@@ -28,7 +28,7 @@ |
||
28 | 28 | * Check if the temporary file has a valid MIME type for it's extension. |
29 | 29 | * |
30 | 30 | * @uses finfo php extension |
31 | - * @return boolean|null |
|
31 | + * @return boolean |
|
32 | 32 | */ |
33 | 33 | public function isValidMime() |
34 | 34 | { |
@@ -6,144 +6,144 @@ |
||
6 | 6 | */ |
7 | 7 | class MimeUploadValidator extends Upload_Validator |
8 | 8 | { |
9 | - /** |
|
10 | - * The preg_replace() pattern to use against MIME types. Used to strip out |
|
11 | - * useless characters so matching of MIME types can be fuzzy. |
|
12 | - * |
|
13 | - * @var string Regexp pattern |
|
14 | - */ |
|
15 | - protected $filterPattern = '/.*[\/\.\-\+]/i'; |
|
16 | - |
|
17 | - public function setFilterPattern($pattern) |
|
18 | - { |
|
19 | - $this->filterPattern = $pattern; |
|
20 | - } |
|
21 | - |
|
22 | - public function getFilterPattern() |
|
23 | - { |
|
24 | - return $this->filterPattern; |
|
25 | - } |
|
26 | - |
|
27 | - /** |
|
28 | - * Check if the temporary file has a valid MIME type for it's extension. |
|
29 | - * |
|
30 | - * @uses finfo php extension |
|
31 | - * @return boolean|null |
|
32 | - */ |
|
33 | - public function isValidMime() |
|
34 | - { |
|
35 | - $extension = strtolower(pathinfo($this->tmpFile['name'], PATHINFO_EXTENSION)); |
|
36 | - |
|
37 | - // we can't check filenames without an extension or no temp file path, let them pass validation. |
|
38 | - if (!$extension || !$this->tmpFile['tmp_name']) { |
|
39 | - return true; |
|
40 | - } |
|
41 | - |
|
42 | - $expectedMimes = $this->getExpectedMimeTypes($this->tmpFile); |
|
43 | - if (empty($expectedMimes)) { |
|
44 | - throw new MimeUploadValidator_Exception( |
|
45 | - sprintf('Could not find a MIME type for extension %s', $extension) |
|
46 | - ); |
|
47 | - } |
|
48 | - |
|
49 | - $finfo = new finfo(FILEINFO_MIME_TYPE); |
|
50 | - $foundMime = $finfo->file($this->tmpFile['tmp_name']); |
|
51 | - if (!$foundMime) { |
|
52 | - throw new MimeUploadValidator_Exception( |
|
53 | - sprintf('Could not find a MIME type for file %s', $this->tmpFile['tmp_name']) |
|
54 | - ); |
|
55 | - } |
|
56 | - |
|
57 | - foreach ($expectedMimes as $expected) { |
|
58 | - if ($this->compareMime($foundMime, $expected)) { |
|
59 | - return true; |
|
60 | - } |
|
61 | - } |
|
62 | - return false; |
|
63 | - } |
|
64 | - |
|
65 | - /** |
|
66 | - * Fetches an array of valid mimetypes. |
|
67 | - * |
|
68 | - * @return array |
|
69 | - */ |
|
70 | - public function getExpectedMimeTypes($tmpFile) |
|
71 | - { |
|
72 | - $extension = strtolower(pathinfo($tmpFile['name'], PATHINFO_EXTENSION)); |
|
73 | - |
|
74 | - // if the finfo php extension isn't loaded, we can't complete this check. |
|
75 | - if (!class_exists('finfo')) { |
|
76 | - throw new MimeUploadValidator_Exception('PHP extension finfo is not loaded'); |
|
77 | - } |
|
78 | - |
|
79 | - // Attempt to figure out which mime types are expected/acceptable here. |
|
80 | - $expectedMimes = array(); |
|
81 | - |
|
82 | - // Get the mime types set in framework core |
|
83 | - $knownMimes = Config::inst()->get('HTTP', 'MimeTypes'); |
|
84 | - if (isset($knownMimes[$extension])) { |
|
85 | - $expectedMimes[] = $knownMimes[$extension]; |
|
86 | - } |
|
87 | - |
|
88 | - // Get the mime types and their variations from mimevalidator |
|
89 | - $knownMimes = Config::inst()->get(get_class($this), 'MimeTypes'); |
|
90 | - if (isset($knownMimes[$extension])) { |
|
91 | - if (is_array($knownMimes[$extension])) { |
|
92 | - $expectedMimes += $knownMimes[$extension]; |
|
93 | - } else { |
|
94 | - $expectedMimes[] = $knownMimes[$extension]; |
|
95 | - } |
|
96 | - } |
|
97 | - return $expectedMimes; |
|
98 | - } |
|
99 | - |
|
100 | - /** |
|
101 | - * Check two MIME types roughly match eachother. |
|
102 | - * |
|
103 | - * Before we check MIME types, remove known prefixes "vnd.", "x-" etc. |
|
104 | - * If there is a suffix, we'll use that to compare. Examples: |
|
105 | - * |
|
106 | - * application/x-json = json |
|
107 | - * application/json = json |
|
108 | - * application/xhtml+xml = xml |
|
109 | - * application/xml = xml |
|
110 | - * |
|
111 | - * @param string $first The first MIME type to compare to the second |
|
112 | - * @param string $second The second MIME type to compare to the first |
|
113 | - * @return boolean |
|
114 | - */ |
|
115 | - public function compareMime($first, $second) |
|
116 | - { |
|
117 | - return preg_replace($this->filterPattern, '', $first) === preg_replace($this->filterPattern, '', $second); |
|
118 | - } |
|
119 | - |
|
120 | - public function validate() |
|
121 | - { |
|
122 | - if (parent::validate() === false) { |
|
123 | - return false; |
|
124 | - } |
|
125 | - |
|
126 | - try { |
|
127 | - $result = $this->isValidMime(); |
|
128 | - if ($result === false) { |
|
129 | - $this->errors[] = _t( |
|
130 | - 'File.INVALIDMIME', |
|
131 | - 'File extension does not match known MIME type' |
|
132 | - ); |
|
133 | - return false; |
|
134 | - } |
|
135 | - } catch (MimeUploadValidator_Exception $e) { |
|
136 | - $this->errors[] = _t( |
|
137 | - 'File.FAILEDMIMECHECK', |
|
138 | - 'MIME validation failed: {message}', |
|
139 | - 'Argument 1: Message about why MIME type detection failed', |
|
140 | - array('message' => $e->getMessage()) |
|
141 | - ); |
|
142 | - return false; |
|
143 | - } |
|
144 | - |
|
145 | - return true; |
|
146 | - } |
|
9 | + /** |
|
10 | + * The preg_replace() pattern to use against MIME types. Used to strip out |
|
11 | + * useless characters so matching of MIME types can be fuzzy. |
|
12 | + * |
|
13 | + * @var string Regexp pattern |
|
14 | + */ |
|
15 | + protected $filterPattern = '/.*[\/\.\-\+]/i'; |
|
16 | + |
|
17 | + public function setFilterPattern($pattern) |
|
18 | + { |
|
19 | + $this->filterPattern = $pattern; |
|
20 | + } |
|
21 | + |
|
22 | + public function getFilterPattern() |
|
23 | + { |
|
24 | + return $this->filterPattern; |
|
25 | + } |
|
26 | + |
|
27 | + /** |
|
28 | + * Check if the temporary file has a valid MIME type for it's extension. |
|
29 | + * |
|
30 | + * @uses finfo php extension |
|
31 | + * @return boolean|null |
|
32 | + */ |
|
33 | + public function isValidMime() |
|
34 | + { |
|
35 | + $extension = strtolower(pathinfo($this->tmpFile['name'], PATHINFO_EXTENSION)); |
|
36 | + |
|
37 | + // we can't check filenames without an extension or no temp file path, let them pass validation. |
|
38 | + if (!$extension || !$this->tmpFile['tmp_name']) { |
|
39 | + return true; |
|
40 | + } |
|
41 | + |
|
42 | + $expectedMimes = $this->getExpectedMimeTypes($this->tmpFile); |
|
43 | + if (empty($expectedMimes)) { |
|
44 | + throw new MimeUploadValidator_Exception( |
|
45 | + sprintf('Could not find a MIME type for extension %s', $extension) |
|
46 | + ); |
|
47 | + } |
|
48 | + |
|
49 | + $finfo = new finfo(FILEINFO_MIME_TYPE); |
|
50 | + $foundMime = $finfo->file($this->tmpFile['tmp_name']); |
|
51 | + if (!$foundMime) { |
|
52 | + throw new MimeUploadValidator_Exception( |
|
53 | + sprintf('Could not find a MIME type for file %s', $this->tmpFile['tmp_name']) |
|
54 | + ); |
|
55 | + } |
|
56 | + |
|
57 | + foreach ($expectedMimes as $expected) { |
|
58 | + if ($this->compareMime($foundMime, $expected)) { |
|
59 | + return true; |
|
60 | + } |
|
61 | + } |
|
62 | + return false; |
|
63 | + } |
|
64 | + |
|
65 | + /** |
|
66 | + * Fetches an array of valid mimetypes. |
|
67 | + * |
|
68 | + * @return array |
|
69 | + */ |
|
70 | + public function getExpectedMimeTypes($tmpFile) |
|
71 | + { |
|
72 | + $extension = strtolower(pathinfo($tmpFile['name'], PATHINFO_EXTENSION)); |
|
73 | + |
|
74 | + // if the finfo php extension isn't loaded, we can't complete this check. |
|
75 | + if (!class_exists('finfo')) { |
|
76 | + throw new MimeUploadValidator_Exception('PHP extension finfo is not loaded'); |
|
77 | + } |
|
78 | + |
|
79 | + // Attempt to figure out which mime types are expected/acceptable here. |
|
80 | + $expectedMimes = array(); |
|
81 | + |
|
82 | + // Get the mime types set in framework core |
|
83 | + $knownMimes = Config::inst()->get('HTTP', 'MimeTypes'); |
|
84 | + if (isset($knownMimes[$extension])) { |
|
85 | + $expectedMimes[] = $knownMimes[$extension]; |
|
86 | + } |
|
87 | + |
|
88 | + // Get the mime types and their variations from mimevalidator |
|
89 | + $knownMimes = Config::inst()->get(get_class($this), 'MimeTypes'); |
|
90 | + if (isset($knownMimes[$extension])) { |
|
91 | + if (is_array($knownMimes[$extension])) { |
|
92 | + $expectedMimes += $knownMimes[$extension]; |
|
93 | + } else { |
|
94 | + $expectedMimes[] = $knownMimes[$extension]; |
|
95 | + } |
|
96 | + } |
|
97 | + return $expectedMimes; |
|
98 | + } |
|
99 | + |
|
100 | + /** |
|
101 | + * Check two MIME types roughly match eachother. |
|
102 | + * |
|
103 | + * Before we check MIME types, remove known prefixes "vnd.", "x-" etc. |
|
104 | + * If there is a suffix, we'll use that to compare. Examples: |
|
105 | + * |
|
106 | + * application/x-json = json |
|
107 | + * application/json = json |
|
108 | + * application/xhtml+xml = xml |
|
109 | + * application/xml = xml |
|
110 | + * |
|
111 | + * @param string $first The first MIME type to compare to the second |
|
112 | + * @param string $second The second MIME type to compare to the first |
|
113 | + * @return boolean |
|
114 | + */ |
|
115 | + public function compareMime($first, $second) |
|
116 | + { |
|
117 | + return preg_replace($this->filterPattern, '', $first) === preg_replace($this->filterPattern, '', $second); |
|
118 | + } |
|
119 | + |
|
120 | + public function validate() |
|
121 | + { |
|
122 | + if (parent::validate() === false) { |
|
123 | + return false; |
|
124 | + } |
|
125 | + |
|
126 | + try { |
|
127 | + $result = $this->isValidMime(); |
|
128 | + if ($result === false) { |
|
129 | + $this->errors[] = _t( |
|
130 | + 'File.INVALIDMIME', |
|
131 | + 'File extension does not match known MIME type' |
|
132 | + ); |
|
133 | + return false; |
|
134 | + } |
|
135 | + } catch (MimeUploadValidator_Exception $e) { |
|
136 | + $this->errors[] = _t( |
|
137 | + 'File.FAILEDMIMECHECK', |
|
138 | + 'MIME validation failed: {message}', |
|
139 | + 'Argument 1: Message about why MIME type detection failed', |
|
140 | + array('message' => $e->getMessage()) |
|
141 | + ); |
|
142 | + return false; |
|
143 | + } |
|
144 | + |
|
145 | + return true; |
|
146 | + } |
|
147 | 147 | } |
148 | 148 | |
149 | 149 | class MimeUploadValidator_Exception extends Exception |
@@ -1,79 +1,79 @@ |
||
1 | 1 | <?php |
2 | 2 | class MimeUploadValidatorTest extends SapphireTest |
3 | 3 | { |
4 | - public function testInvalidFileExtensionValidatingMimeType() |
|
5 | - { |
