1 | <?php |
||||
2 | |||||
3 | declare(strict_types=1); |
||||
4 | |||||
5 | namespace XoopsModules\Suico; |
||||
6 | |||||
7 | /* |
||||
8 | You may not change or alter any portion of this comment or credits |
||||
9 | of supporting developers from this source code or any supporting source code |
||||
10 | which is considered copyrighted (c) material of the original comment or credit authors. |
||||
11 | |||||
12 | This program is distributed in the hope that it will be useful, |
||||
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
15 | */ |
||||
16 | |||||
17 | /** |
||||
18 | * @category Module |
||||
19 | * @package suico |
||||
20 | * @copyright {@link https://xoops.org/ XOOPS Project} |
||||
21 | * @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html) |
||||
22 | * @author Marcello Brandão aka Suico, Mamba, LioMJ <https://xoops.org> |
||||
23 | */ |
||||
24 | |||||
25 | use WideImage\WideImage; |
||||
26 | use Xmf\Request; |
||||
27 | |||||
28 | /** |
||||
29 | * Class Utility |
||||
30 | */ |
||||
31 | class Utility extends Common\SysUtility |
||||
32 | { |
||||
33 | //--------------- Custom module methods ----------------------------- |
||||
34 | /** |
||||
35 | * Access the only instance of this class |
||||
36 | * |
||||
37 | * @return object |
||||
38 | */ |
||||
39 | public static function getInstance() |
||||
40 | { |
||||
41 | static $instance; |
||||
42 | if (null === $instance) { |
||||
43 | $instance = new static(); |
||||
44 | } |
||||
45 | return $instance; |
||||
46 | } |
||||
47 | |||||
48 | /** |
||||
49 | * Create a unique upload filename |
||||
50 | * |
||||
51 | * @param string $folder The folder where the file will be saved |
||||
52 | * @param $filename |
||||
53 | * @param bool $trimname |
||||
54 | * @return string The unique filename to use (with its extension) |
||||
55 | */ |
||||
56 | public static function createUploadName($folder, $filename, $trimname = false) |
||||
57 | { |
||||
58 | $workingfolder = $folder; |
||||
59 | if ('/' !== \xoops_substr($workingfolder, mb_strlen($workingfolder) - 1, 1)) { |
||||
60 | $workingfolder .= '/'; |
||||
61 | } |
||||
62 | $ext = \basename($filename); |
||||
63 | $ext = \explode('.', $ext); |
||||
64 | $ext = '.' . $ext[\count($ext) - 1]; |
||||
65 | $true = true; |
||||
66 | while ($true) { |
||||
67 | $ipbits = \explode('.', $_SERVER['REMOTE_ADDR']); |
||||
68 | [$usec, $sec] = \explode(' ', \microtime()); |
||||
69 | $usec *= 65536; |
||||
70 | $sec = ((int)$sec) & 0xFFFF; |
||||
71 | if ($trimname) { |
||||
72 | $uid = \sprintf('%06x%04x%04x', ($ipbits[0] << 24) | ($ipbits[1] << 16) | ($ipbits[2] << 8) | $ipbits[3], $sec, $usec); |
||||
73 | } else { |
||||
74 | $uid = \sprintf('%08x-%04x-%04x', ($ipbits[0] << 24) | ($ipbits[1] << 16) | ($ipbits[2] << 8) | $ipbits[3], $sec, $usec); |
||||
75 | } |
||||
76 | if (!\file_exists($workingfolder . $uid . $ext)) { |
||||
77 | $true = false; |
||||
78 | } |
||||
79 | } |
||||
80 | return $uid . $ext; |
||||
81 | } |
||||
82 | |||||
83 | /** |
||||
84 | * Resize a Picture to some given dimensions (using the wideImage library) |
||||
85 | * |
||||
86 | * @param string $src_path Picture's source |
||||
87 | * @param string $dst_path Picture's destination |
||||
88 | * @param int $param_width Maximum picture's width |
||||
89 | * @param int $param_height Maximum picture's height |
||||
90 | * @param bool $keep_original Do we have to keep the original picture ? |
||||
91 | * @param string $fit Resize mode (see the wideImage library for more information) |
||||
92 | * |
||||
93 | * @return bool |
||||
94 | */ |
||||
95 | public static function resizePicture( |
||||
96 | $src_path, |
||||
97 | $dst_path, |
||||
98 | $param_width, |
||||
99 | $param_height, |
||||
100 | $keep_original = false, |
||||
101 | $fit = 'inside' |
||||
102 | ) { |
||||
103 | $resize = true; |
||||
104 | if ($moduleDirNameUpper . '_DONT_RESIZE_IF_SMALLER') { |
||||
105 | $pictureDimensions = \getimagesize($src_path); |
||||
106 | if (\is_array($pictureDimensions)) { |
||||
107 | $width = $pictureDimensions[0]; |
||||
108 | $height = $pictureDimensions[1]; |
||||
109 | if ($width < $param_width && $height < $param_height) { |
||||
110 | $resize = false; |
||||
111 | } |
||||
112 | } |
||||
113 | } |
||||
114 | $img = WideImage::load($src_path); |
||||
115 | if ($resize) { |
||||
116 | $result = $img->resize($param_width, $param_height, $fit); |
||||
117 | $result->saveToFile($dst_path); |
||||
118 | } else { |
||||
119 | @\copy($src_path, $dst_path); |
||||
0 ignored issues
–
show
|
|||||
120 | } |
||||
121 | if (!$keep_original) { |
||||
122 | @\unlink($src_path); |
||||
0 ignored issues
–
show
It seems like you do not handle an error condition for
unlink() . This can introduce security issues, and is generally not recommended.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||||
123 | } |
||||
124 | return true; |
||||
125 | } |
||||
126 | |||||
127 | /** |
||||
128 | * @param $srcPath |
||||
129 | * @param $destPath |
||||
130 | * @param $paramWidth |
||||
131 | * @param $paramHeight |
||||
132 | * @param bool $keepOriginal |
||||
133 | * @param string $fit |
||||
134 | */ |
||||
135 | public static function resizeSavePicture( |
||||
136 | $srcPath, |
||||
137 | $destPath, |
||||
138 | $paramWidth, |
||||
139 | $paramHeight, |
||||
140 | $keepOriginal = false, |
||||
141 | $fit = 'inside' |
||||
142 | ) { |
||||
143 | if ($allowupload) { // L'image |
||||
144 | if (Request::hasVar('xoops_upload_file', 'POST')) { |
||||
145 | $helper = Helper::getInstance(); |
||||
146 | $fldname = $_FILES[$_POST['xoops_upload_file'][1]]; |
||||
147 | $fldname = $fldname['name']; |
||||
148 | if (\xoops_trim('' !== $fldname)) { |
||||
149 | $destname = self::createUploadName($destPath, $fldname); |
||||
150 | $permittedTypes = $helper->getConfig('mimetypes'); //['image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png']; |
||||
151 | $uploader = new \XoopsMediaUploader(XOOPS_ROOT_PATH . '/uploads/news/image', $permittedTypes, $helper->getConfig('maxuploadsize')); |
||||
152 | $uploader->setTargetFileName($destname); |
||||
153 | if ($uploader->fetchMedia($_POST['xoops_upload_file'][1])) { |
||||
154 | if ($uploader->upload()) { |
||||
155 | $fullPictureName = XOOPS_ROOT_PATH . '/uploads/news/image/' . \basename($destname); |
||||
156 | $newName = XOOPS_ROOT_PATH . '/uploads/news/image/redim_' . \basename($destname); |
||||
157 | self::resizePicture($fullPictureName, $newName, $helper->getConfig('maxwidth'), $helper->getConfig('maxheight')); |
||||
158 | if (\file_exists($newName)) { |
||||
159 | @\unlink($fullPictureName); |
||||
0 ignored issues
–
show
It seems like you do not handle an error condition for
unlink() . This can introduce security issues, and is generally not recommended.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||||
160 | \rename($newName, $fullPictureName); |
||||
161 | } |
||||
162 | $story->setPicture(\basename($destname)); |
||||
163 | } else { |
||||
164 | echo _AM_UPLOAD_ERROR . ' ' . $uploader->getErrors(); |
||||
0 ignored issues
–
show
|
|||||
165 | } |
||||
166 | } else { |
||||
167 | echo $uploader->getErrors(); |
||||
168 | } |
||||
169 | } |
||||
170 | $story->setPictureinfo(Request::getString('pictureinfo', '', 'POST')); |
||||
171 | } |
||||
172 | } |
||||
173 | } |
||||
174 | } |
||||
175 |
If you suppress an error, we recommend checking for the error condition explicitly: