Issues in EditableFileField.php - New Issues - Inspection of "Merge pull request #649 from creative-commoners/pu..." - silverstripe/silverstripe-userforms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 12981b...2f1b03 )

by Robbie

created 2017-08-21 01:24 UTC

model/editableformfields/EditableFileField.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Allows a user to add a field that can be used to upload a file.
 *
 * @package userforms
 */
class EditableFileField extends EditableFormField
{

    private static $singular_name = 'File Upload Field';

    private static $plural_names = 'File Fields';

    private static $db = array(

        'MaxFileSizeMB' => 'Float',
    );

    private static $has_one = array(
        'Folder' => 'Folder' // From CustomFields
    );

    /**
     * Further limit uploadable file extensions in addition to the restrictions
     * imposed by the File.allowed_extensions global configuration.
     * @config
     */
    private static $allowed_extensions_blacklist = array(
        'htm', 'html', 'xhtml', 'swf', 'xml'
    );

    /**
     * @return FieldList
     */
    public function getCMSFields()
    {
        $fields = parent::getCMSFields();

        $fields->addFieldToTab(
            'Root.Main',
            TreeDropdownField::create(
                'FolderID',
                _t('EditableUploadField.SELECTUPLOADFOLDER', 'Select upload folder'),
                'Folder'
            )
        );

        $fields->addFieldToTab("Root.Main", new LiteralField("FileUploadWarning",
            "<p class=\"message notice\">" . _t("UserDefinedForm.FileUploadWarning",
                "Files uploaded through this field could be publicly accessible if the exact URL is known")
            . "</p>"), "Type");

        $fields->addFieldToTab(
            'Root.Main',
            NumericField::create('MaxFileSizeMB')
                ->setTitle('Max File Size MB')
                ->setDescription("Note: Maximum php allowed size is {$this->getPHPMaxFileSizeMB()} MB")
        );

        return $fields;
    }

    /**
     * @return ValidationResult
     */
    public function validate()
    {
        $result = parent::validate();

        $max = static::get_php_max_file_size();
        if ($this->MaxFileSizeMB * 1024 > $max) {
            $result->error("Your max file size limit can't be larger than the server's limit of {$this->getPHPMaxFileSizeMB()}.");
        }

        return $result;
    }

    public function getFormField()
    {
        $field = FileField::create($this->Name, $this->EscapedTitle)
            ->setFieldHolderTemplate('UserFormsField_holder')
            ->setTemplate('UserFormsFileField');

        $field->setFieldHolderTemplate('UserFormsField_holder')
            ->setTemplate('UserFormsFileField');

        $field->getValidator()->setAllowedExtensions(
            array_diff(
            // filter out '' since this would be a regex problem on JS end
                array_filter(Config::inst()->get('File', 'allowed_extensions')),
                $this->config()->allowed_extensions_blacklist
            )
        );

        if ($this->MaxFileSizeMB > 0) {
            $field->getValidator()->setAllowedMaxFileSize($this->MaxFileSizeMB * 1024 * 1024);
        } else {
            $field->getValidator()->setAllowedMaxFileSize(static::get_php_max_file_size());
        }

        $folder = $this->Folder();
        if ($folder && $folder->exists()) {
            $field->setFolderName(
                preg_replace("/^assets\//", "", $folder->Filename)
            );
        }

        $this->doUpdateFormField($field);

        return $field;
    }


    /**
     * Return the value for the database, link to the file is stored as a
     * relation so value for the field can be null.
     *
     * @return string
     */
    public function getValueFromData()
    {
        return null;
    }

    public function getSubmittedFormField()
    {
        return new SubmittedFileField();
    }


    public function migrateSettings($data)
    {
        // Migrate 'Folder' setting to 'FolderID'
        if (isset($data['Folder'])) {
            $this->FolderID = $data['Folder'];
            unset($data['Folder']);
        }

        parent::migrateSettings($data);
    }

    /**
     * @return float
     */
    public static function get_php_max_file_size()
    {
        $maxUpload = File::ini2bytes(ini_get('upload_max_filesize'));
        $maxPost = File::ini2bytes(ini_get('post_max_size'));
        return min($maxUpload, $maxPost);
    }

    public function getPHPMaxFileSizeMB()
    {
        return round(static::get_php_max_file_size() / 1024.0, 1);
    }

}


1		<?php
2
3		/**
4		* Allows a user to add a field that can be used to upload a file.
5		*
6		* @package userforms
7		*/
8		class EditableFileField extends EditableFormField
9		{
10
11		private static $singular_name = 'File Upload Field';
12
13		private static $plural_names = 'File Fields';
14
15		private static $db = array(
		0 ignored issues – show Comprehensibility introduced 2017-08-16 05:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history... Unused Code introduced 2017-08-16 05:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$db` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
16		'MaxFileSizeMB' => 'Float',
17		);
18
19		private static $has_one = array(
20		'Folder' => 'Folder' // From CustomFields
21		);
22
23		/**
24		* Further limit uploadable file extensions in addition to the restrictions
25		* imposed by the File.allowed_extensions global configuration.
26		* @config
27		*/
28		private static $allowed_extensions_blacklist = array(
29		'htm', 'html', 'xhtml', 'swf', 'xml'
30		);
31
32		/**
33		* @return FieldList
34		*/
35		public function getCMSFields()
36		{
37		$fields = parent::getCMSFields();
38
39		$fields->addFieldToTab(
40		'Root.Main',
41		TreeDropdownField::create(
42		'FolderID',
43		_t('EditableUploadField.SELECTUPLOADFOLDER', 'Select upload folder'),
44		'Folder'
45		)
46		);
47
48		$fields->addFieldToTab("Root.Main", new LiteralField("FileUploadWarning",
49		"<p class=\"message notice\">" . _t("UserDefinedForm.FileUploadWarning",
50		"Files uploaded through this field could be publicly accessible if the exact URL is known")
51		. "</p>"), "Type");
52
53		$fields->addFieldToTab(
54		'Root.Main',
55		NumericField::create('MaxFileSizeMB')
56		->setTitle('Max File Size MB')
57		->setDescription("Note: Maximum php allowed size is {$this->getPHPMaxFileSizeMB()} MB")
58		);
59
60		return $fields;
61		}
62
63		/**
64		* @return ValidationResult
65		*/
66	4	public function validate()
67		{
68	4	$result = parent::validate();
69
70	4	$max = static::get_php_max_file_size();
71	4	if ($this->MaxFileSizeMB * 1024 > $max) {
72	1	$result->error("Your max file size limit can't be larger than the server's limit of {$this->getPHPMaxFileSizeMB()}.");
73		}
74
75	4	return $result;
76		}
77
78	4	public function getFormField()
79		{
80	4	$field = FileField::create($this->Name, $this->EscapedTitle)
81	4	->setFieldHolderTemplate('UserFormsField_holder')
82	4	->setTemplate('UserFormsFileField');
83
84	4	$field->setFieldHolderTemplate('UserFormsField_holder')
85	4	->setTemplate('UserFormsFileField');
86
87	4	$field->getValidator()->setAllowedExtensions(
88	4	array_diff(
89		// filter out '' since this would be a regex problem on JS end
90	4	array_filter(Config::inst()->get('File', 'allowed_extensions')),
91	4	$this->config()->allowed_extensions_blacklist
92		)
93		);
94
95	4	if ($this->MaxFileSizeMB > 0) {
96	1	$field->getValidator()->setAllowedMaxFileSize($this->MaxFileSizeMB * 1024 * 1024);
97		} else {
98	3	$field->getValidator()->setAllowedMaxFileSize(static::get_php_max_file_size());
99		}
100
101	4	$folder = $this->Folder();
102	4	if ($folder && $folder->exists()) {
103		$field->setFolderName(
104		preg_replace("/^assets\//", "", $folder->Filename)
105		);
106		}
107
108	4	$this->doUpdateFormField($field);
109
110	4	return $field;
111		}
112
113
114		/**
115		* Return the value for the database, link to the file is stored as a
116		* relation so value for the field can be null.
117		*
118		* @return string
119		*/
120		public function getValueFromData()
121		{
122		return null;
123		}
124
125		public function getSubmittedFormField()
126		{
127		return new SubmittedFileField();
128		}
129
130
131	2	public function migrateSettings($data)
132		{
133		// Migrate 'Folder' setting to 'FolderID'
134	2	if (isset($data['Folder'])) {
135	2	$this->FolderID = $data['Folder'];
136	2	unset($data['Folder']);
137		}
138
139	2	parent::migrateSettings($data);
140	2	}
141
142		/**
143		* @return float
144		*/
145	7	public static function get_php_max_file_size()
146		{
147	7	$maxUpload = File::ini2bytes(ini_get('upload_max_filesize'));
148	7	$maxPost = File::ini2bytes(ini_get('post_max_size'));
149	7	return min($maxUpload, $maxPost);
150		}
151
152	1	public function getPHPMaxFileSizeMB()
153		{
154	1	return round(static::get_php_max_file_size() / 1024.0, 1);
155		}
156
157		}
158

silverstripe / silverstripe-userforms

Push — master ( 12981b...2f1b03 )

model/editableformfields/EditableFileField.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like