : $nameWithoutExtension.$dotExt; + $this->fileName = $fileName; switch($this->params['fileUploadBehaviour']) @@ -490,26 +511,51 @@ class Files_Upload { //check the extension of the file $AllowedExtensionsArray = explode(',',$this->params['allowedExtensions']); - - if (in_array($ext,$AllowedExtensionsArray)) + + if (strcmp($this->params['allowedExtensions'],'') === 0 or in_array($ext,$AllowedExtensionsArray)) { - //check if the file doesn't exist - if (!file_exists($this->base.$this->directory.$fileName)) + if (strcmp($this->params['allowedMimeTypes'],'') !== 0) + { + //get the MIME type of the file + $finfo = finfo_open(FILEINFO_MIME_TYPE); + $MIMEtype = finfo_file($finfo, $_FILES[$userfile]["tmp_name"]); + finfo_close($finfo); + } + + $AllowedMimeTypesArray = explode(',',$this->params['allowedMimeTypes']); + + if (strcmp($this->params['allowedMimeTypes'],'') === 0 or in_array($MIMEtype,$AllowedMimeTypesArray)) { - if (@move_uploaded_file($_FILES[$userfile]["tmp_name"],$this->base.$this->directory.$fileName)) + //check if the file doesn't exist + if (!file_exists($this->base.$this->directory.$fileName)) { - @chmod($this->base.$this->directory.$fileName, $this->params['filesPermission']); - $this->notice = $this->_resultString->getString('executed'); - return true; + if (@move_uploaded_file($_FILES[$userfile]["tmp_name"],$this->base.$this->directory.$fileName)) + { + if ($this->params['createImage']) + { + //create the image + $basePath = $this->base.$this->directory; + $thumb = new Image_Gd_Thumbnail($basePath); + $thumb->render($fileName,$this->base.$this->directory.$fileName); + } + + @chmod($this->base.$this->directory.$fileName, $this->params['filesPermission']); + $this->notice = $this->_resultString->getString('executed'); + return true; + } + else + { + $this->notice = $this->_resultString->getString('error'); + } } else { - $this->notice = $this->_resultString->getString('error'); + $this->notice = $this->_resultString->getString('file-exists'); } } else { - $this->notice = $this->_resultString->getString('file-exists'); + $this->notice = $this->_resultString->getString('not-allowed-mime-type'); } } else |