Inspection of "Fix: upload any extensions file not being honored" - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#4801)

unknown

created 2025-07-10 12:31 UTC

Status

Spacing +21 added lines, -21 removed lines patch added patch discarded remove patch

@@ -74,7 +74,7 @@  discard block
 block discarded – undo
 ) {
     // Not allowed page
     $session->set('system-error_code', ERR_NOT_ALLOWED);
-    include $SETTINGS['cpassman_dir'] . '/error.php';
+    include $SETTINGS['cpassman_dir'].'/error.php';
     exit;
 }
 
@@ -107,7 +107,7 @@  discard block
 block discarded – undo
 $post_isNewItem = $request->request->filter('isNewItem', null, FILTER_SANITIZE_NUMBER_INT);
 $post_randomId = $request->request->filter('randomId', null, FILTER_SANITIZE_NUMBER_INT);
 $post_isPersonal = $request->request->filter('isPersonal', null, FILTER_SANITIZE_NUMBER_INT);
-$post_fileSize= $request->request->filter('file_size', null, FILTER_SANITIZE_NUMBER_INT);
+$post_fileSize = $request->request->filter('file_size', null, FILTER_SANITIZE_NUMBER_INT);
 $chunk = $request->request->filter('chunk', 0, FILTER_SANITIZE_NUMBER_INT);
 $chunks = $request->request->filter('chunks', 0, FILTER_SANITIZE_NUMBER_INT);
 $fileName = $request->request->filter('name', '', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -122,10 +122,10 @@  discard block
 block discarded – undo
     $unit = strtoupper(substr(trim($POST_MAX_SIZE), -1)); // Assurez-vous de bien gérer les espaces éventuels
     $units = ['G' => 1073741824, 'M' => 1048576, 'K' => 1024];
     $multiplier = $units[$unit] ?? 1; // Vérifie si l'unité est dans le tableau, sinon 1
-    $maxSize = (int)$POST_MAX_SIZE * $multiplier;
+    $maxSize = (int) $POST_MAX_SIZE * $multiplier;
     
     // CHeck if the POST is too big
-    if (!empty($_SERVER['CONTENT_LENGTH']) && (int)$_SERVER['CONTENT_LENGTH'] > $maxSize && $maxSize > 0) {
+    if (!empty($_SERVER['CONTENT_LENGTH']) && (int) $_SERVER['CONTENT_LENGTH'] > $maxSize && $maxSize > 0) {
         handleAttachmentError('POST exceeded maximum allowed size.', 111, 413);
     }
 
@@ -134,7 +134,7 @@  discard block
 block discarded – undo
         handleAttachmentError('File exceeds the maximum allowed size', 120, 413);
         die();
     }
-    if (WIP === true) error_log('POST_MAX_SIZE: ' . $POST_MAX_SIZE." - CONTENT_LENGTH: ".$_SERVER['CONTENT_LENGTH']." - UNIT: ".$unit." - MAX: ".$maxSize." - MULTIPLIER: ".$multiplier." - FILE_SIZE: ".$post_fileSize);
+    if (WIP === true) error_log('POST_MAX_SIZE: '.$POST_MAX_SIZE." - CONTENT_LENGTH: ".$_SERVER['CONTENT_LENGTH']." - UNIT: ".$unit." - MAX: ".$maxSize." - MULTIPLIER: ".$multiplier." - FILE_SIZE: ".$post_fileSize);
     
     // delete expired tokens
     DB::delete(prefixTable('tokens'), 'end_timestamp < %i', time());
@@ -185,7 +185,7 @@  discard block
 block discarded – undo
         // check if token is expired
         $data = DB::queryFirstRow(
             'SELECT end_timestamp
-            FROM ' . prefixTable('tokens') . '
+            FROM ' . prefixTable('tokens').'
             WHERE user_id = %i AND token = %s',
             $session->get('user-id'),
             $post_user_token
@@ -218,7 +218,7 @@  discard block
 block discarded – undo
 
 // HTTP headers for no cache etc
 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
-header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
+header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
 header('Cache-Control: no-store, no-cache, must-revalidate');
 header('Cache-Control: post-check=0, pre-check=0', false);
 
@@ -256,7 +256,7 @@  discard block
 block discarded – undo
 // Validate file name (for our purposes we'll just remove invalid characters)
 $file_name = preg_replace('[^A-Za-z0-9]', '', strtolower(basename($_FILES['file']['name'])));
 if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) {
-    handleAttachmentError('Invalid file name: ' . $file_name . '.', 114);
+    handleAttachmentError('Invalid file name: '.$file_name.'.', 114);
 }
 
 // Validate file extension
@@ -269,8 +269,8 @@  discard block
 block discarded – undo
             $ext,
             explode(
                 ',',
-                $SETTINGS['upload_docext'] . ',' . $SETTINGS['upload_imagesext'] .
-                    ',' . $SETTINGS['upload_pkgext'] . ',' . $SETTINGS['upload_otherext']
+                $SETTINGS['upload_docext'].','.$SETTINGS['upload_imagesext'].
+                    ','.$SETTINGS['upload_pkgext'].','.$SETTINGS['upload_otherext']
             )
         ) === false
     ) {
@@ -283,24 +283,24 @@  discard block
 block discarded – undo
 
 // Clean the fileName for security reasons
 $fileInfo = pathinfo($fileName);
-$fileName = base64_encode($fileInfo['filename']) . '.' . $fileInfo['extension'];
+$fileName = base64_encode($fileInfo['filename']).'.'.$fileInfo['extension'];
 $fileFullSize = 0;
 
 // Make sure the fileName is unique but only if chunking is disabled
-if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
+if ($chunks < 2 && file_exists($targetDir.DIRECTORY_SEPARATOR.$fileName)) {
     $ext = strrpos($fileName, '.');
     $fileNameA = substr($fileName, 0, $ext);
     $fileNameB = substr($fileName, $ext);
 
     $count = 1;
-    while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileNameA . '_' . $count . $fileNameB)) {
+    while (file_exists($targetDir.DIRECTORY_SEPARATOR.$fileNameA.'_'.$count.$fileNameB)) {
         ++$count;
     }
 
-    $fileName = $fileNameA . '_' . $count . $fileNameB;
+    $fileName = $fileNameA.'_'.$count.$fileNameB;
 }
 
-$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
+$filePath = $targetDir.DIRECTORY_SEPARATOR.$fileName;
 
 // Create target dir
 if (file_exists($targetDir) === false) {
@@ -314,7 +314,7 @@  discard block
 block discarded – undo
 // Remove old temp files
 if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) {
     while (($file = readdir($dir)) !== false) {
-        $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
+        $tmpfilePath = $targetDir.DIRECTORY_SEPARATOR.$file;
 
         // Remove temp file if it is older than the max age and is not the current file
         if (
@@ -416,7 +416,7 @@  discard block
 block discarded – undo
         prefixTable('files'),
         array(
             'id_item' => $post_itemId,
-            'name' => 'b64:' . $fileName,   // add "b64:" prefix to indicate that the file name is base64 encoded
+            'name' => 'b64:'.$fileName, // add "b64:" prefix to indicate that the file name is base64 encoded
             'size' => $post_fileSize,
             'extension' => $fileInfo['extension'],
             'type' => $_FILES['file']['type'],
@@ -433,8 +433,8 @@  discard block
 block discarded – undo
         // This is a public object
         $users = DB::query(
             'SELECT id, public_key
-            FROM ' . prefixTable('users') . '
-            WHERE id NOT IN ("' . OTV_USER_ID . '","' . SSH_USER_ID . '","' . API_USER_ID . '")
+            FROM ' . prefixTable('users').'
+            WHERE id NOT IN ("' . OTV_USER_ID.'","'.SSH_USER_ID.'","'.API_USER_ID.'")
             AND public_key != ""'
         );
         foreach ($users as $user) {
@@ -468,14 +468,14 @@  discard block
 block discarded – undo
                 'date' => time(),
                 'id_user' => $session->get('user-id'),
                 'action' => 'at_modification',
-                'raison' => 'at_add_file : ' . $fileName . ':' . $newID,
+                'raison' => 'at_add_file : '.$fileName.':'.$newID,
             )
         );
     }
 }
 
 // Return JSON-RPC response
-die('{"jsonrpc" : "2.0", "result" : null, "id" : "' . $newID . '"}');
+die('{"jsonrpc" : "2.0", "result" : null, "id" : "'.$newID.'"}');
 
 /**
  * Handle errors and kill script.

Please login to merge, or discard this patch.

sources/upload.files.php 1 patch

Spacing +33 added lines, -33 removed lines patch added patch discarded remove patch

@@ -76,7 +76,7 @@  discard block
 block discarded – undo
 ) {
     // Not allowed page
     $session->set('system-error_code', ERR_NOT_ALLOWED);
-    include $SETTINGS['cpassman_dir'] . '/error.php';
+    include $SETTINGS['cpassman_dir'].'/error.php';
     exit;
 }
 
@@ -130,7 +130,7 @@  discard block
 block discarded – undo
     } else {
         // check if token is expired
         $data = DB::queryFirstRow(
-            'SELECT end_timestamp FROM ' . prefixTable('tokens') . ' WHERE user_id = %i AND token = %s',
+            'SELECT end_timestamp FROM '.prefixTable('tokens').' WHERE user_id = %i AND token = %s',
             $session->get('user-id'),
             $post_user_token
         );
@@ -154,7 +154,7 @@  discard block
 block discarded – undo
 
 // HTTP headers for no cache etc
 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
-header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
+header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
 header('Cache-Control: no-store, no-cache, must-revalidate');
 header('Cache-Control: post-check=0, pre-check=0', false);
 
@@ -166,7 +166,7 @@  discard block
 block discarded – undo
     }
 
     // Set directory used to store file
-    $targetDir = realpath($SETTINGS['cpassman_dir'] . '/includes/avatars');
+    $targetDir = realpath($SETTINGS['cpassman_dir'].'/includes/avatars');
 } else {
     $targetDir = realpath($SETTINGS['path_to_files_folder']);
 }
@@ -219,7 +219,7 @@  discard block
 block discarded – undo
     $file_name = preg_replace('/[^a-zA-Z0-9-_\.]/', '', strtolower(basename($file->getClientOriginalName())));
     
     if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) {
-        error_log('Invalid file name: ' . $file_name . '.');
+        error_log('Invalid file name: '.$file_name.'.');
         echo handleUploadError('Invalid file name provided.');
         return false;
     }
@@ -233,13 +233,13 @@  discard block
 block discarded – undo
             $ext = strtolower($ext);
         } else {
             // Case where the file extension is not a string
-            error_log('Invalid file name: ' . $file_name . '.');
+            error_log('Invalid file name: '.$file_name.'.');
             echo handleUploadError('Invalid file extension.');
             return false;
         }
     } else {
         // Case where the file name is not a string
-        error_log('Invalid file name: ' . $file_name . '.');
+        error_log('Invalid file name: '.$file_name.'.');
         echo handleUploadError('Invalid file.');
         return false;
     }
@@ -247,8 +247,8 @@  discard block
 block discarded – undo
     // Validate against a list of allowed extensions
     $allowed_extensions = explode(
         ',',
-        $SETTINGS['upload_docext'] . ',' . $SETTINGS['upload_imagesext'] .
-            ',' . $SETTINGS['upload_pkgext'] . ',' . $SETTINGS['upload_otherext']
+        $SETTINGS['upload_docext'].','.$SETTINGS['upload_imagesext'].
+            ','.$SETTINGS['upload_pkgext'].','.$SETTINGS['upload_otherext']
     );
 
     // Check if we should enforce extensions
@@ -271,25 +271,25 @@  discard block
 block discarded – undo
 
 // is destination folder writable
 if (is_writable($SETTINGS['path_to_files_folder']) === false) {
-    echo handleUploadError('Not enough permissions on folder ' . $SETTINGS['path_to_files_folder'] . '.');
+    echo handleUploadError('Not enough permissions on folder '.$SETTINGS['path_to_files_folder'].'.');
     return false;
 }
 
 // Make sure the fileName is unique but only if chunking is disabled
-if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
+if ($chunks < 2 && file_exists($targetDir.DIRECTORY_SEPARATOR.$fileName)) {
     // $ext is guaranteed to be a string due to prior checks
     $fileNameA = substr($fileName, 0, strlen(/** @scrutinizer ignore-type */$ext));
     $fileNameB = substr($fileName, strlen(/** @scrutinizer ignore-type */$ext));
 
     $count = 1;
-    while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileNameA . '_' . $count . $fileNameB)) {
+    while (file_exists($targetDir.DIRECTORY_SEPARATOR.$fileNameA.'_'.$count.$fileNameB)) {
         ++$count;
     }
 
-    $fileName = $fileNameA . '_' . $count . $fileNameB;
+    $fileName = $fileNameA.'_'.$count.$fileNameB;
 }
 
-$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
+$filePath = $targetDir.DIRECTORY_SEPARATOR.$fileName;
 
 // Create target dir
 if (!file_exists($targetDir)) {
@@ -303,7 +303,7 @@  discard block
 block discarded – undo
 // Remove old temp files
 if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) {
     while (($fileClean = readdir($dir)) !== false) {
-        $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $fileClean;
+        $tmpfilePath = $targetDir.DIRECTORY_SEPARATOR.$fileClean;
 
         // Remove temp file if it is older than the max age and is not the current file
         if (
@@ -317,7 +317,7 @@  discard block
 block discarded – undo
 
     closedir($dir);
 } else {
-    echo handleUploadError('Not enough permissions on folder ' . $SETTINGS['path_to_files_folder'] . '.');
+    echo handleUploadError('Not enough permissions on folder '.$SETTINGS['path_to_files_folder'].'.');
     return false;
 }
 
@@ -353,7 +353,7 @@  discard block
 block discarded – undo
 
                 // Safe destination folder
                 $uploadDir = realpath($SETTINGS['path_to_upload_folder']);
-                $destinationPath = $uploadDir . DIRECTORY_SEPARATOR . $fileName;
+                $destinationPath = $uploadDir.DIRECTORY_SEPARATOR.$fileName;
                 
                 if (move_uploaded_file($tmpFilePath, $destinationPath)) {
                     // Open the moved file in read mode
@@ -394,7 +394,7 @@  discard block
 block discarded – undo
             return false;
         }
     } else {
-        echo handleUploadError('Failed to move uploaded file to ' . $SETTINGS['path_to_files_folder'] . '.');
+        echo handleUploadError('Failed to move uploaded file to '.$SETTINGS['path_to_files_folder'].'.');
         return false;
     }
 } else {
@@ -410,14 +410,14 @@  discard block
 block discarded – undo
                 fwrite($out, $buff);
             }
         } else {
-            echo handleUploadError('Failed to open input stream ' . $SETTINGS['path_to_files_folder'] . '.');
+            echo handleUploadError('Failed to open input stream '.$SETTINGS['path_to_files_folder'].'.');
             return false;
         }
 
         fclose($in);
         fclose($out);
     } else {
-        echo handleUploadError('Failed to open output stream ' . $SETTINGS['path_to_files_folder'] . '.');
+        echo handleUploadError('Failed to open output stream '.$SETTINGS['path_to_files_folder'].'.');
         return false;
     }
 }
@@ -450,7 +450,7 @@  discard block
 block discarded – undo
 ) {
     rename(
         $filePath,
-        $targetDir . DIRECTORY_SEPARATOR . $newFileName
+        $targetDir.DIRECTORY_SEPARATOR.$newFileName
     );
 
     // Add in DB
@@ -479,7 +479,7 @@  discard block
 block discarded – undo
 ) {
     rename(
         $filePath,
-        $targetDir . DIRECTORY_SEPARATOR . $newFileName
+        $targetDir.DIRECTORY_SEPARATOR.$newFileName
     );
 
     // Add in DB
@@ -512,13 +512,13 @@  discard block
 block discarded – undo
     // rename the file
     rename(
         $filePath,
-        $targetDir . DIRECTORY_SEPARATOR . $newFileName . '.' . $ext
+        $targetDir.DIRECTORY_SEPARATOR.$newFileName.'.'.$ext
     );
 
     // make thumbnail
     $ret = makeThumbnail(
-        $targetDir . DIRECTORY_SEPARATOR . $newFileName . '.' . $ext,
-        $targetDir . DIRECTORY_SEPARATOR . $newFileName . '_thumb' . '.' . $ext,
+        $targetDir.DIRECTORY_SEPARATOR.$newFileName.'.'.$ext,
+        $targetDir.DIRECTORY_SEPARATOR.$newFileName.'_thumb'.'.'.$ext,
         40
     );
 
@@ -530,21 +530,21 @@  discard block
 block discarded – undo
     }
 
     // get current avatar and delete it
-    $data = DB::queryFirstRow('SELECT avatar, avatar_thumb FROM ' . prefixTable('users') . ' WHERE id=%i', $session->get('user-id'));
-    fileDelete($targetDir . DIRECTORY_SEPARATOR . $data['avatar'], $SETTINGS);
-    fileDelete($targetDir . DIRECTORY_SEPARATOR . $data['avatar_thumb'], $SETTINGS);
+    $data = DB::queryFirstRow('SELECT avatar, avatar_thumb FROM '.prefixTable('users').' WHERE id=%i', $session->get('user-id'));
+    fileDelete($targetDir.DIRECTORY_SEPARATOR.$data['avatar'], $SETTINGS);
+    fileDelete($targetDir.DIRECTORY_SEPARATOR.$data['avatar_thumb'], $SETTINGS);
 
     // store in DB the new avatar
     DB::query(
-        'UPDATE ' . prefixTable('users') . "
-        SET avatar='" . $newFileName . '.' . $ext . "', avatar_thumb='" . $newFileName . '_thumb' . '.' . $ext . "'
+        'UPDATE '.prefixTable('users')."
+        SET avatar='" . $newFileName.'.'.$ext."', avatar_thumb='".$newFileName.'_thumb'.'.'.$ext."'
         WHERE id=%i",
         $session->get('user-id')
     );
 
     // store in session
-    $session->set('user-avatar', $newFileName . '.' . $ext);
-    $session->set('user-avatar_thumb', $newFileName . '_thumb' . '.' . $ext);
+    $session->set('user-avatar', $newFileName.'.'.$ext);
+    $session->set('user-avatar_thumb', $newFileName.'_thumb'.'.'.$ext);
 
     // return info
     echo prepareExchangedData(
@@ -563,7 +563,7 @@  discard block
 block discarded – undo
 ) {
     rename(
         $filePath,
-        $targetDir . DIRECTORY_SEPARATOR . $newFileName
+        $targetDir.DIRECTORY_SEPARATOR.$newFileName
     );
 
     // Add in DB

Please login to merge, or discard this patch.

		@@ -74,7 +74,7 @@ discard block
		block discarded – undo
74	74	) {
75	75	// Not allowed page
76	76	$session->set('system-error_code', ERR_NOT_ALLOWED);
77		- include $SETTINGS['cpassman_dir'] . '/error.php';
	77	+ include $SETTINGS['cpassman_dir'].'/error.php';
78	78	exit;
79	79	}
80	80
		@@ -107,7 +107,7 @@ discard block
		block discarded – undo
107	107	$post_isNewItem = $request->request->filter('isNewItem', null, FILTER_SANITIZE_NUMBER_INT);
108	108	$post_randomId = $request->request->filter('randomId', null, FILTER_SANITIZE_NUMBER_INT);
109	109	$post_isPersonal = $request->request->filter('isPersonal', null, FILTER_SANITIZE_NUMBER_INT);
110		-$post_fileSize= $request->request->filter('file_size', null, FILTER_SANITIZE_NUMBER_INT);
	110	+$post_fileSize = $request->request->filter('file_size', null, FILTER_SANITIZE_NUMBER_INT);
111	111	$chunk = $request->request->filter('chunk', 0, FILTER_SANITIZE_NUMBER_INT);
112	112	$chunks = $request->request->filter('chunks', 0, FILTER_SANITIZE_NUMBER_INT);
113	113	$fileName = $request->request->filter('name', '', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
		@@ -122,10 +122,10 @@ discard block
		block discarded – undo
122	122	$unit = strtoupper(substr(trim($POST_MAX_SIZE), -1)); // Assurez-vous de bien gérer les espaces éventuels
123	123	$units = ['G' => 1073741824, 'M' => 1048576, 'K' => 1024];
124	124	$multiplier = $units[$unit] ?? 1; // Vérifie si l'unité est dans le tableau, sinon 1
125		- $maxSize = (int)$POST_MAX_SIZE * $multiplier;
	125	+ $maxSize = (int) $POST_MAX_SIZE * $multiplier;
126	126
127	127	// CHeck if the POST is too big
128		- if (!empty($_SERVER['CONTENT_LENGTH']) && (int)$_SERVER['CONTENT_LENGTH'] > $maxSize && $maxSize > 0) {
	128	+ if (!empty($_SERVER['CONTENT_LENGTH']) && (int) $_SERVER['CONTENT_LENGTH'] > $maxSize && $maxSize > 0) {
129	129	handleAttachmentError('POST exceeded maximum allowed size.', 111, 413);
130	130	}
131	131
		@@ -134,7 +134,7 @@ discard block
		block discarded – undo
134	134	handleAttachmentError('File exceeds the maximum allowed size', 120, 413);
135	135	die();
136	136	}
137		- if (WIP === true) error_log('POST_MAX_SIZE: ' . $POST_MAX_SIZE." - CONTENT_LENGTH: ".$_SERVER['CONTENT_LENGTH']." - UNIT: ".$unit." - MAX: ".$maxSize." - MULTIPLIER: ".$multiplier." - FILE_SIZE: ".$post_fileSize);
	137	+ if (WIP === true) error_log('POST_MAX_SIZE: '.$POST_MAX_SIZE." - CONTENT_LENGTH: ".$_SERVER['CONTENT_LENGTH']." - UNIT: ".$unit." - MAX: ".$maxSize." - MULTIPLIER: ".$multiplier." - FILE_SIZE: ".$post_fileSize);
138	138
139	139	// delete expired tokens
140	140	DB::delete(prefixTable('tokens'), 'end_timestamp < %i', time());
		@@ -185,7 +185,7 @@ discard block
		block discarded – undo
185	185	// check if token is expired
186	186	$data = DB::queryFirstRow(
187	187	'SELECT end_timestamp
188		- FROM ' . prefixTable('tokens') . '
	188	+ FROM ' . prefixTable('tokens').'
189	189	WHERE user_id = %i AND token = %s',
190	190	$session->get('user-id'),
191	191	$post_user_token
		@@ -218,7 +218,7 @@ discard block
		block discarded – undo
218	218
219	219	// HTTP headers for no cache etc
220	220	header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
221		-header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
	221	+header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
222	222	header('Cache-Control: no-store, no-cache, must-revalidate');
223	223	header('Cache-Control: post-check=0, pre-check=0', false);
224	224
		@@ -256,7 +256,7 @@ discard block
		block discarded – undo
256	256	// Validate file name (for our purposes we'll just remove invalid characters)
257	257	$file_name = preg_replace('[^A-Za-z0-9]', '', strtolower(basename($_FILES['file']['name'])));
258	258	if (strlen($file_name) == 0 \|\| strlen($file_name) > $MAX_FILENAME_LENGTH) {
259		- handleAttachmentError('Invalid file name: ' . $file_name . '.', 114);
	259	+ handleAttachmentError('Invalid file name: '.$file_name.'.', 114);
260	260	}
261	261
262	262	// Validate file extension
		@@ -269,8 +269,8 @@ discard block
		block discarded – undo
269	269	$ext,
270	270	explode(
271	271	',',
272		- $SETTINGS['upload_docext'] . ',' . $SETTINGS['upload_imagesext'] .
273		- ',' . $SETTINGS['upload_pkgext'] . ',' . $SETTINGS['upload_otherext']
	272	+ $SETTINGS['upload_docext'].','.$SETTINGS['upload_imagesext'].
	273	+ ','.$SETTINGS['upload_pkgext'].','.$SETTINGS['upload_otherext']
274	274	)
275	275	) === false
276	276	) {
		@@ -283,24 +283,24 @@ discard block
		block discarded – undo
283	283
284	284	// Clean the fileName for security reasons
285	285	$fileInfo = pathinfo($fileName);
286		-$fileName = base64_encode($fileInfo['filename']) . '.' . $fileInfo['extension'];
	286	+$fileName = base64_encode($fileInfo['filename']).'.'.$fileInfo['extension'];
287	287	$fileFullSize = 0;
288	288
289	289	// Make sure the fileName is unique but only if chunking is disabled
290		-if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
	290	+if ($chunks < 2 && file_exists($targetDir.DIRECTORY_SEPARATOR.$fileName)) {
291	291	$ext = strrpos($fileName, '.');
292	292	$fileNameA = substr($fileName, 0, $ext);
293	293	$fileNameB = substr($fileName, $ext);
294	294
295	295	$count = 1;
296		- while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileNameA . '_' . $count . $fileNameB)) {
	296	+ while (file_exists($targetDir.DIRECTORY_SEPARATOR.$fileNameA.'_'.$count.$fileNameB)) {
297	297	++$count;
298	298	}
299	299
300		- $fileName = $fileNameA . '_' . $count . $fileNameB;
	300	+ $fileName = $fileNameA.'_'.$count.$fileNameB;
301	301	}
302	302
303		-$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
	303	+$filePath = $targetDir.DIRECTORY_SEPARATOR.$fileName;
304	304
305	305	// Create target dir
306	306	if (file_exists($targetDir) === false) {
		@@ -314,7 +314,7 @@ discard block
		block discarded – undo
314	314	// Remove old temp files
315	315	if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) {
316	316	while (($file = readdir($dir)) !== false) {
317		- $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
	317	+ $tmpfilePath = $targetDir.DIRECTORY_SEPARATOR.$file;
318	318
319	319	// Remove temp file if it is older than the max age and is not the current file
320	320	if (
		@@ -416,7 +416,7 @@ discard block
		block discarded – undo
416	416	prefixTable('files'),
417	417	array(
418	418	'id_item' => $post_itemId,
419		- 'name' => 'b64:' . $fileName, // add "b64:" prefix to indicate that the file name is base64 encoded
	419	+ 'name' => 'b64:'.$fileName, // add "b64:" prefix to indicate that the file name is base64 encoded
420	420	'size' => $post_fileSize,
421	421	'extension' => $fileInfo['extension'],
422	422	'type' => $_FILES['file']['type'],
		@@ -433,8 +433,8 @@ discard block
		block discarded – undo
433	433	// This is a public object
434	434	$users = DB::query(
435	435	'SELECT id, public_key
436		- FROM ' . prefixTable('users') . '
437		- WHERE id NOT IN ("' . OTV_USER_ID . '","' . SSH_USER_ID . '","' . API_USER_ID . '")
	436	+ FROM ' . prefixTable('users').'
	437	+ WHERE id NOT IN ("' . OTV_USER_ID.'","'.SSH_USER_ID.'","'.API_USER_ID.'")
438	438	AND public_key != ""'
439	439	);
440	440	foreach ($users as $user) {
		@@ -468,14 +468,14 @@ discard block
		block discarded – undo
468	468	'date' => time(),
469	469	'id_user' => $session->get('user-id'),
470	470	'action' => 'at_modification',
471		- 'raison' => 'at_add_file : ' . $fileName . ':' . $newID,
	471	+ 'raison' => 'at_add_file : '.$fileName.':'.$newID,
472	472	)
473	473	);
474	474	}
475	475	}
476	476
477	477	// Return JSON-RPC response
478		-die('{"jsonrpc" : "2.0", "result" : null, "id" : "' . $newID . '"}');
	478	+die('{"jsonrpc" : "2.0", "result" : null, "id" : "'.$newID.'"}');
479	479
480	480	/**
481	481	* Handle errors and kill script.

