Issues in MediaController.php - Fixed Issues - Inspection of "Merge pull request #2681 from Numkil/feature/csrfP..." - Kunstmaan/KunstmaanBundlesCMS - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 947afa...ae5e03 )

by Jeroen

created 2020-07-07 14:00 UTC

MediaBundle/Controller/MediaController.php (2 issues)

Labels

Severity

Major 2

Kristof Jochmans 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Kunstmaan\MediaBundle\Controller;

use Exception;
use Kunstmaan\AdminBundle\FlashMessages\FlashTypes;
use Kunstmaan\MediaBundle\Entity\Folder;
use Kunstmaan\MediaBundle\Entity\Media;
use Kunstmaan\MediaBundle\Form\BulkMoveMediaType;
use Kunstmaan\MediaBundle\Helper\MediaManager;
use Symfony\Component\Routing\Annotation\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\File\File;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

/**
 * MediaController
 */
class MediaController extends Controller
{
    /**
     * @param Request $request
     * @param int     $mediaId
     *
     * @Route("/{mediaId}", requirements={"mediaId" = "\d+"}, name="KunstmaanMediaBundle_media_show")
     *
     * @return Response
     */
    public function showAction(Request $request, $mediaId)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Media $media */
        $media = $em->getRepository(Media::class)->getMedia($mediaId);
        $folder = $media->getFolder();

        /* @var MediaManager $mediaManager */
        $mediaManager = $this->get('kunstmaan_media.media_manager');
        $handler = $mediaManager->getHandler($media);
        $helper = $handler->getFormHelper($media);

        $form = $this->createForm($handler->getFormType(), $helper, $handler->getFormTypeOptions());

        if ($request->isMethod('POST')) {
            $form->handleRequest($request);
            if ($form->isSubmitted() && $form->isValid()) {
                $media = $helper->getMedia();
                $em->getRepository(Media::class)->save($media);

                return new RedirectResponse(
                    $this->generateUrl(
                        'KunstmaanMediaBundle_media_show',
                        ['mediaId' => $media->getId()]
                    )
                );
            }
        }
        $showTemplate = $mediaManager->getHandler($media)->getShowTemplate($media);

        return $this->render(
            $showTemplate,
            [
                'handler' => $handler,
                'foldermanager' => $this->get('kunstmaan_media.folder_manager'),
                'mediamanager' => $this->get('kunstmaan_media.media_manager'),
                'editform' => $form->createView(),
                'media' => $media,
                'helper' => $helper,
                'folder' => $folder,
            ]
        );
    }

    /**
     * @param Request $request
     * @param int     $mediaId
     *
     * @Route("/delete/{mediaId}", requirements={"mediaId" = "\d+"}, name="KunstmaanMediaBundle_media_delete")
     *
     * @return RedirectResponse
     */
    public function deleteAction(Request $request, $mediaId)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Media $media */
        $media = $em->getRepository(Media::class)->getMedia($mediaId);
        $medianame = $media->getName();
        $folder = $media->getFolder();

        $em->getRepository(Media::class)->delete($media);

        $this->addFlash(
            FlashTypes::SUCCESS,
            $this->get('translator')->trans(
                'kuma_admin.media.flash.deleted_success.%medianame%',
                [
                    '%medianame%' => $medianame,
                ]
            )
        );

        // If the redirect url is passed via the url we use it
        $redirectUrl = $request->query->get('redirectUrl');
        if (empty($redirectUrl) || (\strpos($redirectUrl, $request->getSchemeAndHttpHost()) !== 0 && strncmp($redirectUrl, '/', 1) !== 0)) {
            $redirectUrl = $this->generateUrl(
                'KunstmaanMediaBundle_folder_show',
                ['folderId' => $folder->getId()]
            );
        }

        return new RedirectResponse($redirectUrl);
    }

    /**
     * @param int $folderId
     *
     * @Route("bulkupload/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_bulk_upload")
     * @Template("@KunstmaanMedia/Media/bulkUpload.html.twig")
     *
     * @return array|RedirectResponse
     */
    public function bulkUploadAction($folderId)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Folder $folder */
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);

        return ['folder' => $folder];
    }

    /**
     * @param Request $request
     * @param int     $folderId
     *
     * @Route("bulkuploadsubmit/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_bulk_upload_submit")
     *
     * @return JsonResponse
     */
    public function bulkUploadSubmitAction(Request $request, $folderId)
    {
        // Settings
        if (\ini_get('upload_tmp_dir')) {
            $tempDir = \ini_get('upload_tmp_dir');
        } else {
            $tempDir = \sys_get_temp_dir();
        }
        $targetDir = \rtrim($tempDir, '/').DIRECTORY_SEPARATOR.'plupload';
        $cleanupTargetDir = true; // Remove old files
        $maxFileAge = 5 * 60 * 60; // Temp file age in seconds

        // Create target dir
        if (!\file_exists($targetDir)) {
            @\mkdir($targetDir);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
        }

        // Get a file name
        if ($request->request->has('name')) {
            $fileName = $request->request->get('name');
        } elseif (0 !== $request->files->count()) {
            $fileName = $request->files->get('file')['name'];
        } else {
            $fileName = \uniqid('file_', false);
        }
        $filePath = $targetDir.DIRECTORY_SEPARATOR.$fileName;

        $chunk = 0;
        $chunks = 0;
        // Chunking might be enabled
        if ($request->request->has('chunk')) {
            $chunk = $request->request->getInt('chunk');
        }
        if ($request->request->has('chunks')) {
            $chunks = $request->request->getInt('chunks');
        }

        // Remove old temp files
        if ($cleanupTargetDir) {
            if (!\is_dir($targetDir) || !$dir = \opendir($targetDir)) {
                return $this->returnJsonError('100', 'Failed to open temp directory.');
            }

            while (($file = \readdir($dir)) !== false) {
                $tmpFilePath = $targetDir.DIRECTORY_SEPARATOR.$file;

                // If temp file is current file proceed to the next
                if ($tmpFilePath === "{$filePath}.part") {
                    continue;
                }

                // Remove temp file if it is older than the max age and is not the current file
                if (\preg_match('/\.part$/', $file) && (\filemtime($tmpFilePath) < \time() - $maxFileAge)) {
                    $success = @\unlink($tmpFilePath);
                    if ($success !== true) {
                        return $this->returnJsonError('106', 'Could not remove temp file: '.$filePath);
                    }
                }
            }
            \closedir($dir);
        }

        // Open temp file
        if (!$out = @\fopen("{$filePath}.part", $chunks ? 'ab' : 'wb')) {
            return $this->returnJsonError('102', 'Failed to open output stream.');
        }

        if (0 !== $request->files->count()) {
            $_file = $request->files->get('file');
            if ($_file->getError() > 0 || !\is_uploaded_file($_file->getRealPath())) {
                return $this->returnJsonError('103', 'Failed to move uploaded file.');
            }

            // Read binary input stream and append it to temp file
            if (!$input = @\fopen($_file->getRealPath(), 'rb')) {
                return $this->returnJsonError('101', 'Failed to open input stream.');
            }
        } else {
            if (!$input = @\fopen('php://input', 'rb')) {
                return $this->returnJsonError('101', 'Failed to open input stream.');
            }
        }

        while ($buff = \fread($input, 4096)) {
            \fwrite($out, $buff);
        }

        @\fclose($out);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
        @\fclose($input);

        // Check if file has been uploaded
        if (!$chunks || $chunk === $chunks - 1) {
            // Strip the temp .part suffix off
            \rename("{$filePath}.part", $filePath);
        }

        $em = $this->getDoctrine()->getManager();
        /* @var Folder $folder */
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);
        $file = new File($filePath);

        try {
            /* @var Media $media */
            $media = $this->get('kunstmaan_media.media_manager')->getHandler($file)->createNew($file);
            $media->setFolder($folder);
            $em->getRepository(Media::class)->save($media);
        } catch (Exception $e) {
            return $this->returnJsonError('104', 'Failed performing save on media-manager');
        }

        $success = \unlink($filePath);
        if ($success !== true) {
            return $this->returnJsonError('105', 'Could not remove temp file: '.$filePath);
        }

        // Send headers making sure that the file is not cached (as it happens for example on iOS devices)
        $response = new JsonResponse(
            [
                'jsonrpc' => '2.0',
                'result' => '',
                'id' => 'id',
            ], JsonResponse::HTTP_OK, [
                'Expires' => 'Mon, 26 Jul 1997 05:00:00 GMT',
                'Last-Modified' => \gmdate('D, d M Y H:i:s').' GMT',
                'Cache-Control' => 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0',
                'Pragma' => 'no-cache',
            ]
        );

        return $response;
    }

    private function returnJsonError($code, $message)
    {
        return new JsonResponse(
            [
                'jsonrpc' => '2.0',
                'error ' => [
                    'code' => $code,
                    'message' => $message,
                ],
                'id' => 'id',
            ]
        );
    }

    /**
     * @param Request $request
     * @param int     $folderId
     *
     * @Route("drop/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_drop_upload", methods={"GET", "POST"})
     *
     * @return JsonResponse
     */
    public function dropAction(Request $request, $folderId)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Folder $folder */
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);

        $drop = null;

        if ($request->files->has('files') && $request->files->get('files')['error'] === 0) {
            $drop = $request->files->get('files');
        } else {
            if ($request->files->get('file')) {
                $drop = $request->files->get('file');
            } else {
                $drop = $request->get('text');
            }
        }
        $media = $this->get('kunstmaan_media.media_manager')->createNew($drop);
        if ($media) {
            $media->setFolder($folder);
            $em->getRepository(Media::class)->save($media);

            return new JsonResponse(['status' => $this->get('translator')->trans('kuma_admin.media.flash.drop_success')]);
        }

        $request->getSession()->getFlashBag()->add(
            FlashTypes::DANGER,
            $this->get('translator')->trans('kuma_admin.media.flash.drop_unrecognized')
        );

        return new JsonResponse(['status' => $this->get('translator')->trans('kuma_admin.media.flash.drop_unrecognized')]);
    }

    /**
     * @param Request $request
     * @param int     $folderId The folder id
     * @param string  $type     The type
     *
     * @Route("create/{folderId}/{type}", requirements={"folderId" = "\d+", "type" = ".+"}, name="KunstmaanMediaBundle_media_create", methods={"GET", "POST"})
     * @Template("@KunstmaanMedia/Media/create.html.twig")
     *
     * @return array|RedirectResponse
     */
    public function createAction(Request $request, $folderId, $type)
    {
        return $this->createAndRedirect($request, $folderId, $type, 'KunstmaanMediaBundle_folder_show');
    }

    /**
     * @param Request $request
     * @param int     $folderId    The folder Id
     * @param string  $type        The type
     * @param string  $redirectUrl The url where we want to redirect to on success
     * @param array   $extraParams The extra parameters that will be passed wen redirecting
     *
     * @return array|RedirectResponse
     */
    private function createAndRedirect(Request $request, $folderId, $type, $redirectUrl, $extraParams = [], $isInModal = false)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Folder $folder */
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);

        /* @var MediaManager $mediaManager */
        $mediaManager = $this->get('kunstmaan_media.media_manager');
        $handler = $mediaManager->getHandlerForType($type);
        $media = new Media();
        $helper = $handler->getFormHelper($media);

        $form = $this->createForm($handler->getFormType(), $helper, $handler->getFormTypeOptions());

        if ($request->isMethod('POST')) {
            $params = ['folderId' => $folder->getId()];
            $params = \array_merge($params, $extraParams);

            $form->handleRequest($request);

            if ($form->isSubmitted() && $form->isValid()) {
                $media = $helper->getMedia();
                $media->setFolder($folder);
                $em->getRepository(Media::class)->save($media);

                $this->addFlash(
                    FlashTypes::SUCCESS,
                    $this->get('translator')->trans(
                        'media.flash.created',
                        [
                            '%medianame%' => $media->getName(),
                        ]
                    )
                );

                return new RedirectResponse($this->generateUrl($redirectUrl, $params));
            }

            if ($isInModal) {
                $this->addFlash(
                    FlashTypes::DANGER,
                    $this->get('translator')->trans(
                        'media.flash.not_created',
                        [
                            '%mediaerrors%' => $form->getErrors(true, true),
                        ]
                    )
                );

                return new RedirectResponse($this->generateUrl($redirectUrl, $params));
            }
        }

        return [
            'type' => $type,
            'form' => $form->createView(),
            'folder' => $folder,
        ];
    }

