These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of EC-CUBE |
||
5 | * |
||
6 | * Copyright(c) LOCKON CO.,LTD. All Rights Reserved. |
||
7 | * |
||
8 | * http://www.lockon.co.jp/ |
||
9 | * |
||
10 | * For the full copyright and license information, please view the LICENSE |
||
11 | * file that was distributed with this source code. |
||
12 | */ |
||
13 | |||
14 | namespace Eccube\Controller\Admin\Content; |
||
15 | |||
16 | use Eccube\Controller\AbstractController; |
||
17 | use Eccube\Util\FilesystemUtil; |
||
18 | use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template; |
||
19 | use Symfony\Component\Filesystem\Exception\IOException; |
||
20 | use Symfony\Component\Filesystem\Filesystem; |
||
21 | use Symfony\Component\Finder\Finder; |
||
22 | use Symfony\Component\Form\Extension\Core\Type\FileType; |
||
23 | use Symfony\Component\Form\Extension\Core\Type\FormType; |
||
24 | use Symfony\Component\Form\Extension\Core\Type\TextType; |
||
25 | use Symfony\Component\HttpFoundation\BinaryFileResponse; |
||
26 | use Symfony\Component\HttpFoundation\File\Exception\FileException; |
||
27 | use Symfony\Component\HttpFoundation\Request; |
||
28 | use Symfony\Component\HttpFoundation\ResponseHeaderBag; |
||
29 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
30 | use Symfony\Component\Routing\Annotation\Route; |
||
31 | use Symfony\Component\Validator\Constraints as Assert; |
||
32 | |||
33 | class FileController extends AbstractController |
||
34 | { |
||
35 | const SJIS = 'sjis-win'; |
||
36 | const UTF = 'UTF-8'; |
||
37 | private $errors = []; |
||
38 | private $encode = ''; |
||
39 | |||
40 | /** |
||
41 | * FileController constructor. |
||
42 | */ |
||
43 | public function __construct() |
||
44 | 6 | { |
|
45 | $this->encode = self::UTF; |
||
46 | 6 | if ('\\' === DIRECTORY_SEPARATOR) { |
|
47 | 6 | $this->encode = self::SJIS; |
|
48 | } |
||
49 | } |
||
50 | |||
51 | /** |
||
52 | * @Route("/%eccube_admin_route%/content/file_manager", name="admin_content_file") |
||
53 | * @Template("@admin/Content/file.twig") |
||
54 | */ |
||
55 | public function index(Request $request) |
||
56 | 3 | { |
|
57 | $form = $this->formFactory->createBuilder(FormType::class) |
||
58 | 3 | ->add('file', FileType::class) |
|
59 | 3 | ->add('create_file', TextType::class) |
|
60 | 3 | ->getForm(); |
|
61 | 3 | ||
62 | // user_data_dir |
||
63 | $userDataDir = $this->getUserDataDir(); |
||
64 | 3 | $topDir = $this->normalizePath($userDataDir); |
|
65 | 3 | // $topDir = '/'; |
|
66 | // user_data_dirの親ディレクトリ |
||
67 | $htmlDir = $this->normalizePath($this->getUserDataDir().'/../'); |
||
68 | 3 | ||
69 | // カレントディレクトリ |
||
70 | $nowDir = $this->checkDir($this->getUserDataDir($request->get('tree_select_file')), $this->getUserDataDir()) |
||
71 | 3 | ? $this->normalizePath($this->getUserDataDir($request->get('tree_select_file'))) |
|
72 | 3 | : $topDir; |
|
73 | 3 | ||
74 | // パンくず表示用データ |
||
75 | $nowDirList = json_encode(explode('/', trim(str_replace($htmlDir, '', $nowDir), '/'))); |
||
76 | 3 | $jailNowDir = $this->getJailDir($nowDir); |
|
77 | 3 | $isTopDir = ($topDir === $jailNowDir); |
|
78 | 3 | $parentDir = substr($nowDir, 0, strrpos($nowDir, '/')); |
|
79 | 3 | ||
80 | if ('POST' === $request->getMethod()) { |
||
81 | 3 | switch ($request->get('mode')) { |
|
82 | 2 | case 'create': |
|
83 | $this->create($request); |
||
84 | 1 | break; |
