Issues in upload.php - All Issues - Inspection of "FileHandler: Fix bug reports from Scrutinizer" - UB-Mannheim/PalMA - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (f6660f)

by Stefan

created 2018-03-23 21:17 UTC

upload.php (2 issues)

Labels

Severity

<?php

// Copyright (C) 2014-2015 Universitätsbibliothek Mannheim
// See file LICENSE for license details.

// Connect to database and get configuration constants.
require_once('DBConnector.class.php');

if (empty($_FILES)) {
    $error = 99;
    $filename = 'unknown';
} else {
    $error = $_FILES['file']['error'];
    $filename = $_FILES['file']['name'];
}

if (!is_dir(CONFIG_UPLOAD_DIR)) {
    /* Target directory is missing, so create it now. */
    mkdir(CONFIG_UPLOAD_DIR, 0755);
}

if ($error == UPLOAD_ERR_OK || "downloaded_from_url") {
    # All uploaded files are collected in the upload directory.
    # If necessary, an index is added to get a unique filename.
    $tempFile = $_FILES['file']['tmp_name'];
    $targetFile = CONFIG_UPLOAD_DIR . "/$filename";
    $index = 0;
    $fparts = pathinfo($filename);
    $fname = $fparts['filename'];
    $ftype = null;
    if (isset($fparts['extension'])) {
        $ftype = $fparts['extension'];
    }
    while (file_exists($targetFile)) {
        $index++;
        if ($ftype) {
            $targetFile = CONFIG_UPLOAD_DIR . "/$fname-$index.$ftype";
        } else {
            $targetFile = CONFIG_UPLOAD_DIR . "/$fname-$index";
        }
    }
    trace("upload '$tempFile' to '$targetFile'");
    if (is_uploaded_file($tempFile)) {
        move_uploaded_file($tempFile, $targetFile);
    } elseif ($error == "downloaded_from_url") {
        rename($tempFile, $targetFile);
    } else {
        trace("upload failed!");
    }

} else {
    // Support localisation.
    require_once('i12n.php');

    $targetFile = CONFIG_UPLOAD_DIR . "/error.html";
    $f = fopen($targetFile, 'w');
    if ($f) {

        switch ($error) {
            case UPLOAD_ERR_INI_SIZE:
                $message = __("This file is too large.");
                break;
            case UPLOAD_ERR_FORM_SIZE:
                $message = __("Large files are not supported.");
                break;
            case UPLOAD_ERR_PARTIAL:
                $message = __("File was only partially uploaded.");
                break;
            default:
                $message = sprintf(__("Error code %s."), $error);
                break;
        }
        fprintf($f, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"");
        fprintf($f, "\"http://www.w3.org/TR/html4/strict.dtd\">");
        fprintf($f, "<html>\n");
        fprintf($f, "<head>\n");
        fprintf($f, "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n");
        fprintf($f, "<title>Error</title>\n");
        fprintf($f, "</head>\n");
        fprintf($f, "<body>\n");
        fprintf($f, "<p>\n");
        fprintf($f, __("File '%s' cannot be shown.") . "<br>\n%s\n",
                $filename, $message);
        fprintf($f, "</p>\n");
        fprintf($f, "</body>\n");
        fprintf($f, "</html>\n");
        fclose($f);
    }
    $targetFile = "file:///$targetFile";
}

  // Get information of application for uploaded file.
  require_once ('FileHandler.class.php');
  list ($returnedHandler, $returnedTargetFile) = FileHandler::getFileHandler($targetFile);
  $handler = $returnedHandler;
  $targetFile = $returnedTargetFile;
  trace("file is now $targetFile, its handler is $handler");

  // create window object and send to nuc

  $dt = new DateTime();
  $date = $dt->format('Y-m-d H:i:s');

    $window = array(
        "id" => "",
        "win_id" => "",
        "name" => "",
        "state" => "",
        "file" => $targetFile,
        "handler" => $handler,
        "userid" => "",
        "date" => $date
    );

    //echo "<body onLoad=\"sendToNuc('newWindow=".serialize($window)."')\" /></body>";


    $serializedWindow = serialize($window);

    $sw = urlencode($serializedWindow);
    // Get cURL resource
    $curl = curl_init();
    // Set some options - we are passing in a useragent too here
    curl_setopt_array($curl, array(
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_URL => CONFIG_CONTROL_FILE . '?newWindow=' . $sw,
        CURLOPT_USERAGENT => 'PalMA cURL Request'
    ));
    // Send the request & save response to $resp
    $resp = curl_exec($curl);
    // Close request to clear up some resources
    curl_close($curl);

    trace("upload closed, result='$resp'");


1			<?php
2
3			// Copyright (C) 2014-2015 Universitätsbibliothek Mannheim
4			// See file LICENSE for license details.
5
6			// Connect to database and get configuration constants.
7			require_once('DBConnector.class.php');
8
9			if (empty($_FILES)) {
10			$error = 99;
11			$filename = 'unknown';
12			} else {
13			$error = $_FILES['file']['error'];
14			$filename = $_FILES['file']['name'];
15			}
16
17			if (!is_dir(CONFIG_UPLOAD_DIR)) {
18			/* Target directory is missing, so create it now. */
19			mkdir(CONFIG_UPLOAD_DIR, 0755);
20			}
21
22			if ($error == UPLOAD_ERR_OK \|\| "downloaded_from_url") {
23			# All uploaded files are collected in the upload directory.
24			# If necessary, an index is added to get a unique filename.
25			$tempFile = $_FILES['file']['tmp_name'];
26			$targetFile = CONFIG_UPLOAD_DIR . "/$filename";
27			$index = 0;
28			$fparts = pathinfo($filename);
29			$fname = $fparts['filename'];
30			$ftype = null;
31			if (isset($fparts['extension'])) {
32			$ftype = $fparts['extension'];
33			}
34			while (file_exists($targetFile)) {
35			$index++;
36			if ($ftype) {
37			$targetFile = CONFIG_UPLOAD_DIR . "/$fname-$index.$ftype";
38			} else {
39			$targetFile = CONFIG_UPLOAD_DIR . "/$fname-$index";
40			}
41			}
42			trace("upload '$tempFile' to '$targetFile'");
43			if (is_uploaded_file($tempFile)) {
44			move_uploaded_file($tempFile, $targetFile);
45			} elseif ($error == "downloaded_from_url") {
46			rename($tempFile, $targetFile);
47			} else {
48			trace("upload failed!");
49			}
50
51			} else {
52			// Support localisation.
53			require_once('i12n.php');
54
55			$targetFile = CONFIG_UPLOAD_DIR . "/error.html";
56			$f = fopen($targetFile, 'w');
57			if ($f) {
			0 ignored issues – show introduced 2018-03-23 19:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `$f` is always `false`. Loading history...
58			switch ($error) {
59			case UPLOAD_ERR_INI_SIZE:
60			$message = __("This file is too large.");
61			break;
62			case UPLOAD_ERR_FORM_SIZE:
63			$message = __("Large files are not supported.");
64			break;
65			case UPLOAD_ERR_PARTIAL:
66			$message = __("File was only partially uploaded.");
67			break;
68			default:
69			$message = sprintf(__("Error code %s."), $error);
70			break;
71			}
72			fprintf($f, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"");
73			fprintf($f, "\"http://www.w3.org/TR/html4/strict.dtd\">");
74			fprintf($f, "<html>\n");
75			fprintf($f, "<head>\n");
76			fprintf($f, "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n");
77			fprintf($f, "<title>Error</title>\n");
78			fprintf($f, "</head>\n");
79			fprintf($f, "<body>\n");
80			fprintf($f, "<p>\n");
81			fprintf($f, __("File '%s' cannot be shown.") . "<br>\n%s\n",
82			$filename, $message);
83			fprintf($f, "</p>\n");
84			fprintf($f, "</body>\n");
85			fprintf($f, "</html>\n");
86			fclose($f);
87			}
88			$targetFile = "file:///$targetFile";
89			}
90
91			// Get information of application for uploaded file.
92			require_once ('FileHandler.class.php');
93			list ($returnedHandler, $returnedTargetFile) = FileHandler::getFileHandler($targetFile);
94			$handler = $returnedHandler;
95			$targetFile = $returnedTargetFile;
96			trace("file is now $targetFile, its handler is $handler");
97
98			// create window object and send to nuc
99
100			$dt = new DateTime();
101			$date = $dt->format('Y-m-d H:i:s');
102
103			$window = array(
104			"id" => "",
105			"win_id" => "",
106			"name" => "",
107			"state" => "",
108			"file" => $targetFile,
109			"handler" => $handler,
110			"userid" => "",
111			"date" => $date
112			);
113
114			//echo "<body onLoad=\"sendToNuc('newWindow=".serialize($window)."')\" /></body>";
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-07-29 11:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this `70%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
115
116			$serializedWindow = serialize($window);
117
118			$sw = urlencode($serializedWindow);
119			// Get cURL resource
120			$curl = curl_init();
121			// Set some options - we are passing in a useragent too here
122			curl_setopt_array($curl, array(
123			CURLOPT_RETURNTRANSFER => 1,
124			CURLOPT_URL => CONFIG_CONTROL_FILE . '?newWindow=' . $sw,
125			CURLOPT_USERAGENT => 'PalMA cURL Request'
126			));
127			// Send the request & save response to $resp
128			$resp = curl_exec($curl);
129			// Close request to clear up some resources
130			curl_close($curl);
131
132			trace("upload closed, result='$resp'");
133

UB-Mannheim / PalMA

Branch — master (f6660f)

upload.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like