    /**
     * @param Request $request
     * @param int     $folderId The folder id
     * @param string  $type     The type
     *
     * @Route("create/modal/{folderId}/{type}", requirements={"folderId" = "\d+", "type" = ".+"}, name="KunstmaanMediaBundle_media_modal_create", methods={"POST"})
     *
     * @return array|RedirectResponse
     */
    public function createModalAction(Request $request, $folderId, $type)
    {
        $cKEditorFuncNum = $request->get('CKEditorFuncNum');
        $linkChooser = $request->get('linkChooser');

        $extraParams = [];
        if (!empty($cKEditorFuncNum)) {
            $extraParams['CKEditorFuncNum'] = $cKEditorFuncNum;
        }
        if (!empty($linkChooser)) {
            $extraParams['linkChooser'] = $linkChooser;
        }

        return $this->createAndRedirect(
            $request,
            $folderId,
            $type,
            'KunstmaanMediaBundle_chooser_show_folder',
            $extraParams,
            true
        );
    }

    /**
     * @param Request $request
     *
     * @Route("move/", name="KunstmaanMediaBundle_media_move", methods={"POST"})
     *
     * @return string
     */
    public function moveMedia(Request $request)
    {
        @trigger_error(sprintf('The "%s" controller action is deprecated in KunstmaanMediaBundle 5.1 and will be removed in KunstmaanMediaBundle 6.0.', __METHOD__), E_USER_DEPRECATED);

        $mediaId = $request->request->get('mediaId');
        $folderId = $request->request->get('folderId');

        if (empty($mediaId) || empty($folderId)) {
            return new JsonResponse(['error' => ['title' => 'Missing media id or folder id']], 400);
        }

        $em = $this->getDoctrine()->getManager();
        $mediaRepo = $em->getRepository(Media::class);

        $media = $mediaRepo->getMedia($mediaId);
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);

        $media->setFolder($folder);
        $mediaRepo->save($media);

        return new JsonResponse();
    }

    /**
     * @Route("/bulk-move", name="KunstmaanMediaBundle_media_bulk_move")
     *
     * @param Request $request
     *
     * @return JsonResponse|Response
     *
     * @throws \Doctrine\DBAL\DBALException
     */
    public function bulkMoveAction(Request $request)
    {
        $em = $this->getDoctrine()->getManager();
        $mediaRepo = $em->getRepository(Media::class);
        $form = $this->createForm(BulkMoveMediaType::class);

        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            /** @var Folder $folder */
            $folder = $form->getData()['folder'];
            $mediaIds = explode(',', $form->getData()['media']);

            $mediaRepo->createQueryBuilder('m')
                ->update()
                ->set('m.folder', $folder->getId())
                ->where('m.id in (:mediaIds)')
                ->setParameter('mediaIds', $mediaIds)
                ->getQuery()
                ->execute();

            $this->addFlash(FlashTypes::SUCCESS, $this->get('translator')->trans('media.folder.bulk_move.success.text'));

            return new JsonResponse(
                [
                    'Success' => 'The media is moved',
                ]
            );
        }

        return $this->render(
            '@KunstmaanMedia/Folder/bulk-move-modal_form.html.twig',
            [
                'form' => $form->createView(),
            ]
        );
    }
}


1			<?php
2
3			namespace Kunstmaan\MediaBundle\Controller;
4
5			use Exception;
6			use Kunstmaan\AdminBundle\FlashMessages\FlashTypes;
7			use Kunstmaan\MediaBundle\Entity\Folder;
8			use Kunstmaan\MediaBundle\Entity\Media;
9			use Kunstmaan\MediaBundle\Form\BulkMoveMediaType;
10			use Kunstmaan\MediaBundle\Helper\MediaManager;
11			use Symfony\Component\Routing\Annotation\Route;
12			use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
13			use Symfony\Bundle\FrameworkBundle\Controller\Controller;
14			use Symfony\Component\HttpFoundation\File\File;
15			use Symfony\Component\HttpFoundation\JsonResponse;
16			use Symfony\Component\HttpFoundation\RedirectResponse;
17			use Symfony\Component\HttpFoundation\Request;
18			use Symfony\Component\HttpFoundation\Response;
19
20			/**
21			* MediaController
22			*/
23			class MediaController extends Controller
24			{
25			/**
26			* @param Request $request
27			* @param int $mediaId
28			*
29			* @Route("/{mediaId}", requirements={"mediaId" = "\d+"}, name="KunstmaanMediaBundle_media_show")
30			*
31			* @return Response
32			*/
33			public function showAction(Request $request, $mediaId)
34			{
35			$em = $this->getDoctrine()->getManager();
36
37			/* @var Media $media */
38			$media = $em->getRepository(Media::class)->getMedia($mediaId);
39			$folder = $media->getFolder();
40
41			/* @var MediaManager $mediaManager */
42			$mediaManager = $this->get('kunstmaan_media.media_manager');
43			$handler = $mediaManager->getHandler($media);
44			$helper = $handler->getFormHelper($media);
45
46			$form = $this->createForm($handler->getFormType(), $helper, $handler->getFormTypeOptions());
47
48			if ($request->isMethod('POST')) {
49			$form->handleRequest($request);
50			if ($form->isSubmitted() && $form->isValid()) {
51			$media = $helper->getMedia();
52			$em->getRepository(Media::class)->save($media);
53
54			return new RedirectResponse(
55			$this->generateUrl(
56			'KunstmaanMediaBundle_media_show',
57			['mediaId' => $media->getId()]
58			)
59			);
60			}
61			}
62			$showTemplate = $mediaManager->getHandler($media)->getShowTemplate($media);
63
64			return $this->render(
65			$showTemplate,
66			[
67			'handler' => $handler,
68			'foldermanager' => $this->get('kunstmaan_media.folder_manager'),
69			'mediamanager' => $this->get('kunstmaan_media.media_manager'),
70			'editform' => $form->createView(),
71			'media' => $media,
72			'helper' => $helper,
73			'folder' => $folder,
74			]
75			);
76			}
77
78			/**
79			* @param Request $request
80			* @param int $mediaId
81			*
82			* @Route("/delete/{mediaId}", requirements={"mediaId" = "\d+"}, name="KunstmaanMediaBundle_media_delete")
83			*
84			* @return RedirectResponse
85			*/
86			public function deleteAction(Request $request, $mediaId)
87			{
88			$em = $this->getDoctrine()->getManager();
89
90			/* @var Media $media */
91			$media = $em->getRepository(Media::class)->getMedia($mediaId);
92			$medianame = $media->getName();
93			$folder = $media->getFolder();
94
95			$em->getRepository(Media::class)->delete($media);
96
97			$this->addFlash(
98			FlashTypes::SUCCESS,
99			$this->get('translator')->trans(
100			'kuma_admin.media.flash.deleted_success.%medianame%',
101			[
102			'%medianame%' => $medianame,
103			]
104			)
105			);
106
107			// If the redirect url is passed via the url we use it
108			$redirectUrl = $request->query->get('redirectUrl');
109			if (empty($redirectUrl) \|\| (\strpos($redirectUrl, $request->getSchemeAndHttpHost()) !== 0 && strncmp($redirectUrl, '/', 1) !== 0)) {
110			$redirectUrl = $this->generateUrl(
111			'KunstmaanMediaBundle_folder_show',
112			['folderId' => $folder->getId()]
113			);
114			}
115
116			return new RedirectResponse($redirectUrl);
117			}
118
119			/**
120			* @param int $folderId
121			*
122			* @Route("bulkupload/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_bulk_upload")
123			* @Template("@KunstmaanMedia/Media/bulkUpload.html.twig")
124			*
125			* @return array\|RedirectResponse
126			*/
127			public function bulkUploadAction($folderId)
128			{
129			$em = $this->getDoctrine()->getManager();
130
131			/* @var Folder $folder */
132			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
133
134			return ['folder' => $folder];
135			}
136
137			/**
138			* @param Request $request
139			* @param int $folderId
140			*
141			* @Route("bulkuploadsubmit/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_bulk_upload_submit")
142			*
143			* @return JsonResponse
144			*/
145			public function bulkUploadSubmitAction(Request $request, $folderId)
146			{
147			// Settings
148			if (\ini_get('upload_tmp_dir')) {
149			$tempDir = \ini_get('upload_tmp_dir');
150			} else {
151			$tempDir = \sys_get_temp_dir();
152			}
153			$targetDir = \rtrim($tempDir, '/').DIRECTORY_SEPARATOR.'plupload';
154			$cleanupTargetDir = true; // Remove old files
155			$maxFileAge = 5 * 60 * 60; // Temp file age in seconds
156
157			// Create target dir
158			if (!\file_exists($targetDir)) {
159			@\mkdir($targetDir);
			0 ignored issues – show Security Best Practice introduced 2017-11-21 06:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
160			}
161
162			// Get a file name
163			if ($request->request->has('name')) {
164			$fileName = $request->request->get('name');
165			} elseif (0 !== $request->files->count()) {
166			$fileName = $request->files->get('file')['name'];
167			} else {
168			$fileName = \uniqid('file_', false);
169			}
170			$filePath = $targetDir.DIRECTORY_SEPARATOR.$fileName;
171
172			$chunk = 0;
173			$chunks = 0;
174			// Chunking might be enabled
175			if ($request->request->has('chunk')) {
176			$chunk = $request->request->getInt('chunk');
177			}
178			if ($request->request->has('chunks')) {
179			$chunks = $request->request->getInt('chunks');
180			}
181
182			// Remove old temp files
183			if ($cleanupTargetDir) {
184			if (!\is_dir($targetDir) \|\| !$dir = \opendir($targetDir)) {
185			return $this->returnJsonError('100', 'Failed to open temp directory.');
186			}
187
188			while (($file = \readdir($dir)) !== false) {
189			$tmpFilePath = $targetDir.DIRECTORY_SEPARATOR.$file;
190
191			// If temp file is current file proceed to the next
192			if ($tmpFilePath === "{$filePath}.part") {
193			continue;
194			}
195
196			// Remove temp file if it is older than the max age and is not the current file
197			if (\preg_match('/\.part$/', $file) && (\filemtime($tmpFilePath) < \time() - $maxFileAge)) {
198			$success = @\unlink($tmpFilePath);
199			if ($success !== true) {
200			return $this->returnJsonError('106', 'Could not remove temp file: '.$filePath);
201			}
202			}
203			}
204			\closedir($dir);
205			}
206
207			// Open temp file
208			if (!$out = @\fopen("{$filePath}.part", $chunks ? 'ab' : 'wb')) {
209			return $this->returnJsonError('102', 'Failed to open output stream.');
210			}
211
212			if (0 !== $request->files->count()) {
213			$_file = $request->files->get('file');
214			if ($_file->getError() > 0 \|\| !\is_uploaded_file($_file->getRealPath())) {
215			return $this->returnJsonError('103', 'Failed to move uploaded file.');
216			}
217
218			// Read binary input stream and append it to temp file
219			if (!$input = @\fopen($_file->getRealPath(), 'rb')) {
220			return $this->returnJsonError('101', 'Failed to open input stream.');
221			}
222			} else {
223			if (!$input = @\fopen('php://input', 'rb')) {
224			return $this->returnJsonError('101', 'Failed to open input stream.');
225			}
226			}
227
228			while ($buff = \fread($input, 4096)) {
229			\fwrite($out, $buff);
230			}
231
232			@\fclose($out);
			0 ignored issues – show Security Best Practice introduced 2017-11-21 06:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
233			@\fclose($input);
234
235			// Check if file has been uploaded
236			if (!$chunks \|\| $chunk === $chunks - 1) {
237			// Strip the temp .part suffix off
238			\rename("{$filePath}.part", $filePath);
239			}
240
241			$em = $this->getDoctrine()->getManager();
242			/* @var Folder $folder */
243			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
244			$file = new File($filePath);
245
246			try {
247			/* @var Media $media */
248			$media = $this->get('kunstmaan_media.media_manager')->getHandler($file)->createNew($file);
249			$media->setFolder($folder);
250			$em->getRepository(Media::class)->save($media);
251			} catch (Exception $e) {
252			return $this->returnJsonError('104', 'Failed performing save on media-manager');
253			}
254
255			$success = \unlink($filePath);
256			if ($success !== true) {
257			return $this->returnJsonError('105', 'Could not remove temp file: '.$filePath);
258			}
259
260			// Send headers making sure that the file is not cached (as it happens for example on iOS devices)
261			$response = new JsonResponse(
262			[
263			'jsonrpc' => '2.0',
264			'result' => '',
265			'id' => 'id',
266			], JsonResponse::HTTP_OK, [
267			'Expires' => 'Mon, 26 Jul 1997 05:00:00 GMT',
268			'Last-Modified' => \gmdate('D, d M Y H:i:s').' GMT',
269			'Cache-Control' => 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0',
270			'Pragma' => 'no-cache',
271			]
272			);
273
274			return $response;
275			}
276
277			private function returnJsonError($code, $message)
278			{
279			return new JsonResponse(
280			[
281			'jsonrpc' => '2.0',
282			'error ' => [
283			'code' => $code,
284			'message' => $message,
285			],
286			'id' => 'id',
287			]
288			);
289			}
290
291			/**
292			* @param Request $request
293			* @param int $folderId
294			*
295			* @Route("drop/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_drop_upload", methods={"GET", "POST"})
296			*
297			* @return JsonResponse
298			*/
299			public function dropAction(Request $request, $folderId)
300			{
301			$em = $this->getDoctrine()->getManager();
302
303			/* @var Folder $folder */
304			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
305
306			$drop = null;
307
308			if ($request->files->has('files') && $request->files->get('files')['error'] === 0) {
309			$drop = $request->files->get('files');
310			} else {
311			if ($request->files->get('file')) {
312			$drop = $request->files->get('file');
313			} else {
314			$drop = $request->get('text');
315			}
316			}
317			$media = $this->get('kunstmaan_media.media_manager')->createNew($drop);
318			if ($media) {
319			$media->setFolder($folder);
320			$em->getRepository(Media::class)->save($media);
321
322			return new JsonResponse(['status' => $this->get('translator')->trans('kuma_admin.media.flash.drop_success')]);
323			}
324
325			$request->getSession()->getFlashBag()->add(
326			FlashTypes::DANGER,
327			$this->get('translator')->trans('kuma_admin.media.flash.drop_unrecognized')
328			);
329
330			return new JsonResponse(['status' => $this->get('translator')->trans('kuma_admin.media.flash.drop_unrecognized')]);
331			}
332
333			/**
334			* @param Request $request
335			* @param int $folderId The folder id
336			* @param string $type The type
337			*
338			* @Route("create/{folderId}/{type}", requirements={"folderId" = "\d+", "type" = ".+"}, name="KunstmaanMediaBundle_media_create", methods={"GET", "POST"})
339			* @Template("@KunstmaanMedia/Media/create.html.twig")
340			*
341			* @return array\|RedirectResponse
342			*/
343			public function createAction(Request $request, $folderId, $type)
344			{
345			return $this->createAndRedirect($request, $folderId, $type, 'KunstmaanMediaBundle_folder_show');
346			}
347
348			/**
349			* @param Request $request
350			* @param int $folderId The folder Id
351			* @param string $type The type
352			* @param string $redirectUrl The url where we want to redirect to on success
353			* @param array $extraParams The extra parameters that will be passed wen redirecting
354			*
355			* @return array\|RedirectResponse
356			*/
357			private function createAndRedirect(Request $request, $folderId, $type, $redirectUrl, $extraParams = [], $isInModal = false)
358			{
359			$em = $this->getDoctrine()->getManager();
360
361			/* @var Folder $folder */
362			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
363
364			/* @var MediaManager $mediaManager */
365			$mediaManager = $this->get('kunstmaan_media.media_manager');
366			$handler = $mediaManager->getHandlerForType($type);
367			$media = new Media();
368			$helper = $handler->getFormHelper($media);
369
370			$form = $this->createForm($handler->getFormType(), $helper, $handler->getFormTypeOptions());
371
372			if ($request->isMethod('POST')) {
373			$params = ['folderId' => $folder->getId()];
374			$params = \array_merge($params, $extraParams);
375
376			$form->handleRequest($request);
377
378			if ($form->isSubmitted() && $form->isValid()) {
379			$media = $helper->getMedia();
380			$media->setFolder($folder);
381			$em->getRepository(Media::class)->save($media);
382
383			$this->addFlash(
384			FlashTypes::SUCCESS,
385			$this->get('translator')->trans(
386			'media.flash.created',
387			[
388			'%medianame%' => $media->getName(),
389			]
390			)
391			);
392
393			return new RedirectResponse($this->generateUrl($redirectUrl, $params));
394			}
395
396			if ($isInModal) {
397			$this->addFlash(
398			FlashTypes::DANGER,
399			$this->get('translator')->trans(
400			'media.flash.not_created',
401			[
402			'%mediaerrors%' => $form->getErrors(true, true),
403			]
404			)
405			);
406
407			return new RedirectResponse($this->generateUrl($redirectUrl, $params));
408			}
409			}
410
411			return [
412			'type' => $type,
413			'form' => $form->createView(),
414			'folder' => $folder,
415			];
416			}
417
418			/**
419			* @param Request $request
420			* @param int $folderId The folder id
421			* @param string $type The type
422			*
423			* @Route("create/modal/{folderId}/{type}", requirements={"folderId" = "\d+", "type" = ".+"}, name="KunstmaanMediaBundle_media_modal_create", methods={"POST"})
424			*
425			* @return array\|RedirectResponse
426			*/
427			public function createModalAction(Request $request, $folderId, $type)
428			{
429			$cKEditorFuncNum = $request->get('CKEditorFuncNum');
430			$linkChooser = $request->get('linkChooser');
431
432			$extraParams = [];
433			if (!empty($cKEditorFuncNum)) {
434			$extraParams['CKEditorFuncNum'] = $cKEditorFuncNum;
435			}
436			if (!empty($linkChooser)) {
437			$extraParams['linkChooser'] = $linkChooser;
438			}
439
440			return $this->createAndRedirect(
441			$request,
442			$folderId,
443			$type,
444			'KunstmaanMediaBundle_chooser_show_folder',
445			$extraParams,
446			true
447			);
448			}
449
450			/**
451			* @param Request $request
452			*
453			* @Route("move/", name="KunstmaanMediaBundle_media_move", methods={"POST"})
454			*
455			* @return string
456			*/
457			public function moveMedia(Request $request)
458			{
459			@trigger_error(sprintf('The "%s" controller action is deprecated in KunstmaanMediaBundle 5.1 and will be removed in KunstmaanMediaBundle 6.0.', __METHOD__), E_USER_DEPRECATED);
460
461			$mediaId = $request->request->get('mediaId');
462			$folderId = $request->request->get('folderId');
463
464			if (empty($mediaId) \|\| empty($folderId)) {
465			return new JsonResponse(['error' => ['title' => 'Missing media id or folder id']], 400);
466			}
467
468			$em = $this->getDoctrine()->getManager();
469			$mediaRepo = $em->getRepository(Media::class);
470
471			$media = $mediaRepo->getMedia($mediaId);
472			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
473
474			$media->setFolder($folder);
475			$mediaRepo->save($media);
476
477			return new JsonResponse();
478			}
479
480			/**
481			* @Route("/bulk-move", name="KunstmaanMediaBundle_media_bulk_move")
482			*
483			* @param Request $request
484			*
485			* @return JsonResponse\|Response
486			*
487			* @throws \Doctrine\DBAL\DBALException
488			*/
489			public function bulkMoveAction(Request $request)
490			{
491			$em = $this->getDoctrine()->getManager();
492			$mediaRepo = $em->getRepository(Media::class);
493			$form = $this->createForm(BulkMoveMediaType::class);
494
495			$form->handleRequest($request);
496
497			if ($form->isSubmitted() && $form->isValid()) {
498			/** @var Folder $folder */
499			$folder = $form->getData()['folder'];
500			$mediaIds = explode(',', $form->getData()['media']);
501
502			$mediaRepo->createQueryBuilder('m')
503			->update()
504			->set('m.folder', $folder->getId())
505			->where('m.id in (:mediaIds)')
506			->setParameter('mediaIds', $mediaIds)
507			->getQuery()
508			->execute();
509
510			$this->addFlash(FlashTypes::SUCCESS, $this->get('translator')->trans('media.folder.bulk_move.success.text'));
511
512			return new JsonResponse(
513			[
514			'Success' => 'The media is moved',
515			]
516			);
517			}
518
519			return $this->render(
520			'@KunstmaanMedia/Folder/bulk-move-modal_form.html.twig',
521			[
522			'form' => $form->createView(),
523			]
524			);
525			}
526			}
527

Kunstmaan / KunstmaanBundlesCMS

Push — master ( 947afa...ae5e03 )

MediaBundle/Controller/MediaController.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like