This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Spatie\MediaLibrary\FileAdder; |
||
4 | |||
5 | use Illuminate\Database\Eloquent\Model; |
||
6 | use Illuminate\Support\Facades\Storage; |
||
7 | use Illuminate\Support\Traits\Macroable; |
||
8 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\DiskDoesNotExist; |
||
9 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\FileDoesNotExist; |
||
10 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\FileIsTooBig; |
||
11 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\FileUnacceptableForCollection; |
||
12 | use Spatie\MediaLibrary\Exceptions\FileCannotBeAdded\UnknownType; |
||
13 | use Spatie\MediaLibrary\File as PendingFile; |
||
14 | use Spatie\MediaLibrary\Filesystem\Filesystem; |
||
15 | use Spatie\MediaLibrary\HasMedia\HasMedia; |
||
16 | use Spatie\MediaLibrary\Helpers\File; |
||
17 | use Spatie\MediaLibrary\Helpers\RemoteFile; |
||
18 | use Spatie\MediaLibrary\ImageGenerators\FileTypes\Image as ImageGenerator; |
||
19 | use Spatie\MediaLibrary\Jobs\GenerateResponsiveImages; |
||
20 | use Spatie\MediaLibrary\MediaCollection\MediaCollection; |
||
21 | use Spatie\MediaLibrary\Models\Media; |
||
22 | use Symfony\Component\HttpFoundation\File\File as SymfonyFile; |
||
23 | use Symfony\Component\HttpFoundation\File\UploadedFile; |
||
24 | |||
25 | class FileAdder |
||
26 | { |
||
27 | use Macroable; |
||
28 | |||
29 | /** @var \Illuminate\Database\Eloquent\Model subject */ |
||
30 | protected $subject; |
||
31 | |||
32 | /** @var \Spatie\MediaLibrary\Filesystem\Filesystem */ |
||
33 | protected $filesystem; |
||
34 | |||
35 | /** @var bool */ |
||
36 | protected $preserveOriginal = false; |
||
37 | |||
38 | /** @var string|\Symfony\Component\HttpFoundation\File\UploadedFile */ |
||
39 | protected $file; |
||
40 | |||
41 | /** @var array */ |
||
42 | protected $properties = []; |
||
43 | |||
44 | /** @var array */ |
||
45 | protected $customProperties = []; |
||
46 | |||
47 | /** @var array */ |
||
48 | protected $manipulations = []; |
||
49 | |||
50 | /** @var string */ |
||
51 | protected $pathToFile; |
||
52 | |||
53 | /** @var string */ |
||
54 | protected $fileName; |
||
55 | |||
56 | /** @var string */ |
||
57 | protected $mediaName; |
||
58 | |||
59 | /** @var string */ |
||
60 | protected $diskName = ''; |
||
61 | |||
62 | /** @var null|callable */ |
||
63 | protected $fileNameSanitizer; |
||
64 | |||
65 | /** @var bool */ |
||
66 | protected $generateResponsiveImages = false; |
||
67 | |||
68 | /** @var array */ |
||
69 | protected $customHeaders = []; |
||
70 | |||
71 | /** |
||
72 | * @param Filesystem $fileSystem |
||
73 | */ |
||
74 | public function __construct(Filesystem $fileSystem) |
||
75 | { |
||
76 | $this->filesystem = $fileSystem; |
||
77 | |||
78 | $this->fileNameSanitizer = function ($fileName) { |
||
79 | return $this->defaultSanitizer($fileName); |
||
80 | }; |
||
81 | } |
||
82 | |||
83 | /** |
||
84 | * @param \Illuminate\Database\Eloquent\Model $subject |
||
85 | * |
||
86 | * @return FileAdder |
||
87 | */ |
||
88 | public function setSubject(Model $subject) |
||
89 | { |
||
90 | $this->subject = $subject; |
||
91 | |||
92 | return $this; |
||
93 | } |
||
94 | |||
95 | /* |
||
96 | * Set the file that needs to be imported. |
||
97 | * |
||
98 | * @param string|\Symfony\Component\HttpFoundation\File\UploadedFile $file |
||
99 | * |
||
100 | * @return $this |
||
101 | */ |
||
102 | public function setFile($file): self |
||
103 | { |
||
104 | $this->file = $file; |
||
105 | |||
106 | if (is_string($file)) { |
||
107 | $this->pathToFile = $file; |
||
108 | $this->setFileName(pathinfo($file, PATHINFO_BASENAME)); |
||
109 | $this->mediaName = pathinfo($file, PATHINFO_FILENAME); |
||
110 | |||
111 | return $this; |
||
112 | } |
||
113 | |||
114 | if ($file instanceof RemoteFile) { |
||
115 | $this->pathToFile = $file->getKey(); |
||
116 | $this->setFileName($file->getFilename()); |
||
117 | $this->mediaName = $file->getName(); |
||
118 | |||
119 | return $this; |
||
120 | } |
||
121 | |||
122 | if ($file instanceof UploadedFile) { |
||
123 | $this->pathToFile = $file->getPath().'/'.$file->getFilename(); |
||
124 | $this->setFileName($file->getClientOriginalName()); |
||
125 | $this->mediaName = pathinfo($file->getClientOriginalName(), PATHINFO_FILENAME); |
||
126 | |||
127 | return $this; |
||
128 | } |
||
129 | |||
130 | if ($file instanceof SymfonyFile) { |
||
131 | $this->pathToFile = $file->getPath().'/'.$file->getFilename(); |
||
132 | $this->setFileName(pathinfo($file->getFilename(), PATHINFO_BASENAME)); |
||
133 | $this->mediaName = pathinfo($file->getFilename(), PATHINFO_FILENAME); |
||
134 | |||
135 | return $this; |
||
136 | } |
||
137 | |||
138 | throw UnknownType::create(); |
||
139 | } |
||
140 | |||
141 | public function preservingOriginal(): self |
||
142 | { |
||
143 | $this->preserveOriginal = true; |
||
144 | |||
145 | return $this; |
||
146 | } |
||
147 | |||
148 | public function usingName(string $name): self |
||
149 | { |
||
150 | return $this->setName($name); |
||
151 | } |
||
152 | |||
153 | public function setName(string $name): self |
||
154 | { |
||
155 | $this->mediaName = $name; |
||
156 | |||
157 | return $this; |
||
158 | } |
||
159 | |||
160 | public function usingFileName(string $fileName): self |
||
161 | { |
||
162 | return $this->setFileName($fileName); |
||
163 | } |
||
164 | |||
165 | public function setFileName(string $fileName): self |
||
166 | { |
||
167 | $this->fileName = $fileName; |
||
168 | |||
169 | return $this; |
||
170 | } |
||
171 | |||
172 | public function withCustomProperties(array $customProperties): self |
||
173 | { |
||
174 | $this->customProperties = $customProperties; |
||
175 | |||
176 | return $this; |
||
177 | } |
||
178 | |||
179 | public function withManipulations(array $manipulations): self |
||
180 | { |
||
181 | $this->manipulations = $manipulations; |
||
182 | |||
183 | return $this; |
||
184 | } |
||
185 | |||
186 | public function withProperties(array $properties): self |
||
187 | { |
||
188 | $this->properties = $properties; |
||
189 | |||
190 | return $this; |
||
191 | } |
||
192 | |||
193 | public function withAttributes(array $properties): self |
||
194 | { |
||
195 | return $this->withProperties($properties); |
||
196 | } |
||
197 | |||
198 | public function withResponsiveImages(): self |
||
199 | { |
||
200 | $this->generateResponsiveImages = true; |
||
201 | |||
202 | return $this; |
||
203 | } |
||
204 | |||
205 | public function addCustomHeaders(array $customRemoteHeaders): self |
||
206 | { |
||
207 | $this->customHeaders = $customRemoteHeaders; |
||
208 | |||
209 | $this->filesystem->addCustomRemoteHeaders($customRemoteHeaders); |
||
210 | |||
211 | return $this; |
||
212 | } |
||
213 | |||
214 | public function toMediaCollectionOnCloudDisk(string $collectionName = 'default'): Media |
||
215 | { |
||
216 | return $this->toMediaCollection($collectionName, config('filesystems.cloud')); |
||
217 | } |
||
218 | |||
219 | public function toMediaCollectionFromRemote(string $collectionName = 'default', string $diskName = ''): Media |
||
220 | { |
||
221 | $storage = Storage::disk($this->file->getDisk()); |
||
0 ignored issues
–
show
|
|||
222 | |||
223 | if (! $storage->exists($this->pathToFile)) { |
||
224 | throw FileDoesNotExist::create($this->pathToFile); |
||
225 | } |
||
226 | |||
227 | if ($storage->size($this->pathToFile) > config('medialibrary.max_file_size')) { |
||
228 | throw FileIsTooBig::create($this->pathToFile, $storage->size($this->pathToFile)); |
||
229 | } |
||
230 | |||
231 | $mediaClass = config('medialibrary.media_model'); |
||
232 | /** @var \Spatie\MediaLibrary\Models\Media $media */ |
||
233 | $media = new $mediaClass(); |
||
234 | |||
235 | $media->name = $this->mediaName; |
||
236 | |||
237 | $this->fileName = ($this->fileNameSanitizer)($this->fileName); |
||
238 | |||
239 | $media->file_name = $this->fileName; |
||
240 | |||
241 | $media->disk = $this->determineDiskName($diskName, $collectionName); |
||
242 | |||
243 | if (is_null(config("filesystems.disks.{$media->disk}"))) { |
||
244 | throw DiskDoesNotExist::create($media->disk); |
||
245 | } |
||
246 | |||
247 | $media->collection_name = $collectionName; |
||
248 | |||
249 | $media->mime_type = $storage->mimeType($this->pathToFile); |
||
250 | $media->size = $storage->size($this->pathToFile); |
||
251 | $media->custom_properties = $this->customProperties; |
||
252 | |||
253 | $media->responsive_images = []; |
||
254 | |||
255 | $media->manipulations = $this->manipulations; |
||
256 | |||
257 | if (filled($this->customHeaders)) { |
||
258 | $media->setCustomHeaders($this->customHeaders); |
||
259 | } |
||
260 | |||
261 | $media->fill($this->properties); |
||
262 | |||
263 | $this->attachMedia($media); |
||
264 | |||
265 | return $media; |
||
266 | } |
||
267 | |||
268 | public function toMediaCollection(string $collectionName = 'default', string $diskName = ''): Media |
||
269 | { |
||
270 | if ($this->file instanceof RemoteFile) { |
||
271 | return $this->toMediaCollectionFromRemote($collectionName, $diskName); |
||
272 | } |
||
273 | |||
274 | if (! is_file($this->pathToFile)) { |
||
275 | throw FileDoesNotExist::create($this->pathToFile); |
||
276 | } |
||
277 | |||
278 | if (filesize($this->pathToFile) > config('medialibrary.max_file_size')) { |
||
279 | throw FileIsTooBig::create($this->pathToFile); |
||
280 | } |
||
281 | |||
282 | $mediaClass = config('medialibrary.media_model'); |
||
283 | /** @var \Spatie\MediaLibrary\Models\Media $media */ |
||
284 | $media = new $mediaClass(); |
||
285 | |||
286 | $media->name = $this->mediaName; |
||
287 | |||
288 | $this->fileName = ($this->fileNameSanitizer)($this->fileName); |
||
289 | |||
290 | $media->file_name = $this->fileName; |
||
291 | |||
292 | $media->disk = $this->determineDiskName($diskName, $collectionName); |
||
293 | |||
294 | if (is_null(config("filesystems.disks.{$media->disk}"))) { |
||
295 | throw DiskDoesNotExist::create($media->disk); |
||
296 | } |
||
297 | |||
298 | $media->collection_name = $collectionName; |
||
299 | |||
300 | $media->mime_type = File::getMimetype($this->pathToFile); |
||
301 | $media->size = filesize($this->pathToFile); |
||
302 | $media->custom_properties = $this->customProperties; |
||
303 | |||
304 | $media->responsive_images = []; |
||
305 | |||
306 | $media->manipulations = $this->manipulations; |
||
307 | |||
308 | if (filled($this->customHeaders)) { |
||
309 | $media->setCustomHeaders($this->customHeaders); |
||
310 | } |
||
311 | |||
312 | $media->fill($this->properties); |
||
313 | |||
314 | $this->attachMedia($media); |
||
315 | |||
316 | return $media; |
||
317 | } |
||
318 | |||
319 | protected function determineDiskName(string $diskName, string $collectionName): string |
||
320 | { |
||
321 | if ($diskName !== '') { |
||
322 | return $diskName; |
||
323 | } |
||
324 | |||
325 | if ($collection = $this->getMediaCollection($collectionName)) { |
||
326 | $collectionDiskName = $collection->diskName; |
||
327 | |||
328 | if ($collectionDiskName !== '') { |
||
329 | return $collectionDiskName; |
||
330 | } |
||
331 | } |
||
332 | |||
333 | return config('medialibrary.disk_name'); |
||
334 | } |
||
335 | |||
336 | public function defaultSanitizer(string $fileName): string |
||
337 | { |
||
338 | return str_replace(['#', '/', '\\', ' '], '-', $fileName); |
||
339 | } |
||
340 | |||
341 | public function sanitizingFileName(callable $fileNameSanitizer): self |
||
342 | { |
||
343 | $this->fileNameSanitizer = $fileNameSanitizer; |
||
344 | |||
345 | return $this; |
||
346 | } |
||
347 | |||
348 | protected function attachMedia(Media $media) |
||
349 | { |
||
350 | if (! $this->subject->exists) { |
||
351 | $this->subject->prepareToAttachMedia($media, $this); |
||
352 | |||
353 | $class = get_class($this->subject); |
||
354 | |||
355 | $class::created(function ($model) { |
||
356 | $model->processUnattachedMedia(function (Media $media, self $fileAdder) use ($model) { |
||
357 | $this->processMediaItem($model, $media, $fileAdder); |
||
358 | }); |
||
359 | }); |
||
360 | |||
361 | return; |
||
362 | } |
||
363 | |||
364 | $this->processMediaItem($this->subject, $media, $this); |
||
365 | } |
||
366 | |||
367 | protected function processMediaItem(HasMedia $model, Media $media, self $fileAdder) |
||
368 | { |
||
369 | $this->guardAgainstDisallowedFileAdditions($media, $model); |
||
370 | |||
371 | $this->checkGenerateResponsiveImages($media); |
||
372 | |||
373 | $model->media()->save($media); |
||
374 | |||
375 | if ($fileAdder->file instanceof RemoteFile) { |
||
376 | $this->filesystem->addRemote($fileAdder->file, $media, $fileAdder->fileName); |
||
377 | } else { |
||
378 | $this->filesystem->add($fileAdder->pathToFile, $media, $fileAdder->fileName); |
||
379 | } |
||
380 | |||
381 | if (! $fileAdder->preserveOriginal) { |
||
382 | if ($fileAdder->file instanceof RemoteFile) { |
||
383 | Storage::disk($fileAdder->file->getDisk())->delete($fileAdder->file->getKey()); |
||
384 | } else { |
||
385 | unlink($fileAdder->pathToFile); |
||
386 | } |
||
387 | } |
||
388 | |||
389 | if ($this->generateResponsiveImages && (new ImageGenerator())->canConvert($media)) { |
||
390 | $generateResponsiveImagesJobClass = config('medialibrary.jobs.generate_responsive_images', GenerateResponsiveImages::class); |
||
391 | |||
392 | $job = new $generateResponsiveImagesJobClass($media); |
||
393 | |||
394 | if ($customQueue = config('medialibrary.queue_name')) { |
||
395 | $job->onQueue($customQueue); |
||
396 | } |
||
397 | |||
398 | dispatch($job); |
||
399 | } |
||
400 | |||
401 | if ($collectionSizeLimit = optional($this->getMediaCollection($media->collection_name))->collectionSizeLimit) { |
||
402 | $collectionMedia = $this->subject->fresh()->getMedia($media->collection_name); |
||
403 | |||
404 | if ($collectionMedia->count() > $collectionSizeLimit) { |
||
405 | $model->clearMediaCollectionExcept($media->collection_name, $collectionMedia->reverse()->take($collectionSizeLimit)); |
||
406 | } |
||
407 | } |
||
408 | } |
||
409 | |||
410 | protected function getMediaCollection(string $collectionName): ?MediaCollection |
||
411 | { |
||
412 | $this->subject->registerMediaCollections(); |
||
413 | |||
414 | return collect($this->subject->mediaCollections) |
||
415 | ->first(function (MediaCollection $collection) use ($collectionName) { |
||
416 | return $collection->name === $collectionName; |
||
417 | }); |
||
418 | } |
||
419 | |||
420 | protected function guardAgainstDisallowedFileAdditions(Media $media) |
||
421 | { |
||
422 | $file = PendingFile::createFromMedia($media); |
||
423 | |||
424 | if (! $collection = $this->getMediaCollection($media->collection_name)) { |
||
425 | return; |
||
426 | } |
||
427 | |||
428 | if (! ($collection->acceptsFile)($file, $this->subject)) { |
||
429 | throw FileUnacceptableForCollection::create($file, $collection, $this->subject); |
||
430 | } |
||
431 | |||
432 | if (! empty($collection->acceptsMimeTypes) && ! in_array($file->mimeType, $collection->acceptsMimeTypes)) { |
||
433 | throw FileUnacceptableForCollection::create($file, $collection, $this->subject); |
||
434 | } |
||
435 | } |
||
436 | |||
437 | protected function checkGenerateResponsiveImages(Media $media) |
||
438 | { |
||
439 | $collection = optional($this->getMediaCollection($media->collection_name))->generateResponsiveImages; |
||
440 | |||
441 | if ($collection) { |
||
442 | $this->withResponsiveImages(); |
||
443 | } |
||
444 | } |
||
445 | } |
||
446 |
This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.
This is most likely a typographical error or the method has been renamed.