| 1 |  |  | <?php | 
            
                                                                                                            
                            
            
                                    
            
            
                | 2 |  |  | /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 3 |  |  |  * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 4 |  |  |  * @package sitemaker | 
            
                                                                                                            
                            
            
                                    
            
            
                | 5 |  |  |  * @copyright (c) 2017 Daniel A. (blitze) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 6 |  |  |  * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 | 
            
                                                                                                            
                            
            
                                    
            
            
                | 7 |  |  |  * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 8 |  |  |  */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 9 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 10 |  |  | namespace blitze\sitemaker\controller; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 11 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 12 |  |  | use Symfony\Component\HttpFoundation\JsonResponse; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 13 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 14 |  |  | class upload | 
            
                                                                                                            
                            
            
                                    
            
            
                | 15 |  |  | { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 16 |  |  | 	/** @var \phpbb\auth\auth */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 17 |  |  | 	protected $auth; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 18 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 19 |  |  | 	/** @var \phpbb\files\factory */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 20 |  |  | 	protected $files_factory; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 21 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 22 |  |  | 	/** @var \phpbb\language\language */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 23 |  |  | 	protected $language; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 24 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 25 |  |  | 	/** @var string */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 26 |  |  | 	protected $phpbb_root_path; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 27 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 28 |  |  | 	/** @var array */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 29 |  |  | 	protected $allowed_extensions = array('jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff', 'svg'); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 30 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 31 |  |  | 	/** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 32 |  |  | 	 * Constructor | 
            
                                                                                                            
                            
            
                                    
            
            
                | 33 |  |  | 	 * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 34 |  |  | 	 * @param \phpbb\auth\auth					$auth				Auth object | 
            
                                                                                                            
                            
            
                                    
            
            
                | 35 |  |  | 	 * @param \phpbb\files\factory				$files_factory		Files factory object | 
            
                                                                                                            
                            
            
                                    
            
            
                | 36 |  |  | 	 * @param \phpbb\language\language			$language			Language object | 
            
                                                                                                            
                            
            
                                    
            
            
                | 37 |  |  | 	 * @param string							$phpbb_root_path	phpBB root path | 
            
                                                                                                            
                            
            
                                    
            
            
                | 38 |  |  | 	 */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 39 | 5 |  | 	public function __construct(\phpbb\auth\auth $auth, \phpbb\files\factory $files_factory, \phpbb\language\language $language, $phpbb_root_path) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 40 |  |  | 	{ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 41 | 5 |  | 		$this->auth = $auth; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 42 | 5 |  | 		$this->files_factory = $files_factory; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 43 | 5 |  | 		$this->language = $language; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 44 | 5 |  | 		$this->phpbb_root_path = $phpbb_root_path; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 45 | 5 |  | 	} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 46 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 47 |  |  | 	/** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 48 |  |  | 	 * @return \Symfony\Component\HttpFoundation\Response | 
            
                                                                                                            
                            
            
                                    
            
            
                | 49 |  |  | 	 */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 50 | 5 |  | 	public function handle() | 
            
                                                                                                            
                            
            
                                    
            
            
                | 51 |  |  | 	{ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 52 |  |  | 		$json_data = array( | 
            
                                                                                                            
                            
            
                                    
            
            
                | 53 | 5 |  | 			'location'	=> '', | 
            
                                                                                                            
                            
            
                                    
            
            
                | 54 | 5 |  | 			'message'   => '', | 
            
                                                                                                            
                            
            
                                    
            
            
                | 55 | 5 |  | 		); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 56 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 57 | 5 |  | 		if (!$this->auth->acl_get('u_sm_filemanager')) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 58 | 5 |  | 		{ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 59 | 1 |  | 			$json_data['message'] = $this->language->lang('NOT_AUTHORISED'); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 60 | 1 |  | 			return new JsonResponse($json_data, 401); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 61 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 62 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 63 | 4 |  | 		$file = $this->get_file(); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 64 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 65 | 4 |  | 		if (sizeof($file->error)) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 66 | 4 |  | 		{ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 67 | 1 |  | 			$file->remove(); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 68 | 1 |  | 			$json_data['message'] = implode('<br />', $file->error); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 69 | 1 |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 70 |  |  | 		else | 
            
                                                                                                            
                            
            
                                    
            
            
                | 71 |  |  | 		{ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 72 | 3 |  | 			$this->set_file_permissions($upload_dir . $file->get('realname')); | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 73 | 3 |  | 			$json_data['location'] = $file->get('realname'); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 74 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 75 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 76 | 4 |  | 		return new JsonResponse($json_data); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 77 |  |  | 	} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 78 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 79 |  |  | 	/** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 80 |  |  | 	 * @param array $allowed_extensions | 
            
                                                                                                            
                            
            
                                    
            
            
                | 81 |  |  | 	 * @return void | 
            
                                                                                                            
                            
            
                                    
            
            
                | 82 |  |  | 	 */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 83 | 5 |  | 	public function set_allowed_extensions(array $allowed_extensions) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 84 |  |  | 	{ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 85 | 5 |  | 		$this->allowed_extensions = $allowed_extensions; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 86 | 5 |  | 	} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 87 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 88 |  |  | 	/** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 89 |  |  | 	 * @param \phpbb\files\filespec $file | 
            
                                                                                                            
                            
            
                                    
            
            
                | 90 |  |  | 	 * @return void | 
            
                                                                                                            
                            
            
                                    
            
            
                | 91 |  |  | 	 */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 92 | 4 |  | 	protected function set_filename(\phpbb\files\filespec &$file) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 93 |  |  | 	{ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 94 | 4 |  | 		$mode = 'real'; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 95 | 4 |  | 		$prefix = ''; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 96 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 97 | 4 |  | 		if (preg_match('/^(blobid|imagetools)\d?/i', $file->get('realname'))) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 98 | 4 |  | 		{ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 99 | 2 |  | 			$mode = 'unique'; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 100 | 2 |  | 			$prefix = 'sm_'; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 101 | 2 |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 102 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 103 | 4 |  | 		$file->clean_filename($mode, $prefix); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 104 | 4 |  | 	} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 105 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 106 |  |  | 	/** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 107 |  |  | 	 * @return \phpbb\files\filespec | 
            
                                                                                                            
                            
            
                                    
            
            
                | 108 |  |  | 	 */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 109 | 4 |  | 	protected function get_file() | 
            
                                                                                                            
                            
            
                                    
            
            
                | 110 |  |  | 	{ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 111 | 4 |  | 		$upload_dir = $this->phpbb_root_path . 'images/sitemaker_uploads/source/'; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 112 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 113 | 4 |  | 		$file = $this->files_factory->get('files.upload') | 
            
                                                                                                            
                            
            
                                    
            
            
                | 114 | 4 |  | 			->set_disallowed_content(array()) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 115 | 4 |  | 			->set_allowed_extensions($this->allowed_extensions) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 116 | 4 |  | 			->handle_upload('files.types.form', 'file'); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 117 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 118 | 4 |  | 		$this->set_filename($file); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 119 | 4 |  | 		$file->move_file(str_replace($this->phpbb_root_path, '', $upload_dir), true, true, 0644); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 120 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 121 | 4 |  | 		return $file; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 122 |  |  | 	} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 123 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 124 |  |  | 	/** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 125 |  |  | 	 * @param string $file | 
            
                                                                                                            
                            
            
                                    
            
            
                | 126 |  |  | 	 * @return void | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 127 |  |  | 	 */ | 
            
                                                        
            
                                    
            
            
                | 128 |  |  | 	protected function set_file_permissions($file) | 
            
                                                        
            
                                    
            
            
                | 129 |  |  | 	{ | 
            
                                                        
            
                                    
            
            
                | 130 |  |  | 		chmod($file, 0644); | 
            
                                                        
            
                                    
            
            
                | 131 |  |  | 	} | 
            
                                                        
            
                                    
            
            
                | 132 |  |  | } | 
            
                                                        
            
                                    
            
            
                | 133 |  |  |  | 
            
                        
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.