1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace XoopsModules\Smallworld; |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* jQuery File Upload Plugin PHP Class 6.1.2 |
7
|
|
|
* https://github.com/blueimp/jQuery-File-Upload |
8
|
|
|
* |
9
|
|
|
* Copyright 2010, Sebastian Tschan |
10
|
|
|
* https://blueimp.net |
11
|
|
|
* |
12
|
|
|
* Licensed under the MIT license: |
13
|
|
|
* http://www.opensource.org/licenses/MIT |
14
|
|
|
*/ |
15
|
|
|
|
16
|
|
|
/** |
17
|
|
|
* Class UploadHandler |
18
|
|
|
*/ |
19
|
|
|
class UploadHandler |
20
|
|
|
{ |
21
|
|
|
protected $options; |
22
|
|
|
|
23
|
|
|
// PHP File Upload error message codes: |
24
|
|
|
// http://php.net/manual/en/features.file-upload.errors.php |
25
|
|
|
protected $error_messages = [ |
26
|
|
|
1 => 'The uploaded file exceeds the upload_max_filesize directive in php.ini', |
27
|
|
|
2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form', |
28
|
|
|
3 => 'The uploaded file was only partially uploaded', |
29
|
|
|
4 => 'No file was uploaded', |
30
|
|
|
6 => 'Missing a temporary folder', |
31
|
|
|
7 => 'Failed to write file to disk', |
32
|
|
|
8 => 'A PHP extension stopped the file upload', |
33
|
|
|
'post_max_size' => 'The uploaded file exceeds the post_max_size directive in php.ini', |
34
|
|
|
'max_file_size' => 'File is too big', |
35
|
|
|
'min_file_size' => 'File is too small', |
36
|
|
|
'accept_file_types' => 'Filetype not allowed', |
37
|
|
|
'max_number_of_files' => 'Maximum number of files exceeded', |
38
|
|
|
'max_width' => 'Image exceeds maximum width', |
39
|
|
|
'min_width' => 'Image requires a minimum width', |
40
|
|
|
'max_height' => 'Image exceeds maximum height', |
41
|
|
|
'min_height' => 'Image requires a minimum height', |
42
|
|
|
]; |
43
|
|
|
|
44
|
|
|
/** |
45
|
|
|
* UploadHandler constructor. |
46
|
|
|
* @param null $options |
47
|
|
|
* @param bool $initialize |
48
|
|
|
*/ |
49
|
|
|
public function __construct($options = null, $initialize = true) |
50
|
|
|
{ |
51
|
|
|
$userID = $GLOBALS['xoopsUser']->getVar('uid'); |
52
|
|
|
$this->options = [ |
53
|
|
|
'script_url' => $this->get_full_url() . '/imgupload.php', |
54
|
|
|
'upload_dir' => XOOPS_ROOT_PATH . '/uploads/albums_smallworld/' . $userID . '/', |
55
|
|
|
'upload_url' => XOOPS_URL . '/uploads/albums_smallworld/' . $userID . '/', |
56
|
|
|
'user_dirs' => false, |
57
|
|
|
'mkdir_mode' => 0755, |
58
|
|
|
'param_name' => 'files', |
59
|
|
|
// Set the following option to 'POST', if your server does not support |
60
|
|
|
// DELETE requests. This is a parameter sent to the client: |
61
|
|
|
'delete_type' => 'DELETE', |
62
|
|
|
'access_control_allow_origin' => '*', |
63
|
|
|
'access_control_allow_credentials' => false, |
64
|
|
|
'access_control_allow_methods' => [ |
65
|
|
|
'OPTIONS', |
66
|
|
|
'HEAD', |
67
|
|
|
'GET', |
68
|
|
|
'POST', |
69
|
|
|
'PUT', |
70
|
|
|
'PATCH', |
71
|
|
|
'DELETE', |
72
|
|
|
], |
73
|
|
|
'access_control_allow_headers' => [ |
74
|
|
|
'Content-Type', |
75
|
|
|
'Content-Range', |
76
|
|
|
'Content-Disposition', |
77
|
|
|
], |
78
|
|
|
// Enable to provide file downloads via GET requests to the PHP script: |
79
|
|
|
'download_via_php' => false, |
80
|
|
|
// Defines which files can be displayed inline when downloaded: |
81
|
|
|
'inline_file_types' => '/\.(gif|jpe?g|png|JPE?G)$/i', |
82
|
|
|
// Defines which files (based on their names) are accepted for upload: |
83
|
|
|
'accept_file_types' => '/.+$/i', |
84
|
|
|
// The php.ini settings upload_max_filesize and post_max_size |
85
|
|
|
// take precedence over the following max_file_size setting: |
86
|
|
|
'max_file_size' => null, |
87
|
|
|
'min_file_size' => 1, |
88
|
|
|
// The maximum number of files for the upload directory: |
89
|
|
|
'max_number_of_files' => null, |
90
|
|
|
// Image resolution restrictions: |
91
|
|
|
'max_width' => null, |
92
|
|
|
'max_height' => null, |
93
|
|
|
'min_width' => 1, |
94
|
|
|
'min_height' => 1, |
95
|
|
|
// Set the following option to false to enable resumable uploads: |
96
|
|
|
'discard_aborted_uploads' => true, |
97
|
|
|
// Set to true to rotate images based on EXIF meta data, if available: |
98
|
|
|
'orient_image' => false, |
99
|
|
|
'image_versions' => [ |
100
|
|
|
// Uncomment the following version to restrict the size of |
101
|
|
|
// uploaded images: |
102
|
|
|
/* |
103
|
|
|
'' => array( |
104
|
|
|
'max_width' => 1920, |
105
|
|
|
'max_height' => 1200, |
106
|
|
|
'jpeg_quality' => 95 |
107
|
|
|
), |
108
|
|
|
*/ |
109
|
|
|
// Uncomment the following to create medium sized images: |
110
|
|
|
/* |
111
|
|
|
'medium' => array( |
112
|
|
|
'max_width' => 800, |
113
|
|
|
'max_height' => 600, |
114
|
|
|
'jpeg_quality' => 80 |
115
|
|
|
), |
116
|
|
|
*/ |
117
|
|
|
'thumbnails' => [ |
118
|
|
|
'upload_dir' => XOOPS_ROOT_PATH . '/uploads/albums_smallworld' . '/' . $userID . '/thumbnails/', |
119
|
|
|
'upload_url' => XOOPS_URL . '/uploads/albums_smallworld' . '/' . $userID . '/thumbnails/', |
120
|
|
|
'max_width' => 80, |
121
|
|
|
'max_height' => 80, |
122
|
|
|
], |
123
|
|
|
], |
124
|
|
|
]; |
125
|
|
|
if ($options) { |
126
|
|
|
$this->options = array_merge($this->options, $options); |
127
|
|
|
} |
128
|
|
|
if ($initialize) { |
129
|
|
|
$this->initialize(); |
130
|
|
|
} |
131
|
|
|
} |
132
|
|
|
|
133
|
|
|
protected function initialize() |
134
|
|
|
{ |
135
|
|
|
switch ($_SERVER['REQUEST_METHOD']) { |
136
|
|
|
case 'OPTIONS': |
137
|
|
|
case 'HEAD': |
138
|
|
|
$this->head(); |
139
|
|
|
break; |
140
|
|
|
case 'GET': |
141
|
|
|
$this->get(); |
142
|
|
|
break; |
143
|
|
|
case 'PATCH': |
144
|
|
|
case 'PUT': |
145
|
|
|
case 'POST': |
146
|
|
|
$this->post(); |
147
|
|
|
break; |
148
|
|
|
case 'DELETE': |
149
|
|
|
$this->delete(); |
150
|
|
|
break; |
151
|
|
|
default: |
152
|
|
|
$this->header('HTTP/1.1 405 Method Not Allowed'); |
153
|
|
|
} |
154
|
|
|
} |
155
|
|
|
|
156
|
|
|
/** |
157
|
|
|
* @return string |
158
|
|
|
*/ |
159
|
|
|
protected function get_full_url() |
160
|
|
|
{ |
161
|
|
|
$https = !empty($_SERVER['HTTPS']) && 'off' !== $_SERVER['HTTPS']; |
162
|
|
|
|
163
|
|
|
return ($https ? 'https://' : 'http://') |
164
|
|
|
. (!empty($_SERVER['REMOTE_USER']) ? $_SERVER['REMOTE_USER'] . '@' : '') |
165
|
|
|
. (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ($_SERVER['SERVER_NAME'] . ($https && 443 === $_SERVER['SERVER_PORT'] || 80 === $_SERVER['SERVER_PORT'] ? '' : ':' |
166
|
|
|
. $_SERVER['SERVER_PORT']))) |
167
|
|
|
. mb_substr($_SERVER['SCRIPT_NAME'], 0, mb_strrpos($_SERVER['SCRIPT_NAME'], '/')); |
168
|
|
|
} |
169
|
|
|
|
170
|
|
|
/** |
171
|
|
|
* @return string |
172
|
|
|
*/ |
173
|
|
|
protected function get_user_id() |
174
|
|
|
{ |
175
|
|
|
@session_start(); |
|
|
|
|
176
|
|
|
|
177
|
|
|
return session_id(); |
178
|
|
|
} |
179
|
|
|
|
180
|
|
|
/** |
181
|
|
|
* @return string |
182
|
|
|
*/ |
183
|
|
|
protected function get_user_path() |
184
|
|
|
{ |
185
|
|
|
if ($this->options['user_dirs']) { |
186
|
|
|
return $this->get_user_id() . '/'; |
187
|
|
|
} |
188
|
|
|
|
189
|
|
|
return ''; |
190
|
|
|
} |
191
|
|
|
|
192
|
|
|
/** |
193
|
|
|
* @param null|string $file_name |
194
|
|
|
* @param null $version |
195
|
|
|
* @return string |
196
|
|
|
*/ |
197
|
|
|
protected function get_upload_path($file_name = null, $version = null) |
198
|
|
|
{ |
199
|
|
|
$file_name = $file_name ?: ''; |
200
|
|
|
$version_path = empty($version) ? '' : $version . '/'; |
201
|
|
|
|
202
|
|
|
return $this->options['upload_dir'] . $this->get_user_path() . $version_path . $file_name; |
203
|
|
|
} |
204
|
|
|
|
205
|
|
|
/** |
206
|
|
|
* @param $url |
207
|
|
|
* @return string |
208
|
|
|
*/ |
209
|
|
|
protected function get_query_separator($url) |
210
|
|
|
{ |
211
|
|
|
return false === mb_strpos($url, '?') ? '?' : '&'; |
212
|
|
|
} |
213
|
|
|
|
214
|
|
|
/** |
215
|
|
|
* @param $file_name |
216
|
|
|
* @param null $version |
217
|
|
|
* @return string |
218
|
|
|
*/ |
219
|
|
|
protected function get_download_url($file_name, $version = null) |
220
|
|
|
{ |
221
|
|
|
if ($this->options['download_via_php']) { |
222
|
|
|
$url = $this->options['script_url'] . $this->get_query_separator($this->options['script_url']) . 'file=' . rawurlencode($file_name); |
223
|
|
|
if ($version) { |
224
|
|
|
$url .= '&version=' . rawurlencode($version); |
225
|
|
|
} |
226
|
|
|
|
227
|
|
|
return $url . '&download=1'; |
228
|
|
|
} |
229
|
|
|
$version_path = empty($version) ? '' : rawurlencode($version) . '/'; |
230
|
|
|
|
231
|
|
|
return $this->options['upload_url'] . $this->get_user_path() . $version_path . rawurlencode($file_name); |
232
|
|
|
} |
233
|
|
|
|
234
|
|
|
/** |
235
|
|
|
* @param $file |
236
|
|
|
*/ |
237
|
|
|
protected function set_file_delete_properties($file) |
238
|
|
|
{ |
239
|
|
|
$file->delete_url = $this->options['script_url'] . $this->get_query_separator($this->options['script_url']) . 'file=' . rawurlencode($file->name); |
240
|
|
|
$file->delete_type = $this->options['delete_type']; |
241
|
|
|
if ('DELETE' !== $file->delete_type) { |
242
|
|
|
$file->delete_url .= '&_method=DELETE'; |
243
|
|
|
} |
244
|
|
|
if ($this->options['access_control_allow_credentials']) { |
245
|
|
|
$file->delete_with_credentials = true; |
246
|
|
|
} |
247
|
|
|
} |
248
|
|
|
|
249
|
|
|
// Fix for overflowing signed 32 bit integers, |
250
|
|
|
// works for sizes up to 2^32-1 bytes (4 GiB - 1): |
251
|
|
|
|
252
|
|
|
/** |
253
|
|
|
* @param $size |
254
|
|
|
* @return float|int |
255
|
|
|
*/ |
256
|
|
|
protected function fix_integer_overflow($size) |
257
|
|
|
{ |
258
|
|
|
if ($size < 0) { |
259
|
|
|
$size += 2.0 * (PHP_INT_MAX + 1); |
260
|
|
|
} |
261
|
|
|
|
262
|
|
|
return $size; |
263
|
|
|
} |
264
|
|
|
|
265
|
|
|
/** |
266
|
|
|
* @param $file_path |
267
|
|
|
* @param bool $clear_stat_cache |
268
|
|
|
* @return float|int |
269
|
|
|
*/ |
270
|
|
|
protected function get_file_size($file_path, $clear_stat_cache = false) |
271
|
|
|
{ |
272
|
|
|
if ($clear_stat_cache) { |
273
|
|
|
clearstatcache(true, $file_path); |
274
|
|
|
} |
275
|
|
|
|
276
|
|
|
return $this->fix_integer_overflow(filesize($file_path)); |
277
|
|
|
} |
278
|
|
|
|
279
|
|
|
/** |
280
|
|
|
* @param $file_name |
281
|
|
|
* @return bool |
282
|
|
|
*/ |
283
|
|
|
protected function is_valid_file_object($file_name) |
284
|
|
|
{ |
285
|
|
|
$file_path = $this->get_upload_path($file_name); |
286
|
|
|
|
287
|
|
|
return is_file($file_path) && '.' !== $file_name[0]; |
288
|
|
|
} |
289
|
|
|
|
290
|
|
|
/** |
291
|
|
|
* @param $file_name |
292
|
|
|
* @return null|\stdClass |
293
|
|
|
*/ |
294
|
|
|
protected function get_file_object($file_name) |
295
|
|
|
{ |
296
|
|
|
if ($this->is_valid_file_object($file_name)) { |
297
|
|
|
$file = new \stdClass(); |
298
|
|
|
$file->name = $file_name; |
299
|
|
|
$file->size = $this->get_file_size($this->get_upload_path($file_name)); |
300
|
|
|
$file->url = $this->get_download_url($file->name); |
301
|
|
|
foreach ($this->options['image_versions'] as $version => $options) { |
|
|
|
|
302
|
|
|
if (!empty($version)) { |
303
|
|
|
if (is_file($this->get_upload_path($file_name, $version))) { |
304
|
|
|
$file->{$version . '_url'} = $this->get_download_url($file->name, $version); |
305
|
|
|
} |
306
|
|
|
} |
307
|
|
|
} |
308
|
|
|
$this->set_file_delete_properties($file); |
309
|
|
|
|
310
|
|
|
return $file; |
311
|
|
|
} |
312
|
|
|
|
313
|
|
|
return null; |
314
|
|
|
} |
315
|
|
|
|
316
|
|
|
/** |
317
|
|
|
* @param string $iteration_method |
318
|
|
|
* @return array |
319
|
|
|
*/ |
320
|
|
|
protected function get_file_objects($iteration_method = 'get_file_object') |
321
|
|
|
{ |
322
|
|
|
$upload_dir = $this->get_upload_path(); |
323
|
|
|
if (!is_dir($upload_dir)) { |
324
|
|
|
return []; |
325
|
|
|
} |
326
|
|
|
|
327
|
|
|
return array_values(array_filter(array_map([$this, $iteration_method], scandir($upload_dir, SCANDIR_SORT_NONE)))); |
328
|
|
|
} |
329
|
|
|
|
330
|
|
|
/** |
331
|
|
|
* @return int |
332
|
|
|
*/ |
333
|
|
|
protected function count_file_objects() |
334
|
|
|
{ |
335
|
|
|
return count($this->get_file_objects('is_valid_file_object')); |
336
|
|
|
} |
337
|
|
|
|
338
|
|
|
/** |
339
|
|
|
* @param $file_name |
340
|
|
|
* @param $version |
341
|
|
|
* @param $options |
342
|
|
|
* @return bool |
343
|
|
|
*/ |
344
|
|
|
protected function create_scaled_image($file_name, $version, $options) |
345
|
|
|
{ |
346
|
|
|
$file_path = $this->get_upload_path($file_name); |
347
|
|
|
if (!empty($version)) { |
348
|
|
|
$version_dir = $this->get_upload_path(null, $version); |
349
|
|
View Code Duplication |
if (!is_dir($version_dir)) { |
|
|
|
|
350
|
|
|
if (!mkdir($version_dir, $this->options['mkdir_mode'], true) && !is_dir($version_dir)) { |
351
|
|
|
throw new \RuntimeException(sprintf('Directory "%s" was not created', $version_dir)); |
352
|
|
|
} |
353
|
|
|
} |
354
|
|
|
$new_file_path = $version_dir . '/' . $file_name; |
355
|
|
|
} else { |
356
|
|
|
$new_file_path = $file_path; |
357
|
|
|
} |
358
|
|
|
list($img_width, $img_height) = @getimagesize($file_path); |
359
|
|
|
if (!$img_width || !$img_height) { |
360
|
|
|
return false; |
361
|
|
|
} |
362
|
|
|
$scale = min($options['max_width'] / $img_width, $options['max_height'] / $img_height); |
363
|
|
|
if ($scale >= 1) { |
364
|
|
|
if ($file_path !== $new_file_path) { |
365
|
|
|
return copy($file_path, $new_file_path); |
366
|
|
|
} |
367
|
|
|
|
368
|
|
|
return true; |
369
|
|
|
} |
370
|
|
|
$new_width = $img_width * $scale; |
371
|
|
|
$new_height = $img_height * $scale; |
372
|
|
|
$new_img = @imagecreatetruecolor($new_width, $new_height); |
373
|
|
|
switch (mb_strtolower(mb_substr(mb_strrchr($file_name, '.'), 1))) { |
374
|
|
|
case 'jpg': |
375
|
|
|
case 'jpeg': |
376
|
|
|
$src_img = @imagecreatefromjpeg($file_path); |
377
|
|
|
$write_image = 'imagejpeg'; |
378
|
|
|
$image_quality = isset($options['jpeg_quality']) ? $options['jpeg_quality'] : 75; |
379
|
|
|
break; |
380
|
|
|
case 'gif': |
381
|
|
|
@imagecolortransparent($new_img, @imagecolorallocate($new_img, 0, 0, 0)); |
|
|
|
|
382
|
|
|
$src_img = @imagecreatefromgif($file_path); |
383
|
|
|
$write_image = 'imagegif'; |
384
|
|
|
$image_quality = null; |
385
|
|
|
break; |
386
|
|
|
case 'png': |
387
|
|
|
@imagecolortransparent($new_img, @imagecolorallocate($new_img, 0, 0, 0)); |
|
|
|
|
388
|
|
|
@imagealphablending($new_img, false); |
|
|
|
|
389
|
|
|
@imagesavealpha($new_img, true); |
|
|
|
|
390
|
|
|
$src_img = @imagecreatefrompng($file_path); |
391
|
|
|
$write_image = 'imagepng'; |
392
|
|
|
$image_quality = isset($options['png_quality']) ? $options['png_quality'] : 9; |
393
|
|
|
break; |
394
|
|
|
default: |
395
|
|
|
$src_img = null; |
396
|
|
|
} |
397
|
|
|
$success = $src_img && @imagecopyresampled($new_img, $src_img, 0, 0, 0, 0, $new_width, $new_height, $img_width, $img_height) && $write_image($new_img, $new_file_path, $image_quality); |
|
|
|
|
398
|
|
|
// Free up memory (imagedestroy does not delete files): |
399
|
|
|
@imagedestroy($src_img); |
|
|
|
|
400
|
|
|
@imagedestroy($new_img); |
|
|
|
|
401
|
|
|
|
402
|
|
|
return $success; |
403
|
|
|
} |
404
|
|
|
|
405
|
|
|
/** |
406
|
|
|
* @param $error |
407
|
|
|
* @return mixed |
408
|
|
|
*/ |
409
|
|
|
protected function get_error_message($error) |
410
|
|
|
{ |
411
|
|
|
return array_key_exists($error, $this->error_messages) ? $this->error_messages[$error] : $error; |
412
|
|
|
} |
413
|
|
|
|
414
|
|
|
/** |
415
|
|
|
* @param $val |
416
|
|
|
* @return float|int |
417
|
|
|
*/ |
418
|
|
|
public function get_config_bytes($val) |
419
|
|
|
{ |
420
|
|
|
$val = trim($val); |
421
|
|
|
$last = mb_strtolower($val[mb_strlen($val) - 1]); |
422
|
|
|
switch ($last) { |
423
|
|
|
case 'g': |
424
|
|
|
$val *= 1024; |
425
|
|
|
// no break |
426
|
|
|
case 'm': |
427
|
|
|
$val *= 1024; |
428
|
|
|
// no break |
429
|
|
|
case 'k': |
430
|
|
|
$val *= 1024; |
431
|
|
|
} |
432
|
|
|
|
433
|
|
|
return $this->fix_integer_overflow($val); |
434
|
|
|
} |
435
|
|
|
|
436
|
|
|
/** |
437
|
|
|
* @param $uploaded_file |
438
|
|
|
* @param $file |
439
|
|
|
* @param $error |
440
|
|
|
* @param $index |
441
|
|
|
* @return bool |
442
|
|
|
*/ |
443
|
|
|
protected function validate($uploaded_file, $file, $error, $index) |
|
|
|
|
444
|
|
|
{ |
445
|
|
|
if ($error) { |
446
|
|
|
$file->error = $this->get_error_message($error); |
447
|
|
|
|
448
|
|
|
return false; |
449
|
|
|
} |
450
|
|
|
$content_length = $this->fix_integer_overflow((int)$_SERVER['CONTENT_LENGTH']); |
451
|
|
|
$post_max_size = $this->get_config_bytes(ini_get('post_max_size')); |
452
|
|
|
if ($post_max_size && ($content_length > $post_max_size)) { |
453
|
|
|
$file->error = $this->get_error_message('post_max_size'); |
454
|
|
|
|
455
|
|
|
return false; |
456
|
|
|
} |
457
|
|
|
if (!preg_match($this->options['accept_file_types'], $file->name)) { |
458
|
|
|
$file->error = $this->get_error_message('accept_file_types'); |
459
|
|
|
|
460
|
|
|
return false; |
461
|
|
|
} |
462
|
|
|
if ($uploaded_file && is_uploaded_file($uploaded_file)) { |
463
|
|
|
$file_size = $this->get_file_size($uploaded_file); |
464
|
|
|
} else { |
465
|
|
|
$file_size = $content_length; |
466
|
|
|
} |
467
|
|
|
if ($this->options['max_file_size'] && ($file_size > $this->options['max_file_size'] || $file->size > $this->options['max_file_size'])) { |
468
|
|
|
$file->error = $this->get_error_message('max_file_size'); |
469
|
|
|
|
470
|
|
|
return false; |
471
|
|
|
} |
472
|
|
|
if ($this->options['min_file_size'] && $file_size < $this->options['min_file_size']) { |
473
|
|
|
$file->error = $this->get_error_message('min_file_size'); |
474
|
|
|
|
475
|
|
|
return false; |
476
|
|
|
} |
477
|
|
|
if (is_int($this->options['max_number_of_files']) && ($this->count_file_objects() >= $this->options['max_number_of_files'])) { |
478
|
|
|
$file->error = $this->get_error_message('max_number_of_files'); |
479
|
|
|
|
480
|
|
|
return false; |
481
|
|
|
} |
482
|
|
|
list($img_width, $img_height) = @getimagesize($uploaded_file); |
483
|
|
|
if (is_int($img_width)) { |
484
|
|
View Code Duplication |
if ($this->options['max_width'] && $img_width > $this->options['max_width']) { |
|
|
|
|
485
|
|
|
$file->error = $this->get_error_message('max_width'); |
486
|
|
|
|
487
|
|
|
return false; |
488
|
|
|
} |
489
|
|
View Code Duplication |
if ($this->options['max_height'] && $img_height > $this->options['max_height']) { |
|
|
|
|
490
|
|
|
$file->error = $this->get_error_message('max_height'); |
491
|
|
|
|
492
|
|
|
return false; |
493
|
|
|
} |
494
|
|
View Code Duplication |
if ($this->options['min_width'] && $img_width < $this->options['min_width']) { |
|
|
|
|
495
|
|
|
$file->error = $this->get_error_message('min_width'); |
496
|
|
|
|
497
|
|
|
return false; |
498
|
|
|
} |
499
|
|
View Code Duplication |
if ($this->options['min_height'] && $img_height < $this->options['min_height']) { |
|
|
|
|
500
|
|
|
$file->error = $this->get_error_message('min_height'); |
501
|
|
|
|
502
|
|
|
return false; |
503
|
|
|
} |
504
|
|
|
} |
505
|
|
|
|
506
|
|
|
return true; |
507
|
|
|
} |
508
|
|
|
|
509
|
|
|
/** |
510
|
|
|
* @param $matches |
511
|
|
|
* @return string |
512
|
|
|
*/ |
513
|
|
|
protected function upcount_name_callback($matches) |
514
|
|
|
{ |
515
|
|
|
$index = isset($matches[1]) ? (int)$matches[1] + 1 : 1; |
516
|
|
|
$ext = isset($matches[2]) ? $matches[2] : ''; |
517
|
|
|
|
518
|
|
|
return ' (' . $index . ')' . $ext; |
519
|
|
|
} |
520
|
|
|
|
521
|
|
|
/** |
522
|
|
|
* @param $name |
523
|
|
|
* @return null|string|string[] |
524
|
|
|
*/ |
525
|
|
|
protected function upcount_name($name) |
526
|
|
|
{ |
527
|
|
|
return preg_replace_callback('/(?:(?: \(([\d]+)\))?(\.[^.]+))?$/', [$this, 'upcount_name_callback'], $name, 1); |
528
|
|
|
} |
529
|
|
|
|
530
|
|
|
/** |
531
|
|
|
* @param $name |
532
|
|
|
* @param $type |
533
|
|
|
* @param $index |
534
|
|
|
* @param $content_range |
535
|
|
|
* @return null|string|string[] |
536
|
|
|
*/ |
537
|
|
|
protected function get_unique_filename($name, $type, $index, $content_range) |
|
|
|
|
538
|
|
|
{ |
539
|
|
|
while (is_dir($this->get_upload_path($name))) { |
540
|
|
|
$name = $this->upcount_name($name); |
541
|
|
|
} |
542
|
|
|
// Keep an existing filename if this is part of a chunked upload: |
543
|
|
|
$uploaded_bytes = $this->fix_integer_overflow((int)$content_range[1]); |
544
|
|
|
while (is_file($this->get_upload_path($name))) { |
545
|
|
|
if ($uploaded_bytes === $this->get_file_size($this->get_upload_path($name))) { |
546
|
|
|
break; |
547
|
|
|
} |
548
|
|
|
$name = $this->upcount_name($name); |
549
|
|
|
} |
550
|
|
|
|
551
|
|
|
return $name; |
552
|
|
|
} |
553
|
|
|
|
554
|
|
|
/** |
555
|
|
|
* @param $name |
556
|
|
|
* @param $type |
557
|
|
|
* @param $index |
558
|
|
|
* @param $content_range |
559
|
|
|
* @return mixed|string |
560
|
|
|
*/ |
561
|
|
|
protected function trim_file_name($name, $type, $index, $content_range) |
|
|
|
|
562
|
|
|
{ |
563
|
|
|
// Remove path information and dots around the filename, to prevent uploading |
564
|
|
|
// into different directories or replacing hidden system files. |
565
|
|
|
// Also remove control characters and spaces (\x00..\x20) around the filename: |
566
|
|
|
$name = trim(basename(stripslashes($name)), ".\x00..\x20"); |
567
|
|
|
// Use a timestamp for empty filenames: |
568
|
|
|
if (!$name) { |
569
|
|
|
$name = str_replace('.', '-', microtime(true)); |
570
|
|
|
} |
571
|
|
|
// Add missing file extension for known image types: |
572
|
|
|
if (false === mb_strpos($name, '.') && preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) { |
573
|
|
|
$name .= '.' . $matches[1]; |
574
|
|
|
} |
575
|
|
|
|
576
|
|
|
return $name; |
577
|
|
|
} |
578
|
|
|
|
579
|
|
|
/** |
580
|
|
|
* @param $name |
581
|
|
|
* @param $type |
582
|
|
|
* @param $index |
583
|
|
|
* @param $content_range |
584
|
|
|
* @return null|string|string[] |
585
|
|
|
*/ |
586
|
|
|
protected function get_file_name($name, $type, $index, $content_range) |
587
|
|
|
{ |
588
|
|
|
return $this->get_unique_filename($this->trim_file_name($name, $type, $index, $content_range), $type, $index, $content_range); |
589
|
|
|
} |
590
|
|
|
|
591
|
|
|
/** |
592
|
|
|
* @param $file |
593
|
|
|
* @param $index |
594
|
|
|
*/ |
595
|
|
|
protected function handle_form_data($file, $index) |
|
|
|
|
596
|
|
|
{ |
597
|
|
|
// Handle form data, e.g. $_REQUEST['description'][$index] |
598
|
|
|
} |
599
|
|
|
|
600
|
|
|
/** |
601
|
|
|
* @param $file_path |
602
|
|
|
* @return bool |
603
|
|
|
*/ |
604
|
|
|
protected function orient_image($file_path) |
605
|
|
|
{ |
606
|
|
|
if (!function_exists('exif_read_data')) { |
607
|
|
|
return false; |
608
|
|
|
} |
609
|
|
|
$exif = @exif_read_data($file_path); |
610
|
|
|
if (false === $exif) { |
611
|
|
|
return false; |
612
|
|
|
} |
613
|
|
|
$orientation = (int)(@$exif['Orientation']); |
614
|
|
|
if (!in_array($orientation, [3, 6, 8])) { |
615
|
|
|
return false; |
616
|
|
|
} |
617
|
|
|
$image = @imagecreatefromjpeg($file_path); |
618
|
|
|
switch ($orientation) { |
619
|
|
|
case 3: |
620
|
|
|
$image = @imagerotate($image, 180, 0); |
621
|
|
|
break; |
622
|
|
|
case 6: |
623
|
|
|
$image = @imagerotate($image, 270, 0); |
624
|
|
|
break; |
625
|
|
|
case 8: |
626
|
|
|
$image = @imagerotate($image, 90, 0); |
627
|
|
|
break; |
628
|
|
|
default: |
629
|
|
|
return false; |
630
|
|
|
} |
631
|
|
|
$success = imagejpeg($image, $file_path); |
632
|
|
|
// Free up memory (imagedestroy does not delete files): |
633
|
|
|
@imagedestroy($image); |
|
|
|
|
634
|
|
|
|
635
|
|
|
return $success; |
636
|
|
|
} |
637
|
|
|
|
638
|
|
|
/** |
639
|
|
|
* @param $uploaded_file |
640
|
|
|
* @param $name |
641
|
|
|
* @param $size |
642
|
|
|
* @param $type |
643
|
|
|
* @param $error |
644
|
|
|
* @param null $index |
645
|
|
|
* @param null $content_range |
646
|
|
|
* @return \stdClass |
647
|
|
|
*/ |
648
|
|
|
protected function handle_file_upload( |
649
|
|
|
$uploaded_file, |
650
|
|
|
$name, |
651
|
|
|
$size, |
652
|
|
|
$type, |
653
|
|
|
$error, |
654
|
|
|
$index = null, |
655
|
|
|
$content_range = null |
656
|
|
|
) |
657
|
|
|
{ |
658
|
|
|
$file = new \stdClass(); |
659
|
|
|
|
660
|
|
|
$file->name = $this->get_file_name($name, $type, $index, $content_range); |
661
|
|
|
$file->size = $this->fix_integer_overflow((int)$size); |
662
|
|
|
$file->type = $type; |
663
|
|
|
|
664
|
|
|
// Save to database for later use |
665
|
|
|
$swDB = new SwDatabase(); |
666
|
|
|
$userid = $GLOBALS['xoopsUser']->getVar('uid'); |
667
|
|
|
|
668
|
|
|
// Generate new name for file |
669
|
|
|
$file->name = basename(stripslashes($name)); |
670
|
|
|
$file->name = time() . mt_rand(0, 99999) . '.' . $this->getFileExtension($name); |
671
|
|
|
$img = XOOPS_URL . '/uploads/albums_smallworld/' . $userid . '/' . $file->name; |
672
|
|
|
$swDB->saveImage("'', '" . $userid . "', '" . $file->name . "', '" . addslashes($img) . "', '" . time() . "', ''"); |
673
|
|
|
|
674
|
|
|
if ($this->validate($uploaded_file, $file, $error, $index)) { |
675
|
|
|
$this->handle_form_data($file, $index); |
676
|
|
|
$upload_dir = $this->get_upload_path(); |
677
|
|
View Code Duplication |
if (!is_dir($upload_dir)) { |
|
|
|
|
678
|
|
|
if (!mkdir($upload_dir, $this->options['mkdir_mode'], true) && !is_dir($upload_dir)) { |
679
|
|
|
throw new \RuntimeException(sprintf('Directory "%s" was not created', $upload_dir)); |
680
|
|
|
} |
681
|
|
|
} |
682
|
|
|
$file_path = $this->get_upload_path($file->name); |
683
|
|
|
$append_file = $content_range && is_file($file_path) && $file->size > $this->get_file_size($file_path); |
684
|
|
|
if ($uploaded_file && is_uploaded_file($uploaded_file)) { |
685
|
|
|
// multipart/formdata uploads (POST method uploads) |
686
|
|
|
if ($append_file) { |
687
|
|
|
file_put_contents($file_path, fopen($uploaded_file, 'rb'), FILE_APPEND); |
688
|
|
|
} else { |
689
|
|
|
move_uploaded_file($uploaded_file, $file_path); |
690
|
|
|
} |
691
|
|
|
} else { |
692
|
|
|
// Non-multipart uploads (PUT method support) |
693
|
|
|
file_put_contents($file_path, fopen('php://input', 'rb'), $append_file ? FILE_APPEND : 0); |
694
|
|
|
} |
695
|
|
|
$file_size = $this->get_file_size($file_path, $append_file); |
696
|
|
|
if ($file_size === $file->size) { |
697
|
|
|
if ($this->options['orient_image']) { |
698
|
|
|
$this->orient_image($file_path); |
699
|
|
|
} |
700
|
|
|
$file->url = $this->get_download_url($file->name); |
701
|
|
|
foreach ($this->options['image_versions'] as $version => $options) { |
|
|
|
|
702
|
|
|
if ($this->create_scaled_image($file->name, $version, $options)) { |
703
|
|
|
if (!empty($version)) { |
704
|
|
|
$file->{$version . '_url'} = $this->get_download_url($file->name, $version); |
705
|
|
|
} else { |
706
|
|
|
$file_size = $this->get_file_size($file_path, true); |
707
|
|
|
} |
708
|
|
|
} |
709
|
|
|
} |
710
|
|
|
} elseif (!$content_range && $this->options['discard_aborted_uploads']) { |
711
|
|
|
unlink($file_path); |
712
|
|
|
$file->error = 'abort'; |
713
|
|
|
} |
714
|
|
|
$file->size = $file_size; |
715
|
|
|
$this->set_file_delete_properties($file); |
716
|
|
|
} |
717
|
|
|
|
718
|
|
|
return $file; |
719
|
|
|
} |
720
|
|
|
|
721
|
|
|
//function to return file extension from a path or file name |
722
|
|
|
|
723
|
|
|
/** |
724
|
|
|
* @param $path |
725
|
|
|
* @return mixed |
726
|
|
|
*/ |
727
|
|
|
public function getFileExtension($path) |
728
|
|
|
{ |
729
|
|
|
$parts = pathinfo($path); |
730
|
|
|
|
731
|
|
|
return $parts['extension']; |
732
|
|
|
} |
733
|
|
|
|
734
|
|
|
/** |
735
|
|
|
* @param $file_path |
736
|
|
|
* @return false|int |
737
|
|
|
*/ |
738
|
|
|
protected function readfile($file_path) |
739
|
|
|
{ |
740
|
|
|
return readfile($file_path); |
741
|
|
|
} |
742
|
|
|
|
743
|
|
|
/** |
744
|
|
|
* @param $str |
745
|
|
|
*/ |
746
|
|
|
protected function body($str) |
747
|
|
|
{ |
748
|
|
|
echo $str; |
749
|
|
|
} |
750
|
|
|
|
751
|
|
|
/** |
752
|
|
|
* @param $str |
753
|
|
|
*/ |
754
|
|
|
protected function header($str) |
755
|
|
|
{ |
756
|
|
|
header($str); |
757
|
|
|
} |
758
|
|
|
|
759
|
|
|
/** |
760
|
|
|
* @param $content |
761
|
|
|
* @param bool $print_response |
762
|
|
|
*/ |
763
|
|
|
protected function generate_response($content, $print_response = true) |
|
|
|
|
764
|
|
|
{ |
765
|
|
|
if ($print_response) { |
766
|
|
|
$json = json_encode($content); |
767
|
|
|
$redirect = isset($_REQUEST['redirect']) ? stripslashes($_REQUEST['redirect']) : null; |
768
|
|
|
if ($redirect) { |
|
|
|
|
769
|
|
|
$this->header('Location: ' . sprintf($redirect, rawurlencode($json))); |
770
|
|
|
|
771
|
|
|
return; |
772
|
|
|
} |
773
|
|
|
$this->head(); |
774
|
|
|
if (isset($_SERVER['HTTP_CONTENT_RANGE'])) { |
775
|
|
|
$files = isset($content[$this->options['param_name']]) ? $content[$this->options['param_name']] : null; |
776
|
|
|
if ($files && is_array($files) && is_object($files[0]) && $files[0]->size) { |
777
|
|
|
$this->header('Range: 0-' . ($this->fix_integer_overflow((int)$files[0]->size) - 1)); |
778
|
|
|
} |
779
|
|
|
} |
780
|
|
|
$this->body($json); |
781
|
|
|
} |
782
|
|
|
|
783
|
|
|
return $content; |
784
|
|
|
} |
785
|
|
|
|
786
|
|
|
/** |
787
|
|
|
* @return null|string |
788
|
|
|
*/ |
789
|
|
|
protected function get_version_param() |
790
|
|
|
{ |
791
|
|
|
return isset($_GET['version']) ? basename(stripslashes($_GET['version'])) : null; |
792
|
|
|
} |
793
|
|
|
|
794
|
|
|
/** |
795
|
|
|
* @return null|string |
796
|
|
|
*/ |
797
|
|
|
protected function get_file_name_param() |
798
|
|
|
{ |
799
|
|
|
return isset($_GET['file']) ? basename(stripslashes($_GET['file'])) : null; |
800
|
|
|
} |
801
|
|
|
|
802
|
|
|
/** |
803
|
|
|
* @param $file_path |
804
|
|
|
* @return string |
805
|
|
|
*/ |
806
|
|
|
protected function get_file_type($file_path) |
807
|
|
|
{ |
808
|
|
|
switch (mb_strtolower(pathinfo($file_path, PATHINFO_EXTENSION))) { |
809
|
|
|
case 'jpeg': |
810
|
|
|
case 'jpg': |
811
|
|
|
return 'image/jpeg'; |
812
|
|
|
case 'png': |
813
|
|
|
return 'image/png'; |
814
|
|
|
case 'gif': |
815
|
|
|
return 'image/gif'; |
816
|
|
|
default: |
817
|
|
|
return ''; |
818
|
|
|
} |
819
|
|
|
} |
820
|
|
|
|
821
|
|
|
protected function download() |
822
|
|
|
{ |
823
|
|
|
if (!$this->options['download_via_php']) { |
824
|
|
|
$this->header('HTTP/1.1 403 Forbidden'); |
825
|
|
|
|
826
|
|
|
return; |
827
|
|
|
} |
828
|
|
|
$file_name = $this->get_file_name_param(); |
829
|
|
|
if ($this->is_valid_file_object($file_name)) { |
830
|
|
|
$file_path = $this->get_upload_path($file_name, $this->get_version_param()); |
|
|
|
|
831
|
|
|
if (is_file($file_path)) { |
832
|
|
|
if (!preg_match($this->options['inline_file_types'], $file_name)) { |
833
|
|
|
$this->header('Content-Description: File Transfer'); |
834
|
|
|
$this->header('Content-Type: application/octet-stream'); |
835
|
|
|
$this->header('Content-Disposition: attachment; filename="' . $file_name . '"'); |
836
|
|
|
$this->header('Content-Transfer-Encoding: binary'); |
837
|
|
|
} else { |
838
|
|
|
// Prevent Internet Explorer from MIME-sniffing the content-type: |
839
|
|
|
$this->header('X-Content-Type-Options: nosniff'); |
840
|
|
|
$this->header('Content-Type: ' . $this->get_file_type($file_path)); |
841
|
|
|
$this->header('Content-Disposition: inline; filename="' . $file_name . '"'); |
842
|
|
|
} |
843
|
|
|
$this->header('Content-Length: ' . $this->get_file_size($file_path)); |
844
|
|
|
$this->header('Last-Modified: ' . gmdate('D, d M Y H:i:s T', filemtime($file_path))); |
845
|
|
|
$this->readfile($file_path); |
846
|
|
|
} |
847
|
|
|
} |
848
|
|
|
} |
849
|
|
|
|
850
|
|
|
protected function send_content_type_header() |
851
|
|
|
{ |
852
|
|
|
$this->header('Vary: Accept'); |
853
|
|
|
if (isset($_SERVER['HTTP_ACCEPT']) && (false !== mb_strpos($_SERVER['HTTP_ACCEPT'], 'application/json'))) { |
854
|
|
|
$this->header('Content-type: application/json'); |
855
|
|
|
} else { |
856
|
|
|
$this->header('Content-type: text/plain'); |
857
|
|
|
} |
858
|
|
|
} |
859
|
|
|
|
860
|
|
|
protected function send_access_control_headers() |
861
|
|
|
{ |
862
|
|
|
$this->header('Access-Control-Allow-Origin: ' . $this->options['access_control_allow_origin']); |
863
|
|
|
$this->header('Access-Control-Allow-Credentials: ' . ($this->options['access_control_allow_credentials'] ? 'true' : 'false')); |
864
|
|
|
$this->header('Access-Control-Allow-Methods: ' . implode(', ', $this->options['access_control_allow_methods'])); |
865
|
|
|
$this->header('Access-Control-Allow-Headers: ' . implode(', ', $this->options['access_control_allow_headers'])); |
866
|
|
|
} |
867
|
|
|
|
868
|
|
|
public function head() |
869
|
|
|
{ |
870
|
|
|
$this->header('Pragma: no-cache'); |
871
|
|
|
$this->header('Cache-Control: no-store, no-cache, must-revalidate'); |
872
|
|
|
$this->header('Content-Disposition: inline; filename="files.json"'); |
873
|
|
|
// Prevent Internet Explorer from MIME-sniffing the content-type: |
874
|
|
|
$this->header('X-Content-Type-Options: nosniff'); |
875
|
|
|
if ($this->options['access_control_allow_origin']) { |
876
|
|
|
$this->send_access_control_headers(); |
877
|
|
|
} |
878
|
|
|
$this->send_content_type_header(); |
879
|
|
|
} |
880
|
|
|
|
881
|
|
|
/** |
882
|
|
|
* @param bool $print_response |
883
|
|
|
*/ |
884
|
|
|
public function get($print_response = true) |
|
|
|
|
885
|
|
|
{ |
886
|
|
|
if ($print_response && isset($_GET['download'])) { |
887
|
|
|
return $this->download(); |
888
|
|
|
} |
889
|
|
|
$file_name = $this->get_file_name_param(); |
890
|
|
|
if (null !== $file_name) { |
891
|
|
|
$response = [ |
892
|
|
|
mb_substr($this->options['param_name'], 0, -1) => $this->get_file_object($file_name), |
893
|
|
|
]; |
894
|
|
|
} else { |
895
|
|
|
$response = [ |
896
|
|
|
$this->options['param_name'] => $this->get_file_objects(), |
897
|
|
|
]; |
898
|
|
|
} |
899
|
|
|
|
900
|
|
|
return $this->generate_response($response, $print_response); |
901
|
|
|
} |
902
|
|
|
|
903
|
|
|
/** |
904
|
|
|
* @param bool $print_response |
905
|
|
|
*/ |
906
|
|
|
public function post($print_response = true) |
|
|
|
|
907
|
|
|
{ |
908
|
|
|
if (isset($_REQUEST['_method']) && 'DELETE' === $_REQUEST['_method']) { |
909
|
|
|
return $this->delete($print_response); |
910
|
|
|
} |
911
|
|
|
$upload = isset($_FILES[$this->options['param_name']]) ? $_FILES[$this->options['param_name']] : null; |
912
|
|
|
// Parse the Content-Disposition header, if available: |
913
|
|
|
$file_name = isset($_SERVER['HTTP_CONTENT_DISPOSITION']) ? rawurldecode(preg_replace('/(^[^"]+")|("$)/', '', $_SERVER['HTTP_CONTENT_DISPOSITION'])) : null; |
914
|
|
|
// Parse the Content-Range header, which has the following form: |
915
|
|
|
// Content-Range: bytes 0-524287/2000000 |
916
|
|
|
$content_range = isset($_SERVER['HTTP_CONTENT_RANGE']) ? preg_split('/[^0-9]+/', $_SERVER['HTTP_CONTENT_RANGE']) : null; |
917
|
|
|
$size = $content_range ? $content_range[3] : null; |
918
|
|
|
$files = []; |
919
|
|
|
if ($upload && is_array($upload['tmp_name'])) { |
920
|
|
|
// param_name is an array identifier like "files[]", |
921
|
|
|
// $_FILES is a multi-dimensional array: |
922
|
|
|
foreach ($upload['tmp_name'] as $index => $value) { |
923
|
|
|
$files[] = $this->handle_file_upload($upload['tmp_name'][$index], $file_name ?: $upload['name'][$index], $size ?: $upload['size'][$index], $upload['type'][$index], $upload['error'][$index], $index, $content_range); |
|
|
|
|
924
|
|
|
} |
925
|
|
|
} else { |
926
|
|
|
// param_name is a single object identifier like "file", |
927
|
|
|
// $_FILES is a one-dimensional array: |
928
|
|
|
$files[] = $this->handle_file_upload( |
929
|
|
|
isset($upload['tmp_name']) ? $upload['tmp_name'] : null, |
930
|
|
|
$file_name ?: (isset($upload['name']) ? $upload['name'] : null), |
931
|
|
|
$size ?: (isset($upload['size']) ? $upload['size'] : $_SERVER['CONTENT_LENGTH']), |
932
|
|
|
isset($upload['type']) ? $upload['type'] : $_SERVER['CONTENT_TYPE'], |
933
|
|
|
isset($upload['error']) ? $upload['error'] : null, |
934
|
|
|
null, |
935
|
|
|
$content_range |
|
|
|
|
936
|
|
|
); |
937
|
|
|
} |
938
|
|
|
|
939
|
|
|
return $this->generate_response([$this->options['param_name'] => $files], $print_response); |
940
|
|
|
} |
941
|
|
|
|
942
|
|
|
/** |
943
|
|
|
* @param bool $print_response |
944
|
|
|
*/ |
945
|
|
|
public function delete($print_response = true) |
|
|
|
|
946
|
|
|
{ |
947
|
|
|
$userid = $GLOBALS['xoopsUser']->getVar('uid'); |
948
|
|
|
$swDB = new SwDatabase(); |
949
|
|
|
$file_name = $this->get_file_name_param(); |
950
|
|
|
$file_path = $this->get_upload_path($file_name); |
951
|
|
|
$success = is_file($file_path) && '.' !== $file_name[0] && unlink($file_path); |
952
|
|
|
|
953
|
|
|
// Delete file based on user and filename |
954
|
|
|
$swDB->deleteImage($userid, $file_name); |
955
|
|
|
$swDB->deleteImage($userid, 'Thumbs.db'); |
956
|
|
|
|
957
|
|
|
if ($success) { |
958
|
|
|
foreach ($this->options['image_versions'] as $version => $options) { |
|
|
|
|
959
|
|
|
if (!empty($version)) { |
960
|
|
|
$file = $this->get_upload_path($file_name, $version); |
961
|
|
|
if (is_file($file)) { |
962
|
|
|
unlink($file); |
963
|
|
|
} |
964
|
|
|
} |
965
|
|
|
} |
966
|
|
|
} |
967
|
|
|
|
968
|
|
|
return $this->generate_response(['success' => $success], $print_response); |
969
|
|
|
} |
970
|
|
|
} |
971
|
|
|
|
If you suppress an error, we recommend checking for the error condition explicitly: