1
|
|
|
<?php |
2
|
|
|
namespace Mezon\Security; |
3
|
|
|
|
4
|
|
|
/** |
5
|
|
|
* Class SecurityRules |
6
|
|
|
* |
7
|
|
|
* @package Security |
8
|
|
|
* @subpackage SecurityRules |
9
|
|
|
* @author Dodonov A.A. |
10
|
|
|
* @version v.1.0 (2020/01/13) |
11
|
|
|
* @copyright Copyright (c) 2020, aeon.org |
12
|
|
|
*/ |
13
|
|
|
|
14
|
|
|
/** |
15
|
|
|
* Security rules class |
16
|
|
|
* |
17
|
|
|
* @author Dodonov A.A. |
18
|
|
|
*/ |
19
|
|
|
class SecurityRules |
20
|
|
|
{ |
21
|
|
|
|
22
|
|
|
/** |
23
|
|
|
* Method prepares file system for saving file |
24
|
|
|
* |
25
|
|
|
* @param string $pathPrefix |
26
|
|
|
* Prefix to file path |
27
|
|
|
* @return string File path |
28
|
|
|
* @codeCoverageIgnore |
29
|
|
|
*/ |
30
|
|
|
protected function prepareFs(string $pathPrefix): string |
31
|
|
|
{ |
32
|
|
|
@mkdir($pathPrefix . '/data/'); |
|
|
|
|
33
|
|
|
|
34
|
|
|
$path = '/data/files/'; |
35
|
|
|
|
36
|
|
|
@mkdir($pathPrefix . $path); |
37
|
|
|
|
38
|
|
|
@mkdir($pathPrefix . $path . date('Y') . '/'); |
39
|
|
|
|
40
|
|
|
@mkdir($pathPrefix . $path . date('Y') . '/' . date('m') . '/'); |
41
|
|
|
|
42
|
|
|
$dir = $path . date('Y') . '/' . date('m') . '/' . date('d') . '/'; |
43
|
|
|
|
44
|
|
|
@mkdir($pathPrefix . $dir); |
45
|
|
|
|
46
|
|
|
return $dir; |
47
|
|
|
} |
48
|
|
|
|
49
|
|
|
/** |
50
|
|
|
* Method stores file on disk |
51
|
|
|
* |
52
|
|
|
* @param string $file |
53
|
|
|
* file path |
54
|
|
|
* @param string $content |
55
|
|
|
* file content |
56
|
|
|
* @codeCoverageIgnore |
57
|
|
|
*/ |
58
|
|
|
protected function filePutContents(string $file, string $content): void |
59
|
|
|
{ |
60
|
|
|
file_put_contents($file, $content); |
61
|
|
|
} |
62
|
|
|
|
63
|
|
|
/** |
64
|
|
|
* Method stores file on disk |
65
|
|
|
* |
66
|
|
|
* @param string $fileContent |
67
|
|
|
* Content of the saving file |
68
|
|
|
* @param string $pathPrefix |
69
|
|
|
* Prefix to file |
70
|
|
|
* @param bool $decoded |
71
|
|
|
* If the file was not encodded in base64 |
72
|
|
|
* @return string Path to file |
73
|
|
|
*/ |
74
|
|
|
public function storeFileContent(string $fileContent, string $pathPrefix, bool $decoded = false): string |
75
|
|
|
{ |
76
|
|
|
$dir = $this->prepareFs($pathPrefix); |
77
|
|
|
|
78
|
|
|
$fileName = md5(microtime(true)); |
79
|
|
|
|
80
|
|
|
if ($decoded) { |
81
|
|
|
$this->filePutContents($pathPrefix . $dir . $fileName, $fileContent); |
82
|
|
|
} else { |
83
|
|
|
$this->filePutContents($pathPrefix . $dir . $fileName, base64_decode($fileContent)); |
84
|
|
|
} |
85
|
|
|
|
86
|
|
|
return $dir . $fileName; |
87
|
|
|
} |
88
|
|
|
|
89
|
|
|
/** |
90
|
|
|
* Method returns file's content of false in case of error |
91
|
|
|
* |
92
|
|
|
* @param string $file |
93
|
|
|
* path to the loading file |
94
|
|
|
* @return string|bool file's content of false in case of error |
95
|
|
|
* @codeCoverageIgnore |
96
|
|
|
*/ |
97
|
|
|
protected function fileGetContents(string $file) |
98
|
|
|
{ |
99
|
|
|
return @file_get_contents($file); |
100
|
|
|
} |
101
|
|
|
|
102
|
|
|
/** |
103
|
|
|
* Method stores file on disk |
104
|
|
|
* |
105
|
|
|
* @param string $filePath |
106
|
|
|
* Path to the saving file |
107
|
|
|
* @param string $pathPrefix |
108
|
|
|
* Prefix to file |
109
|
|
|
* @param bool $decoded |
110
|
|
|
* If the file was not encodded in base64 |
111
|
|
|
* @return string Path to file or null if the image was not loaded |
112
|
|
|
*/ |
113
|
|
|
public function storeFile(string $filePath, string $pathPrefix, bool $decoded = false): ?string |
114
|
|
|
{ |
115
|
|
|
$fileContent = $this->fileGetContents($filePath); |
116
|
|
|
|
117
|
|
|
if ($fileContent === false) { |
118
|
|
|
return null; |
119
|
|
|
} |
120
|
|
|
|
121
|
|
|
return $this->storeFileContent($fileContent, $pathPrefix, $decoded); |
122
|
|
|
} |
123
|
|
|
|
124
|
|
|
/** |
125
|
|
|
* Method stores uploaded file |
126
|
|
|
* |
127
|
|
|
* @param string $from |
128
|
|
|
* path to the uploaded file |
129
|
|
|
* @param string $to |
130
|
|
|
* destination file path |
131
|
|
|
* @codeCoverageIgnore |
132
|
|
|
*/ |
133
|
|
|
protected function moveUploadedFile(string $from, string $to): void |
134
|
|
|
{ |
135
|
|
|
move_uploaded_file($from, $to); |
136
|
|
|
} |
137
|
|
|
|
138
|
|
|
/** |
139
|
|
|
* Method returns file value |
140
|
|
|
* |
141
|
|
|
* @param mixed $value |
142
|
|
|
* Data about the uploaded file |
143
|
|
|
* @param bool $storeFiles |
144
|
|
|
* Must be the file stored in the file system of the service or not |
145
|
|
|
* @param string $pathPrefix |
146
|
|
|
* prefix of the file path |
147
|
|
|
* @return string|array Path to the stored file or the array $value itself |
148
|
|
|
*/ |
149
|
|
|
public function getFileValue($value, bool $storeFiles, string $pathPrefix = '.') |
150
|
|
|
{ |
151
|
|
|
if (is_string($value)) { |
152
|
|
|
$value = $_FILES[$value]; |
153
|
|
|
} |
154
|
|
|
|
155
|
|
|
if (isset($value['size']) && $value['size'] === 0) { |
156
|
|
|
return ''; |
157
|
|
|
} |
158
|
|
|
|
159
|
|
|
if ($storeFiles) { |
160
|
|
|
$dir = '.' . $this->prepareFs($pathPrefix); |
161
|
|
|
|
162
|
|
|
$uploadFile = $dir . md5($value['name'] . microtime(true)) . '.' . |
163
|
|
|
pathinfo($value['name'], PATHINFO_EXTENSION); |
164
|
|
|
|
165
|
|
|
if (isset($value['file'])) { |
166
|
|
|
$this->filePutContents($uploadFile, base64_decode($value['file'])); |
167
|
|
|
} else { |
168
|
|
|
$this->moveUploadedFile($value['tmp_name'], $uploadFile); |
169
|
|
|
} |
170
|
|
|
|
171
|
|
|
return $uploadFile; |
172
|
|
|
} else { |
173
|
|
|
return $value; |
174
|
|
|
} |
175
|
|
|
} |
176
|
|
|
|
177
|
|
|
/** |
178
|
|
|
* Returning string value |
179
|
|
|
* |
180
|
|
|
* @param string $value |
181
|
|
|
* Value to be made secure |
182
|
|
|
* @return string Secure value |
183
|
|
|
*/ |
184
|
|
|
public function getStringValue(string $value): string |
185
|
|
|
{ |
186
|
|
|
return htmlspecialchars($value); |
187
|
|
|
} |
188
|
|
|
|
189
|
|
|
/** |
190
|
|
|
* Returning int value |
191
|
|
|
* |
192
|
|
|
* @param mixed $value |
193
|
|
|
* Value to be made secure |
194
|
|
|
* @return int Secure value |
195
|
|
|
*/ |
196
|
|
|
public function getIntValue($value): int |
197
|
|
|
{ |
198
|
|
|
return intval($value); |
199
|
|
|
} |
200
|
|
|
|
201
|
|
|
/** |
202
|
|
|
* Method validates uploaded file |
203
|
|
|
* |
204
|
|
|
* @param string $fieldName |
205
|
|
|
* field in the $_FILES array |
206
|
|
|
* @param array $validators |
207
|
|
|
* list of validators |
208
|
|
|
* @return bool true if the file valid and false otherwise. |
209
|
|
|
*/ |
210
|
|
|
public function isUploadedFileValid(string $fieldName, array $validators = []): bool |
211
|
|
|
{ |
212
|
|
|
foreach ($validators as $validator) { |
213
|
|
|
$validator->setValidatingData($fieldName); |
214
|
|
|
|
215
|
|
|
if ($validator->valid() === false) { |
216
|
|
|
return false; |
217
|
|
|
} |
218
|
|
|
} |
219
|
|
|
|
220
|
|
|
return true; |
221
|
|
|
} |
222
|
|
|
} |
If you suppress an error, we recommend checking for the error condition explicitly: