Issues in uploader.php (master) - Issues in master - XoopsModules25x/smartpartner - Measure and Improve Code Quality continuously with Scrutinizer

Issues (733)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/uploader.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
// 
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System                      //
// Copyright (c) 2000-2016 XOOPS.org                           //
// <http://xoops.org/>                             //
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify     //
// it under the terms of the GNU General Public License as published by     //
// the Free Software Foundation; either version 2 of the License, or        //
// (at your option) any later version.                                      //
// //
// You may not change or alter any portion of this comment or credits       //
// of supporting developers from this source code or any supporting         //
// source code which is considered copyrighted (c) material of the          //
// original comment or credit authors.                                      //
// //
// This program is distributed in the hope that it will be useful,          //
// but WITHOUT ANY WARRANTY; without even the implied warranty of           //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
// GNU General Public License for more details.                             //
// //
// You should have received a copy of the GNU General Public License        //
// along with this program; if not, write to the Free Software              //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
// ------------------------------------------------------------------------ //
// Author: Kazumi Ono (AKA onokazu)                                          //
// URL: http://www.myweb.ne.jp/, http://xoops.org/, http://jp.xoops.org/ //
// Project: XOOPS Project                                                    //
// ------------------------------------------------------------------------- //
/**
 * !
 * Example
 *
 * include_once 'uploader.php';
 * $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png');
 * $maxfilesize = 50000;
 * $maxfilewidth = 120;
 * $maxfileheight = 120;
 * $uploader = new XoopsMediaUploader('/home/xoops/uploads', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
 * if ($uploader->fetchMedia($HTTP_POST_VARS['uploade_file_name'])) {
 * if (!$uploader->upload()) {
 * echo $uploader->getErrors();
 * } else {
 * echo '<h4>File uploaded successfully!</h4>'
 * echo 'Saved as: ' . $uploader->getSavedFileName() . '<br>';
 * echo 'Full path: ' . $uploader->getSavedDestination();
 * }
 * } else {
 * echo $uploader->getErrors();
 * }
 */

/**
 * Upload Media files
 *
 * Example of usage:
 * <code>
 * include_once 'uploader.php';
 * $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png');
 * $maxfilesize = 50000;
 * $maxfilewidth = 120;
 * $maxfileheight = 120;
 * $uploader = new XoopsMediaUploader('/home/xoops/uploads', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
 * if ($uploader->fetchMedia($HTTP_POST_VARS['uploade_file_name'])) {
 *            if (!$uploader->upload()) {
 *               echo $uploader->getErrors();
 *            } else {
 *               echo '<h4>File uploaded successfully!</h4>'
 *               echo 'Saved as: ' . $uploader->getSavedFileName() . '<br>';
 *               echo 'Full path: ' . $uploader->getSavedDestination();
 *            }
 * } else {
 *            echo $uploader->getErrors();
 * }
 * </code>
 *
 * @package       kernel
 * @subpackage    core
 * @author        Kazumi Ono <[email protected]>
 * @copyright (c) 2000-2003 XOOPS Project (http://xoops.org)
 */
mt_srand((double)microtime() * 1000000);

/**
 * Class XoopsMediaUploader
 */
class XoopsMediaUploader
{
    public $mediaName;
    public $mediaType;
    public $mediaSize;
    public $mediaTmpName;
    public $mediaError;
    public $uploadDir        = '';
    public $allowedMimeTypes = array();
    public $maxFileSize      = 0;
    public $maxWidth;
    public $maxHeight;
    public $targetFileName;
    public $prefix;
    public $ext;
    public $dimension;
    public $errors           = array();
    public $savedDestination;
    public $savedFileName;
    /**
     * No admin check for uploads
     */
    public $noadmin_sizecheck;

    /**
     * Constructor
     *
     * @param string    $uploadDir
     * @param array|int $allowedMimeTypes
     * @param int       $maxFileSize
     * @param int       $maxWidth
     * @param int       $maxHeight
     * @internal param int $cmodvalue
     */
    public function __construct($uploadDir, $allowedMimeTypes = 0, $maxFileSize, $maxWidth = 0, $maxHeight = 0)
    {
        if (is_array($allowedMimeTypes)) {
            $this->allowedMimeTypes = &$allowedMimeTypes;
        }
        $this->uploadDir   = $uploadDir;
        $this->maxFileSize = (int)$maxFileSize;
        if (isset($maxWidth)) {
            $this->maxWidth = (int)$maxWidth;
        }
        if (isset($maxHeight)) {
            $this->maxHeight = (int)$maxHeight;
        }
    }

    /**
     * @param $value
     */
    public function noAdminSizeCheck($value)
    {
        $this->noadmin_sizecheck = $value;
    }

    /**
     * Fetch the uploaded file
     *
     * @param string $media_name Name of the file field
     * @param int    $index      Index of the file (if more than one uploaded under that name)
     * @global       $HTTP_POST_FILES
     * @return bool
     */
    public function fetchMedia($media_name, $index = null)
    {
        global $_FILES;

        if (!isset($_FILES[$media_name])) {
            $this->setErrors('You either did not choose a file to upload or the server has insufficient read/writes to upload this file.!');

            return false;
        } elseif (is_array($_FILES[$media_name]['name']) && isset($index)) {
            $index = (int)$index;
            //            $this->mediaName    = get_magic_quotes_gpc() ? stripslashes($_FILES[$media_name]['name'][$index]): $_FILES[$media_name]['name'][$index];
            $this->mediaName    = $_FILES[$media_name]['name'][$index];
            $this->mediaType    = $_FILES[$media_name]['type'][$index];
            $this->mediaSize    = $_FILES[$media_name]['size'][$index];
            $this->mediaTmpName = $_FILES[$media_name]['tmp_name'][$index];
            $this->mediaError   = !empty($_FILES[$media_name]['error'][$index]) ? $_FILES[$media_name]['errir'][$index] : 0;
        } else {
            $media_name = @$_FILES[$media_name];
            //            $this->mediaName    = get_magic_quotes_gpc() ? stripslashes($media_name['name']): $media_name['name'];
            $this->mediaName    = $media_name['name'];
            $this->mediaType    = $media_name['type'];
            $this->mediaSize    = $media_name['size'];
            $this->mediaTmpName = $media_name['tmp_name'];
            $this->mediaError   = !empty($media_name['error']) ? $media_name['error'] : 0;
        }
        $this->dimension = getimagesize($this->mediaTmpName);

        $this->errors = array();

        if ((int)$this->mediaSize < 0) {
            $this->setErrors('Invalid File Size');

            return false;
        }
        if ($this->mediaName === '') {
            $this->setErrors('Filename Is Empty');

            return false;
        }

        if ($this->mediaTmpName === 'none') {
            $this->setErrors('No file uploaded, this is a error');

            return false;
        }

        if (!$this->checkMaxFileSize()) {
            $this->setErrors(sprintf('File Size: %u. Maximum Size Allowed: %u', $this->mediaSize, $this->maxFileSize));
        }

        if (is_array($this->dimension)) {
            if (!$this->checkMaxWidth($this->dimension[0])) {
                $this->setErrors(sprintf('File width: %u. Maximum width allowed: %u', $this->dimension[0], $this->maxWidth));
            }
            if (!$this->checkMaxHeight($this->dimension[1])) {
                $this->setErrors(sprintf('File height: %u. Maximum height allowed: %u', $this->dimension[1], $this->maxHeight));
            }
        }

        if (count($this->errors) > 0) {
            return false;
        }

        if (!$this->checkMimeType()) {
            $this->setErrors('MIME type not allowed: ' . $this->mediaType);
        }

        if (!is_uploaded_file($this->mediaTmpName)) {
            switch ($this->mediaError) {
                case 0: // no error; possible file attack!
                    $this->setErrors('There was a problem with your upload. Error: 0');
                    break;
                case 1: // uploaded file exceeds the upload_max_filesize directive in php.ini
                    //if ($this->noAdminSizeCheck)
                    //{
                    //    return true;
                    //}
                    $this->setErrors('The file you are trying to upload is too big. Error: 1');
                    break;
                case 2: // uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
                    $this->setErrors('The file you are trying to upload is too big. Error: 2');
                    break;
                case 3: // uploaded file was only partially uploaded
                    $this->setErrors('The file you are trying upload was only partially uploaded. Error: 3');
                    break;
                case 4: // no file was uploaded
                    $this->setErrors('No file selected for upload. Error: 4');
                    break;
                default: // a default error, just in case! :)
                    $this->setErrors('No file selected for upload. Error: 5');
                    break;
            }

            return false;
        }

        return true;
    }

    /**
     * Set the target filename
     *
     * @param string $value
     */
    public function setTargetFileName($value)
    {
        $this->targetFileName = (string)trim($value);
    }

    /**
     * Set the prefix
     *
     * @param string $value
     */
    public function setPrefix($value)
    {
        $this->prefix = (string)trim($value);
    }

    /**
     * Get the uploaded filename
     *
     * @return string
     */
    public function getMediaName()
    {
        return $this->mediaName;
    }

    /**
     * Get the type of the uploaded file
     *
     * @return string
     */
    public function getMediaType()
    {
        return $this->mediaType;
    }

    /**
     * Get the size of the uploaded file
     *
     * @return int
     */
    public function getMediaSize()
    {
        return $this->mediaSize;
    }

    /**
     * Get the temporary name that the uploaded file was stored under
     *
     * @return string
     */
    public function getMediaTmpName()
    {
        return $this->mediaTmpName;
    }

    /**
     * Get the saved filename
     *
     * @return string
     */
    public function getSavedFileName()
    {
        return $this->savedFileName;
    }

    /**
     * Get the destination the file is saved to
     *
     * @return string
     */
    public function getSavedDestination()
    {
        return $this->savedDestination;
    }

    /**
     * Check the file and copy it to the destination
     *
     * @param  int $chmod
     * @return bool
     */
    public function upload($chmod = 0644)
    {
        if ($this->uploadDir == '') {
            $this->setErrors('Upload directory not set');

            return false;
        }

        if (!is_dir($this->uploadDir)) {
            $this->setErrors('Failed opening directory: ' . $this->uploadDir);
        }

        if (!is_writable($this->uploadDir)) {
            $this->setErrors('Failed opening directory with write permission: ' . $this->uploadDir);
        }

        if (!$this->checkMaxFileSize()) {
            $this->setErrors(sprintf('File Size: %u. Maximum Size Allowed: %u', $this->mediaSize, $this->maxFileSize));
        }

        if (is_array($this->dimension)) {
            if (!$this->checkMaxWidth($this->dimension[0])) {
                $this->setErrors(sprintf('File width: %u. Maximum width allowed: %u', $this->dimension[0], $this->maxWidth));
            }
            if (!$this->checkMaxHeight($this->dimension[1])) {
                $this->setErrors(sprintf('File height: %u. Maximum height allowed: %u', $this->dimension[1], $this->maxHeight));
            }
        }

        if (!$this->checkMimeType()) {
            $this->setErrors('MIME type not allowed: ' . $this->mediaType);
        }

        if (!$this->_copyFile($chmod)) {
            $this->setErrors('Failed uploading file: ' . $this->mediaName);
        }

        if (count($this->errors) > 0) {
            return false;
        }

        return true;
    }

    /**
     * Copy the file to its destination
     *
     * @param $chmod
     * @return bool
     */
    public function _copyFile($chmod)
    {
        $matched = array();
        if (!preg_match("/\.([a-zA-Z0-9]+)$/", $this->mediaName, $matched)) {
            return false;
        }
        if (isset($this->targetFileName)) {
            $this->savedFileName = $this->targetFileName;
        } elseif (isset($this->prefix)) {
            $this->savedFileName = uniqid($this->prefix, true) . '.' . strtolower($matched[1]);
        } else {
            $this->savedFileName = strtolower($this->mediaName);
        }
        $this->savedFileName    = preg_replace('!\s+!', '_', $this->savedFileName);
        $this->savedDestination = $this->uploadDir . $this->savedFileName;
        if (is_file($this->savedDestination) && !!is_dir($this->savedDestination)) {
            $this->setErrors('File ' . $this->mediaName . ' already exists on the server. Please rename this file and try again.<br>');

            return false;
        }
        if (!move_uploaded_file($this->mediaTmpName, $this->savedDestination)) {
            return false;
        }
        @chmod($this->savedDestination, $chmod);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

        return true;
    }

    /**
     * Is the file the right size?
     *
     * @return bool
     */
    public function checkMaxFileSize()
    {
        if ($this->noadmin_sizecheck) {
            return true;
        }
        if ($this->mediaSize > $this->maxFileSize) {
            return false;
        }

        return true;
    }

    /**
     * Is the picture the right width?
     *
     * @param $dimension
     * @return bool
     */
    public function checkMaxWidth($dimension)
    {
        if (!isset($this->maxWidth)) {
            return true;
        }
        if ($dimension > $this->maxWidth) {
            return false;
        }

        return true;
    }

    /**
     * Is the picture the right height?
     *
     * @param $dimension
     * @return bool
     */
    public function checkMaxHeight($dimension)
    {
        if (!isset($this->maxHeight)) {
            return true;
        }
        if ($dimension > $this->maxWidth) {
            return false;
        }

        return true;
    }

    /**
     * Is the file the right Mime type
     *
     * (is there a right type of mime? ;-)
     *
     * @return bool
     */
    public function checkMimeType()
    {
        if (count($this->allowedMimeTypes) > 0 && !in_array($this->mediaType, $this->allowedMimeTypes)) {
            return false;
        } else {
            return true;
        }
    }

    /**
     * Add an error
     *
     * @param string $error
     */
    public function setErrors($error)
    {
        $this->errors[] = trim($error);
    }

    /**
     * Get generated errors
     *
     * @param  bool $ashtml Format using HTML?
     * @return array |string    Array of array messages OR HTML string
     */
    public function &getErrors($ashtml = true)
    {
        if (!$ashtml) {
            return $this->errors;
        } else {
            $ret = '';
            if (count($this->errors) > 0) {
                $ret = '<h4>Errors Returned While Uploading</h4>';
                foreach ($this->errors as $error) {
                    $ret .= $error . '<br>';
                }
            }

            return $ret;
        }
    }
}


1		<?php
2		//
3		// ------------------------------------------------------------------------ //
4		// XOOPS - PHP Content Management System //
5		// Copyright (c) 2000-2016 XOOPS.org //
6		// <http://xoops.org/> //
7		// ------------------------------------------------------------------------ //
8		// This program is free software; you can redistribute it and/or modify //
9		// it under the terms of the GNU General Public License as published by //
10		// the Free Software Foundation; either version 2 of the License, or //
11		// (at your option) any later version. //
12		// //
13		// You may not change or alter any portion of this comment or credits //
14		// of supporting developers from this source code or any supporting //
15		// source code which is considered copyrighted (c) material of the //
16		// original comment or credit authors. //
17		// //
18		// This program is distributed in the hope that it will be useful, //
19		// but WITHOUT ANY WARRANTY; without even the implied warranty of //
20		// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
21		// GNU General Public License for more details. //
22		// //
23		// You should have received a copy of the GNU General Public License //
24		// along with this program; if not, write to the Free Software //
25		// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
26		// ------------------------------------------------------------------------ //
27		// Author: Kazumi Ono (AKA onokazu) //
28		// URL: http://www.myweb.ne.jp/, http://xoops.org/, http://jp.xoops.org/ //
29		// Project: XOOPS Project //
30		// ------------------------------------------------------------------------- //
31		/**
32		* !
33		* Example
34		*
35		* include_once 'uploader.php';
36		* $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png');
37		* $maxfilesize = 50000;
38		* $maxfilewidth = 120;
39		* $maxfileheight = 120;
40		* $uploader = new XoopsMediaUploader('/home/xoops/uploads', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
41		* if ($uploader->fetchMedia($HTTP_POST_VARS['uploade_file_name'])) {
42		* if (!$uploader->upload()) {
43		* echo $uploader->getErrors();
44		* } else {
45		* echo '<h4>File uploaded successfully!</h4>'
46		* echo 'Saved as: ' . $uploader->getSavedFileName() . '<br>';
47		* echo 'Full path: ' . $uploader->getSavedDestination();
48		* }
49		* } else {
50		* echo $uploader->getErrors();
51		* }
52		*/
53
54		/**
55		* Upload Media files
56		*
57		* Example of usage:
58		* <code>
59		* include_once 'uploader.php';
60		* $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png');
61		* $maxfilesize = 50000;
62		* $maxfilewidth = 120;
63		* $maxfileheight = 120;
64		* $uploader = new XoopsMediaUploader('/home/xoops/uploads', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
65		* if ($uploader->fetchMedia($HTTP_POST_VARS['uploade_file_name'])) {
66		* if (!$uploader->upload()) {
67		* echo $uploader->getErrors();
68		* } else {
69		* echo '<h4>File uploaded successfully!</h4>'
70		* echo 'Saved as: ' . $uploader->getSavedFileName() . '<br>';
71		* echo 'Full path: ' . $uploader->getSavedDestination();
72		* }
73		* } else {
74		* echo $uploader->getErrors();
75		* }
76		* </code>
77		*
78		* @package kernel
79		* @subpackage core
80		* @author Kazumi Ono <[email protected]>
81		* @copyright (c) 2000-2003 XOOPS Project (http://xoops.org)
82		*/
83		mt_srand((double)microtime() * 1000000);
84
85		/**
86		* Class XoopsMediaUploader
87		*/
88		class XoopsMediaUploader
89		{
90		public $mediaName;
91		public $mediaType;
92		public $mediaSize;
93		public $mediaTmpName;
94		public $mediaError;
95		public $uploadDir = '';
96		public $allowedMimeTypes = array();
97		public $maxFileSize = 0;
98		public $maxWidth;
99		public $maxHeight;
100		public $targetFileName;
101		public $prefix;
102		public $ext;
103		public $dimension;
104		public $errors = array();
105		public $savedDestination;
106		public $savedFileName;
107		/**
108		* No admin check for uploads
109		*/
110		public $noadmin_sizecheck;
111
112		/**
113		* Constructor
114		*
115		* @param string $uploadDir
116		* @param array\|int $allowedMimeTypes
117		* @param int $maxFileSize
118		* @param int $maxWidth
119		* @param int $maxHeight
120		* @internal param int $cmodvalue
121		*/
122		public function __construct($uploadDir, $allowedMimeTypes = 0, $maxFileSize, $maxWidth = 0, $maxHeight = 0)
123		{
124		if (is_array($allowedMimeTypes)) {
125		$this->allowedMimeTypes = &$allowedMimeTypes;
126		}
127		$this->uploadDir = $uploadDir;
128		$this->maxFileSize = (int)$maxFileSize;
129		if (isset($maxWidth)) {
130		$this->maxWidth = (int)$maxWidth;
131		}
132		if (isset($maxHeight)) {
133		$this->maxHeight = (int)$maxHeight;
134		}
135		}
136
137		/**
138		* @param $value
139		*/
140		public function noAdminSizeCheck($value)
141		{
142		$this->noadmin_sizecheck = $value;
143		}
144
145		/**
146		* Fetch the uploaded file
147		*
148		* @param string $media_name Name of the file field
149		* @param int $index Index of the file (if more than one uploaded under that name)
150		* @global $HTTP_POST_FILES
151		* @return bool
152		*/
153		public function fetchMedia($media_name, $index = null)
154		{
155		global $_FILES;
156
157		if (!isset($_FILES[$media_name])) {
158		$this->setErrors('You either did not choose a file to upload or the server has insufficient read/writes to upload this file.!');
159
160		return false;
161		} elseif (is_array($_FILES[$media_name]['name']) && isset($index)) {
162		$index = (int)$index;
163		// $this->mediaName = get_magic_quotes_gpc() ? stripslashes($_FILES[$media_name]['name'][$index]): $_FILES[$media_name]['name'][$index];
164		$this->mediaName = $_FILES[$media_name]['name'][$index];
165		$this->mediaType = $_FILES[$media_name]['type'][$index];
166		$this->mediaSize = $_FILES[$media_name]['size'][$index];
167		$this->mediaTmpName = $_FILES[$media_name]['tmp_name'][$index];
168		$this->mediaError = !empty($_FILES[$media_name]['error'][$index]) ? $_FILES[$media_name]['errir'][$index] : 0;
169		} else {
170		$media_name = @$_FILES[$media_name];
171		// $this->mediaName = get_magic_quotes_gpc() ? stripslashes($media_name['name']): $media_name['name'];
172		$this->mediaName = $media_name['name'];
173		$this->mediaType = $media_name['type'];
174		$this->mediaSize = $media_name['size'];
175		$this->mediaTmpName = $media_name['tmp_name'];
176		$this->mediaError = !empty($media_name['error']) ? $media_name['error'] : 0;
177		}
178		$this->dimension = getimagesize($this->mediaTmpName);
179
180		$this->errors = array();
181
182		if ((int)$this->mediaSize < 0) {
183		$this->setErrors('Invalid File Size');
184
185		return false;
186		}
187		if ($this->mediaName === '') {
188		$this->setErrors('Filename Is Empty');
189
190		return false;
191		}
192
193		if ($this->mediaTmpName === 'none') {
194		$this->setErrors('No file uploaded, this is a error');
195
196		return false;
197		}
198
199		if (!$this->checkMaxFileSize()) {
200		$this->setErrors(sprintf('File Size: %u. Maximum Size Allowed: %u', $this->mediaSize, $this->maxFileSize));
201		}
202
203	View Code Duplication	if (is_array($this->dimension)) {
204		if (!$this->checkMaxWidth($this->dimension[0])) {
205		$this->setErrors(sprintf('File width: %u. Maximum width allowed: %u', $this->dimension[0], $this->maxWidth));
206		}
207		if (!$this->checkMaxHeight($this->dimension[1])) {
208		$this->setErrors(sprintf('File height: %u. Maximum height allowed: %u', $this->dimension[1], $this->maxHeight));
209		}
210		}
211
212		if (count($this->errors) > 0) {
213		return false;
214		}
215
216		if (!$this->checkMimeType()) {
217		$this->setErrors('MIME type not allowed: ' . $this->mediaType);
218		}
219
220		if (!is_uploaded_file($this->mediaTmpName)) {
221		switch ($this->mediaError) {
222		case 0: // no error; possible file attack!
223		$this->setErrors('There was a problem with your upload. Error: 0');
224		break;
225		case 1: // uploaded file exceeds the upload_max_filesize directive in php.ini
226		//if ($this->noAdminSizeCheck)
227		//{
228		// return true;
229		//}
230		$this->setErrors('The file you are trying to upload is too big. Error: 1');
231		break;
232		case 2: // uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
233		$this->setErrors('The file you are trying to upload is too big. Error: 2');
234		break;
235		case 3: // uploaded file was only partially uploaded
236		$this->setErrors('The file you are trying upload was only partially uploaded. Error: 3');
237		break;
238		case 4: // no file was uploaded
239		$this->setErrors('No file selected for upload. Error: 4');
240		break;
241		default: // a default error, just in case! :)
242		$this->setErrors('No file selected for upload. Error: 5');
243		break;
244		}
245
246		return false;
247		}
248
249		return true;
250		}
251
252		/**
253		* Set the target filename
254		*
255		* @param string $value
256		*/
257		public function setTargetFileName($value)
258		{
259		$this->targetFileName = (string)trim($value);
260		}
261
262		/**
263		* Set the prefix
264		*
265		* @param string $value
266		*/
267		public function setPrefix($value)
268		{
269		$this->prefix = (string)trim($value);
270		}
271
272		/**
273		* Get the uploaded filename
274		*
275		* @return string
276		*/
277		public function getMediaName()
278		{
279		return $this->mediaName;
280		}
281
282		/**
283		* Get the type of the uploaded file
284		*
285		* @return string
286		*/
287		public function getMediaType()
288		{
289		return $this->mediaType;
290		}
291
292		/**
293		* Get the size of the uploaded file
294		*
295		* @return int
296		*/
297		public function getMediaSize()
298		{
299		return $this->mediaSize;
300		}
301
302		/**
303		* Get the temporary name that the uploaded file was stored under
304		*
305		* @return string
306		*/
307		public function getMediaTmpName()
308		{
309		return $this->mediaTmpName;
310		}
311
312		/**
313		* Get the saved filename
314		*
315		* @return string
316		*/
317		public function getSavedFileName()
318		{
319		return $this->savedFileName;
320		}
321
322		/**
323		* Get the destination the file is saved to
324		*
325		* @return string
326		*/
327		public function getSavedDestination()
328		{
329		return $this->savedDestination;
330		}
331
332		/**
333		* Check the file and copy it to the destination
334		*
335		* @param int $chmod
336		* @return bool
337		*/
338		public function upload($chmod = 0644)
339		{
340		if ($this->uploadDir == '') {
341		$this->setErrors('Upload directory not set');
342
343		return false;
344		}
345
346		if (!is_dir($this->uploadDir)) {
347		$this->setErrors('Failed opening directory: ' . $this->uploadDir);
348		}
349
350		if (!is_writable($this->uploadDir)) {
351		$this->setErrors('Failed opening directory with write permission: ' . $this->uploadDir);
352		}
353
354		if (!$this->checkMaxFileSize()) {
355		$this->setErrors(sprintf('File Size: %u. Maximum Size Allowed: %u', $this->mediaSize, $this->maxFileSize));
356		}
357
358	View Code Duplication	if (is_array($this->dimension)) {
359		if (!$this->checkMaxWidth($this->dimension[0])) {
360		$this->setErrors(sprintf('File width: %u. Maximum width allowed: %u', $this->dimension[0], $this->maxWidth));
361		}
362		if (!$this->checkMaxHeight($this->dimension[1])) {
363		$this->setErrors(sprintf('File height: %u. Maximum height allowed: %u', $this->dimension[1], $this->maxHeight));
364		}
365		}
366
367		if (!$this->checkMimeType()) {
368		$this->setErrors('MIME type not allowed: ' . $this->mediaType);
369		}
370
371		if (!$this->_copyFile($chmod)) {
372		$this->setErrors('Failed uploading file: ' . $this->mediaName);
373		}
374
375		if (count($this->errors) > 0) {
376		return false;
377		}
378
379		return true;
380		}
381
382		/**
383		* Copy the file to its destination
384		*
385		* @param $chmod
386		* @return bool
387		*/
388		public function _copyFile($chmod)
389		{
390		$matched = array();
391		if (!preg_match("/\.([a-zA-Z0-9]+)$/", $this->mediaName, $matched)) {
392		return false;
393		}
394		if (isset($this->targetFileName)) {
395		$this->savedFileName = $this->targetFileName;
396		} elseif (isset($this->prefix)) {
397		$this->savedFileName = uniqid($this->prefix, true) . '.' . strtolower($matched[1]);
398		} else {
399		$this->savedFileName = strtolower($this->mediaName);
400		}
401		$this->savedFileName = preg_replace('!\s+!', '_', $this->savedFileName);
402		$this->savedDestination = $this->uploadDir . $this->savedFileName;
403		if (is_file($this->savedDestination) && !!is_dir($this->savedDestination)) {
404		$this->setErrors('File ' . $this->mediaName . ' already exists on the server. Please rename this file and try again.<br>');
405
406		return false;
407		}
408		if (!move_uploaded_file($this->mediaTmpName, $this->savedDestination)) {
409		return false;
410		}
411		@chmod($this->savedDestination, $chmod);
		0 ignored issues – show Security Best Practice introduced 2016-05-31 10:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
412
413		return true;
414		}
415
416		/**
417		* Is the file the right size?
418		*
419		* @return bool
420		*/
421		public function checkMaxFileSize()
422		{
423		if ($this->noadmin_sizecheck) {
424		return true;
425		}
426		if ($this->mediaSize > $this->maxFileSize) {
427		return false;
428		}
429
430		return true;
431		}
432
433		/**
434		* Is the picture the right width?
435		*
436		* @param $dimension
437		* @return bool
438		*/
439	View Code Duplication	public function checkMaxWidth($dimension)
440		{
441		if (!isset($this->maxWidth)) {
442		return true;
443		}
444		if ($dimension > $this->maxWidth) {
445		return false;
446		}
447
448		return true;
449		}
450
451		/**
452		* Is the picture the right height?
453		*
454		* @param $dimension
455		* @return bool
456		*/
457	View Code Duplication	public function checkMaxHeight($dimension)
458		{
459		if (!isset($this->maxHeight)) {
460		return true;
461		}
462		if ($dimension > $this->maxWidth) {
463		return false;
464		}
465
466		return true;
467		}
468
469		/**
470		* Is the file the right Mime type
471		*
472		* (is there a right type of mime? ;-)
473		*
474		* @return bool
475		*/
476		public function checkMimeType()
477		{
478		if (count($this->allowedMimeTypes) > 0 && !in_array($this->mediaType, $this->allowedMimeTypes)) {
479		return false;
480		} else {
481		return true;
482		}
483		}
484
485		/**
486		* Add an error
487		*
488		* @param string $error
489		*/
490		public function setErrors($error)
491		{
492		$this->errors[] = trim($error);
493		}
494
495		/**
496		* Get generated errors
497		*
498		* @param bool $ashtml Format using HTML?
499		* @return array \|string Array of array messages OR HTML string
500		*/
501		public function &getErrors($ashtml = true)
502		{
503		if (!$ashtml) {
504		return $this->errors;
505		} else {
506		$ret = '';
507		if (count($this->errors) > 0) {
508		$ret = '<h4>Errors Returned While Uploading</h4>';
509		foreach ($this->errors as $error) {
510		$ret .= $error . '<br>';
511		}
512		}
513
514		return $ret;
515		}
516		}
517		}
518

XoopsModules25x / smartpartner

Issues (733)

Security Analysis not enabled

class/uploader.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like