		@@ -76,7 +76,7 @@ discard block
		block discarded – undo
76	76	) {
77	77	// Not allowed page
78	78	$session->set('system-error_code', ERR_NOT_ALLOWED);
79		- include $SETTINGS['cpassman_dir'] . '/error.php';
	79	+ include $SETTINGS['cpassman_dir'].'/error.php';
80	80	exit;
81	81	}
82	82
		@@ -130,7 +130,7 @@ discard block
		block discarded – undo
130	130	} else {
131	131	// check if token is expired
132	132	$data = DB::queryFirstRow(
133		- 'SELECT end_timestamp FROM ' . prefixTable('tokens') . ' WHERE user_id = %i AND token = %s',
	133	+ 'SELECT end_timestamp FROM '.prefixTable('tokens').' WHERE user_id = %i AND token = %s',
134	134	$session->get('user-id'),
135	135	$post_user_token
136	136	);
		@@ -154,7 +154,7 @@ discard block
		block discarded – undo
154	154
155	155	// HTTP headers for no cache etc
156	156	header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
157		-header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
	157	+header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
158	158	header('Cache-Control: no-store, no-cache, must-revalidate');
159	159	header('Cache-Control: post-check=0, pre-check=0', false);
160	160
		@@ -166,7 +166,7 @@ discard block
		block discarded – undo
166	166	}
167	167
168	168	// Set directory used to store file
169		- $targetDir = realpath($SETTINGS['cpassman_dir'] . '/includes/avatars');
	169	+ $targetDir = realpath($SETTINGS['cpassman_dir'].'/includes/avatars');
170	170	} else {
171	171	$targetDir = realpath($SETTINGS['path_to_files_folder']);
172	172	}
		@@ -219,7 +219,7 @@ discard block
		block discarded – undo
219	219	$file_name = preg_replace('/[^a-zA-Z0-9-_\.]/', '', strtolower(basename($file->getClientOriginalName())));
220	220
221	221	if (strlen($file_name) == 0 \|\| strlen($file_name) > $MAX_FILENAME_LENGTH) {
222		- error_log('Invalid file name: ' . $file_name . '.');
	222	+ error_log('Invalid file name: '.$file_name.'.');
223	223	echo handleUploadError('Invalid file name provided.');
224	224	return false;
225	225	}
		@@ -233,13 +233,13 @@ discard block
		block discarded – undo
233	233	$ext = strtolower($ext);
234	234	} else {
235	235	// Case where the file extension is not a string
236		- error_log('Invalid file name: ' . $file_name . '.');
	236	+ error_log('Invalid file name: '.$file_name.'.');
237	237	echo handleUploadError('Invalid file extension.');
238	238	return false;
239	239	}
240	240	} else {
241	241	// Case where the file name is not a string
242		- error_log('Invalid file name: ' . $file_name . '.');
	242	+ error_log('Invalid file name: '.$file_name.'.');
243	243	echo handleUploadError('Invalid file.');
244	244	return false;
245	245	}
		@@ -247,8 +247,8 @@ discard block
		block discarded – undo
247	247	// Validate against a list of allowed extensions
248	248	$allowed_extensions = explode(
249	249	',',
250		- $SETTINGS['upload_docext'] . ',' . $SETTINGS['upload_imagesext'] .
251		- ',' . $SETTINGS['upload_pkgext'] . ',' . $SETTINGS['upload_otherext']
	250	+ $SETTINGS['upload_docext'].','.$SETTINGS['upload_imagesext'].
	251	+ ','.$SETTINGS['upload_pkgext'].','.$SETTINGS['upload_otherext']
252	252	);
253	253
254	254	// Check if we should enforce extensions
		@@ -271,25 +271,25 @@ discard block
		block discarded – undo
271	271
272	272	// is destination folder writable
273	273	if (is_writable($SETTINGS['path_to_files_folder']) === false) {
274		- echo handleUploadError('Not enough permissions on folder ' . $SETTINGS['path_to_files_folder'] . '.');
	274	+ echo handleUploadError('Not enough permissions on folder '.$SETTINGS['path_to_files_folder'].'.');
275	275	return false;
276	276	}
277	277
278	278	// Make sure the fileName is unique but only if chunking is disabled
279		-if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
	279	+if ($chunks < 2 && file_exists($targetDir.DIRECTORY_SEPARATOR.$fileName)) {
280	280	// $ext is guaranteed to be a string due to prior checks
281	281	$fileNameA = substr($fileName, 0, strlen(/** @scrutinizer ignore-type */$ext));
282	282	$fileNameB = substr($fileName, strlen(/** @scrutinizer ignore-type */$ext));
283	283
284	284	$count = 1;
285		- while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileNameA . '_' . $count . $fileNameB)) {
	285	+ while (file_exists($targetDir.DIRECTORY_SEPARATOR.$fileNameA.'_'.$count.$fileNameB)) {
286	286	++$count;
287	287	}
288	288
289		- $fileName = $fileNameA . '_' . $count . $fileNameB;
	289	+ $fileName = $fileNameA.'_'.$count.$fileNameB;
290	290	}
291	291
292		-$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
	292	+$filePath = $targetDir.DIRECTORY_SEPARATOR.$fileName;
293	293
294	294	// Create target dir
295	295	if (!file_exists($targetDir)) {
		@@ -303,7 +303,7 @@ discard block
		block discarded – undo
303	303	// Remove old temp files
304	304	if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) {
305	305	while (($fileClean = readdir($dir)) !== false) {
306		- $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $fileClean;
	306	+ $tmpfilePath = $targetDir.DIRECTORY_SEPARATOR.$fileClean;
307	307
