This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace AdminModule; |
||
4 | |||
5 | use Nette\Utils\Finder; |
||
6 | |||
7 | /** |
||
8 | * Filesystem presenter. |
||
9 | * @author Tomáš Voslař <tomas.voslar at webcook.cz> |
||
10 | * @package WebCMS2 |
||
11 | */ |
||
12 | class FilesystemPresenter extends \AdminModule\BasePresenter |
||
13 | { |
||
14 | const DESTINATION_BASE = './upload/'; |
||
15 | |||
16 | private $path; |
||
17 | |||
18 | /* @var \WebCMS\Helpers\ThumbnailCreator */ |
||
19 | private $thumbnailCreator; |
||
20 | |||
21 | 6 | protected function beforeRender() |
|
22 | { |
||
23 | 6 | parent::beforeRender(); |
|
24 | 6 | } |
|
25 | |||
26 | 10 | protected function startup() |
|
27 | { |
||
28 | 10 | parent::startup(); |
|
29 | |||
30 | 10 | $thumbnails = $this->em->getRepository('WebCMS\Entity\Thumbnail')->findAll(); |
|
31 | |||
32 | 10 | $this->thumbnailCreator = new \WebCMS\Helpers\ThumbnailCreator($this->settings, $thumbnails); |
|
33 | 10 | } |
|
34 | |||
35 | 7 | public function actionDefault($path) |
|
36 | { |
||
37 | 7 | if (!empty($path)) { |
|
38 | 2 | $this->path = self::DESTINATION_BASE.$path.'/'; |
|
39 | 2 | } else { |
|
40 | 5 | $this->path = self::DESTINATION_BASE; |
|
41 | } |
||
42 | 7 | } |
|
43 | |||
44 | 6 | public function renderDefault($path, $dialog, $multiple) |
|
45 | { |
||
46 | 5 | $finder = new \Nette\Utils\Finder(); |
|
47 | |||
48 | 5 | $files = iterator_to_array($finder->findFiles('*') |
|
49 | 5 | ->exclude('.htaccess') |
|
50 | 5 | ->in(realpath($this->path))); |
|
51 | 5 | $directories = iterator_to_array($finder->findDirectories('*')->in(realpath($this->path))); |
|
52 | |||
53 | 5 | $sortedDirs = []; |
|
54 | 4 | foreach ($directories as $name => $directory) { |
|
55 | 4 | $sortedDirs[filemtime($name)] = $directory; |
|
56 | 1 | } |
|
57 | krsort($sortedDirs); |
||
58 | |||
59 | 5 | $sortedFiles = []; |
|
60 | foreach ($files as $name => $file) { |
||
61 | 6 | $sortedFiles[filemtime($name)] = $file; |
|
62 | 5 | } |
|
63 | 5 | krsort($sortedFiles); |
|
64 | 5 | ||
65 | 6 | if (empty($dialog)) { |
|
66 | 6 | $this->reloadContent(); |
|
67 | 5 | } else { |
|
68 | $this->reloadModalContent(); |
||
69 | } |
||
70 | |||
71 | $this->path = str_replace(self::DESTINATION_BASE, '', $path).'/'; |
||
72 | 6 | ||
73 | 1 | $this->template->fsPath = $this->path; |
|
0 ignored issues
–
show
|
|||
74 | 6 | $this->template->backLink = $this->createBackLink($this->path); |
|
0 ignored issues
–
show
Accessing
backLink on the interface Nette\Templating\ITemplate suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
75 | $this->template->files = $sortedFiles; |
||
0 ignored issues
–
show
Accessing
files on the interface Nette\Templating\ITemplate suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
76 | 6 | $this->template->directories = $sortedDirs; |
|
0 ignored issues
–
show
Accessing
directories on the interface Nette\Templating\ITemplate suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
77 | 6 | $this->template->multiple = $multiple; |
|
0 ignored issues
–
show
Accessing
multiple on the interface Nette\Templating\ITemplate suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
78 | $this->template->maxUploadFileSize = $this->getMaxUploadFileSize(); |
||
0 ignored issues
–
show
Accessing
maxUploadFileSize on the interface Nette\Templating\ITemplate suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
79 | 6 | } |
|
80 | 6 | ||
81 | /** |
||
82 | 6 | * @param string $path |
|
83 | 6 | */ |
|
84 | 6 | private function createBackLink($path) |
|
85 | { |
||
86 | 6 | $exploded = explode('/', $path); |
|
87 | 1 | ||
88 | array_pop($exploded); |
||
89 | 1 | array_pop($exploded); |
|
90 | |||
91 | 1 | return implode("/", $exploded); |
|
92 | 1 | } |
|
93 | |||
94 | 1 | public function handleMakeDirectory($name) |
|
95 | 1 | { |
|
96 | 1 | @mkdir($this->path.\Nette\Utils\Strings::webalize($name)); |
|
97 | |||
98 | 1 | $this->flashMessage('Directory has been created.', 'success'); |
|
99 | 1 | } |
|
100 | 1 | ||
101 | public function handleUploadFile($path) |
||
102 | { |
||
103 | 1 | $files = $this->getRequest()->getFiles(); |
|
104 | $files = $files['file']; |
||
105 | 1 | ||
106 | 1 | foreach ($files as $file) { |
|
107 | $this->uploadSingleFile($file); |
||
108 | 1 | } |
|
109 | |||
110 | 1 | $this->reloadContent(); |
|
111 | 1 | $this->flashMessage($this->translation['File has been uploaded']); |
|
112 | 1 | $this->sendPayload(); |
|
113 | 1 | } |
|
114 | |||
115 | 1 | private function uploadSingleFile($file) |
|
116 | { |
||
117 | 1 | $filePath = $this->path.''.$file->getSanitizedName(); |
|
118 | 1 | $file->move($filePath); |
|
119 | |||
120 | $f = new \SplFileInfo($filePath); |
||
121 | 1 | ||
122 | 1 | if ($file->isImage()) { |
|
123 | $this->thumbnailCreator->createThumbnails($f->getBasename(), str_replace($f->getBasename(), '', $filePath)); |
||
124 | 1 | } |
|
125 | 1 | } |
|
126 | 1 | ||
127 | 1 | public function handleDeleteFile($pathToRemove) |
|
128 | { |
||
129 | $pathToRemove = self::DESTINATION_BASE.$pathToRemove; |
||
130 | 1 | if (is_file($pathToRemove)) { |
|
131 | 1 | // delete all thumbnails if this file is image |
|
132 | try { |
||
133 | 1 | if (getimagesize($pathToRemove)) { |
|
134 | 1 | $image = \Nette\Image::fromFile($pathToRemove); |
|
135 | 1 | ||
136 | 1 | $thumbs = $this->em->getRepository('WebCMS\Entity\Thumbnail')->findAll(); |
|
137 | foreach ($thumbs as $t) { |
||
138 | $file = pathinfo($pathToRemove); |
||
139 | $filename = $file['filename'].'.'.$file['extension']; |
||
140 | 1 | ||
141 | 1 | // $this->path contains symlinked path, that is not the right way @see handleRegenerateThumbnails() function for the fix |
|
142 | $toRemove = str_replace('upload', 'thumbnails', $pathToRemove); |
||
143 | 1 | $toRemove = str_replace($filename, $t->getKey().$filename, $toRemove); |
|
144 | |||
145 | unlink($toRemove); |
||
146 | } |
||
147 | } |
||
148 | 1 | } catch (UnknownImageFileException $exc) { |
|
0 ignored issues
–
show
The class
AdminModule\UnknownImageFileException does not exist. Did you forget a USE statement, or did you not list all dependencies?
Scrutinizer analyzes your It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis.
