ImageUpload::isimageValid() - Code Metrics - Inspection of "Adding the image uploader" - Starbugstone/blogoc - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — Showing-Posts (#50)

by Stone

created 2018-09-15 23:12 UTC

ImageUpload::isimageValid() A

↳ Parent: ImageUpload

Complexity

Conditions	3
Paths	3

Size

Total Lines	13
Code Lines	5

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	3
eloc	5
nc	3
nop	1
dl	0
loc	13
rs	10
c	0
b	0
f	0

<?php

namespace App\Controllers\Ajax;

use Core\AjaxController;

class ImageUpload extends AjaxController
{
    /**
     * @var string the image upload folder, must be writable
     */
    private $imageFolder = "uploaded_images/";
    private $configFolder = "config_images/";
    private $userFolder = "user_images/";


    /**
     * check if the image name is valid
     * @param $image string filename to check
     * @return bool if image name is valid
     *
     */
    private function isimageValid($image)
    {
        // Sanitize input
        if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $image)) {
            return false;
        }

        // Verify extension
        if (!in_array(strtolower(pathinfo($image, PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) {
            return false;
        }

        return true;
    }

    /**
     * Upload images from TinyMCE
     * grabbed from https://www.codexworld.com/tinymce-upload-image-to-server-using-php/
     */
    public function tinymceUpload()
    {
        //security checks, only admins can upload images to posts
        $this->onlyAdmin();
        if (!$this->container->getRequest()->isPost()) {
            throw new \Core\JsonException('Call is not post');
        }

        $tempFile = $this->request->getUploadedFiles();

        //need to clean up
        if (is_uploaded_file($tempFile['tmp_name'])) {
            if (!$this->isimageValid($tempFile['name'])) {
                header("HTTP/1.1 400 Invalid file name or file extension.");
                return;
            }

            $filetowrite = $this->imageFolder . $tempFile['name'];
            move_uploaded_file($tempFile['tmp_name'], $filetowrite);

            // Respond to the successful upload with JSON.
            echo json_encode(array('location' => $filetowrite));
        } else {
            // Notify editor that the upload failed
            header("HTTP/1.1 500 Server Error");
        }
    }


    /**
     * Upload for the file input in the configuration
     */
    public function fileInputConfigUpload()
    {
        //security checks, only admins can upload images to config
        $this->onlyAdmin();
        if (!$this->container->getRequest()->isPost()) {
            throw new JsonException('Call is not post');
filter:
    dependency_paths: ["lib/*"]
        }
        $tempFile = $this->request->getUploadedFiles();

        //need to clean up
        if (is_uploaded_file($tempFile['tmp_name'])) {
            if (!$this->isimageValid($tempFile['name'])) {
                echo json_encode(array('error' => 'Invalid name or file extension'));
                return;
            }

            $filetowrite = $this->configFolder . $tempFile['name'];
            move_uploaded_file($tempFile['tmp_name'], $filetowrite);

            // Respond to the successful upload with JSON.
            echo json_encode(array('location' => $filetowrite));
        } else {
            // Notify editor that the upload failed
            echo json_encode(array('error' => 'Upload failed'));
        }
    }


}

1			<?php
2
3			namespace App\Controllers\Ajax;
4
5			use Core\AjaxController;
6
7			class ImageUpload extends AjaxController
8			{
9			/**
10			* @var string the image upload folder, must be writable
11			*/
12			private $imageFolder = "uploaded_images/";
13			private $configFolder = "config_images/";
14			private $userFolder = "user_images/";
			0 ignored issues – show introduced 2018-09-15 23:02 UTC by Report Bug Copy Issue Report The private property `$userFolder` is not used, and could be removed. Loading history...
15
16			/**
17			* check if the image name is valid
18			* @param $image string filename to check
19			* @return bool if image name is valid
20			*
21			*/
22			private function isimageValid($image)
23			{
24			// Sanitize input
25			if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])\|([\.]{2,})/", $image)) {
26			return false;
27			}
28
29			// Verify extension
30			if (!in_array(strtolower(pathinfo($image, PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) {
31			return false;
32			}
33
34			return true;
35			}
36
37			/**
38			* Upload images from TinyMCE
39			* grabbed from https://www.codexworld.com/tinymce-upload-image-to-server-using-php/
40			*/
41			public function tinymceUpload()
42			{
43			//security checks, only admins can upload images to posts
44			$this->onlyAdmin();
45			if (!$this->container->getRequest()->isPost()) {
46			throw new \Core\JsonException('Call is not post');
47			}
48
49			$tempFile = $this->request->getUploadedFiles();
50
51			//need to clean up
52			if (is_uploaded_file($tempFile['tmp_name'])) {
53			if (!$this->isimageValid($tempFile['name'])) {
54			header("HTTP/1.1 400 Invalid file name or file extension.");
55			return;
56			}
57
58			$filetowrite = $this->imageFolder . $tempFile['name'];
59			move_uploaded_file($tempFile['tmp_name'], $filetowrite);
60
61			// Respond to the successful upload with JSON.
62			echo json_encode(array('location' => $filetowrite));
63			} else {
64			// Notify editor that the upload failed
65			header("HTTP/1.1 500 Server Error");
66			}
67			}
68
69
70			/**
71			* Upload for the file input in the configuration
72			*/
73			public function fileInputConfigUpload()
74			{
75			//security checks, only admins can upload images to config
76			$this->onlyAdmin();
77			if (!$this->container->getRequest()->isPost()) {
78			throw new JsonException('Call is not post');
			0 ignored issues – show Bug introduced 2018-09-15 23:02 UTC by Report Bug Copy Issue Report The type `App\Controllers\Ajax\JsonException` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
79			}
80			$tempFile = $this->request->getUploadedFiles();
81
82			//need to clean up
83			if (is_uploaded_file($tempFile['tmp_name'])) {
84			if (!$this->isimageValid($tempFile['name'])) {
85			echo json_encode(array('error' => 'Invalid name or file extension'));
86			return;
87			}
88
89			$filetowrite = $this->configFolder . $tempFile['name'];
90			move_uploaded_file($tempFile['tmp_name'], $filetowrite);
91
92			// Respond to the successful upload with JSON.
93			echo json_encode(array('location' => $filetowrite));
94			} else {
95			// Notify editor that the upload failed
96			echo json_encode(array('error' => 'Upload failed'));
97			}
98			}
99
100
101			}

Starbugstone / blogoc

Pull Request — Showing-Posts (#50)

ImageUpload::isimageValid() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like