upload::set_allowed_extensions() - Code Metrics - Inspection of "Add responsive filemanager" - blitze/phpBB-ext-sitemaker - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — develop ( 660ae6...f77be0 )

by Daniel

created 2017-09-23 00:18 UTC

upload::set_allowed_extensions() A

↳ Parent: upload

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	3
CRAP Score	1

Importance

Changes

Metric	Value
dl	0
loc	4
ccs	3
cts	3
cp	1
rs	10
c	0
b	0
f	0
cc	1
eloc	2
nc	1
nop	1
crap	1

<?php
/**
 *
 * @package sitemaker
 * @copyright (c) 2017 Daniel A. (blitze)
 * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
 *
 */

namespace blitze\sitemaker\controller;

use Symfony\Component\HttpFoundation\JsonResponse;

class upload
{
	/** @var \phpbb\auth\auth */
	protected $auth;

	/** @var \phpbb\files\factory */
	protected $files_factory;

	/** @var \phpbb\language\language */
	protected $language;

	/** @var string */
	protected $phpbb_root_path;

	/** @var array */
	protected $allowed_extensions = array('jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff', 'svg');

	/**
	 * Constructor
	 *
	 * @param \phpbb\auth\auth					$auth				Auth object
	 * @param \phpbb\files\factory				$files_factory		Files factory object
	 * @param \phpbb\language\language			$language			Language object
	 * @param string							$phpbb_root_path	phpBB root path
	 */
	public function __construct(\phpbb\auth\auth $auth, \phpbb\files\factory $files_factory, \phpbb\language\language $language, $phpbb_root_path)
	{
		$this->auth = $auth;
		$this->files_factory = $files_factory;
		$this->language = $language;
		$this->phpbb_root_path = $phpbb_root_path;
	}

	/**
	 * @return \Symfony\Component\HttpFoundation\Response
	 */
	public function handle()
	{
		$json_data = array(
			'location'	=> '',
			'message'   => '',
		);

		if (!$this->auth->acl_get('u_sm_filemanager'))
		{
			$json_data['message'] = $this->language->lang('NOT_AUTHORISED');
			return new JsonResponse($json_data, 401);
		}

		$upload_dir = $this->phpbb_root_path . 'images/sitemaker_uploads/source/';

		$file = $this->files_factory->get('files.upload')
			->set_disallowed_content(array())
			->set_allowed_extensions($this->allowed_extensions)
			->handle_upload('files.types.form', 'file');

		$this->set_filename($file);
		$file->move_file(str_replace($this->phpbb_root_path, '', $upload_dir), true, true, 0644);

		@chmod($upload_dir . $file->get('realname'), 0644);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

		if (sizeof($file->error))
		{
			$file->remove();
			$json_data['message'] = implode('<br />', $file->error);
		}
		else
		{
			$json_data['location'] = $file->get('realname');
		}

		return new JsonResponse($json_data);
	}

	/**
	 * @param array $allowed_extensions
	 * @return void
	 */
	public function set_allowed_extensions(array $allowed_extensions)
	{
		$this->allowed_extensions = $allowed_extensions;
	}

	/**
	 * @param \phpbb\files\filespec $file
	 * @return void
	 */
	protected function set_filename(\phpbb\files\filespec &$file)
	{
		$mode = 'real';
		$prefix = '';

		if (preg_match('/^(blobid|imagetools)\d?/i', $file->get('realname')))
		{
			$mode = 'unique';
			$prefix = 'sm_';
		}

		$file->clean_filename($mode, $prefix);
	}
}


1		<?php
2		/**
3		*
4		* @package sitemaker
5		* @copyright (c) 2017 Daniel A. (blitze)
6		* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
7		*
8		*/
9
10		namespace blitze\sitemaker\controller;
11
12		use Symfony\Component\HttpFoundation\JsonResponse;
13
14		class upload
15		{
16		/** @var \phpbb\auth\auth */
17		protected $auth;
18
19		/** @var \phpbb\files\factory */
20		protected $files_factory;
21
22		/** @var \phpbb\language\language */
23		protected $language;
24
25		/** @var string */
26		protected $phpbb_root_path;
27
28		/** @var array */
29		protected $allowed_extensions = array('jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff', 'svg');
30
31		/**
32		* Constructor
33		*
34		* @param \phpbb\auth\auth $auth Auth object
35		* @param \phpbb\files\factory $files_factory Files factory object
36		* @param \phpbb\language\language $language Language object
37		* @param string $phpbb_root_path phpBB root path
38		*/
39	5	public function __construct(\phpbb\auth\auth $auth, \phpbb\files\factory $files_factory, \phpbb\language\language $language, $phpbb_root_path)
40		{
41	5	$this->auth = $auth;
42	5	$this->files_factory = $files_factory;
43	5	$this->language = $language;
44	5	$this->phpbb_root_path = $phpbb_root_path;
45	5	}
46
47		/**
48		* @return \Symfony\Component\HttpFoundation\Response
49		*/
50	5	public function handle()
51		{
52		$json_data = array(
53	5	'location' => '',
54	5	'message' => '',
55	5	);
56
57	5	if (!$this->auth->acl_get('u_sm_filemanager'))
58	5	{
59	1	$json_data['message'] = $this->language->lang('NOT_AUTHORISED');
60	1	return new JsonResponse($json_data, 401);
61		}
62
63	4	$upload_dir = $this->phpbb_root_path . 'images/sitemaker_uploads/source/';
64
65	4	$file = $this->files_factory->get('files.upload')
66	4	->set_disallowed_content(array())
67	4	->set_allowed_extensions($this->allowed_extensions)
68	4	->handle_upload('files.types.form', 'file');
69
70	4	$this->set_filename($file);
71	4	$file->move_file(str_replace($this->phpbb_root_path, '', $upload_dir), true, true, 0644);
72
73	4	@chmod($upload_dir . $file->get('realname'), 0644);
		0 ignored issues – show Security Best Practice introduced 2017-09-23 00:27 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
74
75	4	if (sizeof($file->error))
76	4	{
77	1	$file->remove();
78	1	$json_data['message'] = implode('<br />', $file->error);
79	1	}
80		else
81		{
82	3	$json_data['location'] = $file->get('realname');
83		}
84
85	4	return new JsonResponse($json_data);
86		}
87
88		/**
89		* @param array $allowed_extensions
90		* @return void
91		*/
92	5	public function set_allowed_extensions(array $allowed_extensions)
93		{
94	5	$this->allowed_extensions = $allowed_extensions;
95	5	}
96
97		/**
98		* @param \phpbb\files\filespec $file
99		* @return void
100		*/
101	4	protected function set_filename(\phpbb\files\filespec &$file)
102		{
103	4	$mode = 'real';
104	4	$prefix = '';
105
106	4	if (preg_match('/^(blobid\|imagetools)\d?/i', $file->get('realname')))
107	4	{
108	2	$mode = 'unique';
109	2	$prefix = 'sm_';
110	2	}
111
112	4	$file->clean_filename($mode, $prefix);
113	4	}
114		}
115

blitze / phpBB-ext-sitemaker

Push — develop ( 660ae6...f77be0 )

upload::set_allowed_extensions() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like