Loading history...
|
|||
149 | // image is not file, so there is nothing to do |
||
150 | 1 | } |
|
151 | |||
152 | unlink($pathToRemove); |
||
153 | 1 | } |
|
154 | |||
155 | 1 | if (is_dir($pathToRemove)) { |
|
156 | 1 | \WebCMS\Helpers\SystemHelper::rrmdir($pathToRemove); |
|
157 | \WebCMS\Helpers\SystemHelper::rrmdir(str_replace('upload', 'thumbnails', $pathToRemove)); |
||
158 | 1 | } |
|
159 | |||
160 | 1 | $this->flashMessage('File has been removed.', 'success'); |
|
161 | 1 | ||
162 | $this->forward('this'); |
||
163 | 1 | } |
|
164 | |||
165 | public function actionDownloadFile($path) |
||
166 | 2 | { |
|
167 | $file = pathinfo($path); |
||
168 | 2 | $filename = $file['filename'].'.'.$file['extension']; |
|
169 | |||
170 | $finfo = finfo_open(FILEINFO_MIME_TYPE); // return mime type ala mimetype extension |
||
171 | 2 | ||
172 | $path = self::DESTINATION_BASE.$path; |
||
173 | 2 | $mimeType = finfo_file($finfo, $path); |
|
174 | |||
175 | 1 | $this->sendResponse(new \Nette\Application\Responses\FileResponse($path, $filename, $mimeType)); |
|
176 | } |
||
177 | 1 | ||
178 | public function actionFilesDialog($path) |
||
179 | 1 | { |
|
180 | 1 | if (!empty($path)) { |
|
181 | $this->path = $path.'/'; |
||
182 | 1 | } else { |
|
183 | 1 | $this->path = realpath(self::DESTINATION_BASE).'/'; |
|
184 | 1 | } |
|
185 | 1 | } |
|
186 | 1 | ||
187 | public function renderFilesDialog() |
||
188 | 1 | { |
|
189 | $finder = new \Nette\Utils\Finder(); |
||
190 | 1 | ||
191 | $template = $this->createTemplate(); |
||
192 | $template->setFile($this->template->basePathModule.'AdminModule/templates/Filesystem/filesDialog.latte'); |
||
0 ignored issues
–
show
Accessing
basePathModule on the interface Nette\Templating\ITemplate suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
193 | 1 | ||
194 | $files = iterator_to_array($finder->findFiles('*') |
||
195 | 1 | ->exclude('.htaccess') |
|
196 | ->in($this->path)); |
||
197 | 1 | $directories = iterator_to_array($finder->findDirectories('*')->in($this->path)); |
|
198 | |||
199 | 1 | $sortedDirs = []; |
|
200 | foreach ($directories as $name => $directory) { |
||
201 | 1 | $sortedDirs[filemtime($name)] = $directory; |
|
202 | 1 | } |
|
203 | 1 | krsort($sortedDirs); |
|
204 | 1 | ||
205 | 1 | $sortedFiles = []; |
|
206 | foreach ($files as $name => $file) { |
||
207 | 1 | $sortedFiles[filemtime($name)] = $file; |
|
208 | } |
||
209 | 1 | ||
210 | $sortedFilesWithPath = []; |
||
211 | 1 | foreach ($sortedFiles as $file) { |
|
212 | 1 | $sortedFilesWithPath[$file->getPathname()] = $file; |
|
213 | 1 | } |
|
214 | |||
215 | 1 | $template->files = $sortedFilesWithPath; |
|
0 ignored issues
–
show
Accessing
files on the interface Nette\Templating\ITemplate suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
216 | 1 | $template->directories = $sortedDirs; |
|
0 ignored issues
–
show
Accessing
directories on the interface Nette\Templating\ITemplate suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
217 | $template->setTranslator($this->translator); |
||
218 | $template->registerHelperLoader('\WebCMS\Helpers\SystemHelper::loader'); |
||
219 | $template->backLink = strpos($this->createBackLink($this->path), self::DESTINATION_BASE) === false ? realpath(self::DESTINATION_BASE) : $this->createBackLink($this->path); |
||
0 ignored issues
–
show
Accessing
backLink on the interface Nette\Templating\ITemplate suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
220 | |||
221 | $template->render(); |
||
222 | |||
223 | $this->terminate(); |
||
224 | } |
||
225 | |||
226 | 5 | public function handleRegenerateThumbnails() |
|
227 | { |
||
228 | 5 | set_time_limit(0); |
|
229 | |||
230 | 5 | \WebCMS\Helpers\SystemHelper::rrmdir('thumbnails', true); |
|
231 | |||
232 | 1 | $timeStart = time(); |
|
233 | |||
234 | foreach (Finder::findFiles('*.jpg', '*.jpeg', '*.png', '*.gif')->from('upload') as $key => $file) { |
||
235 | if (file_exists($key) && @getimagesize($key)) { |
||
236 | 1 | $this->thumbnailCreator->createThumbnails($file->getBasename(), str_replace($file->getBasename(), '', $key)); |
|
237 | } |
||
238 | 1 | } |
|
239 | 1 | ||
240 | 1 | $timeOver = time(); |
|
241 | 1 | ||
242 | 5 | $seconds = $timeOver - $timeStart; |
|
243 | |||
244 | $hours = floor($seconds / 3600); |
||
245 | $mins = floor(($seconds - ($hours * 3600)) / 60); |
||
246 | $secs = floor($seconds % 60); |
||
247 | // TODO log spent time |
||
248 | $this->flashMessage('Thumbnails has been regenerated by recent settings.', 'success'); |
||
249 | $this->forward('default'); |
||
250 | } |
||
251 | |||
252 | 1 | /** |
|
253 | * Get the maximal file upload size from the environment variables. |
||
254 | 1 | * |
|
255 | 1 | * @author Taken from the Drupal.org project |
|
256 | 1 | * @license GPL 2 |
|
257 | * @return int |
||
258 | 1 | */ |
|
259 | public function getMaxUploadFileSize() |
||
260 | { |
||
261 | static $max_size = -1; |
||
262 | |||
263 | if ($max_size < 0) { |
||
264 | // Start with post_max_size. |
||
265 | $max_size = $this->parseFileSize(ini_get('post_max_size')); |
||
266 | |||
267 | // If upload_max_size is less, then reduce. Except if upload_max_size is |
||
268 | // zero, which indicates no limit. |
||
269 | $upload_max = $this->parseFileSize(ini_get('upload_max_filesize')); |
||
270 | |||
271 | if ($upload_max > 0 && $upload_max < $max_size) { |
||
272 | $max_size = $upload_max; |
||
273 | } |
||
274 | } |
||
275 | return $max_size; |
||
276 | } |
||
277 | |||
278 | /** |
||
279 | * Parse file size. |
||
280 | * |
||
281 | * @author Taken from the Drupal.org project |
||
282 | * @license GPL 2 |
||
283 | * @return int |
||
284 | */ |
||
285 | public function parseFileSize($size) |
||
286 | { |
||
287 | $unit = preg_replace('/[^bkmgtpezy]/i', '', $size); // Remove the non-unit characters from the size. |
||
288 | $size = preg_replace('/[^0-9\.]/', '', $size); // Remove the non-numeric characters from the size. |
||
289 | if ($unit) { |
||
290 | // Find the position of the unit in the ordered string which is the power of magnitude to multiply a kilobyte by. |
||
291 | return round($size * pow(1024, stripos('bkmgtpezy', $unit[0]))); |
||
292 | } else { |
||
293 | return round($size); |
||
294 | } |
||
295 | } |
||
296 | |||
297 | } |
||
298 |
If you access a property on an interface, you most likely code against a concrete implementation of the interface.
Available Fixes
Adding an additional type check:
Changing the type hint: