aboutsummaryrefslogtreecommitdiff
path: root/h-source/Library/Files/Upload.php
diff options
context:
space:
mode:
Diffstat (limited to 'h-source/Library/Files/Upload.php')
-rwxr-xr-xh-source/Library/Files/Upload.php82
1 files changed, 64 insertions, 18 deletions
diff --git a/h-source/Library/Files/Upload.php b/h-source/Library/Files/Upload.php
index f06c1c8..7dbc7d1 100755
--- a/h-source/Library/Files/Upload.php
+++ b/h-source/Library/Files/Upload.php
@@ -60,10 +60,12 @@ class Files_Upload
'maxFileSize' => 3000000,
'language' => 'En',
'allowedExtensions' => 'jpg,jpeg,png,gif,txt',
+ 'allowedMimeTypes' => '',
'fileUploadKey' => 'userfile',
'fileUploadBehaviour' => 'add_token', //can be none or add_token
'fileUploadBeforeTokenChar' => '_',
'functionUponFileNane' => 'none',
+ 'createImage' => false,
);
//set the $this->scaffold->params array
@@ -226,15 +228,23 @@ class Files_Upload
//get the extension of the file
public function getFileExtension($file)
{
- return strtolower(end(explode('.', $file)));
+ if (strstr($file,'.'))
+ {
+ return strtolower(end(explode('.', $file)));
+ }
+ return '';
}
//get the file name without the extension
public function getNameWithoutFileExtension($file)
{
- $copy = explode('.', $file);
- array_pop($copy);
- return implode('.',$copy);
+ if (strstr($file,'.'))
+ {
+ $copy = explode('.', $file);
+ array_pop($copy);
+ return implode('.',$copy);
+ }
+ return $file;
}
//get a not existing file name if the one retrieved from the upload process already exists in the current directory
@@ -243,7 +253,10 @@ class Files_Upload
$fileNameWithoutExt = $this->getNameWithoutFileExtension($file);
$extension = $this->getFileExtension($file);
$token = $int === 0 ? null : $this->params['fileUploadBeforeTokenChar'].$int;
- $newName = $fileNameWithoutExt.$token.".$extension";
+
+ $dotExt = strcmp($extension,'') !== 0 ? ".$extension" : null;
+
+ $newName = $fileNameWithoutExt.$token.$dotExt;
if (!file_exists($this->base.$this->directory.$newName))
{
return $newName;
@@ -465,14 +478,22 @@ class Files_Upload
$ext = $this->getFileExtension($nameFromUpload);
$nameWithoutExtension = $this->getNameWithoutFileExtension($nameFromUpload);
+ $dotExt = strcmp($ext,'') !== 0 ? ".$ext" : null;
+
+ //check if the "functionUponFileNane" function exists
if (!function_exists($this->params['functionUponFileNane'])) {
throw new Exception('Error in <b>'.__METHOD__.'</b>: function <b>'.$this->params['functionUponFileNane']. '</b> does not exist');
}
+ //check if the fileinfo extension is loaded
+ if (strcmp($this->params['allowedMimeTypes'],'') !== 0 and !extension_loaded('fileinfo')) {
+ throw new Exception('Error in <b>'.__METHOD__.'</b>: no MIME type check is possible because the <b>fileinfo</b> extension is not loaded');
+ }
+
$nameWithoutExtension = call_user_func($this->params['functionUponFileNane'],$nameWithoutExtension);
-
- $fileName = isset($fileName) ? $fileName.".$ext" : $nameWithoutExtension.".$ext";
-
+
+ $fileName = isset($fileName) ? $fileName.$dotExt : $nameWithoutExtension.$dotExt;
+
$this->fileName = $fileName;
switch($this->params['fileUploadBehaviour'])
@@ -490,26 +511,51 @@ class Files_Upload
{
//check the extension of the file
$AllowedExtensionsArray = explode(',',$this->params['allowedExtensions']);
-
- if (in_array($ext,$AllowedExtensionsArray))
+
+ if (strcmp($this->params['allowedExtensions'],'') === 0 or in_array($ext,$AllowedExtensionsArray))
{
- //check if the file doesn't exist
- if (!file_exists($this->base.$this->directory.$fileName))
+ if (strcmp($this->params['allowedMimeTypes'],'') !== 0)
+ {
+ //get the MIME type of the file
+ $finfo = finfo_open(FILEINFO_MIME_TYPE);
+ $MIMEtype = finfo_file($finfo, $_FILES[$userfile]["tmp_name"]);
+ finfo_close($finfo);
+ }
+
+ $AllowedMimeTypesArray = explode(',',$this->params['allowedMimeTypes']);
+
+ if (strcmp($this->params['allowedMimeTypes'],'') === 0 or in_array($MIMEtype,$AllowedMimeTypesArray))
{
- if (@move_uploaded_file($_FILES[$userfile]["tmp_name"],$this->base.$this->directory.$fileName))
+ //check if the file doesn't exist
+ if (!file_exists($this->base.$this->directory.$fileName))
{
- @chmod($this->base.$this->directory.$fileName, $this->params['filesPermission']);
- $this->notice = $this->_resultString->getString('executed');
- return true;
+ if (@move_uploaded_file($_FILES[$userfile]["tmp_name"],$this->base.$this->directory.$fileName))
+ {
+ if ($this->params['createImage'])
+ {
+ //create the image
+ $basePath = $this->base.$this->directory;
+ $thumb = new Image_Gd_Thumbnail($basePath);
+ $thumb->render($fileName,$this->base.$this->directory.$fileName);
+ }
+
+ @chmod($this->base.$this->directory.$fileName, $this->params['filesPermission']);
+ $this->notice = $this->_resultString->getString('executed');
+ return true;
+ }
+ else
+ {
+ $this->notice = $this->_resultString->getString('error');
+ }
}
else
{
- $this->notice = $this->_resultString->getString('error');
+ $this->notice = $this->_resultString->getString('file-exists');
}
}
else
{
- $this->notice = $this->_resultString->getString('file-exists');
+ $this->notice = $this->_resultString->getString('not-allowed-mime-type');
}
}
else