Issues in uploader.php (master) - Issues in master - XoopsModules25x/xoopsinfo - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1626)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/uploader.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
// $Id: uploader.php 507 2006-05-26 23:39:35Z skalpa $
//  ------------------------------------------------------------------------ //
//                XOOPS - PHP Content Management System                      //
//                    Copyright (c) 2000 XOOPS.org                           //
//                       <http://www.xoops.org/>                             //
//  ------------------------------------------------------------------------ //
//  This program is free software; you can redistribute it and/or modify     //
//  it under the terms of the GNU General Public License as published by     //
//  the Free Software Foundation; either version 2 of the License, or        //
//  (at your option) any later version.                                      //
//                                                                           //
//  You may not change or alter any portion of this comment or credits       //
//  of supporting developers from this source code or any supporting         //
//  source code which is considered copyrighted (c) material of the          //
//  original comment or credit authors.                                      //
//                                                                           //
//  This program is distributed in the hope that it will be useful,          //
//  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
//  GNU General Public License for more details.                             //
//                                                                           //
//  You should have received a copy of the GNU General Public License        //
//  along with this program; if not, write to the Free Software              //
//  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
//  ------------------------------------------------------------------------ //
// Author: Kazumi Ono (AKA onokazu)                                          //
// URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ //
// Project: The XOOPS Project                                                //
// ------------------------------------------------------------------------- //
/**
 * Upload Media files
 *
 * Example of usage:
 * <code>
 * include_once 'uploader.php';
 * $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png');
 * $maxfilesize = 50000;
 * $maxfilewidth = 120;
 * $maxfileheight = 120;
 * $uploader = new XoopsMediaUploader('/home/xoops/uploads', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
 * if ($uploader->fetchMedia($_POST['uploade_file_name'])) {
 *   if (!$uploader->upload()) {
 *      echo $uploader->getErrors();
 *   } else {
 *      echo '<h4>File uploaded successfully!</h4>'
 *      echo 'Saved as: ' . $uploader->getSavedFileName() . '<br />';
 *      echo 'Full path: ' . $uploader->getSavedDestination();
 *   }
 * } else {
 *   echo $uploader->getErrors();
 * }
 * </code>
 *
 * @package        kernel
 * @subpackage    core
 *
 * @author        Kazumi Ono     <[email protected]>
 * @copyright    (c) 2000-2003 The Xoops Project - www.xoops.org
*/

if ( file_exists(XOOPS_ROOT_PATH . '/language/' . $GLOBALS['xoopsConfig']['language'] . '/uploader_error.php') ) {
	include_once XOOPS_ROOT_PATH . '/language/' . $GLOBALS['xoopsConfig']['language'] . '/uploader_error.php';
} else {
	include_once XOOPS_ROOT_PATH . '/language/english/uploader_error.php';
}

define('_XI_MIMETYPE', 1);
class XoopsMediaUploader {
	/**
	* Flag indicating if unrecognized mimetypes should be allowed (use with precaution ! may lead to security issues )
	**/
	var $allowUnknownTypes = false;

	var $mediaName;
	var $mediaType;
	var $mediaSize;
	var $mediaTmpName;
	var $mediaError;
	var $mediaRealType = '';

	var $uploadDir = '';

	var $allowedMimeTypes = array();

	var $maxFileSize = 0;
	var $maxWidth;
	var $maxHeight;

	var $targetFileName;

	var $prefix;

	var $errors = array();

	var $savedDestination;

	var $savedFileName;

	var $extensionToMime = array();
	var $checkImageType = true;

	var $extensionsToBeSanitized = array( 'php' , 'phtml' , 'phtm' , 'php3' , 'php4' , 'cgi' , 'pl' , 'asp', 'php5' );
	// extensions needed image check (anti-IE Content-Type XSS)
	var $imageExtensions = array( 1 => 'gif', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tif', 9 => 'jpc', 10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swc', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm' );

	/**
	* Constructor
	*
	* @param   string  $uploadDir
	* @param   array   $allowedMimeTypes
	* @param   int$maxFileSize
	* @param   int$maxWidth
	* @param   int$maxHeight
	* @param   int$cmodvalue
	**/
	function XoopsMediaUploader($uploadDir, $allowedMimeTypes, $maxFileSize=0, $maxWidth=null, $maxHeight=null) {
/*
		@$this->extensionToMime = include( XOOPS_ROOT_PATH . '/class/mimetypes.inc.php' );
		if ( !is_array( $this->extensionToMime ) ) {
			$this->extensionToMime = array();
			return false;
		}
		if (is_array($allowedMimeTypes)) {
			$this->allowedMimeTypes =& $allowedMimeTypes;
		}
		$this->uploadDir = $uploadDir;
		$this->maxFileSize = intval($maxFileSize);
		if(isset($maxWidth)) {
			$this->maxWidth = intval($maxWidth);
		}
		if(isset($maxHeight)) {
			$this->maxHeight = intval($maxHeight);
		}
*/
		if (is_array($allowedMimeTypes)) {
			$this->allowedMimeTypes =& $allowedMimeTypes;
		}

		$this->uploadDir = $uploadDir;
		$this->maxFileSize = intval($maxFileSize);
		$this->maxWidth = intval($maxWidth);
		$this->maxHeight = intval($maxHeight);
		$this->GetextensionToMime();
	}

	/**
	* Fetch the uploaded file
	*
	* @param   string  $media_name Name of the file field
	* @param   int$index Index of the file (if more than one uploaded under that name)
	* @return  bool
	**/
	function fetchMedia($media_name, $index = null) {
/*
		if ( empty( $this->extensionToMime ) ) {
*/
		if ( count( $this->extensionToMime ) == 0 ) {
			$this->setErrors( _ER_UP_MIMETYPELOAD );
		return false;
	}

	if (!isset($_FILES[$media_name])) {
		$this->setErrors( _ER_UP_FILENOTFOUND );
		return false;
	} elseif (is_array($_FILES[$media_name]['name']) && isset($index)) {
		$index = intval($index);
		$this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($_FILES[$media_name]['name'][$index]) : $_FILES[$media_name]['name'][$index];
		$this->mediaType = $_FILES[$media_name]['type'][$index];
		$this->mediaSize = $_FILES[$media_name]['size'][$index];
		$this->mediaTmpName = $_FILES[$media_name]['tmp_name'][$index];
		$this->mediaError = !empty($_FILES[$media_name]['error'][$index]) ? $_FILES[$media_name]['error'][$index] : 0;
	} else {
		$media_name =& $_FILES[$media_name];
		$this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($media_name['name']) : $media_name['name'];
		$this->mediaName = $media_name['name'];
		$this->mediaType = $media_name['type'];
		$this->mediaSize = $media_name['size'];
		$this->mediaTmpName = $media_name['tmp_name'];
		$this->mediaError = !empty($media_name['error']) ? $media_name['error'] : 0;
	}
/*
	if ( ($ext = strrpos( $this->mediaName, '.' )) !== false ) {
		$ext = strtolower(substr( $this->mediaName, $ext + 1 ));
		if ( isset( $this->extensionToMime[$ext] ) ) {
			$this->mediaRealType = $this->extensionToMime[$ext];
			//trigger_error( "XoopsMediaUploader: Set mediaRealType to {$this->mediaRealType} (file extension is $ext)", E_USER_NOTICE );
		}
	}
*/

	$this->mediaExt = strtolower(substr( $this->mediaName, strrpos( $this->mediaName, '.' ) + 1 ));
class MyClass { }

$x = new MyClass();
$x->foo = true;
	if ( array_key_exists($this->mediaExt, $this->extensionToMime) ) {
		$this->maxFileSize = $this->extensionToMime[$this->mediaExt]['maxSize'];
		$this->maxWidth = $this->extensionToMime[$this->mediaExt]['maxWidth'];
		$this->maxHeight = $this->extensionToMime[$this->mediaExt]['maxHeight'];
	}

	$this->errors = array();
	if (intval($this->mediaSize) < 0) {
		$this->setErrors(  _ER_UP_INVALIDFILESIZE );
		return false;
	}

	if ($this->mediaName == '') {
		$this->setErrors( _ER_UP_FILENAMEEMPTY );
		return false;
	}

	if ($this->mediaTmpName == 'none' || !is_uploaded_file($this->mediaTmpName)) {
		$this->setErrors( _ER_UP_NOFILEUPLOADED );
		return false;
	}

	if ($this->mediaError > 0) {
		$this->setErrors( sprintf(_ER_UP_ERROROCCURRED, $this->mediaError) );
		return false;
	}

	return true;
}

	/**
	* Set the target filename
	*
	* @param   string  $value
	**/
	function setTargetFileName($value) {
		$this->targetFileName = strval(trim($value));
	}

	/**
	* Set the prefix
	*
	* @param   string  $value
	**/
	function setPrefix($value){
		$this->prefix = strval(trim($value));
	}

	/**
	* Get the uploaded filename
	*
	* @return  string
	**/
	function getMediaName() {
		return $this->mediaName;
	}

	/**
	* Get the type of the uploaded file
	*
	* @return  string
	**/
	function getMediaType() {
		return $this->mediaType;
	}

	/**
	* Get the size of the uploaded file
	*
	* @return  int
	**/
	function getMediaSize() {
		return $this->mediaSize;
	}

	/**
	* Get the temporary name that the uploaded file was stored under
	*
	* @return  string
	**/
	function getMediaTmpName() {
		return $this->mediaTmpName;
	}

	/**
	* Get the saved filename
	*
	* @return  string
	**/
	function getSavedFileName(){
		return $this->savedFileName;
	}

	/**
	* Get the destination the file is saved to
	*
	* @return  string
	**/
	function getSavedDestination(){
		return $this->savedDestination;
	}

	/**
	* Check the file and copy it to the destination
	*
	* @return  bool
	**/
	function upload($chmod = 0644) {
		if ($this->uploadDir == '') {
			$this->setErrors( _ER_UP_UPLOADDIRNOTSET );
			return false;
		}

		if (!$this->checkMimeType()) {
			$this->setErrors( sprintf(_ER_UP_MIMETYPENOTALLOWED, $this->mediaType) );
			return false;
		}

		if (!is_dir($this->uploadDir)) {
			$this->setErrors( sprintf(_ER_UP_FAILEDOPENDIR, $this->uploadDir) );
		}
		if (!is_writeable($this->uploadDir)) {
			$this->setErrors( sprintf(_ER_UP_FAILEDOPENDIRWRITE, $this->uploadDir) );
		}

		$this->sanitizeMultipleExtensions();

		if (!$this->checkMaxFileSize()) {
			$this->setErrors( sprintf(_ER_UP_FILESIZETOOLARGE, $this->mediaSize) );
		}
		if (!$this->checkMaxWidth()) {
			$this->setErrors( sprintf(_ER_UP_FILEWIDTHTOOLARGE, $this->maxWidth) );
		}
		if (!$this->checkMaxHeight()) {
			$this->setErrors( sprintf(_ER_UP_FILEHEIGHTTOOLARGE, $this->maxHeight) );
		}
/*
		if (!$this->checkMimeType()) {
			$this->setErrors('MIME type not allowed: '.$this->mediaType);
		}
*/

		if (!$this->checkImageType()) {
			$this->setErrors( _ER_UP_INVALIDIMAGEFILE );
		}
		if (count($this->errors) > 0) {
			return false;
		}
		if (!$this->_copyFile($chmod)) {
			$this->setErrors( sprintf(_ER_UP_FAILEDUPLOADFILE, $this->mediaName) );
			return false;
		}
		return true;
	}

	/**
	* Copy the file to its destination
	*
	* @return  bool
	**/
	function _copyFile($chmod) {
		$matched = array();
		if (!preg_match("/\.([a-zA-Z0-9]+)$/", $this->mediaName, $matched)) {
			return false;
		}
		if (isset($this->targetFileName)) {
			$this->savedFileName = $this->targetFileName;
		} elseif (isset($this->prefix)) {
			$this->savedFileName = uniqid($this->prefix).'.'.strtolower($matched[1]);
		} else {
			$this->savedFileName = strtolower($this->mediaName);
		}
		$this->savedDestination = $this->uploadDir.'/'.$this->savedFileName;
		if (!move_uploaded_file($this->mediaTmpName, $this->savedDestination)) {
			return false;
		}

		// Check IE XSS before returning success
		$ext = strtolower( substr( strrchr( $this->savedDestination , '.' ) , 1 ) ) ;
		if( in_array( $ext , $this->imageExtensions ) ) {
			$info = @getimagesize( $this->savedDestination ) ;
			if( $info === false || $this->imageExtensions[ (int)$info[2] ] != $ext ) {
				$this->setErrors( _ER_UP_SUSPICIOUSIMAGE );
				@unlink( $this->savedDestination );
				return false;
			}
		}

		@chmod($this->savedDestination, $chmod);
		return true;
	}

	/**
	* Is the file the right size?
	*
	* @return  bool
	**/
	function checkMaxFileSize() {
		if ($this->mediaSize > $this->maxFileSize) {
			return false;
		}
		return true;
	}

	/**
	* Is the picture the right width?
	*
	* @return  bool
	**/
	function checkMaxWidth() {
		if (!isset($this->maxWidth)) {
			return true;
		}
		if (false !== $dimension = getimagesize($this->mediaTmpName)) {
			if ($dimension[0] > $this->maxWidth) {
				return false;
			}
		} else {
			trigger_error(sprintf('Failed fetching image size of %s, skipping max width check..', $this->mediaTmpName), E_USER_WARNING);
		}
		return true;
	}

	/**
	* Is the picture the right height?
	*
	* @return  bool
	**/
	function checkMaxHeight() {
		if (!isset($this->maxHeight)) {
			return true;
		}
		if (false !== $dimension = getimagesize($this->mediaTmpName)) {
			if ($dimension[1] > $this->maxHeight) {
				return false;
			}
 			trigger_error(sprintf('Failed fetching image size of %s, skipping max height check..', $this->mediaTmpName), E_USER_WARNING);
		}
		return true;
	}

	/**
	* Check whether or not the uploaded file type is allowed
	*
	* @return  bool
	**/
	function checkMimeType() {
/*
		if ( empty( $this->mediaRealType ) && !$this->allowUnknownTypes ) {
			$this->setErrors( 'Unknown filetype rejected' );
			return false;
		}

		return ( empty($this->allowedMimeTypes) || in_array($this->mediaRealType, $this->allowedMimeTypes) );
*/

		if ( count( $this->extensionToMime ) == 0 ) {
			$this->setErrors( _ER_UP_UNKNOWNFILETYPEREJECTED );
			return false;
		}
		return ( empty($this->extensionToMime) || array_key_exists($this->mediaExt, $this->extensionToMime) );
	}

	/**
	* Check whether or not the uploaded image type is valid
	*
	* @return  bool
	**/
	function checkImageType() {
		if(empty($this->checkImageType)) return true;

		if( ("image" == substr($this->mediaType, 0, strpos($this->mediaType, "/"))) ||
			(!empty($this->mediaRealType) && "image" == substr($this->mediaRealType, 0, strpos($this->mediaRealType, "/"))) ){

			if ( ! ( $info = @getimagesize( $this->mediaTmpName ) ) ) {
				return false;
			}
		}
		return true;
	}

	/**
	* Sanitize executable filename with multiple extensions
	*
	**/
	function sanitizeMultipleExtensions() {
		if(empty($this->extensionsToBeSanitized)) return;
			$patterns = array();
			$replaces = array();
			foreach($this->extensionsToBeSanitized as $ext){
			$patterns[] = "/\.".preg_quote($ext)."\./i";
			$replaces[] = "_".$ext.".";
		}
		$this->mediaName = preg_replace($patterns, $replaces, $this->mediaName);
	}

	function GetextensionToMime() {
		global $xoopsModule, $xoopsUser, $xoopsDB;
		if (!is_object ( $xoopsModule ) ) {
			$hModule = &xoops_gethandler('module');
			$xoopsModule = $hModule->getByDirname('system');
		}

		$groups = is_object( $xoopsUser ) ? $xoopsUser -> getGroups() : array(XOOPS_GROUP_ANONYMOUS) ;
		$sql = 'SELECT t.mime_types, t.mime_ext, p.mperm_maxwidth, p.mperm_maxheight, p.mperm_maxsize FROM ' .
		$xoopsDB->prefix('mimetypes_perms') . ' p LEFT JOIN ' .
		$xoopsDB->prefix("mimetypes") . ' t on p.mperm_mime = t.mime_id' . ' WHERE p.mperm_module=' . $xoopsModule->mid() . ' AND p.mperm_groups IN (' . implode(',' , $groups) . ')' . ' GROUP BY t.mime_ext' ;

		$result = $xoopsDB->query($sql);
		while ( $myrow = $xoopsDB->fetchArray($result) ) {
			$mime_types = explode('|',$myrow['mime_types']);
			$intersect = array_intersect($this->allowedMimeTypes,$mime_types);
			if (count($intersect) > 0) {
				$mimeExt = $myrow['mime_ext'];
				$this->extensionToMime[$mimeExt] = array( 'maxWidth' => $myrow['mperm_maxwidth'], 'maxHeight' => $myrow['mperm_maxwidth'], 'maxSize' => $myrow['mperm_maxsize'] );
			}
		}
	}

	/**
	* Add an error
	*
	* @param   string  $error
	**/
	function setErrors($error) {
		$this->errors[] = trim($error);
	}

	/**
	* Get generated errors
	*
	* @param    bool    $ashtml Format using HTML?
	*
	* @return    array|string    Array of array messages OR HTML string
	*/
	function &getErrors($ashtml = true) {
		if (!$ashtml) {
			return $this->errors;
		} else {
			$ret = '';
			if (count($this->errors) > 0) {
				$ret = '<h4>Errors Returned While Uploading</h4>';
				foreach ($this->errors as $error) {
					$ret .= $error.'<br />';
				}
			}
			return $ret;
		}
	}
}
?>

1		<?php
2		// $Id: uploader.php 507 2006-05-26 23:39:35Z skalpa $
3		// ------------------------------------------------------------------------ //
4		// XOOPS - PHP Content Management System //
5		// Copyright (c) 2000 XOOPS.org //
6		// <http://www.xoops.org/> //
7		// ------------------------------------------------------------------------ //
8		// This program is free software; you can redistribute it and/or modify //
9		// it under the terms of the GNU General Public License as published by //
10		// the Free Software Foundation; either version 2 of the License, or //
11		// (at your option) any later version. //
12		// //
13		// You may not change or alter any portion of this comment or credits //
14		// of supporting developers from this source code or any supporting //
15		// source code which is considered copyrighted (c) material of the //
16		// original comment or credit authors. //
17		// //
18		// This program is distributed in the hope that it will be useful, //
19		// but WITHOUT ANY WARRANTY; without even the implied warranty of //
20		// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
21		// GNU General Public License for more details. //
22		// //
23		// You should have received a copy of the GNU General Public License //
24		// along with this program; if not, write to the Free Software //
25		// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
26		// ------------------------------------------------------------------------ //
27		// Author: Kazumi Ono (AKA onokazu) //
28		// URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ //
29		// Project: The XOOPS Project //
30		// ------------------------------------------------------------------------- //
31		/**
32		* Upload Media files
33		*
34		* Example of usage:
35		* <code>
36		* include_once 'uploader.php';
37		* $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png');
38		* $maxfilesize = 50000;
39		* $maxfilewidth = 120;
40		* $maxfileheight = 120;
41		* $uploader = new XoopsMediaUploader('/home/xoops/uploads', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
42		* if ($uploader->fetchMedia($_POST['uploade_file_name'])) {
43		* if (!$uploader->upload()) {
44		* echo $uploader->getErrors();
45		* } else {
46		* echo '<h4>File uploaded successfully!</h4>'
47		* echo 'Saved as: ' . $uploader->getSavedFileName() . '<br />';
48		* echo 'Full path: ' . $uploader->getSavedDestination();
49		* }
50		* } else {
51		* echo $uploader->getErrors();
52		* }
53		* </code>
54		*
55		* @package kernel
56		* @subpackage core
57		*
58		* @author Kazumi Ono <[email protected]>
59		* @copyright (c) 2000-2003 The Xoops Project - www.xoops.org
60		*/
61
62		if ( file_exists(XOOPS_ROOT_PATH . '/language/' . $GLOBALS['xoopsConfig']['language'] . '/uploader_error.php') ) {
63		include_once XOOPS_ROOT_PATH . '/language/' . $GLOBALS['xoopsConfig']['language'] . '/uploader_error.php';
64		} else {
65		include_once XOOPS_ROOT_PATH . '/language/english/uploader_error.php';
66		}
67
68		define('_XI_MIMETYPE', 1);
69		class XoopsMediaUploader {
70		/**
71		* Flag indicating if unrecognized mimetypes should be allowed (use with precaution ! may lead to security issues )
72		**/
73		var $allowUnknownTypes = false;
74
75		var $mediaName;
76		var $mediaType;
77		var $mediaSize;
78		var $mediaTmpName;
79		var $mediaError;
80		var $mediaRealType = '';
81
82		var $uploadDir = '';
83
84		var $allowedMimeTypes = array();
85
86		var $maxFileSize = 0;
87		var $maxWidth;
88		var $maxHeight;
89
90		var $targetFileName;
91
92		var $prefix;
93
94		var $errors = array();
95
96		var $savedDestination;
97
98		var $savedFileName;
99
100		var $extensionToMime = array();
101		var $checkImageType = true;
102
103		var $extensionsToBeSanitized = array( 'php' , 'phtml' , 'phtm' , 'php3' , 'php4' , 'cgi' , 'pl' , 'asp', 'php5' );
104		// extensions needed image check (anti-IE Content-Type XSS)
105		var $imageExtensions = array( 1 => 'gif', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tif', 9 => 'jpc', 10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swc', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm' );
106
107		/**
108		* Constructor
109		*
110		* @param string $uploadDir
111		* @param array $allowedMimeTypes
112		* @param int$maxFileSize
113		* @param int$maxWidth
114		* @param int$maxHeight
115		* @param int$cmodvalue
116		**/
117		function XoopsMediaUploader($uploadDir, $allowedMimeTypes, $maxFileSize=0, $maxWidth=null, $maxHeight=null) {
118		/*
119		@$this->extensionToMime = include( XOOPS_ROOT_PATH . '/class/mimetypes.inc.php' );
120		if ( !is_array( $this->extensionToMime ) ) {
121		$this->extensionToMime = array();
122		return false;
123		}
124		if (is_array($allowedMimeTypes)) {
125		$this->allowedMimeTypes =& $allowedMimeTypes;
126		}
127		$this->uploadDir = $uploadDir;
128		$this->maxFileSize = intval($maxFileSize);
129		if(isset($maxWidth)) {
130		$this->maxWidth = intval($maxWidth);
131		}
132		if(isset($maxHeight)) {
133		$this->maxHeight = intval($maxHeight);
134		}
135		*/
136		if (is_array($allowedMimeTypes)) {
137		$this->allowedMimeTypes =& $allowedMimeTypes;
138		}
139
140		$this->uploadDir = $uploadDir;
141		$this->maxFileSize = intval($maxFileSize);
142		$this->maxWidth = intval($maxWidth);
143		$this->maxHeight = intval($maxHeight);
144		$this->GetextensionToMime();
145		}
146
147		/**
148		* Fetch the uploaded file
149		*
150		* @param string $media_name Name of the file field
151		* @param int$index Index of the file (if more than one uploaded under that name)
152		* @return bool
153		**/
154		function fetchMedia($media_name, $index = null) {
155		/*
156		if ( empty( $this->extensionToMime ) ) {
157		*/
158		if ( count( $this->extensionToMime ) == 0 ) {
159		$this->setErrors( _ER_UP_MIMETYPELOAD );
160		return false;
161		}
162
163		if (!isset($_FILES[$media_name])) {
164		$this->setErrors( _ER_UP_FILENOTFOUND );
165		return false;
166		} elseif (is_array($_FILES[$media_name]['name']) && isset($index)) {
167		$index = intval($index);
168		$this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($_FILES[$media_name]['name'][$index]) : $_FILES[$media_name]['name'][$index];
169		$this->mediaType = $_FILES[$media_name]['type'][$index];
170		$this->mediaSize = $_FILES[$media_name]['size'][$index];
171		$this->mediaTmpName = $_FILES[$media_name]['tmp_name'][$index];
172		$this->mediaError = !empty($_FILES[$media_name]['error'][$index]) ? $_FILES[$media_name]['error'][$index] : 0;
173		} else {
174		$media_name =& $_FILES[$media_name];
175		$this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($media_name['name']) : $media_name['name'];
176		$this->mediaName = $media_name['name'];
177		$this->mediaType = $media_name['type'];
178		$this->mediaSize = $media_name['size'];
179		$this->mediaTmpName = $media_name['tmp_name'];
180		$this->mediaError = !empty($media_name['error']) ? $media_name['error'] : 0;
181		}
182		/*
183		if ( ($ext = strrpos( $this->mediaName, '.' )) !== false ) {
184		$ext = strtolower(substr( $this->mediaName, $ext + 1 ));
185		if ( isset( $this->extensionToMime[$ext] ) ) {
186		$this->mediaRealType = $this->extensionToMime[$ext];
187		//trigger_error( "XoopsMediaUploader: Set mediaRealType to {$this->mediaRealType} (file extension is $ext)", E_USER_NOTICE );
188		}
189		}
190		*/
191
192		$this->mediaExt = strtolower(substr( $this->mediaName, strrpos( $this->mediaName, '.' ) + 1 ));
		0 ignored issues – show Bug introduced 2016-07-02 12:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `mediaExt` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
193		if ( array_key_exists($this->mediaExt, $this->extensionToMime) ) {
194		$this->maxFileSize = $this->extensionToMime[$this->mediaExt]['maxSize'];
195		$this->maxWidth = $this->extensionToMime[$this->mediaExt]['maxWidth'];
196		$this->maxHeight = $this->extensionToMime[$this->mediaExt]['maxHeight'];
197		}
198
199		$this->errors = array();
200		if (intval($this->mediaSize) < 0) {
201		$this->setErrors( _ER_UP_INVALIDFILESIZE );
202		return false;
203		}
204
205		if ($this->mediaName == '') {
206		$this->setErrors( _ER_UP_FILENAMEEMPTY );
207		return false;
208		}
209
210		if ($this->mediaTmpName == 'none' \|\| !is_uploaded_file($this->mediaTmpName)) {
211		$this->setErrors( _ER_UP_NOFILEUPLOADED );
212		return false;
213		}
214
215		if ($this->mediaError > 0) {
216		$this->setErrors( sprintf(_ER_UP_ERROROCCURRED, $this->mediaError) );
217		return false;
218		}
219
220		return true;
221		}
222
223		/**
224		* Set the target filename
225		*
226		* @param string $value
227		**/
228		function setTargetFileName($value) {
229		$this->targetFileName = strval(trim($value));
230		}
231
232		/**
233		* Set the prefix
234		*
235		* @param string $value
236		**/
237		function setPrefix($value){
238		$this->prefix = strval(trim($value));
239		}
240
241		/**
242		* Get the uploaded filename
243		*
244		* @return string
245		**/
246		function getMediaName() {
247		return $this->mediaName;
248		}
249
250		/**
251		* Get the type of the uploaded file
252		*
253		* @return string
254		**/
255		function getMediaType() {
256		return $this->mediaType;
257		}
258
259		/**
260		* Get the size of the uploaded file
261		*
262		* @return int
263		**/
264		function getMediaSize() {
265		return $this->mediaSize;
266		}
267
268		/**
269		* Get the temporary name that the uploaded file was stored under
270		*
271		* @return string
272		**/
273		function getMediaTmpName() {
274		return $this->mediaTmpName;
275		}
276
277		/**
278		* Get the saved filename
279		*
280		* @return string
281		**/
282		function getSavedFileName(){
283		return $this->savedFileName;
284		}
285
286		/**
287		* Get the destination the file is saved to
288		*
289		* @return string
290		**/
291		function getSavedDestination(){
292		return $this->savedDestination;
293		}
294
295		/**
296		* Check the file and copy it to the destination
297		*
298		* @return bool
299		**/
300		function upload($chmod = 0644) {
301		if ($this->uploadDir == '') {
302		$this->setErrors( _ER_UP_UPLOADDIRNOTSET );
303		return false;
304		}
305
306		if (!$this->checkMimeType()) {
307		$this->setErrors( sprintf(_ER_UP_MIMETYPENOTALLOWED, $this->mediaType) );
308		return false;
309		}
310
311		if (!is_dir($this->uploadDir)) {
312		$this->setErrors( sprintf(_ER_UP_FAILEDOPENDIR, $this->uploadDir) );
313		}
314		if (!is_writeable($this->uploadDir)) {
315		$this->setErrors( sprintf(_ER_UP_FAILEDOPENDIRWRITE, $this->uploadDir) );
316		}
317
318		$this->sanitizeMultipleExtensions();
319
320		if (!$this->checkMaxFileSize()) {
321		$this->setErrors( sprintf(_ER_UP_FILESIZETOOLARGE, $this->mediaSize) );
322		}
323		if (!$this->checkMaxWidth()) {
324		$this->setErrors( sprintf(_ER_UP_FILEWIDTHTOOLARGE, $this->maxWidth) );
325		}
326		if (!$this->checkMaxHeight()) {
327		$this->setErrors( sprintf(_ER_UP_FILEHEIGHTTOOLARGE, $this->maxHeight) );
328		}
329		/*
330		if (!$this->checkMimeType()) {
331		$this->setErrors('MIME type not allowed: '.$this->mediaType);
332		}
333		*/
334
335		if (!$this->checkImageType()) {
336		$this->setErrors( _ER_UP_INVALIDIMAGEFILE );
337		}
338		if (count($this->errors) > 0) {
339		return false;
340		}
341		if (!$this->_copyFile($chmod)) {
342		$this->setErrors( sprintf(_ER_UP_FAILEDUPLOADFILE, $this->mediaName) );
343		return false;
344		}
345		return true;
346		}
347
348		/**
349		* Copy the file to its destination
350		*
351		* @return bool
352		**/
353		function _copyFile($chmod) {
354		$matched = array();
355		if (!preg_match("/\.([a-zA-Z0-9]+)$/", $this->mediaName, $matched)) {
356		return false;
357		}
358		if (isset($this->targetFileName)) {
359		$this->savedFileName = $this->targetFileName;
360		} elseif (isset($this->prefix)) {
361		$this->savedFileName = uniqid($this->prefix).'.'.strtolower($matched[1]);
362		} else {
363		$this->savedFileName = strtolower($this->mediaName);
364		}
365		$this->savedDestination = $this->uploadDir.'/'.$this->savedFileName;
366		if (!move_uploaded_file($this->mediaTmpName, $this->savedDestination)) {
367		return false;
368		}
369
370		// Check IE XSS before returning success
371		$ext = strtolower( substr( strrchr( $this->savedDestination , '.' ) , 1 ) ) ;
372		if( in_array( $ext , $this->imageExtensions ) ) {
373		$info = @getimagesize( $this->savedDestination ) ;
374		if( $info === false \|\| $this->imageExtensions[ (int)$info[2] ] != $ext ) {
375		$this->setErrors( _ER_UP_SUSPICIOUSIMAGE );
376		@unlink( $this->savedDestination );
377		return false;
378		}
379		}
380
381		@chmod($this->savedDestination, $chmod);
382		return true;
383		}
384
385		/**
386		* Is the file the right size?
387		*
388		* @return bool
389		**/
390		function checkMaxFileSize() {
391		if ($this->mediaSize > $this->maxFileSize) {
392		return false;
393		}
394		return true;
395		}
396
397		/**
398		* Is the picture the right width?
399		*
400		* @return bool
401		**/
402	View Code Duplication	function checkMaxWidth() {
403		if (!isset($this->maxWidth)) {
404		return true;
405		}
406		if (false !== $dimension = getimagesize($this->mediaTmpName)) {
407		if ($dimension[0] > $this->maxWidth) {
408		return false;
409		}
410		} else {
411		trigger_error(sprintf('Failed fetching image size of %s, skipping max width check..', $this->mediaTmpName), E_USER_WARNING);
412		}
413		return true;
414		}
415
416		/**
417		* Is the picture the right height?
418		*
419		* @return bool
420		**/
421	View Code Duplication	function checkMaxHeight() {
422		if (!isset($this->maxHeight)) {
423		return true;
424		}
425		if (false !== $dimension = getimagesize($this->mediaTmpName)) {
426		if ($dimension[1] > $this->maxHeight) {
427		return false;
428		}
429		trigger_error(sprintf('Failed fetching image size of %s, skipping max height check..', $this->mediaTmpName), E_USER_WARNING);
430		}
431		return true;
432		}
433
434		/**
435		* Check whether or not the uploaded file type is allowed
436		*
437		* @return bool
438		**/
439		function checkMimeType() {
440		/*
441		if ( empty( $this->mediaRealType ) && !$this->allowUnknownTypes ) {
442		$this->setErrors( 'Unknown filetype rejected' );
443		return false;
444		}
445
446		return ( empty($this->allowedMimeTypes) \|\| in_array($this->mediaRealType, $this->allowedMimeTypes) );
447		*/
448
449		if ( count( $this->extensionToMime ) == 0 ) {
450		$this->setErrors( _ER_UP_UNKNOWNFILETYPEREJECTED );
451		return false;
452		}
453		return ( empty($this->extensionToMime) \|\| array_key_exists($this->mediaExt, $this->extensionToMime) );
454		}
455
456		/**
457		* Check whether or not the uploaded image type is valid
458		*
459		* @return bool
460		**/
461		function checkImageType() {
462		if(empty($this->checkImageType)) return true;
463
464		if( ("image" == substr($this->mediaType, 0, strpos($this->mediaType, "/"))) \|\|
465		(!empty($this->mediaRealType) && "image" == substr($this->mediaRealType, 0, strpos($this->mediaRealType, "/"))) ){
466
467		if ( ! ( $info = @getimagesize( $this->mediaTmpName ) ) ) {
468		return false;
469		}
470		}
471		return true;
472		}
473
474		/**
475		* Sanitize executable filename with multiple extensions
476		*
477		**/
478		function sanitizeMultipleExtensions() {
479		if(empty($this->extensionsToBeSanitized)) return;
480		$patterns = array();
481		$replaces = array();
482		foreach($this->extensionsToBeSanitized as $ext){
483		$patterns[] = "/\.".preg_quote($ext)."\./i";
484		$replaces[] = "_".$ext.".";
485		}
486		$this->mediaName = preg_replace($patterns, $replaces, $this->mediaName);
487		}
488
489		function GetextensionToMime() {
490		global $xoopsModule, $xoopsUser, $xoopsDB;
491		if (!is_object ( $xoopsModule ) ) {
492		$hModule = &xoops_gethandler('module');
493		$xoopsModule = $hModule->getByDirname('system');
494		}
495
496		$groups = is_object( $xoopsUser ) ? $xoopsUser -> getGroups() : array(XOOPS_GROUP_ANONYMOUS) ;
497		$sql = 'SELECT t.mime_types, t.mime_ext, p.mperm_maxwidth, p.mperm_maxheight, p.mperm_maxsize FROM ' .
498		$xoopsDB->prefix('mimetypes_perms') . ' p LEFT JOIN ' .
499		$xoopsDB->prefix("mimetypes") . ' t on p.mperm_mime = t.mime_id' . ' WHERE p.mperm_module=' . $xoopsModule->mid() . ' AND p.mperm_groups IN (' . implode(',' , $groups) . ')' . ' GROUP BY t.mime_ext' ;
500
501		$result = $xoopsDB->query($sql);
502		while ( $myrow = $xoopsDB->fetchArray($result) ) {
503		$mime_types = explode('\|',$myrow['mime_types']);
504		$intersect = array_intersect($this->allowedMimeTypes,$mime_types);
505		if (count($intersect) > 0) {
506		$mimeExt = $myrow['mime_ext'];
507		$this->extensionToMime[$mimeExt] = array( 'maxWidth' => $myrow['mperm_maxwidth'], 'maxHeight' => $myrow['mperm_maxwidth'], 'maxSize' => $myrow['mperm_maxsize'] );
508		}
509		}
510		}
511
512		/**
513		* Add an error
514		*
515		* @param string $error
516		**/
517		function setErrors($error) {
518		$this->errors[] = trim($error);
519		}
520
521		/**
522		* Get generated errors
523		*
524		* @param bool $ashtml Format using HTML?
525		*
526		* @return array\|string Array of array messages OR HTML string
527		*/
528		function &getErrors($ashtml = true) {
529		if (!$ashtml) {
530		return $this->errors;
531		} else {
532		$ret = '';
533		if (count($this->errors) > 0) {
534		$ret = '<h4>Errors Returned While Uploading</h4>';
535		foreach ($this->errors as $error) {
536		$ret .= $error.'<br />';
537		}
538		}
539		return $ret;
540		}
541		}
542		}
543		?>

XoopsModules25x / xoopsinfo

Issues (1626)

Security Analysis not enabled

class/uploader.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like