Issues in MediaController.php (master) - Issues in master - Kunstmaan/KunstmaanBundlesCMS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3099)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

MediaBundle/Controller/MediaController.php (1 issue)

Labels

Deprecated Code 1

Severity

Minor 1

Kristof Van Cauwenbergh 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Kunstmaan\MediaBundle\Controller;

use Exception;
use Kunstmaan\AdminBundle\FlashMessages\FlashTypes;
use Kunstmaan\MediaBundle\Entity\Folder;
use Kunstmaan\MediaBundle\Entity\Media;
use Kunstmaan\MediaBundle\Form\BulkMoveMediaType;
use Kunstmaan\MediaBundle\Helper\MediaManager;
use Symfony\Component\Routing\Annotation\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\File\File;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

/**
 * MediaController
 */
class MediaController extends Controller

{
    /**
     * @param Request $request
     * @param int     $mediaId
     *
     * @Route("/{mediaId}", requirements={"mediaId" = "\d+"}, name="KunstmaanMediaBundle_media_show")
     *
     * @return Response
     */
    public function showAction(Request $request, $mediaId)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Media $media */
        $media = $em->getRepository(Media::class)->getMedia($mediaId);
        $folder = $media->getFolder();

        /* @var MediaManager $mediaManager */
        $mediaManager = $this->get('kunstmaan_media.media_manager');
        $handler = $mediaManager->getHandler($media);
        $helper = $handler->getFormHelper($media);

        $form = $this->createForm($handler->getFormType(), $helper, $handler->getFormTypeOptions());

        if ($request->isMethod('POST')) {
            $form->handleRequest($request);
            if ($form->isSubmitted() && $form->isValid()) {
                $media = $helper->getMedia();
                $em->getRepository(Media::class)->save($media);

                return new RedirectResponse(
                    $this->generateUrl(
                        'KunstmaanMediaBundle_media_show',
                        ['mediaId' => $media->getId()]
                    )
                );
            }
        }
        $showTemplate = $mediaManager->getHandler($media)->getShowTemplate($media);

        return $this->render(
            $showTemplate,
            [
                'handler' => $handler,
                'foldermanager' => $this->get('kunstmaan_media.folder_manager'),
                'mediamanager' => $this->get('kunstmaan_media.media_manager'),
                'editform' => $form->createView(),
                'media' => $media,
                'helper' => $helper,
                'folder' => $folder,
            ]
        );
    }

    /**
     * @param Request $request
     * @param int     $mediaId
     *
     * @Route("/delete/{mediaId}", requirements={"mediaId" = "\d+"}, name="KunstmaanMediaBundle_media_delete")
     *
     * @return RedirectResponse
     */
    public function deleteAction(Request $request, $mediaId)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Media $media */
        $media = $em->getRepository(Media::class)->getMedia($mediaId);
        $medianame = $media->getName();
        $folder = $media->getFolder();

        $em->getRepository(Media::class)->delete($media);

        $this->addFlash(
            FlashTypes::SUCCESS,
            $this->get('translator')->trans(
                'kuma_admin.media.flash.deleted_success.%medianame%',
                [
                    '%medianame%' => $medianame,
                ]
            )
        );

        // If the redirect url is passed via the url we use it
        $redirectUrl = $request->query->get('redirectUrl');
        if (empty($redirectUrl) || (\strpos($redirectUrl, $request->getSchemeAndHttpHost()) !== 0 && strncmp($redirectUrl, '/', 1) !== 0)) {
            $redirectUrl = $this->generateUrl(
                'KunstmaanMediaBundle_folder_show',
                ['folderId' => $folder->getId()]
            );
        }

        return new RedirectResponse($redirectUrl);
    }

    /**
     * @param int $folderId
     *
     * @Route("bulkupload/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_bulk_upload")
     * @Template("@KunstmaanMedia/Media/bulkUpload.html.twig")
     *
     * @return array|RedirectResponse
     */
    public function bulkUploadAction($folderId)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Folder $folder */
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);

        return ['folder' => $folder];
    }

    /**
     * @param Request $request
     * @param int     $folderId
     *
     * @Route("bulkuploadsubmit/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_bulk_upload_submit", methods={"POST"})
     *
     * @return JsonResponse
     */
    public function bulkUploadSubmitAction(Request $request, $folderId)
    {
        // Settings
        if (\ini_get('upload_tmp_dir')) {
            $tempDir = \ini_get('upload_tmp_dir');
        } else {
            $tempDir = \sys_get_temp_dir();
        }
        $targetDir = \rtrim($tempDir, '/').DIRECTORY_SEPARATOR.'plupload';
        $cleanupTargetDir = true; // Remove old files
        $maxFileAge = 5 * 60 * 60; // Temp file age in seconds

        // Create target dir
        if (!\file_exists($targetDir)) {
            @\mkdir($targetDir);
        }

        $submittedToken = $request->headers->get('x-upload-token');
        if (!$this->isCsrfTokenValid('bulk-upload-media', $submittedToken)) {
            return $this->returnJsonError('105', 'Could not verify token');
        }

        // Get a file name
        if ($request->request->has('name')) {
            $fileName = $request->request->get('name');
        } elseif (0 !== $request->files->count()) {
            $fileName = $request->files->get('file')['name'];
        } else {
            $fileName = \uniqid('file_', false);
        }
        $filePath = $targetDir.DIRECTORY_SEPARATOR.$fileName;

        $chunk = 0;
        $chunks = 0;
        // Chunking might be enabled
        if ($request->request->has('chunk')) {
            $chunk = $request->request->getInt('chunk');
        }
        if ($request->request->has('chunks')) {
            $chunks = $request->request->getInt('chunks');
        }

        // Remove old temp files
        if ($cleanupTargetDir) {
            if (!\is_dir($targetDir) || !$dir = \opendir($targetDir)) {
                return $this->returnJsonError('100', 'Failed to open temp directory.');
            }

            while (($file = \readdir($dir)) !== false) {
                $tmpFilePath = $targetDir.DIRECTORY_SEPARATOR.$file;

                // If temp file is current file proceed to the next
                if ($tmpFilePath === "{$filePath}.part") {
                    continue;
                }

                // Remove temp file if it is older than the max age and is not the current file
                if (\preg_match('/\.part$/', $file) && (\filemtime($tmpFilePath) < \time() - $maxFileAge)) {
                    $success = @\unlink($tmpFilePath);
                    if ($success !== true) {
                        return $this->returnJsonError('106', 'Could not remove temp file: '.$filePath);
                    }
                }
            }
            \closedir($dir);
        }

        // Open temp file
        if (!$out = @\fopen("{$filePath}.part", $chunks ? 'ab' : 'wb')) {
            return $this->returnJsonError('102', 'Failed to open output stream.');
        }

        if (0 !== $request->files->count()) {
            $_file = $request->files->get('file');
            if ($_file->getError() > 0 || !\is_uploaded_file($_file->getRealPath())) {
                return $this->returnJsonError('103', 'Failed to move uploaded file.');
            }

            // Read binary input stream and append it to temp file
            if (!$input = @\fopen($_file->getRealPath(), 'rb')) {
                return $this->returnJsonError('101', 'Failed to open input stream.');
            }
        } else {
            if (!$input = @\fopen('php://input', 'rb')) {
                return $this->returnJsonError('101', 'Failed to open input stream.');
            }
        }

        while ($buff = \fread($input, 4096)) {
            \fwrite($out, $buff);
        }

        @\fclose($out);
        @\fclose($input);

        // Check if file has been uploaded
        if (!$chunks || $chunk === $chunks - 1) {
            // Strip the temp .part suffix off
            \rename("{$filePath}.part", $filePath);
        }

        $em = $this->getDoctrine()->getManager();
        /* @var Folder $folder */
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);
        $file = new File($filePath);

        try {
            /* @var Media $media */
            $media = $this->get('kunstmaan_media.media_manager')->getHandler($file)->createNew($file);
            $media->setFolder($folder);
            $em->getRepository(Media::class)->save($media);
        } catch (Exception $e) {
            return $this->returnJsonError('104', 'Failed performing save on media-manager');
        }

        $success = \unlink($filePath);
        if ($success !== true) {
            return $this->returnJsonError('105', 'Could not remove temp file: '.$filePath);
        }

        // Send headers making sure that the file is not cached (as it happens for example on iOS devices)
        $response = new JsonResponse(
            [
                'jsonrpc' => '2.0',
                'result' => '',
                'id' => 'id',
            ], JsonResponse::HTTP_OK, [
                'Expires' => 'Mon, 26 Jul 1997 05:00:00 GMT',
                'Last-Modified' => \gmdate('D, d M Y H:i:s').' GMT',
                'Cache-Control' => 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0',
                'Pragma' => 'no-cache',
            ]
        );

        return $response;
    }

    private function returnJsonError($code, $message)
    {
        return new JsonResponse(
            [
                'jsonrpc' => '2.0',
                'error ' => [
                    'code' => $code,
                    'message' => $message,
                ],
                'id' => 'id',
            ]
        );
    }

    /**
     * @param Request $request
     * @param int     $folderId
     *
     * @Route("drop/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_drop_upload", methods={"GET", "POST"})
     *
     * @return JsonResponse
     */
    public function dropAction(Request $request, $folderId)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Folder $folder */
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);

        $drop = null;

        if ($request->files->has('files') && $request->files->get('files')['error'] === 0) {
            $drop = $request->files->get('files');
        } else {
            if ($request->files->get('file')) {
                $drop = $request->files->get('file');
            } else {
                $drop = $request->get('text');
            }
        }
        $media = $this->get('kunstmaan_media.media_manager')->createNew($drop);
        if ($media) {
            $media->setFolder($folder);
            $em->getRepository(Media::class)->save($media);

            return new JsonResponse(['status' => $this->get('translator')->trans('kuma_admin.media.flash.drop_success')]);
        }

        $request->getSession()->getFlashBag()->add(
            FlashTypes::DANGER,
            $this->get('translator')->trans('kuma_admin.media.flash.drop_unrecognized')
        );

        return new JsonResponse(['status' => $this->get('translator')->trans('kuma_admin.media.flash.drop_unrecognized')]);
    }

    /**
     * @param Request $request
     * @param int     $folderId The folder id
     * @param string  $type     The type
     *
     * @Route("create/{folderId}/{type}", requirements={"folderId" = "\d+", "type" = ".+"}, name="KunstmaanMediaBundle_media_create", methods={"GET", "POST"})
     * @Template("@KunstmaanMedia/Media/create.html.twig")
     *
     * @return array|RedirectResponse
     */
    public function createAction(Request $request, $folderId, $type)
    {
        return $this->createAndRedirect($request, $folderId, $type, 'KunstmaanMediaBundle_folder_show');
    }

    /**
     * @param Request $request
     * @param int     $folderId    The folder Id
     * @param string  $type        The type
     * @param string  $redirectUrl The url where we want to redirect to on success
     * @param array   $extraParams The extra parameters that will be passed wen redirecting
     *
     * @return array|RedirectResponse
     */
    private function createAndRedirect(Request $request, $folderId, $type, $redirectUrl, $extraParams = [], $isInModal = false)
    {
        $em = $this->getDoctrine()->getManager();

        /* @var Folder $folder */
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);

        /* @var MediaManager $mediaManager */
        $mediaManager = $this->get('kunstmaan_media.media_manager');
        $handler = $mediaManager->getHandlerForType($type);
        $media = new Media();
        $helper = $handler->getFormHelper($media);

        $form = $this->createForm($handler->getFormType(), $helper, $handler->getFormTypeOptions());

        if ($request->isMethod('POST')) {
            $params = ['folderId' => $folder->getId()];
            $params = \array_merge($params, $extraParams);

            $form->handleRequest($request);

            if ($form->isSubmitted() && $form->isValid()) {
                $media = $helper->getMedia();
                $media->setFolder($folder);
                $em->getRepository(Media::class)->save($media);

                $this->addFlash(
                    FlashTypes::SUCCESS,
                    $this->get('translator')->trans(
                        'media.flash.created',
                        [
                            '%medianame%' => $media->getName(),
                        ]
                    )
                );

                return new RedirectResponse($this->generateUrl($redirectUrl, $params));
            }

            if ($isInModal) {
                $this->addFlash(
                    FlashTypes::DANGER,
                    $this->get('translator')->trans(
                        'media.flash.not_created',
                        [
                            '%mediaerrors%' => $form->getErrors(true, true),
                        ]
                    )
                );

                return new RedirectResponse($this->generateUrl($redirectUrl, $params));
            }
        }

        return [
            'type' => $type,
            'form' => $form->createView(),
            'folder' => $folder,
        ];
    }