|
85 | 1 | case 'upload': |
|
86 | $this->upload($request); |
||
87 | 1 | break; |
|
88 | 1 | default: |
|
89 | break; |
||
90 | } |
||
91 | } |
||
92 | $tree = $this->getTree($this->getUserDataDir(), $request); |
||
93 | 3 | $arrFileList = $this->getFileList($nowDir); |
|
94 | 3 | $paths = $this->getPathsToArray($tree); |
|
95 | 3 | $tree = $this->getTreeToArray($tree); |
|
96 | 3 | ||
97 | return [ |
||
98 | 'form' => $form->createView(), |
||
99 | 3 | 'tpl_javascript' => json_encode($tree), |
|
100 | 3 | 'top_dir' => $this->getJailDir($topDir), |
|
101 | 3 | 'tpl_is_top_dir' => $isTopDir, |
|
102 | 3 | 'tpl_now_dir' => $jailNowDir, |
|
103 | 3 | 'html_dir' => $this->getJailDir($htmlDir), |
|
104 | 3 | 'now_dir_list' => $nowDirList, |
|
105 | 3 | 'tpl_parent_dir' => $this->getJailDir($parentDir), |
|
106 | 3 | 'arrFileList' => $arrFileList, |
|
107 | 3 | 'errors' => $this->errors, |
|
108 | 3 | 'paths' => json_encode($paths), |
|
109 | 3 | ]; |
|
110 | } |
||
111 | |||
112 | /** |
||
113 | * @Route("/%eccube_admin_route%/content/file_view", name="admin_content_file_view") |
||
114 | */ |
||
115 | public function view(Request $request) |
||
116 | 1 | { |
|
117 | $file = $this->convertStrToServer($this->getUserDataDir($request->get('file'))); |
||
118 | 1 | if ($this->checkDir($file, $this->getUserDataDir())) { |
|
119 | 1 | setlocale(LC_ALL, 'ja_JP.UTF-8'); |
|
120 | 1 | ||
121 | return new BinaryFileResponse($file); |
||
122 | 1 | } |
|
123 | |||
124 | throw new NotFoundHttpException(); |
||
125 | } |
||
126 | |||
127 | /** |
||
128 | * Create directory |
||
129 | * |
||
130 | * @param Request $request |
||
131 | */ |
||
132 | public function create(Request $request) |
||
133 | 1 | { |
|
134 | $form = $this->formFactory->createBuilder(FormType::class) |
||
135 | 1 | ->add('file', FileType::class) |
|
136 | 1 | ->add('create_file', TextType::class, [ |
|
137 | 1 | 'constraints' => [ |
|
138 | new Assert\NotBlank(), |
||
139 | 1 | new Assert\Regex([ |
|
140 | 1 | 'pattern' => '/[^[:alnum:]_.\\-]/', |
|
141 | 'match' => false, |
||
142 | 1 | 'message' => 'file.text.error.folder_symbol', |
|
143 | 1 | ]), |
|
144 | new Assert\Regex([ |
||
145 | 'pattern' => "/^\.(.*)$/", |
||
146 | 'match' => false, |
||
147 | 1 | 'message' => 'file.text.error.folder_period', |
|
148 | 1 | ]), |
|
149 | ], |
||
150 | ]) |
||
151 | ->getForm(); |
||
152 | |||
153 | $form->handleRequest($request); |
||
154 | 1 | View Code Duplication | if (!$form->isValid()) { |
155 | foreach ($form->getErrors(true) as $error) { |
||
156 | 1 | $this->errors[] = ['message' => $error->getMessage()]; |
|
0 ignored issues
–
show
|
|||
157 | 1 | } |
|
158 | |||
159 | return; |
||
160 | } |
||
161 | |||
162 | $fs = new Filesystem(); |
||
163 | $filename = $form->get('create_file')->getData(); |
||
164 | |||
165 | 1 | try { |
|
166 | 1 | $topDir = $this->getUserDataDir(); |
|
167 | $nowDir = $this->getUserDataDir($request->get('now_dir')); |
||
168 | $nowDir = $this->checkDir($nowDir, $topDir) |
||
169 | 1 | ? $this->normalizePath($nowDir) |
|
170 | 1 | : $topDir; |
|
171 | 1 | $fs->mkdir($nowDir.'/'.$filename); |
|
172 | |||
173 | 1 | $this->addSuccess('admin.common.create_complete', 'admin'); |
|
174 | 1 | } catch (IOException $e) { |
|
175 | $this->errors[] = ['message' => $e->getMessage()]; |
||
176 | 1 | } |
|
177 | } |
||
178 | |||
179 | /** |
||
180 | * @Route("/%eccube_admin_route%/content/file_delete", name="admin_content_file_delete", methods={"DELETE"}) |
||
181 | */ |
||
182 | public function delete(Request $request) |
||
183 | { |
||
184 | $this->isTokenValid(); |
||
185 | |||
186 | 1 | $selectFile = $request->get('select_file'); |
|
187 | if (is_null($selectFile) || $selectFile == '/') { |
||
188 | 1 | return $this->redirectToRoute('admin_content_file'); |
|
189 | } |
||
190 | 1 | ||
191 | 1 | $topDir = $this->getUserDataDir(); |
|
192 | 1 | $file = $this->convertStrToServer($this->getUserDataDir($selectFile)); |
|
193 | 1 | if ($this->checkDir($file, $topDir)) { |
|
194 | 1 | $fs = new Filesystem(); |
|
195 | 1 | if ($fs->exists($file)) { |
|
196 | 1 | $fs->remove($file); |
|
197 | $this->addSuccess('admin.common.delete_complete', 'admin'); |
||
198 | } |
||
199 | } |
||
200 | 1 | ||
201 | return $this->redirectToRoute('admin_content_file'); |
||
202 | } |
||
203 | |||
204 | /** |
||
205 | * @Route("/%eccube_admin_route%/content/file_download", name="admin_content_file_download") |
||
206 | 1 | */ |
|
207 | public function download(Request $request) |
||
208 | 1 | { |
|
209 | 1 | $topDir = $this->getUserDataDir(); |
|
210 | 1 | $file = $this->convertStrToServer($this->getUserDataDir($request->get('select_file'))); |
|
211 | 1 | if ($this->checkDir($file, $topDir)) { |
|
212 | 1 | if (!is_dir($file)) { |
|
213 | 1 | setlocale(LC_ALL, 'ja_JP.UTF-8'); |
|
214 | $pathParts = pathinfo($file); |
||
215 | |||
216 | 1 | $patterns = [ |
|
217 | '/[a-zA-Z0-9!"#$%&()=~^|@`:*;+{}]/', |
||
218 | '/[- ,.<>?_[\]\/\\\\]/', |
||
219 | "/['\r\n\t\v\f]/", |
||
220 | ]; |
||
221 | 1 | ||
222 | 1 | $str = preg_replace($patterns, '', $pathParts['basename']); |
|
223 | 1 | if (strlen($str) === 0) { |
|
224 | return (new BinaryFileResponse($file))->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT); |
||
225 | } else { |
||
226 | return new BinaryFileResponse($file, 200, [ |
||
227 | 'Content-Type' => 'aplication/octet-stream;', |
||
228 | 'Content-Disposition' => "attachment; filename*=UTF-8\'\'".rawurlencode($this->convertStrFromServer($pathParts['basename'])), |
||
229 | ]); |
||
230 | } |
||
231 | } |
||
232 | } |
||
233 | throw new NotFoundHttpException(); |
||
234 | } |
||
235 | 1 | ||
236 | public function upload(Request $request) |
||
237 | 1 | { |
|
238 | 1 | $form = $this->formFactory->createBuilder(FormType::class) |
|
239 | ->add('file', FileType::class, [ |
||
240 | 1 | 'constraints' => [ |
|
241 | 1 | new Assert\NotBlank([ |
|
242 | 'message' => 'admin.common.file_select_empty', |
||
243 | ]), |
||
244 | ], |
||
245 | 1 | ]) |
|
246 | 1 | ->add('create_file', TextType::class) |
|
247 | ->getForm(); |
||
248 | 1 | ||
249 | $form->handleRequest($request); |
||
250 | 1 | ||
251 | View Code Duplication | if (!$form->isValid()) { |
|
252 | foreach ($form->getErrors(true) as $error) { |
||
253 | $this->errors[] = ['message' => $error->getMessage()]; |
||
0 ignored issues
–
show
The method
getMessage does only exist in Symfony\Component\Form\FormError , but not in Symfony\Component\Form\FormErrorIterator .
It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A
{
public function foo() { }
}
class B extends A
{
public function bar() { }
}
/**
* @param A|B $x
*/
function someFunction($x)
{
$x->foo(); // This call is fine as the method exists in A and B.
$x->bar(); // This method only exists in B and might cause an error.