|
6 | - // setup plaintext file with invalid extension |
|
7 | - $tmpFileName = 'UploadTest-testUpload.jpg'; |
|
8 | - $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; |
|
9 | - $tmpFileContent = ''; |
|
10 | - for ($i=0; $i<10000; $i++) { |
|
11 | - $tmpFileContent .= '0'; |
|
12 | - } |
|
13 | - file_put_contents($tmpFilePath, $tmpFileContent); |
|
4 | + public function testInvalidFileExtensionValidatingMimeType() |
|
5 | + { |
|
6 | + // setup plaintext file with invalid extension |
|
7 | + $tmpFileName = 'UploadTest-testUpload.jpg'; |
|
8 | + $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; |
|
9 | + $tmpFileContent = ''; |
|
10 | + for ($i=0; $i<10000; $i++) { |
|
11 | + $tmpFileContent .= '0'; |
|
12 | + } |
|
13 | + file_put_contents($tmpFilePath, $tmpFileContent); |
|
14 | 14 | |
15 | - // emulates the $_FILES array |
|
16 | - $tmpFile = array( |
|
17 | - 'name' => $tmpFileName, |
|
18 | - 'size' => filesize($tmpFilePath), |
|
19 | - 'tmp_name' => $tmpFilePath, |
|
20 | - 'extension' => 'jpg', |
|
21 | - 'error' => UPLOAD_ERR_OK, |
|
22 | - ); |
|
15 | + // emulates the $_FILES array |
|
16 | + $tmpFile = array( |
|
17 | + 'name' => $tmpFileName, |
|
18 | + 'size' => filesize($tmpFilePath), |
|
19 | + 'tmp_name' => $tmpFilePath, |
|
20 | + 'extension' => 'jpg', |
|
21 | + 'error' => UPLOAD_ERR_OK, |
|
22 | + ); |
|
23 | 23 | |
24 | - $u = new Upload(); |
|
25 | - $u->setValidator(new MimeUploadValidator()); |
|
26 | - $result = $u->load($tmpFile); |
|
27 | - $errors = $u->getErrors(); |
|
28 | - $this->assertFalse($result, 'Load failed because file extension does not match excepted MIME type'); |
|
29 | - $this->assertEquals('File extension does not match known MIME type', $errors[0]); |
|
24 | + $u = new Upload(); |
|
25 | + $u->setValidator(new MimeUploadValidator()); |
|
26 | + $result = $u->load($tmpFile); |
|
27 | + $errors = $u->getErrors(); |
|
28 | + $this->assertFalse($result, 'Load failed because file extension does not match excepted MIME type'); |
|
29 | + $this->assertEquals('File extension does not match known MIME type', $errors[0]); |
|
30 | 30 | |
31 | - unlink($tmpFilePath); |
|
32 | - } |
|
31 | + unlink($tmpFilePath); |
|
32 | + } |
|
33 | 33 | |
34 | 34 | |
35 | - public function testGetExpectedMimeTypes() |
|
36 | - { |
|
37 | - // Setup a file with a capitalised extension and try to match it against a lowercase file. |
|
38 | - $tmpFileName = 'text.TXT'; |
|
39 | - $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; |
|
40 | - $tmpFileContent = ''; |
|
41 | - for ($i=0; $i<10000; $i++) { |
|
42 | - $tmpFileContent .= '0'; |
|
43 | - } |
|
44 | - file_put_contents($tmpFilePath, $tmpFileContent); |
|
35 | + public function testGetExpectedMimeTypes() |
|
36 | + { |
|
37 | + // Setup a file with a capitalised extension and try to match it against a lowercase file. |
|
38 | + $tmpFileName = 'text.TXT'; |
|
39 | + $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; |
|
40 | + $tmpFileContent = ''; |
|
41 | + for ($i=0; $i<10000; $i++) { |
|
42 | + $tmpFileContent .= '0'; |
|
43 | + } |
|
44 | + file_put_contents($tmpFilePath, $tmpFileContent); |
|
45 | 45 | |
46 | - $validator = new MimeUploadValidator(); |
|
47 | - $tmpFile = array( |
|
48 | - 'name' => $tmpFileName, |
|
49 | - 'tmp_name' => $tmpFilePath, |
|
50 | - ); |
|
51 | - $expected = $validator->getExpectedMimeTypes($tmpFile); |
|
52 | - $this->assertCount(1, $expected); |
|
53 | - $this->assertContains('text/plain', $expected); |
|
46 | + $validator = new MimeUploadValidator(); |
|
47 | + $tmpFile = array( |
|
48 | + 'name' => $tmpFileName, |
|
49 | + 'tmp_name' => $tmpFilePath, |
|
50 | + ); |
|
51 | + $expected = $validator->getExpectedMimeTypes($tmpFile); |
|
52 | + $this->assertCount(1, $expected); |
|
53 | + $this->assertContains('text/plain', $expected); |
|
54 | 54 | |
55 | - unlink($tmpFilePath); |
|
55 | + unlink($tmpFilePath); |
|
56 | 56 | |
57 | - // Test a physical ico file with capitalised extension |
|
58 | - $tmpFile = array( |
|
59 | - 'name' => 'favicon.ICO', |
|
60 | - 'tmp_name' => 'assets/favicon.ICO', |
|
61 | - ); |
|
62 | - $expected = $validator->getExpectedMimeTypes($tmpFile); |
|
63 | - $this->assertCount(3, $expected); |
|
64 | - } |
|
57 | + // Test a physical ico file with capitalised extension |
|
58 | + $tmpFile = array( |
|
59 | + 'name' => 'favicon.ICO', |
|
60 | + 'tmp_name' => 'assets/favicon.ICO', |
|
61 | + ); |
|
62 | + $expected = $validator->getExpectedMimeTypes($tmpFile); |
|
63 | + $this->assertCount(3, $expected); |
|
64 | + } |
|
65 | 65 | |
66 | - public function testMimeComparison() |
|
67 | - { |
|
68 | - $validator = new MimeUploadValidator(); |
|
66 | + public function testMimeComparison() |
|
67 | + { |
|
68 | + $validator = new MimeUploadValidator(); |
|
69 | 69 | |
70 | - $this->assertTrue($validator->compareMime('application/xhtml+xml', 'application/xml')); |
|
71 | - $this->assertTrue($validator->compareMime('application/vnd.text', 'application/text')); |
|
72 | - $this->assertTrue($validator->compareMime('application/vnd.vnd.text', 'application/text')); |
|
73 | - $this->assertTrue($validator->compareMime('application/x-text', 'application/text')); |
|
74 | - $this->assertTrue($validator->compareMime('application/gzip', 'application/gzip')); |
|
75 | - $this->assertTrue($validator->compareMime('application/x-gzip', 'application/gzip')); |
|
76 | - $this->assertFalse($validator->compareMime('application/png', 'application/json')); |
|
77 | - $this->assertFalse($validator->compareMime('text/plain', 'text/json')); |
|
78 | - } |
|
70 | + $this->assertTrue($validator->compareMime('application/xhtml+xml', 'application/xml')); |
|
71 | + $this->assertTrue($validator->compareMime('application/vnd.text', 'application/text')); |
|
72 | + $this->assertTrue($validator->compareMime('application/vnd.vnd.text', 'application/text')); |
|
73 | + $this->assertTrue($validator->compareMime('application/x-text', 'application/text')); |
|
74 | + $this->assertTrue($validator->compareMime('application/gzip', 'application/gzip')); |
|
75 | + $this->assertTrue($validator->compareMime('application/x-gzip', 'application/gzip')); |
|
76 | + $this->assertFalse($validator->compareMime('application/png', 'application/json')); |
|
77 | + $this->assertFalse($validator->compareMime('text/plain', 'text/json')); |
|
78 | + } |
|
79 | 79 | } |
@@ -7,7 +7,7 @@ discard block |
||
7 | 7 | $tmpFileName = 'UploadTest-testUpload.jpg'; |
8 | 8 | $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; |
9 | 9 | $tmpFileContent = ''; |
10 | - for ($i=0; $i<10000; $i++) { |
|
10 | + for ($i = 0; $i < 10000; $i++) { |
|
11 | 11 | $tmpFileContent .= '0'; |
12 | 12 | } |
13 | 13 | file_put_contents($tmpFilePath, $tmpFileContent); |
@@ -38,7 +38,7 @@ discard block |
||
38 | 38 | $tmpFileName = 'text.TXT'; |
39 | 39 | $tmpFilePath = TEMP_FOLDER . '/' . $tmpFileName; |
40 | 40 | $tmpFileContent = ''; |
41 | - for ($i=0; $i<10000; $i++) { |
|
41 | + for ($i = 0; $i < 10000; $i++) { |
|
42 | 42 | $tmpFileContent .= '0'; |
43 | 43 | } |
44 | 44 | file_put_contents($tmpFilePath, $tmpFileContent); |