Issues in file.php - All Issues - Inspection of "fixed bug with file name with special chars" - ggoffy/wgfilemanager - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 14ac8d...2b7a7b )

by Goffy

created 2024-12-05 16:45 UTC

file.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php

declare(strict_types=1);

/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
 * wgFileManager module for xoops
 *
 * @copyright    2021 XOOPS Project (https://xoops.org)
 * @license      GPL 2.0 or later
 * @package      wgfilemanager
 * @author       Goffy - Wedega - Email:[email protected] - Website:https://xoops.wedega.com
 */

use Xmf\Request;
.
|-- OtherDir
|   |-- Bar.php
|   `-- Foo.php
`-- SomeDir
    `-- Foo.php
use XoopsModules\Wgfilemanager;
use XoopsModules\Wgfilemanager\Constants;
use XoopsModules\Wgfilemanager\Common;

require __DIR__ . '/header.php';
$GLOBALS['xoopsOption']['template_main'] = 'wgfilemanager_file.tpl';
require_once \XOOPS_ROOT_PATH . '/header.php';

$op     = Request::getCmd('op', 'list');
$fileId = Request::getInt('file_id');
$dirId  = Request::getInt('dir_id');
$start  = Request::getInt('start');
$limit  = Request::getInt('limit', $helper->getConfig('userpager'));
$GLOBALS['xoopsTpl']->assign('start', $start);
$GLOBALS['xoopsTpl']->assign('limit', $limit);

// Define Stylesheet
foreach ($styles as $style) {
    $GLOBALS['xoTheme']->addStylesheet($style, null);
}
// Paths
$GLOBALS['xoopsTpl']->assign('xoops_icons32_url', \XOOPS_ICONS32_URL);
$GLOBALS['xoopsTpl']->assign('wgfilemanager_url', \WGFILEMANAGER_URL);
$GLOBALS['xoopsTpl']->assign('wgfilemanager_icon_bi_url', \WGFILEMANAGER_ICONS_URL . '/bootstrap/');
$GLOBALS['xoopsTpl']->assign('wgfilemanager_upload_url', \WGFILEMANAGER_UPLOAD_URL);
// Keywords
$keywords = [];
// Breadcrumbs
$xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_INDEX, 'link' => 'index.php'];
if ($dirId > 1) {
    $dirArray = $directoryHandler->getDirListBreadcrumb($dirId);
    $dirListBreadcrumb = array_reverse($dirArray, true);
    foreach ($dirListBreadcrumb as $key => $value) {
        $xoBreadcrumbs[] = ['title' => $value, 'link' => 'index.php?dir_id=' . $key];
    }
}
// Permissions
$GLOBALS['xoopsTpl']->assign('showItem', $fileId > 0);
// params for url
$urlParams = '&amp;start=' . $start . '&amp;limit=' . $limit;
$urlParams = '&amp;dir_id=' . $dirId . '&amp;limit=' . $limit;

switch ($op) {
    case 'show':
        // Breadcrumbs
        $xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_FILE_DETAILS];
        if ($fileId > 0) {
            $fileObj = $fileHandler->get($fileId);
            if (!\is_object($fileObj)) {
                \redirect_header('file.php', 3, \_MA_WGFILEMANAGER_INVALID_PARAMS);
            }
        } else {
            \redirect_header('file.php', 3, \_MA_WGFILEMANAGER_INVALID_PARAMS);
        }
        $GLOBALS['xoopsTpl']->assign('fileShow', true);
        $GLOBALS['xoopsTpl']->assign('showBtnBack', true);
        $GLOBALS['xoopsTpl']->assign('useBroken', (bool)$helper->getConfig('use_broken'));
        // get permissions
        $GLOBALS['xoopsTpl']->assign('permEditFile', $permissionsHandler->getPermSubmitDirectory($dirId));
        $GLOBALS['xoopsTpl']->assign('permDownloadFileFromDir', $permissionsHandler->getPermDownloadFileFromDir($dirId));
        $GLOBALS['xoopsTpl']->assign('permUploadFileToDir', $permissionsHandler->getPermUploadFileToDir($dirId));
        $GLOBALS['xoopsTpl']->assign('permViewDirectory', $permissionsHandler->getPermViewDirectory($dirId));
        // get iconset
        $iconSet = $helper->getConfig('iconset');
        $fileIcons = [];
        if ('none' !== $iconSet) {
            $fileIcons = $fileHandler->getFileIconCollection($iconSet);
        }
        // Get File
        $file = $fileObj->getValuesFile();
        $ext = substr(strrchr($file['name'], '.'), 1);
        $fileCategory = isset($fileIcons['files'][$ext]) ? (int)$fileIcons['files'][$ext]['category'] : 0;
        $file['category'] = $fileCategory;
        $file['image']    = false;
        $file['pdf']      = false;
        switch ($fileCategory) {
            case 0:
                $previewUrl = isset($fileIcons['files'][$ext]) ? $fileIcons['files'][$ext]['src'] : $fileIcons['default'];
                break;
            case Constants::MIMETYPE_CAT_IMAGE:
                $file['image'] = true;
                $previewUrl = $file['real_url'];
                break;
            case Constants::MIMETYPE_CAT_PDF:
                $file['pdf'] = true;
                $previewUrl = $file['real_url'];
                break;
        }
        $file['preview_url'] = $previewUrl;
        $GLOBALS['xoopsTpl']->assign('file', $file);
        unset($fileList);
        $GLOBALS['xoopsTpl']->assign('table_type', $helper->getConfig('table_type'));
        $GLOBALS['xoopsTpl']->assign('panel_type', $helper->getConfig('panel_type'));
        $GLOBALS['xoopsTpl']->assign('xoops_pagetitle', \strip_tags($GLOBALS['xoopsModule']->getVar('name')));

        break;
    case 'list':
    default:

        break;
    case 'save':
        // Security Check
        if (!$GLOBALS['xoopsSecurity']->check()) {
            \redirect_header('index.php', 3, \implode(',', $GLOBALS['xoopsSecurity']->getErrors()));
        }
        if (!$permissionsHandler->getPermUploadFileToDir($dirId) && !$permissionsHandler->getPermSubmitDirectory($dirId)) {
            \redirect_header('index.php?op=list', 3, \_NOPERM);
        }
        if ($fileId > 0) {
            $fileObj = $fileHandler->get($fileId);
        } else {
            $fileObj = $fileHandler->create();
        }
        $fileHandlename = (int)$helper->getConfig('file_handlename');
        // Set Vars
        $directoryId    = Request::getInt('directory_id');
        $directoryIdOld = Request::getInt('directory_id_old');
        $fileObj->setVar('directory_id', $directoryId);
        // get full path of current directory
        $dirBasePath = '/';
        if ($directoryId > 0) {
            $dirBasePath .= $directoryHandler->getFullPath($directoryId);
            $dirBasePath .= '/';
        }
        $repoPath = \WGFILEMANAGER_REPO_PATH . $dirBasePath;

        $uploaderErrors = '';
        $redirOp = $fileId > 0 ? 'edit' : 'new';

        if (0 == $fileId) {
            //upload new file
            require_once \XOOPS_ROOT_PATH . '/class/uploader.php';
            $filename     = $_FILES['name']['name'];
            $fileMimetype = $_FILES['name']['type'];
            $fileSize     = $_FILES['name']['size'];
            $fileNewName  = substr($filename, 0, (strlen($filename)) - (strlen(strrchr($filename, '.'))));
            $extension    = \str_replace($fileNewName, '', $filename);
            //do same replacements as class/uploader.php
            $fileNewName = iconv('UTF-8', 'ASCII//TRANSLIT', $fileNewName);
            $fileNewName = preg_replace('!\s+!', '_', $fileNewName);
            $fileNewName = preg_replace("/[^a-zA-Z0-9\._-]/", '', $fileNewName);

            //check for new files, whether file already exists
            if (file_exists($repoPath . $fileNewName . $extension)) {
                \redirect_header('file.php?op=' . $redirOp . '&amp;file_id=' . $fileId . '&amp;dir_id=' . $directoryId, 5, \_MA_WGFILEMANAGER_FILE_ERROR_EXISTS);
            }
            $allowedMimeTypes = $mimetypeHandler->getMimetypeArray();
            $uploader = new \XoopsMediaUploader($repoPath, $allowedMimeTypes, $helper->getConfig('maxsize_file'), null, null);
            if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
                if (Constants::FILE_HANDLENAME_UNIQUE === $fileHandlename) {
                    $uploader->setPrefix($fileNewName . '_');
                } else {
                    $uploader->setTargetFileName($fileNewName . $extension);
                }
                $uploader->fetchMedia($_POST['xoops_upload_file'][0]);
                if ($uploader->upload()) {
                    $fileObj->setVar('name', $uploader->getSavedFileName());
                } else {
                    $uploaderErrors .= '<br>' . $uploader->getErrors();
                }
            } else {
                if ('' !== $filename) {
                    $uploaderErrors .= '<br>' . $uploader->getErrors();
                }
            }
            if ('' !== $uploaderErrors) {
                \redirect_header('file.php?op=' . $redirOp . '&amp;file_id=' . $fileId . '&amp;dir_id=' . $directoryId, 5, $uploaderErrors);
            }
        } else {
            //handle existing
            $fileName    = Request::getString('name');
            $fileNameOld = Request::getString('name_old');
            $movefile    = $directoryIdOld !== $directoryId;
            $renameFile  = $fileName !== $fileNameOld;
            if ($directoryIdOld !== $directoryId) {
                //move and rename file
                $dirBasePathOld = '/';
                $dirBasePathOld .= $directoryHandler->getFullPath($directoryIdOld);
                $dirBasePathOld .= '/';