    /**
     * @param Request $request
     * @param int     $folderId The folder id
     * @param string  $type     The type
     *
     * @Route("create/modal/{folderId}/{type}", requirements={"folderId" = "\d+", "type" = ".+"}, name="KunstmaanMediaBundle_media_modal_create", methods={"POST"})
     *
     * @return array|RedirectResponse
     */
    public function createModalAction(Request $request, $folderId, $type)
    {
        $cKEditorFuncNum = $request->get('CKEditorFuncNum');
        $linkChooser = $request->get('linkChooser');

        $extraParams = [];
        if (!empty($cKEditorFuncNum)) {
            $extraParams['CKEditorFuncNum'] = $cKEditorFuncNum;
        }
        if (!empty($linkChooser)) {
            $extraParams['linkChooser'] = $linkChooser;
        }

        return $this->createAndRedirect(
            $request,
            $folderId,
            $type,
            'KunstmaanMediaBundle_chooser_show_folder',
            $extraParams,
            true
        );
    }

    /**
     * @param Request $request
     *
     * @Route("move/", name="KunstmaanMediaBundle_media_move", methods={"POST"})
     *
     * @return string
     */
    public function moveMedia(Request $request)
    {
        @trigger_error(sprintf('The "%s" controller action is deprecated in KunstmaanMediaBundle 5.1 and will be removed in KunstmaanMediaBundle 6.0.', __METHOD__), E_USER_DEPRECATED);

        $mediaId = $request->request->get('mediaId');
        $folderId = $request->request->get('folderId');

        if (empty($mediaId) || empty($folderId)) {
            return new JsonResponse(['error' => ['title' => 'Missing media id or folder id']], 400);
        }

        $em = $this->getDoctrine()->getManager();
        $mediaRepo = $em->getRepository(Media::class);

        $media = $mediaRepo->getMedia($mediaId);
        $folder = $em->getRepository(Folder::class)->getFolder($folderId);

        $media->setFolder($folder);
        $mediaRepo->save($media);

        return new JsonResponse();
    }

    /**
     * @Route("/bulk-move", name="KunstmaanMediaBundle_media_bulk_move")
     *
     * @param Request $request
     *
     * @return JsonResponse|Response
     *
     * @throws \Doctrine\DBAL\DBALException
     */
    public function bulkMoveAction(Request $request)
    {
        $em = $this->getDoctrine()->getManager();
        $mediaRepo = $em->getRepository(Media::class);
        $form = $this->createForm(BulkMoveMediaType::class);

        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            /** @var Folder $folder */
            $folder = $form->getData()['folder'];
            $mediaIds = explode(',', $form->getData()['media']);

            $mediaRepo->createQueryBuilder('m')
                ->update()
                ->set('m.folder', $folder->getId())
                ->where('m.id in (:mediaIds)')
                ->setParameter('mediaIds', $mediaIds)
                ->getQuery()
                ->execute();

            $this->addFlash(FlashTypes::SUCCESS, $this->get('translator')->trans('media.folder.bulk_move.success.text'));

            return new JsonResponse(
                [
                    'Success' => 'The media is moved',
                ]
            );
        }

        return $this->render(
            '@KunstmaanMedia/Folder/bulk-move-modal_form.html.twig',
            [
                'form' => $form->createView(),
            ]
        );
    }
}


1			<?php
2
3			namespace Kunstmaan\MediaBundle\Controller;
4
5			use Exception;
6			use Kunstmaan\AdminBundle\FlashMessages\FlashTypes;
7			use Kunstmaan\MediaBundle\Entity\Folder;
8			use Kunstmaan\MediaBundle\Entity\Media;
9			use Kunstmaan\MediaBundle\Form\BulkMoveMediaType;
10			use Kunstmaan\MediaBundle\Helper\MediaManager;
11			use Symfony\Component\Routing\Annotation\Route;
12			use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
13			use Symfony\Bundle\FrameworkBundle\Controller\Controller;
14			use Symfony\Component\HttpFoundation\File\File;
15			use Symfony\Component\HttpFoundation\JsonResponse;
16			use Symfony\Component\HttpFoundation\RedirectResponse;
17			use Symfony\Component\HttpFoundation\Request;
18			use Symfony\Component\HttpFoundation\Response;
19
20			/**
21			* MediaController
22			*/
23			class MediaController extends Controller
			0 ignored issues – show Deprecated Code introduced 2019-05-13 08:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Symfony\Bundle\Framework...e\Controller\Controller` has been deprecated with message: since Symfony 4.2, use "Symfony\Bundle\FrameworkBundle\Controller\AbstractController" instead. This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead. Loading history...
24			{
25			/**
26			* @param Request $request
27			* @param int $mediaId
28			*
29			* @Route("/{mediaId}", requirements={"mediaId" = "\d+"}, name="KunstmaanMediaBundle_media_show")
30			*
31			* @return Response
32			*/
33			public function showAction(Request $request, $mediaId)
34			{
35			$em = $this->getDoctrine()->getManager();
36
37			/* @var Media $media */
38			$media = $em->getRepository(Media::class)->getMedia($mediaId);
39			$folder = $media->getFolder();
40
41			/* @var MediaManager $mediaManager */
42			$mediaManager = $this->get('kunstmaan_media.media_manager');
43			$handler = $mediaManager->getHandler($media);
44			$helper = $handler->getFormHelper($media);
45
46			$form = $this->createForm($handler->getFormType(), $helper, $handler->getFormTypeOptions());
47
48			if ($request->isMethod('POST')) {
49			$form->handleRequest($request);
50			if ($form->isSubmitted() && $form->isValid()) {
51			$media = $helper->getMedia();
52			$em->getRepository(Media::class)->save($media);
53
54			return new RedirectResponse(
55			$this->generateUrl(
56			'KunstmaanMediaBundle_media_show',
57			['mediaId' => $media->getId()]
58			)
59			);
60			}
61			}
62			$showTemplate = $mediaManager->getHandler($media)->getShowTemplate($media);
63
64			return $this->render(
65			$showTemplate,
66			[
67			'handler' => $handler,
68			'foldermanager' => $this->get('kunstmaan_media.folder_manager'),
69			'mediamanager' => $this->get('kunstmaan_media.media_manager'),
70			'editform' => $form->createView(),
71			'media' => $media,
72			'helper' => $helper,
73			'folder' => $folder,
74			]
75			);
76			}
77
78			/**
79			* @param Request $request
80			* @param int $mediaId
81			*
82			* @Route("/delete/{mediaId}", requirements={"mediaId" = "\d+"}, name="KunstmaanMediaBundle_media_delete")
83			*
84			* @return RedirectResponse
85			*/
86			public function deleteAction(Request $request, $mediaId)
87			{
88			$em = $this->getDoctrine()->getManager();
89
90			/* @var Media $media */
91			$media = $em->getRepository(Media::class)->getMedia($mediaId);
92			$medianame = $media->getName();
93			$folder = $media->getFolder();
94
95			$em->getRepository(Media::class)->delete($media);
96
97			$this->addFlash(
98			FlashTypes::SUCCESS,
99			$this->get('translator')->trans(
100			'kuma_admin.media.flash.deleted_success.%medianame%',
101			[
102			'%medianame%' => $medianame,
103			]
104			)
105			);
106
107			// If the redirect url is passed via the url we use it
108			$redirectUrl = $request->query->get('redirectUrl');
109			if (empty($redirectUrl) \|\| (\strpos($redirectUrl, $request->getSchemeAndHttpHost()) !== 0 && strncmp($redirectUrl, '/', 1) !== 0)) {
110			$redirectUrl = $this->generateUrl(
111			'KunstmaanMediaBundle_folder_show',
112			['folderId' => $folder->getId()]
113			);
114			}
115
116			return new RedirectResponse($redirectUrl);
117			}
118
119			/**
120			* @param int $folderId
121			*
122			* @Route("bulkupload/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_bulk_upload")
123			* @Template("@KunstmaanMedia/Media/bulkUpload.html.twig")
124			*
125			* @return array\|RedirectResponse
126			*/
127			public function bulkUploadAction($folderId)
128			{
129			$em = $this->getDoctrine()->getManager();
130
131			/* @var Folder $folder */
132			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
133
134			return ['folder' => $folder];
135			}
136
137			/**
138			* @param Request $request
139			* @param int $folderId
140			*
141			* @Route("bulkuploadsubmit/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_bulk_upload_submit", methods={"POST"})
142			*
143			* @return JsonResponse
144			*/
145			public function bulkUploadSubmitAction(Request $request, $folderId)
146			{
147			// Settings
148			if (\ini_get('upload_tmp_dir')) {
149			$tempDir = \ini_get('upload_tmp_dir');
150			} else {
151			$tempDir = \sys_get_temp_dir();
152			}
153			$targetDir = \rtrim($tempDir, '/').DIRECTORY_SEPARATOR.'plupload';
154			$cleanupTargetDir = true; // Remove old files
155			$maxFileAge = 5 * 60 * 60; // Temp file age in seconds
156
157			// Create target dir
158			if (!\file_exists($targetDir)) {
159			@\mkdir($targetDir);
160			}
161
162			$submittedToken = $request->headers->get('x-upload-token');
163			if (!$this->isCsrfTokenValid('bulk-upload-media', $submittedToken)) {
164			return $this->returnJsonError('105', 'Could not verify token');
165			}
166
167			// Get a file name
168			if ($request->request->has('name')) {
169			$fileName = $request->request->get('name');
170			} elseif (0 !== $request->files->count()) {
171			$fileName = $request->files->get('file')['name'];
172			} else {
173			$fileName = \uniqid('file_', false);
174			}
175			$filePath = $targetDir.DIRECTORY_SEPARATOR.$fileName;
176
177			$chunk = 0;
178			$chunks = 0;
179			// Chunking might be enabled
180			if ($request->request->has('chunk')) {
181			$chunk = $request->request->getInt('chunk');
182			}
183			if ($request->request->has('chunks')) {
184			$chunks = $request->request->getInt('chunks');
185			}
186
187			// Remove old temp files
188			if ($cleanupTargetDir) {
189			if (!\is_dir($targetDir) \|\| !$dir = \opendir($targetDir)) {
190			return $this->returnJsonError('100', 'Failed to open temp directory.');
191			}
192
193			while (($file = \readdir($dir)) !== false) {
194			$tmpFilePath = $targetDir.DIRECTORY_SEPARATOR.$file;
195
196			// If temp file is current file proceed to the next
197			if ($tmpFilePath === "{$filePath}.part") {
198			continue;
199			}
200
201			// Remove temp file if it is older than the max age and is not the current file
202			if (\preg_match('/\.part$/', $file) && (\filemtime($tmpFilePath) < \time() - $maxFileAge)) {
203			$success = @\unlink($tmpFilePath);
204			if ($success !== true) {
205			return $this->returnJsonError('106', 'Could not remove temp file: '.$filePath);
206			}
207			}
208			}
209			\closedir($dir);
210			}
211
212			// Open temp file
213			if (!$out = @\fopen("{$filePath}.part", $chunks ? 'ab' : 'wb')) {
214			return $this->returnJsonError('102', 'Failed to open output stream.');
215			}
216
217			if (0 !== $request->files->count()) {
218			$_file = $request->files->get('file');
219			if ($_file->getError() > 0 \|\| !\is_uploaded_file($_file->getRealPath())) {
220			return $this->returnJsonError('103', 'Failed to move uploaded file.');
221			}
222
223			// Read binary input stream and append it to temp file
224			if (!$input = @\fopen($_file->getRealPath(), 'rb')) {
225			return $this->returnJsonError('101', 'Failed to open input stream.');
226			}
227			} else {
228			if (!$input = @\fopen('php://input', 'rb')) {
229			return $this->returnJsonError('101', 'Failed to open input stream.');
230			}
231			}
232
233			while ($buff = \fread($input, 4096)) {
234			\fwrite($out, $buff);
235			}
236
237			@\fclose($out);
238			@\fclose($input);
239
240			// Check if file has been uploaded
241			if (!$chunks \|\| $chunk === $chunks - 1) {
242			// Strip the temp .part suffix off
243			\rename("{$filePath}.part", $filePath);
244			}
245
246			$em = $this->getDoctrine()->getManager();
247			/* @var Folder $folder */
248			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
249			$file = new File($filePath);
250
251			try {
252			/* @var Media $media */
253			$media = $this->get('kunstmaan_media.media_manager')->getHandler($file)->createNew($file);
254			$media->setFolder($folder);
255			$em->getRepository(Media::class)->save($media);
256			} catch (Exception $e) {
257			return $this->returnJsonError('104', 'Failed performing save on media-manager');
258			}
259
260			$success = \unlink($filePath);
261			if ($success !== true) {
262			return $this->returnJsonError('105', 'Could not remove temp file: '.$filePath);
263			}
264
265			// Send headers making sure that the file is not cached (as it happens for example on iOS devices)
266			$response = new JsonResponse(
267			[
268			'jsonrpc' => '2.0',
269			'result' => '',
270			'id' => 'id',
271			], JsonResponse::HTTP_OK, [
272			'Expires' => 'Mon, 26 Jul 1997 05:00:00 GMT',
273			'Last-Modified' => \gmdate('D, d M Y H:i:s').' GMT',
274			'Cache-Control' => 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0',
275			'Pragma' => 'no-cache',
276			]
277			);
278
279			return $response;
280			}
281
282			private function returnJsonError($code, $message)
283			{
284			return new JsonResponse(
285			[
286			'jsonrpc' => '2.0',
287			'error ' => [
288			'code' => $code,
289			'message' => $message,
290			],
291			'id' => 'id',
292			]
293			);
294			}
295
296			/**
297			* @param Request $request
298			* @param int $folderId
299			*
300			* @Route("drop/{folderId}", requirements={"folderId" = "\d+"}, name="KunstmaanMediaBundle_media_drop_upload", methods={"GET", "POST"})
301			*
302			* @return JsonResponse
303			*/
304			public function dropAction(Request $request, $folderId)
305			{
306			$em = $this->getDoctrine()->getManager();
307
308			/* @var Folder $folder */
309			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
310
311			$drop = null;
312
313			if ($request->files->has('files') && $request->files->get('files')['error'] === 0) {
314			$drop = $request->files->get('files');
315			} else {
316			if ($request->files->get('file')) {
317			$drop = $request->files->get('file');
318			} else {
319			$drop = $request->get('text');
320			}
321			}
322			$media = $this->get('kunstmaan_media.media_manager')->createNew($drop);
323			if ($media) {
324			$media->setFolder($folder);
325			$em->getRepository(Media::class)->save($media);
326
327			return new JsonResponse(['status' => $this->get('translator')->trans('kuma_admin.media.flash.drop_success')]);
328			}
329
330			$request->getSession()->getFlashBag()->add(
331			FlashTypes::DANGER,
332			$this->get('translator')->trans('kuma_admin.media.flash.drop_unrecognized')
333			);
334
335			return new JsonResponse(['status' => $this->get('translator')->trans('kuma_admin.media.flash.drop_unrecognized')]);
336			}
337
338			/**
339			* @param Request $request
340			* @param int $folderId The folder id
341			* @param string $type The type
342			*
343			* @Route("create/{folderId}/{type}", requirements={"folderId" = "\d+", "type" = ".+"}, name="KunstmaanMediaBundle_media_create", methods={"GET", "POST"})
344			* @Template("@KunstmaanMedia/Media/create.html.twig")
345			*
346			* @return array\|RedirectResponse
347			*/
348			public function createAction(Request $request, $folderId, $type)
349			{
350			return $this->createAndRedirect($request, $folderId, $type, 'KunstmaanMediaBundle_folder_show');
351			}
352
353			/**
354			* @param Request $request
355			* @param int $folderId The folder Id
356			* @param string $type The type
357			* @param string $redirectUrl The url where we want to redirect to on success
358			* @param array $extraParams The extra parameters that will be passed wen redirecting
359			*
360			* @return array\|RedirectResponse
361			*/
362			private function createAndRedirect(Request $request, $folderId, $type, $redirectUrl, $extraParams = [], $isInModal = false)
363			{
364			$em = $this->getDoctrine()->getManager();
365
366			/* @var Folder $folder */
367			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
368
369			/* @var MediaManager $mediaManager */
370			$mediaManager = $this->get('kunstmaan_media.media_manager');
371			$handler = $mediaManager->getHandlerForType($type);
372			$media = new Media();
373			$helper = $handler->getFormHelper($media);
374
375			$form = $this->createForm($handler->getFormType(), $helper, $handler->getFormTypeOptions());
376
377			if ($request->isMethod('POST')) {
378			$params = ['folderId' => $folder->getId()];
379			$params = \array_merge($params, $extraParams);
380
381			$form->handleRequest($request);
382
383			if ($form->isSubmitted() && $form->isValid()) {
384			$media = $helper->getMedia();
385			$media->setFolder($folder);
386			$em->getRepository(Media::class)->save($media);
387
388			$this->addFlash(
389			FlashTypes::SUCCESS,
390			$this->get('translator')->trans(
391			'media.flash.created',
392			[
393			'%medianame%' => $media->getName(),
394			]
395			)
396			);
397
398			return new RedirectResponse($this->generateUrl($redirectUrl, $params));
399			}
400
401			if ($isInModal) {
402			$this->addFlash(
403			FlashTypes::DANGER,
404			$this->get('translator')->trans(
405			'media.flash.not_created',
406			[
407			'%mediaerrors%' => $form->getErrors(true, true),
408			]
409			)
410			);
411
412			return new RedirectResponse($this->generateUrl($redirectUrl, $params));
413			}
414			}
415
416			return [
417			'type' => $type,
418			'form' => $form->createView(),
419			'folder' => $folder,
420			];
421			}
422
423			/**
424			* @param Request $request
425			* @param int $folderId The folder id
426			* @param string $type The type
427			*
428			* @Route("create/modal/{folderId}/{type}", requirements={"folderId" = "\d+", "type" = ".+"}, name="KunstmaanMediaBundle_media_modal_create", methods={"POST"})
429			*
430			* @return array\|RedirectResponse
431			*/
432			public function createModalAction(Request $request, $folderId, $type)
433			{
434			$cKEditorFuncNum = $request->get('CKEditorFuncNum');
435			$linkChooser = $request->get('linkChooser');
436
437			$extraParams = [];
438			if (!empty($cKEditorFuncNum)) {
439			$extraParams['CKEditorFuncNum'] = $cKEditorFuncNum;
440			}
441			if (!empty($linkChooser)) {
442			$extraParams['linkChooser'] = $linkChooser;
443			}
444
445			return $this->createAndRedirect(
446			$request,
447			$folderId,
448			$type,
449			'KunstmaanMediaBundle_chooser_show_folder',
450			$extraParams,
451			true
452			);
453			}
454
455			/**
456			* @param Request $request
457			*
458			* @Route("move/", name="KunstmaanMediaBundle_media_move", methods={"POST"})
459			*
460			* @return string
461			*/
462			public function moveMedia(Request $request)
463			{
464			@trigger_error(sprintf('The "%s" controller action is deprecated in KunstmaanMediaBundle 5.1 and will be removed in KunstmaanMediaBundle 6.0.', __METHOD__), E_USER_DEPRECATED);
465
466			$mediaId = $request->request->get('mediaId');
467			$folderId = $request->request->get('folderId');
468
469			if (empty($mediaId) \|\| empty($folderId)) {
470			return new JsonResponse(['error' => ['title' => 'Missing media id or folder id']], 400);
471			}
472
473			$em = $this->getDoctrine()->getManager();
474			$mediaRepo = $em->getRepository(Media::class);
475
476			$media = $mediaRepo->getMedia($mediaId);
477			$folder = $em->getRepository(Folder::class)->getFolder($folderId);
478
479			$media->setFolder($folder);
480			$mediaRepo->save($media);
481
482			return new JsonResponse();
483			}
484
485			/**
486			* @Route("/bulk-move", name="KunstmaanMediaBundle_media_bulk_move")
487			*
488			* @param Request $request
489			*
490			* @return JsonResponse\|Response
491			*
492			* @throws \Doctrine\DBAL\DBALException
493			*/
494			public function bulkMoveAction(Request $request)
495			{
496			$em = $this->getDoctrine()->getManager();
497			$mediaRepo = $em->getRepository(Media::class);
498			$form = $this->createForm(BulkMoveMediaType::class);
499
500			$form->handleRequest($request);
501
502			if ($form->isSubmitted() && $form->isValid()) {
503			/** @var Folder $folder */
504			$folder = $form->getData()['folder'];
505			$mediaIds = explode(',', $form->getData()['media']);
506
507			$mediaRepo->createQueryBuilder('m')
508			->update()
509			->set('m.folder', $folder->getId())
510			->where('m.id in (:mediaIds)')
511			->setParameter('mediaIds', $mediaIds)
512			->getQuery()
513			->execute();
514
515			$this->addFlash(FlashTypes::SUCCESS, $this->get('translator')->trans('media.folder.bulk_move.success.text'));
516
517			return new JsonResponse(
518			[
519			'Success' => 'The media is moved',
520			]
521			);
522			}
523
524			return $this->render(
525			'@KunstmaanMedia/Folder/bulk-move-modal_form.html.twig',
526			[
527			'form' => $form->createView(),
528			]
529			);
530			}
531			}
532

Kunstmaan / KunstmaanBundlesCMS

Issues (3099)

Security Analysis not enabled

MediaBundle/Controller/MediaController.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like