Issues in MimeUploadValidator.php - Fixed Issues - Inspection of "Merge pull request #14 from helpfulrobot/convert-t..." - silverstripe/silverstripe-mimevalidator - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 79e63b...a5181c )

by Daniel

created 2015-11-23 18:14 UTC

code/MimeUploadValidator.php (3 issues)

Labels

Coding Style 3

Severity

Informational 3

Sean Harvey 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Adds an additional validation rule to Upload_Validator that attempts to detect
 * the file extension of an uploaded file matches it's contents, which is done
 * by detecting the MIME type and doing a fuzzy match.
 */
class MimeUploadValidator extends Upload_Validator {


	/**
	 * The preg_replace() pattern to use against MIME types. Used to strip out
	 * useless characters so matching of MIME types can be fuzzy.
	 *
	 * @var string Regexp pattern
	 */
	protected $filterPattern = '/.*[\/\.\-\+]/i';

	public function setFilterPattern($pattern) {
		$this->filterPattern = $pattern;
	}

	public function getFilterPattern() {
		return $this->filterPattern;
	}

	/**
	 * Check if the temporary file has a valid MIME type for it's extension.
	 *
	 * @uses finfo php extension
	 * @return boolean|null
	 */
	public function isValidMime() {
                $extension = strtolower(pathinfo($this->tmpFile['name'], PATHINFO_EXTENSION));

                // we can't check filenames without an extension or no temp file path, let them pass validation.
                if(!$extension || !$this->tmpFile['tmp_name']) return true;

		$expectedMimes = $this->getExpectedMimeTypes($this->tmpFile);
		if(empty($expectedMimes)) {
			throw new MimeUploadValidator_Exception(
				sprintf('Could not find a MIME type for extension %s', $extension)
			);
		}

		$finfo = new finfo(FILEINFO_MIME_TYPE);
		$foundMime = $finfo->file($this->tmpFile['tmp_name']);
		if(!$foundMime) {
			throw new MimeUploadValidator_Exception(
				sprintf('Could not find a MIME type for file %s', $this->tmpFile['tmp_name'])
			);
		}

		foreach($expectedMimes as $expected) {
			if($this->compareMime($foundMime, $expected)) return true;
		}
		return false;
	}

	/**
	 * Fetches an array of valid mimetypes.
	 *
	 * @return array
	 */
	public function getExpectedMimeTypes($tmpFile) {
		$extension = strtolower(pathinfo($tmpFile['name'], PATHINFO_EXTENSION));

		// if the finfo php extension isn't loaded, we can't complete this check.
		if(!class_exists('finfo')) {
			throw new MimeUploadValidator_Exception('PHP extension finfo is not loaded');
		}

		// Attempt to figure out which mime types are expected/acceptable here.
		$expectedMimes = array();

		// Get the mime types set in framework core
		$knownMimes = Config::inst()->get('HTTP', 'MimeTypes');
		if(isset($knownMimes[$extension])) {
			$expectedMimes[] = $knownMimes[$extension];
		}

		// Get the mime types and their variations from mimevalidator
		$knownMimes = Config::inst()->get(get_class($this), 'MimeTypes');
		if(isset($knownMimes[$extension])) {
			if(is_array($knownMimes[$extension])) {
				$expectedMimes += $knownMimes[$extension];
			} else {
				$expectedMimes[] = $knownMimes[$extension];
			}
		}
		return $expectedMimes;
	}

	/**
	 * Check two MIME types roughly match eachother.
	 *
	 * Before we check MIME types, remove known prefixes "vnd.", "x-" etc.
	 * If there is a suffix, we'll use that to compare. Examples:
	 *
	 * application/x-json = json
	 * application/json = json
	 * application/xhtml+xml = xml
	 * application/xml = xml
	 *
	 * @param string $first The first MIME type to compare to the second
	 * @param string $second The second MIME type to compare to the first
	 * @return boolean
	 */
	public function compareMime($first, $second) {
		return preg_replace($this->filterPattern, '', $first) === preg_replace($this->filterPattern, '', $second);
	}

	public function validate() {
		if(parent::validate() === false) return false;

		try {
			$result = $this->isValidMime();
			if($result === false) {
				$this->errors[] = _t(
					'File.INVALIDMIME',
					'File extension does not match known MIME type'
				);
				return false;
			}
		} catch(MimeUploadValidator_Exception $e) {
			$this->errors[] = _t(
				'File.FAILEDMIMECHECK',
				'MIME validation failed: {message}',
				'Argument 1: Message about why MIME type detection failed',
				array('message' => $e->getMessage())
			);
			return false;
		}

		return true;
	}

}
// Incorrect placement according to PSR2
class MyClass
{
    public function foo()
    {

    }
    // This blank line is not allowed.

}

// Correct
class MyClass
{
    public function foo()
    {

    } // No blank lines after this line.
}

class MimeUploadValidator_Exception extends Exception {


}



1			<?php
2			/**
3			* Adds an additional validation rule to Upload_Validator that attempts to detect
4			* the file extension of an uploaded file matches it's contents, which is done
5			* by detecting the MIME type and doing a fuzzy match.
6			*/
7			class MimeUploadValidator extends Upload_Validator {
			0 ignored issues – show Coding Style introduced 2015-11-20 23:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this As per PSR2, the opening brace for this class should be on a new line. Loading history...
8
9			/**
10			* The preg_replace() pattern to use against MIME types. Used to strip out
11			* useless characters so matching of MIME types can be fuzzy.
12			*
13			* @var string Regexp pattern
14			*/
15			protected $filterPattern = '/.*[\/\.\-\+]/i';
16
17			public function setFilterPattern($pattern) {
18			$this->filterPattern = $pattern;
19			}
20
21			public function getFilterPattern() {
22			return $this->filterPattern;
23			}
24
25			/**
26			* Check if the temporary file has a valid MIME type for it's extension.
27			*
28			* @uses finfo php extension
29			* @return boolean\|null
30			*/
31			public function isValidMime() {
32			$extension = strtolower(pathinfo($this->tmpFile['name'], PATHINFO_EXTENSION));
33
34			// we can't check filenames without an extension or no temp file path, let them pass validation.
35			if(!$extension \|\| !$this->tmpFile['tmp_name']) return true;
36
37			$expectedMimes = $this->getExpectedMimeTypes($this->tmpFile);
38			if(empty($expectedMimes)) {
39			throw new MimeUploadValidator_Exception(
40			sprintf('Could not find a MIME type for extension %s', $extension)
41			);
42			}
43
44			$finfo = new finfo(FILEINFO_MIME_TYPE);
45			$foundMime = $finfo->file($this->tmpFile['tmp_name']);
46			if(!$foundMime) {
47			throw new MimeUploadValidator_Exception(
48			sprintf('Could not find a MIME type for file %s', $this->tmpFile['tmp_name'])
49			);
50			}
51
52			foreach($expectedMimes as $expected) {
53			if($this->compareMime($foundMime, $expected)) return true;
54			}
55			return false;
56			}
57
58			/**
59			* Fetches an array of valid mimetypes.
60			*
61			* @return array
62			*/
63			public function getExpectedMimeTypes($tmpFile) {
64			$extension = strtolower(pathinfo($tmpFile['name'], PATHINFO_EXTENSION));
65
66			// if the finfo php extension isn't loaded, we can't complete this check.
67			if(!class_exists('finfo')) {
68			throw new MimeUploadValidator_Exception('PHP extension finfo is not loaded');
69			}
70
71			// Attempt to figure out which mime types are expected/acceptable here.
72			$expectedMimes = array();
73
74			// Get the mime types set in framework core
75			$knownMimes = Config::inst()->get('HTTP', 'MimeTypes');
76			if(isset($knownMimes[$extension])) {
77			$expectedMimes[] = $knownMimes[$extension];
78			}
79
80			// Get the mime types and their variations from mimevalidator
81			$knownMimes = Config::inst()->get(get_class($this), 'MimeTypes');
82			if(isset($knownMimes[$extension])) {
83			if(is_array($knownMimes[$extension])) {
84			$expectedMimes += $knownMimes[$extension];
85			} else {
86			$expectedMimes[] = $knownMimes[$extension];
87			}
88			}
89			return $expectedMimes;
90			}
91
92			/**
93			* Check two MIME types roughly match eachother.
94			*
95			* Before we check MIME types, remove known prefixes "vnd.", "x-" etc.
96			* If there is a suffix, we'll use that to compare. Examples:
97			*
98			* application/x-json = json
99			* application/json = json
100			* application/xhtml+xml = xml
101			* application/xml = xml
102			*
103			* @param string $first The first MIME type to compare to the second
104			* @param string $second The second MIME type to compare to the first
105			* @return boolean
106			*/
107			public function compareMime($first, $second) {
108			return preg_replace($this->filterPattern, '', $first) === preg_replace($this->filterPattern, '', $second);
109			}
110
111			public function validate() {
112			if(parent::validate() === false) return false;
113
114			try {
115			$result = $this->isValidMime();
116			if($result === false) {
117			$this->errors[] = _t(
118			'File.INVALIDMIME',
119			'File extension does not match known MIME type'
120			);
121			return false;
122			}
123			} catch(MimeUploadValidator_Exception $e) {
124			$this->errors[] = _t(
125			'File.FAILEDMIMECHECK',
126			'MIME validation failed: {message}',
127			'Argument 1: Message about why MIME type detection failed',
128			array('message' => $e->getMessage())
129			);
130			return false;
131			}
132
133			return true;
134			}
135
136			}
			0 ignored issues – show Coding Style introduced 2015-11-20 23:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this According to PSR2, the closing brace of classes should be placed on the next line directly after the body. Below you find some examples: // Incorrect placement according to PSR2 class MyClass { public function foo() { } // This blank line is not allowed. } // Correct class MyClass { public function foo() { } // No blank lines after this line. } Loading history...
137
138			class MimeUploadValidator_Exception extends Exception {
			0 ignored issues – show Coding Style introduced 2015-11-20 23:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this As per PSR2, the opening brace for this class should be on a new line. Loading history...
139
140			}
141
142

silverstripe / silverstripe-mimevalidator

Push — master ( 79e63b...a5181c )

code/MimeUploadValidator.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like