                $fileHandler->renameFile($dirBasePathOld . $fileNameOld, $dirBasePath . $fileName);
            } else {
                if ($fileName !== $fileNameOld) {
                    //rename file
                    $fileHandler->renameFile($dirBasePath . $fileNameOld, $dirBasePath . $fileName);
                }
            }
            $fileObj->setVar('name', $fileName);
        }
        $fileObj->setVar('description', Request::getText('description'));
        $fileObj->setVar('ip', Request::getString('ip'));
        $fileObj->setVar('status', Request::getInt('status'));
        if (Request::hasVar('date_created')) {
            $fileDate_createdObj = \DateTime::createFromFormat(\_SHORTDATESTRING, Request::getString('date_created'));
            $fileObj->setVar('date_created', $fileDate_createdObj->getTimestamp());
        } else {
            $fileObj->setVar('date_created', time());
        }
        $fileObj->setVar('submitter', Request::getInt('submitter'));
        // Insert Data
        if ($fileHandler->insert($fileObj)) {
            $newFileId = $fileId > 0 ? $fileId : $fileObj->getNewInsertedId();
            unset($fileObj);
            $fileObj = $fileHandler->get($newFileId);
            $fileSaved = $repoPath . $fileObj->getVar('name');
            $fileObj->setVar('mimetype', \mime_content_type($fileSaved));
            $fileObj->setVar('mtime', \filemtime($fileSaved));
            $fileObj->setVar('ctime', \filectime($fileSaved));
            $fileObj->setVar('size', \filesize($fileSaved));
            $fileHandler->insert($fileObj);
            \redirect_header('index.php?op=list&amp;start=' . $start . '&amp;limit=' . $limit . '&amp;dir_id=' . $dirId, 2, \_AM_WGFILEMANAGER_FORM_OK);
        }
        // Get Form
        $GLOBALS['xoopsTpl']->assign('error', $fileObj->getHtmlErrors());
        $form = $fileObj->getForm();
        $GLOBALS['xoopsTpl']->assign('form', $form->render());
        break;
    case 'new':
        if (!$permissionsHandler->getPermUploadFileToDir($dirId)) {
            \redirect_header('index.php?op=list', 3, \_NOPERM);
        }
        // Breadcrumbs
        $xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_FILE_ADD];
        // Form Create
        $fileObj = $fileHandler->create();
        $fileObj->start = $start;
        $fileObj->limit = $limit;
        $fileObj->setVar('directory_id', $dirId);
        $fileObj->setVar('directory_id_old', $dirId);
        $form = $fileObj->getForm();
        $GLOBALS['xoopsTpl']->assign('form', $form->render());
        break;
    case 'edit':
        if (!$permissionsHandler->getPermSubmitDirectory($dirId)) {
            \redirect_header('index.php?op=list', 3, \_NOPERM);
        }
        // Breadcrumbs
        $xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_FILE_EDIT];
        // Check params
        if (0 == $fileId) {
            \redirect_header('index.php?op=list', 3, \_MA_WGFILEMANAGER_INVALID_PARAM);
        }
        // Get Form
        $fileObj = $fileHandler->get($fileId);
        $fileObj->start = $start;
        $fileObj->limit = $limit;
        $form = $fileObj->getForm();
        $GLOBALS['xoopsTpl']->assign('form', $form->render());
        break;
    case 'delete':
        if (!$permissionsHandler->getPermSubmitDirectory($dirId)) {
            \redirect_header('index.php?op=list', 3, \_NOPERM);
        }
        // Breadcrumbs
        $xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_FILE_DELETE];
        // Check params
        if (0 == $fileId) {
            \redirect_header('index.php?op=list', 3, \_MA_WGFILEMANAGER_INVALID_PARAM);
        }
        $fileObj = $fileHandler->get($fileId);
        $file = $fileObj->getValuesFile();
        if (isset($_REQUEST['ok']) && 1 == $_REQUEST['ok']) {
            if (!$GLOBALS['xoopsSecurity']->check()) {
                \redirect_header('index.php', 3, \implode(', ', $GLOBALS['xoopsSecurity']->getErrors()));
            }
            $filePath = $file['real_path'];
            if ($fileHandler->delete($fileObj)) {
                \unlink($filePath);
                //get param list
                $params = '?op=list';
                $params .= '&amp;dir_id=' . $fileObj->getVar('directory_id');
                $params .= '&amp;start=' . $start;
                $params .= '&amp;limit=' . $limit;
                \redirect_header('index.php' . $params, 3, \_MA_WGFILEMANAGER_FORM_DELETE_OK);
            } else {
                $GLOBALS['xoopsTpl']->assign('error', $fileObj->getHtmlErrors());
            }
        } else {
            $customConfirm = new Common\Confirm(
                ['ok' => 1, 'id' => $fileId, 'start' => $start, 'limit' => $limit, 'dir_id' => $dirId, 'op' => 'delete'],
                $_SERVER['REQUEST_URI'],
                \sprintf(\_MA_WGFILEMANAGER_FORM_SURE_DELETE, $file['name']));
            $form = $customConfirm->getFormConfirm();
            $GLOBALS['xoopsTpl']->assign('form', $form->render());
        }
        break;
    case 'broken':
        // Breadcrumbs
        $xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_BROKEN];
        // Check params
        if (0 == $fileId) {
            \redirect_header('file.php?op=list', 3, \_MA_WGFILEMANAGER_INVALID_PARAM);
        }
        $fileObj = $fileHandler->get($fileId);
        $fileName = $fileObj->getVar('name');
        if (isset($_REQUEST['ok']) && 1 == $_REQUEST['ok']) {
            if (!$GLOBALS['xoopsSecurity']->check()) {
                \redirect_header('file.php', 3, \implode(', ', $GLOBALS['xoopsSecurity']->getErrors()));
            }
            $fileObj->setVar('status', Constants::STATUS_BROKEN);
            if ($fileHandler->insert($fileObj)) {
                \redirect_header('index.php?op=list' . $urlParams, 2, \_MA_WGFILEMANAGER_FORM_OK);
            } else {
                $GLOBALS['xoopsTpl']->assign('error', $fileObj->getHtmlErrors());
            }
        } else {
            $customConfirm = new Common\Confirm(
                ['ok' => 1, 'id' => $fileId, 'start' => $start, 'limit' => $limit, 'op' => 'broken'],
                $_SERVER['REQUEST_URI'],
                \sprintf(\_MA_WGFILEMANAGER_FORM_SURE_BROKEN, $fileName));
            $form = $customConfirm->getFormConfirm();
            $GLOBALS['xoopsTpl']->assign('form', $form->render());
        }
        break;
    case 'favorite_pin':
    case 'favorite_unpin':
        //check perms
        if (!$permissionsHandler->getPermSubmitDirectory($dirId)) {
            \redirect_header('index.php?op=list', 3, \_NOPERM);
        }
        // Check params
        if (0 === $fileId) {
            \redirect_header('index.php?op=list', 3, \_MA_WGFILEMANAGER_INVALID_PARAM);
        }
        $fileObj   = $fileHandler->get($fileId);
        $fileObj->setVar('favorite', (int)('favorite_pin' === $op));
        if ($fileHandler->insert($fileObj)) {
            \redirect_header('index.php?op=list&amp;start=' . $start . '&amp;limit=' . $limit, 2, \_AM_WGFILEMANAGER_FORM_OK);
        } else {
            \redirect_header('index.php?op=list&amp;start=' . $start . '&amp;limit=' . $limit, 2, \_MA_WGFILEMANAGER_FAVORITE_ERROR_SET);
        }
        unset($fileObj);
        break;
}

// Keywords
wgfilemanagerMetaKeywords($helper->getConfig('keywords') . ', ' . \implode(',', $keywords));
unset($keywords);

$GLOBALS['xoopsTpl']->assign('xoops_mpageurl', \WGFILEMANAGER_URL.'/file.php');

require __DIR__ . '/footer.php';


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			You may not change or alter any portion of this comment or credits
7			of supporting developers from this source code or any supporting source code
8			which is considered copyrighted (c) material of the original comment or credit authors.
9
10			This program is distributed in the hope that it will be useful,
11			but WITHOUT ANY WARRANTY; without even the implied warranty of
12			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13			*/
14
15			/**
16			* wgFileManager module for xoops
17			*
18			* @copyright 2021 XOOPS Project (https://xoops.org)
19			* @license GPL 2.0 or later
20			* @package wgfilemanager
21			* @author Goffy - Wedega - Email:[email protected] - Website:https://xoops.wedega.com
22			*/
23
24			use Xmf\Request;
			0 ignored issues – show Bug introduced 2024-12-05 16:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this This use statement conflicts with another class in this namespace, `Request`. Consider defining an alias. Let?s assume that you have a directory layout like this: . \|-- OtherDir \| \|-- Bar.php \| `-- Foo.php `-- SomeDir `-- Foo.php and let?s assume the following content of `Bar.php`: // Bar.php namespace OtherDir; use SomeDir\Foo; // This now conflicts the class OtherDir\Foo If both files `OtherDir/Foo.php` and `SomeDir/Foo.php` are loaded in the same runtime, you will see a PHP error such as the following: PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php However, as `OtherDir/Foo.php` does not necessarily have to be loaded and the error is only triggered if it is loaded before `OtherDir/Bar.php`, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: // Bar.php namespace OtherDir; use SomeDir\Foo as SomeDirFoo; // There is no conflict anymore. Loading history...
25			use XoopsModules\Wgfilemanager;
26			use XoopsModules\Wgfilemanager\Constants;
27			use XoopsModules\Wgfilemanager\Common;
28
29			require __DIR__ . '/header.php';
30			$GLOBALS['xoopsOption']['template_main'] = 'wgfilemanager_file.tpl';
31			require_once \XOOPS_ROOT_PATH . '/header.php';
32
33			$op = Request::getCmd('op', 'list');
34			$fileId = Request::getInt('file_id');
35			$dirId = Request::getInt('dir_id');
36			$start = Request::getInt('start');
37			$limit = Request::getInt('limit', $helper->getConfig('userpager'));
38			$GLOBALS['xoopsTpl']->assign('start', $start);
39			$GLOBALS['xoopsTpl']->assign('limit', $limit);
40
41			// Define Stylesheet
42			foreach ($styles as $style) {
43			$GLOBALS['xoTheme']->addStylesheet($style, null);
44			}
45			// Paths
46			$GLOBALS['xoopsTpl']->assign('xoops_icons32_url', \XOOPS_ICONS32_URL);
47			$GLOBALS['xoopsTpl']->assign('wgfilemanager_url', \WGFILEMANAGER_URL);
48			$GLOBALS['xoopsTpl']->assign('wgfilemanager_icon_bi_url', \WGFILEMANAGER_ICONS_URL . '/bootstrap/');
49			$GLOBALS['xoopsTpl']->assign('wgfilemanager_upload_url', \WGFILEMANAGER_UPLOAD_URL);
50			// Keywords
51			$keywords = [];
52			// Breadcrumbs
53			$xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_INDEX, 'link' => 'index.php'];
54			if ($dirId > 1) {
55			$dirArray = $directoryHandler->getDirListBreadcrumb($dirId);
56			$dirListBreadcrumb = array_reverse($dirArray, true);
57			foreach ($dirListBreadcrumb as $key => $value) {
58			$xoBreadcrumbs[] = ['title' => $value, 'link' => 'index.php?dir_id=' . $key];
59			}
60			}
61			// Permissions
62			$GLOBALS['xoopsTpl']->assign('showItem', $fileId > 0);
63			// params for url
64			$urlParams = '&start=' . $start . '&limit=' . $limit;
65			$urlParams = '&dir_id=' . $dirId . '&limit=' . $limit;
66
67			switch ($op) {
68			case 'show':
69			// Breadcrumbs
70			$xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_FILE_DETAILS];
71			if ($fileId > 0) {
72			$fileObj = $fileHandler->get($fileId);
73			if (!\is_object($fileObj)) {
74			\redirect_header('file.php', 3, \_MA_WGFILEMANAGER_INVALID_PARAMS);
75			}
76			} else {
77			\redirect_header('file.php', 3, \_MA_WGFILEMANAGER_INVALID_PARAMS);
78			}
79			$GLOBALS['xoopsTpl']->assign('fileShow', true);
80			$GLOBALS['xoopsTpl']->assign('showBtnBack', true);
81			$GLOBALS['xoopsTpl']->assign('useBroken', (bool)$helper->getConfig('use_broken'));
82			// get permissions
83			$GLOBALS['xoopsTpl']->assign('permEditFile', $permissionsHandler->getPermSubmitDirectory($dirId));
84			$GLOBALS['xoopsTpl']->assign('permDownloadFileFromDir', $permissionsHandler->getPermDownloadFileFromDir($dirId));
85			$GLOBALS['xoopsTpl']->assign('permUploadFileToDir', $permissionsHandler->getPermUploadFileToDir($dirId));
86			$GLOBALS['xoopsTpl']->assign('permViewDirectory', $permissionsHandler->getPermViewDirectory($dirId));
87			// get iconset
88			$iconSet = $helper->getConfig('iconset');
89			$fileIcons = [];
90			if ('none' !== $iconSet) {
91			$fileIcons = $fileHandler->getFileIconCollection($iconSet);
92			}
93			// Get File
94			$file = $fileObj->getValuesFile();
95			$ext = substr(strrchr($file['name'], '.'), 1);
96			$fileCategory = isset($fileIcons['files'][$ext]) ? (int)$fileIcons['files'][$ext]['category'] : 0;
97			$file['category'] = $fileCategory;
98			$file['image'] = false;
99			$file['pdf'] = false;
100			switch ($fileCategory) {
101			case 0:
102			$previewUrl = isset($fileIcons['files'][$ext]) ? $fileIcons['files'][$ext]['src'] : $fileIcons['default'];
103			break;
104			case Constants::MIMETYPE_CAT_IMAGE:
105			$file['image'] = true;
106			$previewUrl = $file['real_url'];
107			break;
108			case Constants::MIMETYPE_CAT_PDF:
109			$file['pdf'] = true;
110			$previewUrl = $file['real_url'];
111			break;
112			}
113			$file['preview_url'] = $previewUrl;
114			$GLOBALS['xoopsTpl']->assign('file', $file);
115			unset($fileList);
116			$GLOBALS['xoopsTpl']->assign('table_type', $helper->getConfig('table_type'));
117			$GLOBALS['xoopsTpl']->assign('panel_type', $helper->getConfig('panel_type'));
118			$GLOBALS['xoopsTpl']->assign('xoops_pagetitle', \strip_tags($GLOBALS['xoopsModule']->getVar('name')));
119
120			break;
121			case 'list':
122			default:
123
124			break;
125			case 'save':
126			// Security Check
127			if (!$GLOBALS['xoopsSecurity']->check()) {
128			\redirect_header('index.php', 3, \implode(',', $GLOBALS['xoopsSecurity']->getErrors()));
129			}
130			if (!$permissionsHandler->getPermUploadFileToDir($dirId) && !$permissionsHandler->getPermSubmitDirectory($dirId)) {
131			\redirect_header('index.php?op=list', 3, \_NOPERM);
132			}
133			if ($fileId > 0) {
134			$fileObj = $fileHandler->get($fileId);
135			} else {
136			$fileObj = $fileHandler->create();
137			}
138			$fileHandlename = (int)$helper->getConfig('file_handlename');
139			// Set Vars
140			$directoryId = Request::getInt('directory_id');
141			$directoryIdOld = Request::getInt('directory_id_old');
142			$fileObj->setVar('directory_id', $directoryId);
143			// get full path of current directory
144			$dirBasePath = '/';
145			if ($directoryId > 0) {
146			$dirBasePath .= $directoryHandler->getFullPath($directoryId);
147			$dirBasePath .= '/';
148			}
149			$repoPath = \WGFILEMANAGER_REPO_PATH . $dirBasePath;
150
151			$uploaderErrors = '';
152			$redirOp = $fileId > 0 ? 'edit' : 'new';
153
154			if (0 == $fileId) {
155			//upload new file
156			require_once \XOOPS_ROOT_PATH . '/class/uploader.php';
157			$filename = $_FILES['name']['name'];
158			$fileMimetype = $_FILES['name']['type'];
159			$fileSize = $_FILES['name']['size'];
160			$fileNewName = substr($filename, 0, (strlen($filename)) - (strlen(strrchr($filename, '.'))));
161			$extension = \str_replace($fileNewName, '', $filename);
162			//do same replacements as class/uploader.php
163			$fileNewName = iconv('UTF-8', 'ASCII//TRANSLIT', $fileNewName);
164			$fileNewName = preg_replace('!\s+!', '_', $fileNewName);
165			$fileNewName = preg_replace("/[^a-zA-Z0-9\._-]/", '', $fileNewName);
166
167			//check for new files, whether file already exists
168			if (file_exists($repoPath . $fileNewName . $extension)) {
169			\redirect_header('file.php?op=' . $redirOp . '&file_id=' . $fileId . '&dir_id=' . $directoryId, 5, \_MA_WGFILEMANAGER_FILE_ERROR_EXISTS);
170			}
171			$allowedMimeTypes = $mimetypeHandler->getMimetypeArray();
172			$uploader = new \XoopsMediaUploader($repoPath, $allowedMimeTypes, $helper->getConfig('maxsize_file'), null, null);
173			if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
174			if (Constants::FILE_HANDLENAME_UNIQUE === $fileHandlename) {
175			$uploader->setPrefix($fileNewName . '_');
176			} else {
177			$uploader->setTargetFileName($fileNewName . $extension);
178			}
179			$uploader->fetchMedia($_POST['xoops_upload_file'][0]);
180			if ($uploader->upload()) {
181			$fileObj->setVar('name', $uploader->getSavedFileName());
182			} else {
183			$uploaderErrors .= '<br>' . $uploader->getErrors();
184			}
185			} else {
186			if ('' !== $filename) {
187			$uploaderErrors .= '<br>' . $uploader->getErrors();
188			}
189			}
190			if ('' !== $uploaderErrors) {
191			\redirect_header('file.php?op=' . $redirOp . '&file_id=' . $fileId . '&dir_id=' . $directoryId, 5, $uploaderErrors);
192			}
193			} else {
194			//handle existing
195			$fileName = Request::getString('name');
196			$fileNameOld = Request::getString('name_old');
197			$movefile = $directoryIdOld !== $directoryId;
198			$renameFile = $fileName !== $fileNameOld;
199			if ($directoryIdOld !== $directoryId) {
200			//move and rename file
201			$dirBasePathOld = '/';
202			$dirBasePathOld .= $directoryHandler->getFullPath($directoryIdOld);
203			$dirBasePathOld .= '/';
204
205			$fileHandler->renameFile($dirBasePathOld . $fileNameOld, $dirBasePath . $fileName);
206			} else {
207			if ($fileName !== $fileNameOld) {
208			//rename file
209			$fileHandler->renameFile($dirBasePath . $fileNameOld, $dirBasePath . $fileName);
210			}
211			}
212			$fileObj->setVar('name', $fileName);
213			}
214			$fileObj->setVar('description', Request::getText('description'));
215			$fileObj->setVar('ip', Request::getString('ip'));
216			$fileObj->setVar('status', Request::getInt('status'));
217			if (Request::hasVar('date_created')) {
218			$fileDate_createdObj = \DateTime::createFromFormat(\_SHORTDATESTRING, Request::getString('date_created'));
219			$fileObj->setVar('date_created', $fileDate_createdObj->getTimestamp());
220			} else {
221			$fileObj->setVar('date_created', time());
222			}
223			$fileObj->setVar('submitter', Request::getInt('submitter'));
224			// Insert Data
225			if ($fileHandler->insert($fileObj)) {
226			$newFileId = $fileId > 0 ? $fileId : $fileObj->getNewInsertedId();
227			unset($fileObj);
228			$fileObj = $fileHandler->get($newFileId);
229			$fileSaved = $repoPath . $fileObj->getVar('name');
230			$fileObj->setVar('mimetype', \mime_content_type($fileSaved));
231			$fileObj->setVar('mtime', \filemtime($fileSaved));
232			$fileObj->setVar('ctime', \filectime($fileSaved));
233			$fileObj->setVar('size', \filesize($fileSaved));
234			$fileHandler->insert($fileObj);
235			\redirect_header('index.php?op=list&start=' . $start . '&limit=' . $limit . '&dir_id=' . $dirId, 2, \_AM_WGFILEMANAGER_FORM_OK);
236			}
237			// Get Form
238			$GLOBALS['xoopsTpl']->assign('error', $fileObj->getHtmlErrors());
239			$form = $fileObj->getForm();
240			$GLOBALS['xoopsTpl']->assign('form', $form->render());
241			break;
242			case 'new':
243			if (!$permissionsHandler->getPermUploadFileToDir($dirId)) {
244			\redirect_header('index.php?op=list', 3, \_NOPERM);
245			}
246			// Breadcrumbs
247			$xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_FILE_ADD];
248			// Form Create
249			$fileObj = $fileHandler->create();
250			$fileObj->start = $start;
251			$fileObj->limit = $limit;
252			$fileObj->setVar('directory_id', $dirId);
253			$fileObj->setVar('directory_id_old', $dirId);
254			$form = $fileObj->getForm();
255			$GLOBALS['xoopsTpl']->assign('form', $form->render());
256			break;
257			case 'edit':
258			if (!$permissionsHandler->getPermSubmitDirectory($dirId)) {
259			\redirect_header('index.php?op=list', 3, \_NOPERM);
260			}
261			// Breadcrumbs
262			$xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_FILE_EDIT];
263			// Check params
264			if (0 == $fileId) {
265			\redirect_header('index.php?op=list', 3, \_MA_WGFILEMANAGER_INVALID_PARAM);
266			}
267			// Get Form
268			$fileObj = $fileHandler->get($fileId);
269			$fileObj->start = $start;
270			$fileObj->limit = $limit;
271			$form = $fileObj->getForm();
272			$GLOBALS['xoopsTpl']->assign('form', $form->render());
273			break;
274			case 'delete':
275			if (!$permissionsHandler->getPermSubmitDirectory($dirId)) {
276			\redirect_header('index.php?op=list', 3, \_NOPERM);
277			}
278			// Breadcrumbs
279			$xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_FILE_DELETE];
280			// Check params
281			if (0 == $fileId) {
282			\redirect_header('index.php?op=list', 3, \_MA_WGFILEMANAGER_INVALID_PARAM);
283			}
284			$fileObj = $fileHandler->get($fileId);
285			$file = $fileObj->getValuesFile();
286			if (isset($_REQUEST['ok']) && 1 == $_REQUEST['ok']) {
287			if (!$GLOBALS['xoopsSecurity']->check()) {
288			\redirect_header('index.php', 3, \implode(', ', $GLOBALS['xoopsSecurity']->getErrors()));
289			}
290			$filePath = $file['real_path'];
291			if ($fileHandler->delete($fileObj)) {
292			\unlink($filePath);
293			//get param list
294			$params = '?op=list';
295			$params .= '&dir_id=' . $fileObj->getVar('directory_id');
296			$params .= '&start=' . $start;
297			$params .= '&limit=' . $limit;
298			\redirect_header('index.php' . $params, 3, \_MA_WGFILEMANAGER_FORM_DELETE_OK);
299			} else {
300			$GLOBALS['xoopsTpl']->assign('error', $fileObj->getHtmlErrors());
301			}
302			} else {
303			$customConfirm = new Common\Confirm(
304			['ok' => 1, 'id' => $fileId, 'start' => $start, 'limit' => $limit, 'dir_id' => $dirId, 'op' => 'delete'],
305			$_SERVER['REQUEST_URI'],
306			\sprintf(\_MA_WGFILEMANAGER_FORM_SURE_DELETE, $file['name']));
307			$form = $customConfirm->getFormConfirm();
308			$GLOBALS['xoopsTpl']->assign('form', $form->render());
309			}
310			break;
311			case 'broken':
312			// Breadcrumbs
313			$xoBreadcrumbs[] = ['title' => \_MA_WGFILEMANAGER_BROKEN];
314			// Check params
315			if (0 == $fileId) {
316			\redirect_header('file.php?op=list', 3, \_MA_WGFILEMANAGER_INVALID_PARAM);
317			}
318			$fileObj = $fileHandler->get($fileId);
319			$fileName = $fileObj->getVar('name');
320			if (isset($_REQUEST['ok']) && 1 == $_REQUEST['ok']) {
321			if (!$GLOBALS['xoopsSecurity']->check()) {
322			\redirect_header('file.php', 3, \implode(', ', $GLOBALS['xoopsSecurity']->getErrors()));
323			}
324			$fileObj->setVar('status', Constants::STATUS_BROKEN);
325			if ($fileHandler->insert($fileObj)) {
326			\redirect_header('index.php?op=list' . $urlParams, 2, \_MA_WGFILEMANAGER_FORM_OK);
327			} else {
328			$GLOBALS['xoopsTpl']->assign('error', $fileObj->getHtmlErrors());
329			}
330			} else {
331			$customConfirm = new Common\Confirm(
332			['ok' => 1, 'id' => $fileId, 'start' => $start, 'limit' => $limit, 'op' => 'broken'],
333			$_SERVER['REQUEST_URI'],
334			\sprintf(\_MA_WGFILEMANAGER_FORM_SURE_BROKEN, $fileName));
335			$form = $customConfirm->getFormConfirm();
336			$GLOBALS['xoopsTpl']->assign('form', $form->render());
337			}
338			break;
339			case 'favorite_pin':
340			case 'favorite_unpin':
341			//check perms
342			if (!$permissionsHandler->getPermSubmitDirectory($dirId)) {
343			\redirect_header('index.php?op=list', 3, \_NOPERM);
344			}
345			// Check params
346			if (0 === $fileId) {
347			\redirect_header('index.php?op=list', 3, \_MA_WGFILEMANAGER_INVALID_PARAM);
348			}
349			$fileObj = $fileHandler->get($fileId);
350			$fileObj->setVar('favorite', (int)('favorite_pin' === $op));
351			if ($fileHandler->insert($fileObj)) {
352			\redirect_header('index.php?op=list&start=' . $start . '&limit=' . $limit, 2, \_AM_WGFILEMANAGER_FORM_OK);
353			} else {
354			\redirect_header('index.php?op=list&start=' . $start . '&limit=' . $limit, 2, \_MA_WGFILEMANAGER_FAVORITE_ERROR_SET);
355			}
356			unset($fileObj);
357			break;
358			}
359
360			// Keywords
361			wgfilemanagerMetaKeywords($helper->getConfig('keywords') . ', ' . \implode(',', $keywords));
362			unset($keywords);
363
364			$GLOBALS['xoopsTpl']->assign('xoops_mpageurl', \WGFILEMANAGER_URL.'/file.php');
365
366			require __DIR__ . '/footer.php';
367

ggoffy / wgfilemanager

Push — master ( 14ac8d...2b7a7b )

file.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like