1 | <?php |
||||
2 | |||||
3 | declare(strict_types=1); |
||||
4 | |||||
5 | namespace XoopsModules\Publisher; |
||||
6 | |||||
7 | /* |
||||
8 | You may not change or alter any portion of this comment or credits |
||||
9 | of supporting developers from this source code or any supporting source code |
||||
10 | which is considered copyrighted (c) material of the original comment or credit authors. |
||||
11 | |||||
12 | This program is distributed in the hope that it will be useful, |
||||
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
15 | */ |
||||
16 | |||||
17 | /** |
||||
18 | * Publisher class |
||||
19 | * |
||||
20 | * @copyright The XUUPS Project http://sourceforge.net/projects/xuups/ |
||||
21 | * @license http://www.fsf.org/copyleft/gpl.html GNU public license |
||||
22 | * @since 1.0 |
||||
23 | * @author trabis <[email protected]> |
||||
24 | * @author The SmartFactory <www.smartfactory.ca> |
||||
25 | */ |
||||
26 | |||||
27 | require_once \dirname(__DIR__) . '/include/common.php'; |
||||
28 | |||||
29 | /** |
||||
30 | * Class MimetypeHandler |
||||
31 | */ |
||||
32 | class MimetypeHandler extends BaseObjectHandler |
||||
33 | { |
||||
34 | /** |
||||
35 | * Constructor |
||||
36 | * @param \XoopsDatabase|null $db |
||||
37 | * @param Helper|null $helper |
||||
38 | */ |
||||
39 | public function __construct(\XoopsDatabase $db = null, Helper $helper = null) |
||||
40 | { |
||||
41 | /** @var Helper $this->helper */ |
||||
42 | $this->helper = $helper ?? Helper::getInstance(); |
||||
43 | |||||
44 | $this->publisherIsAdmin = $this->helper->isUserAdmin(); |
||||
45 | $this->db = $db; |
||||
46 | $this->className = Mimetype::class; |
||||
47 | } |
||||
48 | |||||
49 | /** |
||||
50 | * retrieve a mimetype object from the database |
||||
51 | * |
||||
52 | * @param int|null $id ID of mimetype |
||||
53 | * |
||||
54 | * @param array|null $fields |
||||
55 | * @return bool|Mimetype |
||||
56 | */ |
||||
57 | public function get($id = null, $fields = null) |
||||
58 | { |
||||
59 | $id = (int)$id; |
||||
60 | if ($id > 0) { |
||||
61 | $sql = $this->selectQuery(new \Criteria('mime_id', $id)); |
||||
62 | if (!$result = $this->db->query($sql)) { |
||||
63 | return false; |
||||
64 | } |
||||
65 | $numrows = $this->db->getRowsNum($result); |
||||
66 | if (1 == $numrows) { |
||||
67 | $obj = new $this->className($this->db->fetchArray($result)); |
||||
68 | |||||
69 | return $obj; |
||||
70 | } |
||||
71 | } |
||||
72 | |||||
73 | return false; |
||||
74 | } |
||||
75 | |||||
76 | /** |
||||
77 | * retrieve objects from the database |
||||
78 | * |
||||
79 | * @param \Criteria|\CriteriaCompo|null $criteria conditions to be met |
||||
80 | * |
||||
81 | * @param bool $id_as_key |
||||
82 | * @param bool $as_object |
||||
83 | * @return array array of <a href='psi_element://Mimetype'>Mimetype</a> objects |
||||
84 | * objects |
||||
85 | */ |
||||
86 | public function &getObjects($criteria = null, $id_as_key = false, $as_object = true) //&getObjects($criteria = null) |
||||
87 | { |
||||
88 | $ret = []; |
||||
89 | $limit = $start = 0; |
||||
90 | $sql = $this->selectQuery($criteria); |
||||
91 | if (null !== $criteria) { |
||||
92 | $limit = $criteria->getLimit(); |
||||
93 | $start = $criteria->getStart(); |
||||
94 | } |
||||
95 | //echo "<br>$sql<br>"; |
||||
96 | $result = $this->db->query($sql, $limit, $start); |
||||
97 | // if no records from db, return empty array |
||||
98 | if (!$result) { |
||||
99 | return $ret; |
||||
100 | } |
||||
101 | // Add each returned record to the result array |
||||
102 | while (false !== ($myrow = $this->db->fetchArray($result))) { |
||||
103 | $obj = new $this->className($myrow); |
||||
104 | $ret[] = $obj; |
||||
105 | unset($obj); |
||||
106 | } |
||||
107 | |||||
108 | return $ret; |
||||
109 | } |
||||
110 | |||||
111 | /** |
||||
112 | * Format mime_types into array |
||||
113 | * |
||||
114 | * @param mixed|null $mimeExt |
||||
115 | * |
||||
116 | * @return array array of mime_types |
||||
117 | */ |
||||
118 | public function getArray($mimeExt = null) |
||||
119 | { |
||||
120 | // global $publisherIsAdmin; |
||||
121 | $ret = []; |
||||
122 | if ($GLOBALS['xoopsUser'] && !$this->publisherIsAdmin) { |
||||
123 | // For user uploading |
||||
124 | $crit = new \CriteriaCompo(new \Criteria('mime_user', 1)); //$sql = sprintf("SELECT * FROM `%s` WHERE mime_user=1", $GLOBALS['xoopsDB']->prefix($module->getVar('dirname', 'n') . '_mimetypes')); |
||||
125 | } elseif ($GLOBALS['xoopsUser'] && $this->publisherIsAdmin) { |
||||
126 | // For admin uploading |
||||
127 | $crit = new \CriteriaCompo(new \Criteria('mime_admin', 1)); //$sql = sprintf("SELECT * FROM `%s` WHERE mime_admin=1", $GLOBALS['xoopsDB']->prefix($module->getVar('dirname', 'n') . '_mimetypes')); |
||||
128 | } else { |
||||
129 | return $ret; |
||||
130 | } |
||||
131 | if ($mimeExt) { |
||||
132 | $crit->add(new \Criteria('mime_ext', $mimeExt)); |
||||
133 | } |
||||
134 | $result = $this->getObjects($crit); |
||||
135 | // if no records from db, return empty array |
||||
136 | if (!$result) { |
||||
137 | return $ret; |
||||
138 | } |
||||
139 | foreach ($result as $mime) { |
||||
140 | $line = \explode(' ', $mime->getVar('mime_types')); |
||||
141 | foreach ($line as $row) { |
||||
142 | $ret[] = ['type' => $row, 'ext' => $mime->getVar('mime_ext')]; |
||||
143 | } |
||||
144 | } |
||||
145 | |||||
146 | return $ret; |
||||
147 | } |
||||
148 | |||||
149 | /** |
||||
150 | * Checks to see if the user uploading the file has permissions to upload this mimetype |
||||
151 | * |
||||
152 | * @param string $postField file being uploaded |
||||
153 | * |
||||
154 | * @return bool false if no permission, return mimetype if has permission |
||||
155 | */ |
||||
156 | public function checkMimeTypes($postField) |
||||
157 | { |
||||
158 | $ret = false; |
||||
159 | $allowedMimetypes = $this->getArrayByType(); |
||||
160 | if (empty($allowedMimetypes)) { |
||||
161 | return $ret; |
||||
162 | } |
||||
163 | foreach ($allowedMimetypes as $mime) { |
||||
164 | if ($mime == $_FILES[$postField]['type']) { |
||||
165 | $ret = $mime; |
||||
166 | break; |
||||
167 | } |
||||
168 | } |
||||
169 | |||||
170 | return $ret; |
||||
171 | } |
||||
172 | |||||
173 | /** |
||||
174 | * @return array |
||||
175 | */ |
||||
176 | public function getArrayByType() |
||||
177 | { |
||||
178 | static $array = []; |
||||
179 | if (empty($array)) { |
||||
180 | $items = $this->getArray(); |
||||
181 | foreach ($items as $item) { |
||||
182 | $array[] = $item['type']; |
||||
183 | } |
||||
184 | } |
||||
185 | |||||
186 | return $array; |
||||
187 | } |
||||
188 | |||||
189 | /** |
||||
190 | * Create a "select" SQL query |
||||
191 | * |
||||
192 | * @param \Criteria|\CriteriaCompo|null $criteria to match |
||||
193 | * @param bool $join |
||||
194 | * |
||||
195 | * @return string string SQL query |
||||
196 | */ |
||||
197 | private function selectQuery($criteria = null, $join = false) |
||||
198 | { |
||||
199 | // if (!$join) { |
||||
200 | // $sql = sprintf('SELECT * FROM `%s`', $this->db->prefix($this->dbtable)); |
||||
201 | // } else { |
||||
202 | // echo "no need for join..."; |
||||
203 | // exit; |
||||
204 | // } |
||||
205 | |||||
206 | try { |
||||
207 | if ($join) { |
||||
208 | throw new \RuntimeException('no need for join...'); |
||||
209 | } |
||||
210 | } catch (\Throwable $e) { |
||||
211 | $helper = Helper::getInstance(); |
||||
212 | $helper->addLog($e); |
||||
213 | echo 'no need for join...'; |
||||
214 | } |
||||
215 | |||||
216 | $sql = \sprintf('SELECT * FROM `%s`', $this->db->prefix($this->dbtable)); |
||||
217 | |||||
218 | if (null !== $criteria && $criteria instanceof \Criteria) { |
||||
219 | $sql .= ' ' . $criteria->renderWhere(); |
||||
220 | if ('' != $criteria->getSort()) { |
||||
221 | $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder(); |
||||
222 | } |
||||
223 | } |
||||
224 | |||||
225 | return $sql; |
||||
226 | } |
||||
227 | |||||
228 | /** |
||||
229 | * @param \XoopsObject $obj |
||||
230 | * |
||||
231 | * @return bool|string |
||||
232 | */ |
||||
233 | protected function insertQuery($obj) |
||||
234 | { |
||||
235 | // Copy all object vars into local variables |
||||
236 | foreach ($obj->cleanVars as $k => $v) { |
||||
237 | ${$k} = $v; |
||||
238 | } |
||||
239 | $sql = \sprintf( |
||||
240 | 'INSERT INTO `%s` (mime_id, mime_ext, mime_types, mime_name, mime_admin, mime_user) VALUES |
||||
241 | (%u, %s, %s, %s, %u, %u)', |
||||
242 | $this->db->prefix($this->dbtable), |
||||
243 | $obj->getVar('mime_id'), |
||||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||||
244 | $this->db->quoteString($obj->getVar('mime_ext')), |
||||
245 | $this->db->quoteString($obj->getVar('mime_types')), |
||||
246 | $this->db->quoteString($obj->getVar('mime_name')), |
||||
247 | $obj->getVar('mime_admin'), |
||||
248 | $obj->getVar('mime_user') |
||||
249 | ); |
||||
250 | |||||
251 | return $sql; |
||||
252 | } |
||||
253 | |||||
254 | /** |
||||
255 | * @param \XoopsObject $obj |
||||
256 | * |
||||
257 | * @return bool|string |
||||
258 | */ |
||||
259 | protected function updateQuery($obj) |
||||
260 | { |
||||
261 | // Copy all object vars into local variables |
||||
262 | foreach ($obj->cleanVars as $k => $v) { |
||||
263 | ${$k} = $v; |
||||
264 | } |
||||
265 | $sql = \sprintf( |
||||
266 | 'UPDATE `%s` SET mime_ext = %s, mime_types = %s, mime_name = %s, mime_admin = %u, mime_user = %u WHERE |
||||
267 | mime_id = %u', |
||||
268 | $this->db->prefix($this->dbtable), |
||||
269 | $this->db->quoteString($obj->getVar('mime_ext')), |
||||
270 | $this->db->quoteString($obj->getVar('mime_types')), |
||||
271 | $this->db->quoteString($obj->getVar('mime_name')), |
||||
272 | $obj->getVar('mime_admin'), |
||||
0 ignored issues
–
show
It seems like
$obj->getVar('mime_admin') can also be of type array and array ; however, parameter $args of sprintf() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
273 | $obj->getVar('mime_user'), |
||||
274 | $obj->getVar('mime_id') |
||||
275 | ); |
||||
276 | |||||
277 | return $sql; |
||||
278 | } |
||||
279 | |||||
280 | /** |
||||
281 | * @param \XoopsObject $obj |
||||
282 | * |
||||
283 | * @return bool|string |
||||
284 | */ |
||||
285 | protected function deleteQuery($obj) |
||||
286 | { |
||||
287 | $sql = \sprintf('DELETE FROM `%s` WHERE mime_id = %u', $this->db->prefix($this->dbtable), $obj->getVar('mime_id')); |
||||
0 ignored issues
–
show
It seems like
$obj->getVar('mime_id') can also be of type array and array ; however, parameter $args of sprintf() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
288 | |||||
289 | return $sql; |
||||
290 | } |
||||
291 | } |
||||
292 |