This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Spatie\MediaLibrary\FileAdder; |
||
4 | |||
5 | use Illuminate\Database\Eloquent\Model; |
||
6 | use Illuminate\Support\Facades\Storage; |
||
7 | use Illuminate\Support\Traits\Macroable; |
||
8 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\DiskDoesNotExist; |
||
9 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\FileDoesNotExist; |
||
10 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\FileIsTooBig; |
||
11 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\FileUnacceptableForCollection; |
||
12 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\UnknownType; |
||
13 | use Spatie\MediaLibrary\File as PendingFile; |
||
14 | use Spatie\MediaLibrary\Filesystem\Filesystem; |
||
15 | use Spatie\MediaLibrary\HasMedia\HasMedia; |
||
16 | use Spatie\MediaLibrary\Helpers\File; |
||
17 | use Spatie\MediaLibrary\Helpers\RemoteFile; |
||
18 | use Spatie\MediaLibrary\ImageGenerators\FileTypes\Image as ImageGenerator; |
||
19 | use Spatie\MediaLibrary\Jobs\GenerateResponsiveImages; |
||
20 | use Spatie\MediaLibrary\MediaCollection\MediaCollection; |
||
21 | use Spatie\MediaLibrary\Models\Media; |
||
22 | use Symfony\Component\HttpFoundation\File\File as SymfonyFile; |
||
23 | use Symfony\Component\HttpFoundation\File\UploadedFile; |
||
24 | |||
25 | class FileAdder |
||
26 | { |
||
27 | use Macroable; |
||
28 | |||
29 | /** @var \Illuminate\Database\Eloquent\Model subject */ |
||
30 | protected $subject; |
||
31 | |||
32 | /** @var \Spatie\MediaLibrary\Filesystem\Filesystem */ |
||
33 | protected $filesystem; |
||
34 | |||
35 | /** @var bool */ |
||
36 | protected $preserveOriginal = false; |
||
37 | |||
38 | /** @var string|\Symfony\Component\HttpFoundation\File\UploadedFile */ |
||
39 | protected $file; |
||
40 | |||
41 | /** @var array */ |
||
42 | protected $properties = []; |
||
43 | |||
44 | /** @var array */ |
||
45 | protected $customProperties = []; |
||
46 | |||
47 | /** @var array */ |
||
48 | protected $manipulations = []; |
||
49 | |||
50 | /** @var string */ |
||
51 | protected $pathToFile; |
||
52 | |||
53 | /** @var string */ |
||
54 | protected $fileName; |
||
55 | |||
56 | /** @var string */ |
||
57 | protected $mediaName; |
||
58 | |||
59 | /** @var string */ |
||
60 | protected $diskName = ''; |
||
61 | |||
62 | /** @var null|callable */ |
||
63 | protected $fileNameSanitizer; |
||
64 | |||
65 | /** @var bool */ |
||
66 | protected $generateResponsiveImages = false; |
||
67 | |||
68 | /** @var array */ |
||
69 | protected $customHeaders = []; |
||
70 | |||
71 | /** |
||
72 | * @param Filesystem $fileSystem |
||
73 | */ |
||
74 | public function __construct(Filesystem $fileSystem) |
||
75 | { |
||
76 | $this->filesystem = $fileSystem; |
||
77 | |||
78 | $this->fileNameSanitizer = function ($fileName) { |
||
79 | return $this->defaultSanitizer($fileName); |
||
80 | }; |
||
81 | } |
||
82 | |||
83 | /** |
||
84 | * @param \Illuminate\Database\Eloquent\Model $subject |
||
85 | * |
||
86 | * @return FileAdder |
||
87 | */ |
||
88 | public function setSubject(Model $subject) |
||
89 | { |
||
90 | $this->subject = $subject; |
||
91 | |||
92 | return $this; |
||
93 | } |
||
94 | |||
95 | /* |
||
96 | * Set the file that needs to be imported. |
||
97 | * |
||
98 | * @param string|\Symfony\Component\HttpFoundation\File\UploadedFile $file |
||
99 | * |
||
100 | * @return $this |
||
101 | */ |
||
102 | public function setFile($file): self |
||
103 | { |
||
104 | $this->file = $file; |
||
105 | |||
106 | if (is_string($file)) { |
||
107 | $this->pathToFile = $file; |
||
108 | $this->setFileName(pathinfo($file, PATHINFO_BASENAME)); |
||
109 | $this->mediaName = pathinfo($file, PATHINFO_FILENAME); |
||
110 | |||
111 | return $this; |
||
112 | } |
||
113 | |||
114 | if ($file instanceof RemoteFile) { |
||
115 | $this->pathToFile = $file->getKey(); |
||
116 | $this->setFileName($file->getFilename()); |
||
117 | $this->mediaName = $file->getName(); |
||
118 | |||
119 | return $this; |
||
120 | } |
||
121 | |||
122 | if ($file instanceof UploadedFile) { |
||
123 | $this->pathToFile = $file->getPath().'/'.$file->getFilename(); |
||
124 | $this->setFileName($file->getClientOriginalName()); |
||
125 | $this->mediaName = pathinfo($file->getClientOriginalName(), PATHINFO_FILENAME); |
||
126 | |||
127 | return $this; |
||
128 | } |
||
129 | |||
130 | if ($file instanceof SymfonyFile) { |
||
131 | $this->pathToFile = $file->getPath().'/'.$file->getFilename(); |
||
132 | $this->setFileName(pathinfo($file->getFilename(), PATHINFO_BASENAME)); |
||
133 | $this->mediaName = pathinfo($file->getFilename(), PATHINFO_FILENAME); |
||
134 | |||
135 | return $this; |
||
136 | } |
||
137 | |||
138 | throw UnknownType::create(); |
||
139 | } |
||
140 | |||
141 | public function preservingOriginal(): self |
||
142 | { |
||
143 | $this->preserveOriginal = true; |
||
144 | |||
145 | return $this; |
||
146 | } |
||
147 | |||
148 | public function usingName(string $name): self |
||
149 | { |
||
150 | return $this->setName($name); |
||
151 | } |
||
152 | |||
153 | public function setName(string $name): self |
||
154 | { |
||
155 | $this->mediaName = $name; |
||
156 | |||
157 | return $this; |
||
158 | } |
||
159 | |||
160 | public function usingFileName(string $fileName): self |
||
161 | { |
||
162 | return $this->setFileName($fileName); |
||
163 | } |
||
164 | |||
165 | public function setFileName(string $fileName): self |
||
166 | { |
||
167 | $this->fileName = $fileName; |
||
168 | |||
169 | return $this; |
||
170 | } |
||
171 | |||
172 | public function withCustomProperties(array $customProperties): self |
||
173 | { |
||
174 | $this->customProperties = $customProperties; |
||
175 | |||
176 | return $this; |
||
177 | } |
||
178 | |||
179 | public function withManipulations(array $manipulations): self |
||
180 | { |
||
181 | $this->manipulations = $manipulations; |
||
182 | |||
183 | return $this; |
||
184 | } |
||
185 | |||
186 | public function withProperties(array $properties): self |
||
187 | { |
||
188 | $this->properties = $properties; |
||
189 | |||
190 | return $this; |
||
191 | } |
||
192 | |||
193 | public function withAttributes(array $properties): self |
||
194 | { |
||
195 | return $this->withProperties($properties); |
||
196 | } |
||
197 | |||
198 | public function withResponsiveImages(): self |
||
199 | { |
||
200 | $this->generateResponsiveImages = true; |
||
201 | |||
202 | return $this; |
||
203 | } |
||
204 | |||
205 | public function addCustomHeaders(array $customRemoteHeaders): self |
||
206 | { |
||
207 | $this->customHeaders = $customRemoteHeaders; |
||
208 | |||
209 | $this->filesystem->addCustomRemoteHeaders($customRemoteHeaders); |
||
210 | |||
211 | return $this; |
||
212 | } |
||
213 | |||
214 | public function toMediaCollectionOnCloudDisk(string $collectionName = 'default'): Media |
||
215 | { |
||
216 | return $this->toMediaCollection($collectionName, config('filesystems.cloud')); |
||
217 | } |
||
218 | |||
219 | public function toMediaCollectionFromRemote(string $collectionName = 'default', string $diskName = ''): Media |
||
220 | { |
||
221 | $storage = Storage::disk($this->file->getDisk()); |
||
0 ignored issues
–
show
|
|||
222 | |||
223 | if (! $storage->exists($this->pathToFile)) { |
||
224 | throw FileDoesNotExist::create($this->pathToFile); |
||
225 | } |
||
226 | |||
227 | if ($storage->size($this->pathToFile) > config('medialibrary.max_file_size')) { |
||
228 | throw FileIsTooBig::create($this->pathToFile, $storage->size($this->pathToFile)); |
||
229 | } |
||
230 | |||
231 | $mediaClass = config('medialibrary.media_model'); |
||
232 | /** @var \Spatie\MediaLibrary\Models\Media $media */ |
||
233 | $media = new $mediaClass(); |
||
234 | |||
235 | $media->name = $this->mediaName; |
||
236 | |||
237 | $this->fileName = ($this->fileNameSanitizer)($this->fileName); |
||
238 | |||
239 | $media->file_name = $this->fileName; |
||
240 | |||
241 | $media->disk = $this->determineDiskName($diskName, $collectionName); |
||
242 | |||
243 | if (is_null(config("filesystems.disks.{$media->disk}"))) { |
||
244 | throw DiskDoesNotExist::create($media->disk); |
||
245 | } |
||
246 | |||
247 | $media->collection_name = $collectionName; |
||
248 | |||
249 | $media->mime_type = $storage->mimeType($this->pathToFile); |
||
250 | $media->size = $storage->size($this->pathToFile); |
||
251 | $media->custom_properties = $this->customProperties; |
||
252 | |||
253 | $media->responsive_images = []; |
||
254 | |||
255 | $media->manipulations = $this->manipulations; |
||
256 | |||
257 | if (filled($this->customHeaders)) { |
||
258 | $media->setCustomHeaders($this->customHeaders); |
||
259 | } |
||
260 | |||
261 | $media->fill($this->properties); |
||
262 | |||
263 | $this->attachMedia($media); |
||
264 | |||
265 | return $media; |
||
266 | } |
||
267 | |||
268 | public function toMediaCollection(string $collectionName = 'default', string $diskName = ''): Media |
||
269 | { |
||
270 | if ($this->file instanceof RemoteFile) { |
||
271 | return $this->toMediaCollectionFromRemote($collectionName, $diskName); |
||
272 | } |
||
273 | |||
274 | if (! is_file($this->pathToFile)) { |
||
275 | throw FileDoesNotExist::create($this->pathToFile); |
||
276 | } |
||
277 | |||
278 | if (filesize($this->pathToFile) > config('medialibrary.max_file_size')) { |
||
279 | throw FileIsTooBig::create($this->pathToFile); |
||
280 | } |
||
281 | |||
282 | $mediaClass = config('medialibrary.media_model'); |
||
283 | /** @var \Spatie\MediaLibrary\Models\Media $media */ |
||
284 | $media = new $mediaClass(); |
||
285 | |||
286 | $media->name = $this->mediaName; |
||
287 | |||
288 | $this->fileName = ($this->fileNameSanitizer)($this->fileName); |
||
289 | |||
290 | $media->file_name = $this->fileName; |
||
291 | |||
292 | $media->disk = $this->determineDiskName($diskName, $collectionName); |
||
293 | |||
294 | if (is_null(config("filesystems.disks.{$media->disk}"))) { |
||
295 | throw DiskDoesNotExist::create($media->disk); |
||
296 | } |
||
297 | |||
298 | $media->collection_name = $collectionName; |
||
299 | |||
300 | $media->mime_type = File::getMimetype($this->pathToFile); |
||
301 | $media->size = filesize($this->pathToFile); |
||
302 | $media->custom_properties = $this->customProperties; |
||
303 | |||
304 | $media->responsive_images = []; |
||
305 | |||
306 | $media->manipulations = $this->manipulations; |
||
307 | |||
308 | if (filled($this->customHeaders)) { |
||
309 | $media->setCustomHeaders($this->customHeaders); |
||
310 | } |
||
311 | |||
312 | $media->fill($this->properties); |
||
313 | |||
314 | $this->attachMedia($media); |
||
315 | |||
316 | return $media; |
||
317 | } |
||
318 | |||
319 | protected function determineDiskName(string $diskName, string $collectionName): string |
||
320 | { |
||
321 | if ($diskName !== '') { |
||
322 | return $diskName; |
||
323 | } |
||
324 | |||
325 | if ($collection = $this->getMediaCollection($collectionName)) { |
||
326 | $collectionDiskName = $collection->diskName; |
||
327 | |||
328 | if ($collectionDiskName !== '') { |
||
329 | return $collectionDiskName; |
||
330 | } |
||
331 | } |
||
332 | |||
333 | return config('medialibrary.disk_name'); |
||
334 | } |
||
335 | |||
336 | public function defaultSanitizer(string $fileName): string |
||
337 | { |
||
338 | return str_replace(['#', '/', '\\', ' '], '-', $fileName); |
||
339 | } |
||
340 | |||
341 | public function sanitizingFileName(callable $fileNameSanitizer): self |
||
342 | { |
||
343 | $this->fileNameSanitizer = $fileNameSanitizer; |
||
344 | |||
345 | return $this; |
||
346 | } |
||
347 | |||
348 | protected function attachMedia(Media $media) |
||
349 | { |
||
350 | if (! $this->subject->exists) { |
||
351 | $this->subject->prepareToAttachMedia($media, $this); |
||
352 | |||
353 | $class = get_class($this->subject); |
||
354 | |||
355 | $class::created(function ($model) { |
||
356 | $model->processUnattachedMedia(function (Media $media, self $fileAdder) use ($model) { |
||
357 | $this->processMediaItem($model, $media, $fileAdder); |
||
358 | }); |
||
359 | }); |
||
360 | |||
361 | return; |
||
362 | } |
||
363 | |||
364 | $this->processMediaItem($this->subject, $media, $this); |
||
0 ignored issues
–
show
$this is of type this<Spatie\MediaLibrary\FileAdder\FileAdder> , but the function expects a object<self> .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
365 | } |
||
366 | |||
367 | protected function processMediaItem(HasMedia $model, Media $media, self $fileAdder) |
||
368 | { |
||
369 | $this->guardAgainstDisallowedFileAdditions($media, $model); |
||
0 ignored issues
–
show
The call to
FileAdder::guardAgainstDisallowedFileAdditions() has too many arguments starting with $model .
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the
Loading history...
|
|||
370 | |||
371 | $this->checkGenerateResponsiveImages($media); |
||
372 | |||
373 | $model->media()->save($media); |
||
374 | |||
375 | if ($fileAdder->file instanceof RemoteFile) { |
||
376 | $this->filesystem->addRemote($fileAdder->file, $media, $fileAdder->fileName); |
||
377 | } else { |
||
378 | $this->filesystem->add($fileAdder->pathToFile, $media, $fileAdder->fileName); |
||
379 | } |
||
380 | |||
381 | if (! $fileAdder->preserveOriginal) { |
||
382 | if ($fileAdder->file instanceof RemoteFile) { |
||
383 | Storage::disk($fileAdder->file->getDisk())->delete($fileAdder->file->getKey()); |
||
384 | } else { |
||
385 | unlink($fileAdder->pathToFile); |
||
386 | } |
||
387 | } |
||
388 | |||
389 | if ($this->generateResponsiveImages && (new ImageGenerator())->canConvert($media)) { |
||
390 | $generateResponsiveImagesJobClass = config('medialibrary.jobs.generate_responsive_images', GenerateResponsiveImages::class); |
||
391 | |||
392 | $job = new $generateResponsiveImagesJobClass($media); |
||
393 | |||
394 | if ($customQueue = config('medialibrary.queue_name')) { |
||
395 | $job->onQueue($customQueue); |
||
396 | } |
||
397 | |||
398 | dispatch($job); |
||
399 | } |
||
400 | |||
401 | if ($collectionSizeLimit = optional($this->getMediaCollection($media->collection_name))->collectionSizeLimit) { |
||
402 | $collectionMedia = $this->subject->fresh()->getMedia($media->collection_name); |
||
403 | |||
404 | if ($collectionMedia->count() > $collectionSizeLimit) { |
||
405 | $model->clearMediaCollectionExcept($media->collection_name, $collectionMedia->reverse()->take($collectionSizeLimit)); |
||
406 | } |
||
407 | } |
||
408 | } |
||
409 | |||
410 | protected function getMediaCollection(string $collectionName): ?MediaCollection |
||
411 | { |
||
412 | $this->subject->registerMediaCollections(); |
||
413 | |||
414 | return collect($this->subject->mediaCollections) |
||
415 | ->first(function (MediaCollection $collection) use ($collectionName) { |
||
416 | return $collection->name === $collectionName; |
||
417 | }); |
||
418 | } |
||
419 | |||
420 | protected function guardAgainstDisallowedFileAdditions(Media $media) |
||
421 | { |
||
422 | $file = PendingFile::createFromMedia($media); |
||
423 | |||
424 | if (! $collection = $this->getMediaCollection($media->collection_name)) { |
||
425 | return; |
||
426 | } |
||
427 | |||
428 | if (! ($collection->acceptsFile)($file, $this->subject)) { |
||
429 | throw FileUnacceptableForCollection::create($file, $collection, $this->subject); |
||
430 | } |
||
431 | |||
432 | if (! empty($collection->acceptsMimeTypes) && ! in_array($file->mimeType, $collection->acceptsMimeTypes)) { |
||
433 | throw FileUnacceptableForCollection::create($file, $collection, $this->subject); |
||
434 | } |
||
435 | } |
||
436 | |||
437 | protected function checkGenerateResponsiveImages(Media $media) |
||
438 | { |
||
439 | $collection = optional($this->getMediaCollection($media->collection_name))->generateResponsiveImages; |
||
440 | |||
441 | if ($collection) { |
||
442 | $this->withResponsiveImages(); |
||
443 | } |
||
444 | } |
||
445 | } |
||
446 |
This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.
This is most likely a typographical error or the method has been renamed.