308	308	// Remove temp file if it is older than the max age and is not the current file
309	309	if (
		@@ -317,7 +317,7 @@ discard block
		block discarded – undo
317	317
318	318	closedir($dir);
319	319	} else {
320		- echo handleUploadError('Not enough permissions on folder ' . $SETTINGS['path_to_files_folder'] . '.');
	320	+ echo handleUploadError('Not enough permissions on folder '.$SETTINGS['path_to_files_folder'].'.');
321	321	return false;
322	322	}
323	323
		@@ -353,7 +353,7 @@ discard block
		block discarded – undo
353	353
354	354	// Safe destination folder
355	355	$uploadDir = realpath($SETTINGS['path_to_upload_folder']);
356		- $destinationPath = $uploadDir . DIRECTORY_SEPARATOR . $fileName;
	356	+ $destinationPath = $uploadDir.DIRECTORY_SEPARATOR.$fileName;
357	357
358	358	if (move_uploaded_file($tmpFilePath, $destinationPath)) {
359	359	// Open the moved file in read mode
		@@ -394,7 +394,7 @@ discard block
		block discarded – undo
394	394	return false;
395	395	}
396	396	} else {
397		- echo handleUploadError('Failed to move uploaded file to ' . $SETTINGS['path_to_files_folder'] . '.');
	397	+ echo handleUploadError('Failed to move uploaded file to '.$SETTINGS['path_to_files_folder'].'.');
398	398	return false;
399	399	}
400	400	} else {
		@@ -410,14 +410,14 @@ discard block
		block discarded – undo
410	410	fwrite($out, $buff);
411	411	}
412	412	} else {
413		- echo handleUploadError('Failed to open input stream ' . $SETTINGS['path_to_files_folder'] . '.');
	413	+ echo handleUploadError('Failed to open input stream '.$SETTINGS['path_to_files_folder'].'.');
414	414	return false;
415	415	}
416	416
417	417	fclose($in);
418	418	fclose($out);
419	419	} else {
420		- echo handleUploadError('Failed to open output stream ' . $SETTINGS['path_to_files_folder'] . '.');
	420	+ echo handleUploadError('Failed to open output stream '.$SETTINGS['path_to_files_folder'].'.');
421	421	return false;
422	422	}
423	423	}
		@@ -450,7 +450,7 @@ discard block
		block discarded – undo
450	450	) {
451	451	rename(
452	452	$filePath,
453		- $targetDir . DIRECTORY_SEPARATOR . $newFileName
	453	+ $targetDir.DIRECTORY_SEPARATOR.$newFileName
454	454	);
455	455
456	456	// Add in DB
		@@ -479,7 +479,7 @@ discard block
		block discarded – undo
479	479	) {
480	480	rename(
481	481	$filePath,
482		- $targetDir . DIRECTORY_SEPARATOR . $newFileName
	482	+ $targetDir.DIRECTORY_SEPARATOR.$newFileName
483	483	);
484	484
485	485	// Add in DB
		@@ -512,13 +512,13 @@ discard block
		block discarded – undo
512	512	// rename the file
513	513	rename(
514	514	$filePath,
515		- $targetDir . DIRECTORY_SEPARATOR . $newFileName . '.' . $ext
	515	+ $targetDir.DIRECTORY_SEPARATOR.$newFileName.'.'.$ext
516	516	);
517	517
518	518	// make thumbnail
519	519	$ret = makeThumbnail(
520		- $targetDir . DIRECTORY_SEPARATOR . $newFileName . '.' . $ext,
521		- $targetDir . DIRECTORY_SEPARATOR . $newFileName . '_thumb' . '.' . $ext,
	520	+ $targetDir.DIRECTORY_SEPARATOR.$newFileName.'.'.$ext,
	521	+ $targetDir.DIRECTORY_SEPARATOR.$newFileName.'_thumb'.'.'.$ext,
522	522	40
523	523	);
524	524
		@@ -530,21 +530,21 @@ discard block
		block discarded – undo
530	530	}
531	531
532	532	// get current avatar and delete it
533		- $data = DB::queryFirstRow('SELECT avatar, avatar_thumb FROM ' . prefixTable('users') . ' WHERE id=%i', $session->get('user-id'));
534		- fileDelete($targetDir . DIRECTORY_SEPARATOR . $data['avatar'], $SETTINGS);
535		- fileDelete($targetDir . DIRECTORY_SEPARATOR . $data['avatar_thumb'], $SETTINGS);
	533	+ $data = DB::queryFirstRow('SELECT avatar, avatar_thumb FROM '.prefixTable('users').' WHERE id=%i', $session->get('user-id'));
	534	+ fileDelete($targetDir.DIRECTORY_SEPARATOR.$data['avatar'], $SETTINGS);
	535	+ fileDelete($targetDir.DIRECTORY_SEPARATOR.$data['avatar_thumb'], $SETTINGS);
536	536
537	537	// store in DB the new avatar
538	538	DB::query(
539		- 'UPDATE ' . prefixTable('users') . "
540		- SET avatar='" . $newFileName . '.' . $ext . "', avatar_thumb='" . $newFileName . '_thumb' . '.' . $ext . "'
	539	+ 'UPDATE '.prefixTable('users')."
	540	+ SET avatar='" . $newFileName.'.'.$ext."', avatar_thumb='".$newFileName.'_thumb'.'.'.$ext."'
541	541	WHERE id=%i",
542	542	$session->get('user-id')
543	543	);
544	544
545	545	// store in session
546		- $session->set('user-avatar', $newFileName . '.' . $ext);
547		- $session->set('user-avatar_thumb', $newFileName . '_thumb' . '.' . $ext);
	546	+ $session->set('user-avatar', $newFileName.'.'.$ext);
	547	+ $session->set('user-avatar_thumb', $newFileName.'_thumb'.'.'.$ext);
548	548
549	549	// return info
550	550	echo prepareExchangedData(
		@@ -563,7 +563,7 @@ discard block
		block discarded – undo
563	563	) {
564	564	rename(
565	565	$filePath,
566		- $targetDir . DIRECTORY_SEPARATOR . $newFileName
	566	+ $targetDir.DIRECTORY_SEPARATOR.$newFileName
567	567	);
568	568
569	569	// Add in DB

nilsteampassnet / TeamPass

Pull Request — master (#4801)

Status

Category

Spacing +21 added lines, -21 removed lines patch added patch discarded remove patch

Spacing +33 added lines, -33 removed lines patch added patch discarded remove patch