Issues in MimeUploadValidator.php - Fixed Issues - Inspection of "Merge pull request #14 from helpfulrobot/convert-t..." - silverstripe/silverstripe-mimevalidator - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 79e63b...a5181c )

by Daniel

created 2015-11-23 18:14 UTC

code/MimeUploadValidator.php (2 issues)

Showing only issues like (Show All)

class opening brace is on a new line.

Coding Style Informational

Sean Harvey 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Adds an additional validation rule to Upload_Validator that attempts to detect
 * the file extension of an uploaded file matches it's contents, which is done
 * by detecting the MIME type and doing a fuzzy match.
 */
class MimeUploadValidator extends Upload_Validator {


	/**
	 * The preg_replace() pattern to use against MIME types. Used to strip out
	 * useless characters so matching of MIME types can be fuzzy.
	 *
	 * @var string Regexp pattern
	 */
	protected $filterPattern = '/.*[\/\.\-\+]/i';

	public function setFilterPattern($pattern) {
		$this->filterPattern = $pattern;
	}

	public function getFilterPattern() {
		return $this->filterPattern;
	}

	/**
	 * Check if the temporary file has a valid MIME type for it's extension.
	 *
	 * @uses finfo php extension
	 * @return boolean|null
	 */
	public function isValidMime() {
                $extension = strtolower(pathinfo($this->tmpFile['name'], PATHINFO_EXTENSION));

                // we can't check filenames without an extension or no temp file path, let them pass validation.
                if(!$extension || !$this->tmpFile['tmp_name']) return true;

		$expectedMimes = $this->getExpectedMimeTypes($this->tmpFile);
		if(empty($expectedMimes)) {
			throw new MimeUploadValidator_Exception(
				sprintf('Could not find a MIME type for extension %s', $extension)
			);
		}

		$finfo = new finfo(FILEINFO_MIME_TYPE);
		$foundMime = $finfo->file($this->tmpFile['tmp_name']);
		if(!$foundMime) {
			throw new MimeUploadValidator_Exception(
				sprintf('Could not find a MIME type for file %s', $this->tmpFile['tmp_name'])
			);
		}

		foreach($expectedMimes as $expected) {
			if($this->compareMime($foundMime, $expected)) return true;
		}
		return false;
	}

	/**
	 * Fetches an array of valid mimetypes.
	 *
	 * @return array
	 */
	public function getExpectedMimeTypes($tmpFile) {
		$extension = strtolower(pathinfo($tmpFile['name'], PATHINFO_EXTENSION));

		// if the finfo php extension isn't loaded, we can't complete this check.
		if(!class_exists('finfo')) {
			throw new MimeUploadValidator_Exception('PHP extension finfo is not loaded');
		}

		// Attempt to figure out which mime types are expected/acceptable here.
		$expectedMimes = array();

		// Get the mime types set in framework core
		$knownMimes = Config::inst()->get('HTTP', 'MimeTypes');
		if(isset($knownMimes[$extension])) {
			$expectedMimes[] = $knownMimes[$extension];
		}

		// Get the mime types and their variations from mimevalidator
		$knownMimes = Config::inst()->get(get_class($this), 'MimeTypes');
		if(isset($knownMimes[$extension])) {
			if(is_array($knownMimes[$extension])) {
				$expectedMimes += $knownMimes[$extension];
			} else {
				$expectedMimes[] = $knownMimes[$extension];
			}
		}
		return $expectedMimes;
	}

	/**
	 * Check two MIME types roughly match eachother.
	 *
	 * Before we check MIME types, remove known prefixes "vnd.", "x-" etc.
	 * If there is a suffix, we'll use that to compare. Examples:
	 *
	 * application/x-json = json
	 * application/json = json
	 * application/xhtml+xml = xml
	 * application/xml = xml
	 *
	 * @param string $first The first MIME type to compare to the second
	 * @param string $second The second MIME type to compare to the first
	 * @return boolean
	 */
	public function compareMime($first, $second) {
		return preg_replace($this->filterPattern, '', $first) === preg_replace($this->filterPattern, '', $second);
	}

	public function validate() {
		if(parent::validate() === false) return false;

		try {
			$result = $this->isValidMime();
			if($result === false) {
				$this->errors[] = _t(
					'File.INVALIDMIME',
					'File extension does not match known MIME type'
				);
				return false;
			}
		} catch(MimeUploadValidator_Exception $e) {
			$this->errors[] = _t(
				'File.FAILEDMIMECHECK',
				'MIME validation failed: {message}',
				'Argument 1: Message about why MIME type detection failed',
				array('message' => $e->getMessage())
			);
			return false;
		}

		return true;
	}

}

class MimeUploadValidator_Exception extends Exception {


}



1			<?php
2			/**
3			* Adds an additional validation rule to Upload_Validator that attempts to detect
4			* the file extension of an uploaded file matches it's contents, which is done
5			* by detecting the MIME type and doing a fuzzy match.
6			*/
7			class MimeUploadValidator extends Upload_Validator {
			0 ignored issues – show Coding Style introduced 2015-11-20 23:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this As per PSR2, the opening brace for this class should be on a new line. Loading history...
8
9			/**
10			* The preg_replace() pattern to use against MIME types. Used to strip out
11			* useless characters so matching of MIME types can be fuzzy.
12			*
13			* @var string Regexp pattern
14			*/
15			protected $filterPattern = '/.*[\/\.\-\+]/i';
16
17			public function setFilterPattern($pattern) {
18			$this->filterPattern = $pattern;
19			}
20
21			public function getFilterPattern() {
22			return $this->filterPattern;
23			}
24
25			/**
26			* Check if the temporary file has a valid MIME type for it's extension.
27			*
28			* @uses finfo php extension
29			* @return boolean\|null
30			*/
31			public function isValidMime() {
32			$extension = strtolower(pathinfo($this->tmpFile['name'], PATHINFO_EXTENSION));
33
34			// we can't check filenames without an extension or no temp file path, let them pass validation.
35			if(!$extension \|\| !$this->tmpFile['tmp_name']) return true;
36
37			$expectedMimes = $this->getExpectedMimeTypes($this->tmpFile);
38			if(empty($expectedMimes)) {
39			throw new MimeUploadValidator_Exception(
40			sprintf('Could not find a MIME type for extension %s', $extension)
41			);
42			}
43
44			$finfo = new finfo(FILEINFO_MIME_TYPE);
45			$foundMime = $finfo->file($this->tmpFile['tmp_name']);
46			if(!$foundMime) {
47			throw new MimeUploadValidator_Exception(
48			sprintf('Could not find a MIME type for file %s', $this->tmpFile['tmp_name'])
49			);
50			}
51
52			foreach($expectedMimes as $expected) {
53			if($this->compareMime($foundMime, $expected)) return true;
54			}
55			return false;
56			}
57
58			/**
59			* Fetches an array of valid mimetypes.
60			*
61			* @return array
62			*/
63			public function getExpectedMimeTypes($tmpFile) {
64			$extension = strtolower(pathinfo($tmpFile['name'], PATHINFO_EXTENSION));
65
66			// if the finfo php extension isn't loaded, we can't complete this check.
67			if(!class_exists('finfo')) {
68			throw new MimeUploadValidator_Exception('PHP extension finfo is not loaded');
69			}
70
71			// Attempt to figure out which mime types are expected/acceptable here.
72			$expectedMimes = array();
73
74			// Get the mime types set in framework core
75			$knownMimes = Config::inst()->get('HTTP', 'MimeTypes');
76			if(isset($knownMimes[$extension])) {
77			$expectedMimes[] = $knownMimes[$extension];
78			}
79
80			// Get the mime types and their variations from mimevalidator
81			$knownMimes = Config::inst()->get(get_class($this), 'MimeTypes');
82			if(isset($knownMimes[$extension])) {
83			if(is_array($knownMimes[$extension])) {
84			$expectedMimes += $knownMimes[$extension];
85			} else {
86			$expectedMimes[] = $knownMimes[$extension];
87			}
88			}
89			return $expectedMimes;
90			}
91
92			/**
93			* Check two MIME types roughly match eachother.
94			*
95			* Before we check MIME types, remove known prefixes "vnd.", "x-" etc.
96			* If there is a suffix, we'll use that to compare. Examples:
97			*
98			* application/x-json = json
99			* application/json = json
100			* application/xhtml+xml = xml
101			* application/xml = xml
102			*
103			* @param string $first The first MIME type to compare to the second
104			* @param string $second The second MIME type to compare to the first
105			* @return boolean
106			*/
107			public function compareMime($first, $second) {
108			return preg_replace($this->filterPattern, '', $first) === preg_replace($this->filterPattern, '', $second);
109			}
110
111			public function validate() {
112			if(parent::validate() === false) return false;
113
114			try {
115			$result = $this->isValidMime();
116			if($result === false) {
117			$this->errors[] = _t(
118			'File.INVALIDMIME',
119			'File extension does not match known MIME type'
120			);
121			return false;
122			}
123			} catch(MimeUploadValidator_Exception $e) {
124			$this->errors[] = _t(
125			'File.FAILEDMIMECHECK',
126			'MIME validation failed: {message}',
127			'Argument 1: Message about why MIME type detection failed',
128			array('message' => $e->getMessage())
129			);
130			return false;
131			}
132
133			return true;
134			}
135
136			}
137
138			class MimeUploadValidator_Exception extends Exception {
			0 ignored issues – show Coding Style introduced 2015-11-20 23:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this As per PSR2, the opening brace for this class should be on a new line. Loading history...
139
140			}
141
142

silverstripe / silverstripe-mimevalidator

Push — master ( 79e63b...a5181c )

code/MimeUploadValidator.php (2 issues)

Showing only issues like (Show All)

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like