}
Available Fixes
Loading history...
|
|||
254 | } |
||
255 | |||
256 | return; |
||
257 | } |
||
258 | 1 | ||
259 | 1 | $data = $form->getData(); |
|
260 | 1 | $topDir = $this->getUserDataDir(); |
|
261 | $nowDir = $this->getUserDataDir($request->get('now_dir')); |
||
262 | 1 | ||
263 | if (!$this->checkDir($nowDir, $topDir)) { |
||
264 | $this->errors[] = ['message' => 'file.text.error.invalid_upload_folder']; |
||
265 | |||
266 | return; |
||
267 | } |
||
268 | 1 | ||
269 | $filename = $this->convertStrToServer($data['file']->getClientOriginalName()); |
||
270 | 1 | try { |
|
271 | 1 | $data['file']->move($nowDir, $filename); |
|
272 | $this->addSuccess('admin.common.upload_complete', 'admin'); |
||
273 | } catch (FileException $e) { |
||
274 | $this->errors[] = ['message' => $e->getMessage()]; |
||
275 | } |
||
276 | } |
||
277 | 3 | ||
278 | private function getTreeToArray($tree) |
||
279 | 3 | { |
|
280 | 3 | $arrTree = []; |
|
281 | 3 | foreach ($tree as $key => $val) { |
|
282 | 3 | $path = $this->getJailDir($val['path']); |
|
283 | 3 | $arrTree[$key] = [ |
|
284 | 3 | $key, |
|
285 | 3 | $val['type'], |
|
286 | 3 | $path, |
|
287 | 3 | $val['depth'], |
|
288 | $val['open'] ? 'true' : 'false', |
||
289 | ]; |
||
290 | } |
||
291 | 3 | ||
292 | return $arrTree; |
||
293 | } |
||
294 | 3 | ||
295 | private function getPathsToArray($tree) |
||
296 | 3 | { |
|
297 | 3 | $paths = []; |
|
298 | 3 | foreach ($tree as $val) { |
|
299 | $paths[] = $this->getJailDir($val['path']); |
||
300 | } |
||
301 | 3 | ||
302 | return $paths; |
||
303 | } |
||
304 | |||
305 | /** |
||
306 | * @param string $topDir |
||
307 | * @param Request $request |
||
308 | 3 | */ |
|
309 | private function getTree($topDir, $request) |
||
310 | 3 | { |
|
311 | 3 | $finder = Finder::create()->in($topDir) |
|
312 | 3 | ->directories() |
|
313 | ->sortByName(); |
||
314 | 3 | ||
315 | 3 | $tree = []; |
|
316 | 3 | $tree[] = [ |
|
317 | 3 | 'path' => $topDir, |
|
318 | 3 | 'type' => '_parent', |
|
319 | 'depth' => 0, |
||
320 | 'open' => true, |
||
321 | ]; |
||
322 | 3 | ||
323 | $defaultDepth = count(explode('/', $topDir)); |
||
324 | 3 | ||
325 | 3 | $openDirs = []; |
|
326 | if ($request->get('tree_status')) { |
||
327 | $openDirs = explode('|', $request->get('tree_status')); |
||
328 | } |
||
329 | 3 | ||
330 | 1 | foreach ($finder as $dirs) { |
|
331 | 1 | $path = $this->normalizePath($dirs->getRealPath()); |
|
332 | 1 | $type = (iterator_count(Finder::create()->in($path)->directories())) ? '_parent' : '_child'; |
|
333 | 1 | $depth = count(explode('/', $path)) - $defaultDepth; |
|
334 | 1 | $tree[] = [ |
|
335 | 1 | 'path' => $path, |
|
336 | 1 | 'type' => $type, |
|
337 | 1 | 'depth' => $depth, |
|
338 | 'open' => (in_array($path, $openDirs)) ? true : false, |
||
339 | ]; |
||
340 | } |
||
341 | 3 | ||
342 | return $tree; |
||
343 | } |
||
344 | |||
345 | /** |
||
346 | * @param string $nowDir |
||
347 | 3 | */ |
|
348 | private function getFileList($nowDir) |
||
349 | 3 | { |
|
350 | 3 | $topDir = $this->getuserDataDir(); |
|
351 | 3 | $filter = function (\SplFileInfo $file) use ($topDir) { |
|
352 | 3 | $acceptPath = realpath($topDir); |
|
353 | $targetPath = $file->getRealPath(); |
||
354 | 3 | ||
355 | 3 | return strpos($targetPath, $acceptPath) === 0; |
|
356 | }; |
||
357 | 3 | ||
358 | 3 | $finder = Finder::create() |
|
359 | 3 | ->filter($filter) |
|
360 | 3 | ->in($nowDir) |
|
361 | 3 | ->ignoreDotFiles(false) |
|
362 | 3 | ->sortByName() |
|
363 | 3 | ->depth(0); |
|
364 | $dirFinder = $finder->directories(); |
||
365 | 3 | try { |
|
366 | $dirs = $dirFinder->getIterator(); |
||
367 | } catch (\Exception $e) { |
||
368 | $dirs = []; |
||
369 | } |
||
370 | 3 | ||
371 | $fileFinder = $finder->files(); |
||
372 | 3 | try { |
|
373 | $files = $fileFinder->getIterator(); |
||
374 | } catch (\Exception $e) { |
||
375 | $files = []; |
||
376 | } |
||
377 | 3 | ||
378 | 3 | $arrFileList = []; |
|
379 | 1 | foreach ($dirs as $dir) { |
|
380 | 1 | $dirPath = $this->normalizePath($dir->getRealPath()); |
|
381 | 1 | $childDir = Finder::create() |
|
382 | 1 | ->in($dirPath) |
|
383 | 1 | ->ignoreDotFiles(false) |
|
384 | 1 | ->directories() |
|
385 | 1 | ->depth(0); |
|
386 | 1 | $childFile = Finder::create() |
|
387 | 1 | ->in($dirPath) |
|
388 | 1 | ->ignoreDotFiles(false) |
|
389 | 1 | ->files() |
|
390 | 1 | ->depth(0); |
|
391 | 1 | $countNumber = $childDir->count() + $childFile->count(); |
|
392 | 1 | $arrFileList[] = [ |
|
393 | 1 | 'file_name' => $this->convertStrFromServer($dir->getFilename()), |
|
394 | 1 | 'file_path' => $this->convertStrFromServer($this->getJailDir($dirPath)), |
|
395 | 1 | 'file_size' => FilesystemUtil::sizeToHumanReadable($dir->getSize()), |
|
396 | 'file_time' => $dir->getmTime(), |
||
397 | 1 | 'is_dir' => true, |
|
398 | 'is_empty' => $countNumber == 0 ? true : false, |
||
399 | ]; |
||
400 | 3 | } |
|
401 | 3 | foreach ($files as $file) { |
|
402 | 3 | $arrFileList[] = [ |
|
403 | 3 | 'file_name' => $this->convertStrFromServer($file->getFilename()), |
|
404 | 3 | 'file_path' => $this->convertStrFromServer($this->getJailDir($this->normalizePath($file->getRealPath()))), |
|
405 | 3 | 'file_size' => FilesystemUtil::sizeToHumanReadable($file->getSize()), |
|
406 | 'file_time' => $file->getmTime(), |
||
407 | 'is_dir' => false, |
||
408 | 3 | 'is_empty' => false, |
|
409 | 'extension' => $file->getExtension(), |
||
410 | ]; |
||
411 | } |
||
412 | 3 | ||
413 | return $arrFileList; |
||
414 | } |
||
415 | 3 | ||
416 | protected function normalizePath($path) |
||
417 | 3 | { |
|
418 | return str_replace('\\', '/', realpath($path)); |
||
419 | } |
||
420 | |||
421 | /** |
||
422 | * @param string $topDir |
||
423 | 6 | */ |
|
424 | protected function checkDir($targetDir, $topDir) |
||
425 | 6 | { |
|
426 | 6 | $targetDir = realpath($targetDir); |
|
427 | $topDir = realpath($topDir); |
||
428 | 6 | ||
429 | return strpos($targetDir, $topDir) === 0; |
||
430 | } |
||
431 | |||
432 | /** |
||
433 | * @return string |
||
434 | 3 | */ |
|
435 | View Code Duplication | private function convertStrFromServer($target) |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
436 | 3 | { |
|
437 | if ($this->encode == self::SJIS) { |
||
438 | return mb_convert_encoding($target, self::UTF, self::SJIS); |
||
439 | } |
||
440 | 3 | ||
441 | return $target; |
||
442 | } |
||
443 | 4 | ||
444 | View Code Duplication | private function convertStrToServer($target) |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
445 | 4 | { |
|
446 | if ($this->encode == self::SJIS) { |
||
447 | return mb_convert_encoding($target, self::SJIS, self::UTF); |
||
448 | } |
||
449 | 4 | ||
450 | return $target; |
||
451 | } |
||
452 | 6 | ||
453 | private function getUserDataDir($nowDir = null) |
||
454 | 6 | { |
|
455 | return rtrim($this->getParameter('kernel.project_dir').'/html/user_data'.$nowDir, '/'); |
||
456 | } |
||
457 | 3 | ||
458 | private function getJailDir($path) |
||
459 | 3 | { |
|
460 | 3 | $realpath = realpath($path); |
|
461 | $jailPath = str_replace(realpath($this->getUserDataDir()), '', $realpath); |
||
462 | 3 | ||
463 | return $jailPath ? $jailPath : '/'; |
||
464 | } |
||
465 | } |
||
466 |
It seems like the method you are trying to call exists only in some of the possible types.
Let’s take a look at an example:
Available Fixes
Add an additional type-check:
Only allow a single type to be passed if the variable comes from a parameter: