UploadMediaAction::handle() - Code Metrics - Inspection of "Fix: external files cause error on manage media pa..." - fisharebest/webtrees - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8091bf...8ce3bd )

by Greg

created 2021-01-08 09:15 UTC

UploadMediaAction::handle() B

↳ Parent: UploadMediaAction

Complexity

Conditions	10
Paths	5

Size

Total Lines	68
Code Lines	37

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	10
eloc	37
c	1
b	0
f	0
nc	5
nop	1
dl	0
loc	68
rs	7.6666

How to fix Long Method Complexity

<?php

/**
 * webtrees: online genealogy
 * Copyright (C) 2020 webtrees development team
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace Fisharebest\Webtrees\Http\RequestHandlers;

use Fisharebest\Webtrees\FlashMessages;
use Fisharebest\Webtrees\Functions\Functions;
use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Log;
use Fisharebest\Webtrees\Registry;
use Fisharebest\Webtrees\Services\MediaFileService;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\UploadedFileInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Throwable;

use function assert;
use function e;
use function preg_match;
use function redirect;
use function route;
use function str_replace;
use function substr;
use function trim;

use const UPLOAD_ERR_OK;

/**
 * Manage media from the control panel.
 */
class UploadMediaAction implements RequestHandlerInterface
{
    /** @var MediaFileService */
    private $media_file_service;

    /**
     * MediaController constructor.
     *
     * @param MediaFileService $media_file_service
     */
    public function __construct(MediaFileService $media_file_service)
    {
        $this->media_file_service = $media_file_service;
    }

    /**
     * @param ServerRequestInterface $request
     *
     * @return ResponseInterface
     */
    public function handle(ServerRequestInterface $request): ResponseInterface
    {
        $data_filesystem = Registry::filesystem()->data();

        $params = (array) $request->getParsedBody();

        $all_folders = $this->media_file_service->allMediaFolders($data_filesystem);

        foreach ($request->getUploadedFiles() as $key => $uploaded_file) {
            assert($uploaded_file instanceof UploadedFileInterface);
            if ($uploaded_file->getClientFilename() === '') {
                continue;
            }
            if ($uploaded_file->getError() !== UPLOAD_ERR_OK) {
                FlashMessages::addMessage(Functions::fileUploadErrorText($uploaded_file->getError()), 'danger');
                continue;
            }
            $key = substr($key, 9);

            $folder   = $params['folder' . $key];
            $filename = $params['filename' . $key];

            // If no filename specified, use the original filename.
            if ($filename === '') {
                $filename = $uploaded_file->getClientFilename();
            }

            // Validate the folder
            if (!$all_folders->contains($folder)) {
                break;
            }

            // Validate the filename.
            $filename = str_replace('\\', '/', $filename);
            $filename = trim($filename, '/');

            if (preg_match('/([:])/', $filename, $match)) {
                // Local media files cannot contain certain special characters, especially on MS Windows
                FlashMessages::addMessage(I18N::translate('Filenames are not allowed to contain the character “%s”.', $match[1]));
                continue;
            }

            if (preg_match('/(\.(php|pl|cgi|bash|sh|bat|exe|com|htm|html|shtml))$/i', $filename, $match)) {
                // Do not allow obvious script files.
                FlashMessages::addMessage(I18N::translate('Filenames are not allowed to have the extension “%s”.', $match[1]));
                continue;
            }

            $path = $folder . $filename;

            if ($data_filesystem->has($path)) {
                FlashMessages::addMessage(I18N::translate('The file %s already exists. Use another filename.', $path, 'error'));
                continue;
            }

            // Now copy the file to the correct location.
            try {
                $data_filesystem->writeStream($path, $uploaded_file->getStream()->detach());
                FlashMessages::addMessage(I18N::translate('The file %s has been uploaded.', Html::filename($path)), 'success');
                Log::addMediaLog('Media file ' . $path . ' uploaded');
            } catch (Throwable $ex) {
                FlashMessages::addMessage(I18N::translate('There was an error uploading your file.') . '<br>' . e($ex->getMessage()), 'danger');
            }
        }

        $url = route(UploadMediaPage::class);

        return redirect($url);
    }
}


1			<?php
2
3			/**
4			* webtrees: online genealogy
5			* Copyright (C) 2020 webtrees development team
6			* This program is free software: you can redistribute it and/or modify
7			* it under the terms of the GNU General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			* You should have received a copy of the GNU General Public License
15			* along with this program. If not, see <http://www.gnu.org/licenses/>.
16			*/
17
18			declare(strict_types=1);
19
20			namespace Fisharebest\Webtrees\Http\RequestHandlers;
21
22			use Fisharebest\Webtrees\FlashMessages;
23			use Fisharebest\Webtrees\Functions\Functions;
24			use Fisharebest\Webtrees\Html;
25			use Fisharebest\Webtrees\I18N;
26			use Fisharebest\Webtrees\Log;
27			use Fisharebest\Webtrees\Registry;
28			use Fisharebest\Webtrees\Services\MediaFileService;
29			use Psr\Http\Message\ResponseInterface;
30			use Psr\Http\Message\ServerRequestInterface;
31			use Psr\Http\Message\UploadedFileInterface;
32			use Psr\Http\Server\RequestHandlerInterface;
33			use Throwable;
34
35			use function assert;
36			use function e;
37			use function preg_match;
38			use function redirect;
39			use function route;
40			use function str_replace;
41			use function substr;
42			use function trim;
43
44			use const UPLOAD_ERR_OK;
45
46			/**
47			* Manage media from the control panel.
48			*/
49			class UploadMediaAction implements RequestHandlerInterface
50			{
51			/** @var MediaFileService */
52			private $media_file_service;
53
54			/**
55			* MediaController constructor.
56			*
57			* @param MediaFileService $media_file_service
58			*/
59			public function __construct(MediaFileService $media_file_service)
60			{
61			$this->media_file_service = $media_file_service;
62			}
63
64			/**
65			* @param ServerRequestInterface $request
66			*
67			* @return ResponseInterface
68			*/
69			public function handle(ServerRequestInterface $request): ResponseInterface
70			{
71			$data_filesystem = Registry::filesystem()->data();
72
73			$params = (array) $request->getParsedBody();
74
75			$all_folders = $this->media_file_service->allMediaFolders($data_filesystem);
76
77			foreach ($request->getUploadedFiles() as $key => $uploaded_file) {
78			assert($uploaded_file instanceof UploadedFileInterface);
79			if ($uploaded_file->getClientFilename() === '') {
80			continue;
81			}
82			if ($uploaded_file->getError() !== UPLOAD_ERR_OK) {
83			FlashMessages::addMessage(Functions::fileUploadErrorText($uploaded_file->getError()), 'danger');
84			continue;
85			}
86			$key = substr($key, 9);
87
88			$folder = $params['folder' . $key];
89			$filename = $params['filename' . $key];
90
91			// If no filename specified, use the original filename.
92			if ($filename === '') {
93			$filename = $uploaded_file->getClientFilename();
94			}
95
96			// Validate the folder
97			if (!$all_folders->contains($folder)) {
98			break;
99			}
100
101			// Validate the filename.
102			$filename = str_replace('\\', '/', $filename);
103			$filename = trim($filename, '/');
104
105			if (preg_match('/([:])/', $filename, $match)) {
106			// Local media files cannot contain certain special characters, especially on MS Windows
107			FlashMessages::addMessage(I18N::translate('Filenames are not allowed to contain the character “%s”.', $match[1]));
108			continue;
109			}
110
111			if (preg_match('/(\.(php\|pl\|cgi\|bash\|sh\|bat\|exe\|com\|htm\|html\|shtml))$/i', $filename, $match)) {
112			// Do not allow obvious script files.
113			FlashMessages::addMessage(I18N::translate('Filenames are not allowed to have the extension “%s”.', $match[1]));
114			continue;
115			}
116
117			$path = $folder . $filename;
118
119			if ($data_filesystem->has($path)) {
120			FlashMessages::addMessage(I18N::translate('The file %s already exists. Use another filename.', $path, 'error'));
121			continue;
122			}
123
124			// Now copy the file to the correct location.
125			try {
126			$data_filesystem->writeStream($path, $uploaded_file->getStream()->detach());
127			FlashMessages::addMessage(I18N::translate('The file %s has been uploaded.', Html::filename($path)), 'success');
128			Log::addMediaLog('Media file ' . $path . ' uploaded');
129			} catch (Throwable $ex) {
130			FlashMessages::addMessage(I18N::translate('There was an error uploading your file.') . '<br>' . e($ex->getMessage()), 'danger');
131			}
132			}
133
134			$url = route(UploadMediaPage::class);
135
136			return redirect($url);
137			}
138			}
139

fisharebest / webtrees

Push — master ( 8091bf...8ce3bd )

UploadMediaAction::handle() B

Complexity

Size

Duplication

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like