summaryrefslogtreecommitdiffstats
path: root/system/libraries/Upload.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries/Upload.php')
-rw-r--r--system/libraries/Upload.php1046
1 files changed, 619 insertions, 427 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index c188c39bc..b37cc2f59 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -1,19 +1,41 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP
*
- * @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
- * @license http://codeigniter.com/user_guide/license.html
- * @link http://codeigniter.com
- * @since Version 1.0
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package CodeIgniter
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
+ * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
+ * @license http://opensource.org/licenses/MIT MIT License
+ * @link https://codeigniter.com
+ * @since Version 1.0.0
* @filesource
*/
-
-// ------------------------------------------------------------------------
+defined('BASEPATH') OR exit('No direct script access allowed');
/**
* File Uploading Class
@@ -21,52 +43,260 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Uploads
- * @author ExpressionEngine Dev Team
- * @link http://codeigniter.com/user_guide/libraries/file_uploading.html
+ * @author EllisLab Dev Team
+ * @link https://codeigniter.com/user_guide/libraries/file_uploading.html
*/
class CI_Upload {
- public $max_size = 0;
- public $max_width = 0;
- public $max_height = 0;
- public $max_filename = 0;
- public $allowed_types = "";
- public $file_temp = "";
- public $file_name = "";
- public $orig_name = "";
- public $file_type = "";
- public $file_size = "";
- public $file_ext = "";
- public $upload_path = "";
- public $overwrite = FALSE;
- public $encrypt_name = FALSE;
- public $is_image = FALSE;
- public $image_width = '';
- public $image_height = '';
- public $image_type = '';
- public $image_size_str = '';
- public $error_msg = array();
- public $mimes = array();
- public $remove_spaces = TRUE;
- public $xss_clean = FALSE;
- public $temp_prefix = "temp_file_";
- public $client_name = '';
-
- protected $_file_name_override = '';
+ /**
+ * Maximum file size
+ *
+ * @var int
+ */
+ public $max_size = 0;
+
+ /**
+ * Maximum image width
+ *
+ * @var int
+ */
+ public $max_width = 0;
+
+ /**
+ * Maximum image height
+ *
+ * @var int
+ */
+ public $max_height = 0;
+
+ /**
+ * Minimum image width
+ *
+ * @var int
+ */
+ public $min_width = 0;
+
+ /**
+ * Minimum image height
+ *
+ * @var int
+ */
+ public $min_height = 0;
+
+ /**
+ * Maximum filename length
+ *
+ * @var int
+ */
+ public $max_filename = 0;
+
+ /**
+ * Maximum duplicate filename increment ID
+ *
+ * @var int
+ */
+ public $max_filename_increment = 100;
+
+ /**
+ * Allowed file types
+ *
+ * @var string
+ */
+ public $allowed_types = '';
+
+ /**
+ * Temporary filename
+ *
+ * @var string
+ */
+ public $file_temp = '';
+
+ /**
+ * Filename
+ *
+ * @var string
+ */
+ public $file_name = '';
+
+ /**
+ * Original filename
+ *
+ * @var string
+ */
+ public $orig_name = '';
+
+ /**
+ * File type
+ *
+ * @var string
+ */
+ public $file_type = '';
+
+ /**
+ * File size
+ *
+ * @var int
+ */
+ public $file_size = NULL;
+
+ /**
+ * Filename extension
+ *
+ * @var string
+ */
+ public $file_ext = '';
+
+ /**
+ * Force filename extension to lowercase
+ *
+ * @var string
+ */
+ public $file_ext_tolower = FALSE;
+
+ /**
+ * Upload path
+ *
+ * @var string
+ */
+ public $upload_path = '';
+
+ /**
+ * Overwrite flag
+ *
+ * @var bool
+ */
+ public $overwrite = FALSE;
+
+ /**
+ * Obfuscate filename flag
+ *
+ * @var bool
+ */
+ public $encrypt_name = FALSE;
+
+ /**
+ * Is image flag
+ *
+ * @var bool
+ */
+ public $is_image = FALSE;
+
+ /**
+ * Image width
+ *
+ * @var int
+ */
+ public $image_width = NULL;
+
+ /**
+ * Image height
+ *
+ * @var int
+ */
+ public $image_height = NULL;
+
+ /**
+ * Image type
+ *
+ * @var string
+ */
+ public $image_type = '';
+
+ /**
+ * Image size string
+ *
+ * @var string
+ */
+ public $image_size_str = '';
+
+ /**
+ * Error messages list
+ *
+ * @var array
+ */
+ public $error_msg = array();
+
+ /**
+ * Remove spaces flag
+ *
+ * @var bool
+ */
+ public $remove_spaces = TRUE;
+
+ /**
+ * MIME detection flag
+ *
+ * @var bool
+ */
+ public $detect_mime = TRUE;
+
+ /**
+ * XSS filter flag
+ *
+ * @var bool
+ */
+ public $xss_clean = FALSE;
+
+ /**
+ * Apache mod_mime fix flag
+ *
+ * @var bool
+ */
+ public $mod_mime_fix = TRUE;
+
+ /**
+ * Temporary filename prefix
+ *
+ * @var string
+ */
+ public $temp_prefix = 'temp_file_';
+
+ /**
+ * Filename sent by the client
+ *
+ * @var bool
+ */
+ public $client_name = '';
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Filename override
+ *
+ * @var string
+ */
+ protected $_file_name_override = '';
+
+ /**
+ * MIME types list
+ *
+ * @var array
+ */
+ protected $_mimes = array();
+
+ /**
+ * CI Singleton
+ *
+ * @var object
+ */
+ protected $_CI;
+
+ // --------------------------------------------------------------------
/**
* Constructor
*
- * @access public
+ * @param array $config
+ * @return void
*/
- public function __construct($props = array())
+ public function __construct($config = array())
{
- if (count($props) > 0)
- {
- $this->initialize($props);
- }
+ empty($config) OR $this->initialize($config, FALSE);
- log_message('debug', "Upload Class Initialized");
+ $this->_mimes =& get_mimes();
+ $this->_CI =& get_instance();
+
+ log_message('info', 'Upload Class Initialized');
}
// --------------------------------------------------------------------
@@ -74,63 +304,63 @@ class CI_Upload {
/**
* Initialize preferences
*
- * @param array
- * @return void
+ * @param array $config
+ * @param bool $reset
+ * @return CI_Upload
*/
- public function initialize($config = array())
+ public function initialize(array $config = array(), $reset = TRUE)
{
- $defaults = array(
- 'max_size' => 0,
- 'max_width' => 0,
- 'max_height' => 0,
- 'max_filename' => 0,
- 'allowed_types' => "",
- 'file_temp' => "",
- 'file_name' => "",
- 'orig_name' => "",
- 'file_type' => "",
- 'file_size' => "",
- 'file_ext' => "",
- 'upload_path' => "",
- 'overwrite' => FALSE,
- 'encrypt_name' => FALSE,
- 'is_image' => FALSE,
- 'image_width' => '',
- 'image_height' => '',
- 'image_type' => '',
- 'image_size_str' => '',
- 'error_msg' => array(),
- 'mimes' => array(),
- 'remove_spaces' => TRUE,
- 'xss_clean' => FALSE,
- 'temp_prefix' => "temp_file_",
- 'client_name' => ''
- );
-
-
- foreach ($defaults as $key => $val)
+ $reflection = new ReflectionClass($this);
+
+ if ($reset === TRUE)
{
- if (isset($config[$key]))
+ $defaults = $reflection->getDefaultProperties();
+ foreach (array_keys($defaults) as $key)
{
- $method = 'set_'.$key;
- if (method_exists($this, $method))
+ if ($key[0] === '_')
{
- $this->$method($config[$key]);
+ continue;
+ }
+
+ if (isset($config[$key]))
+ {
+ if ($reflection->hasMethod('set_'.$key))
+ {
+ $this->{'set_'.$key}($config[$key]);
+ }
+ else
+ {
+ $this->$key = $config[$key];
+ }
}
else
{
- $this->$key = $config[$key];
+ $this->$key = $defaults[$key];
}
}
- else
+ }
+ else
+ {
+ foreach ($config as $key => &$value)
{
- $this->$key = $val;
+ if ($key[0] !== '_' && $reflection->hasProperty($key))
+ {
+ if ($reflection->hasMethod('set_'.$key))
+ {
+ $this->{'set_'.$key}($value);
+ }
+ else
+ {
+ $this->$key = $value;
+ }
+ }
}
}
// if a file_name was provided in the config, use it instead of the user input
// supplied file name for all uploads until initialized again
$this->_file_name_override = $this->file_name;
+ return $this;
}
// --------------------------------------------------------------------
@@ -138,15 +368,36 @@ class CI_Upload {
/**
* Perform the file upload
*
+ * @param string $field
* @return bool
*/
public function do_upload($field = 'userfile')
{
+ // Is $_FILES[$field] set? If not, no reason to continue.
+ if (isset($_FILES[$field]))
+ {
+ $_file = $_FILES[$field];
+ }
+ // Does the field name contain array notation?
+ elseif (($c = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $field, $matches)) > 1)
+ {
+ $_file = $_FILES;
+ for ($i = 0; $i < $c; $i++)
+ {
+ // We can't track numeric iterations, only full field names are accepted
+ if (($field = trim($matches[0][$i], '[]')) === '' OR ! isset($_file[$field]))
+ {
+ $_file = NULL;
+ break;
+ }
- // Is $_FILES[$field] set? If not, no reason to continue.
- if ( ! isset($_FILES[$field]))
+ $_file = $_file[$field];
+ }
+ }
+
+ if ( ! isset($_file))
{
- $this->set_error('upload_no_file_selected');
+ $this->set_error('upload_no_file_selected', 'debug');
return FALSE;
}
@@ -158,60 +409,66 @@ class CI_Upload {
}
// Was the file able to be uploaded? If not, determine the reason why.
- if ( ! is_uploaded_file($_FILES[$field]['tmp_name']))
+ if ( ! is_uploaded_file($_file['tmp_name']))
{
- $error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error'];
+ $error = isset($_file['error']) ? $_file['error'] : 4;
- switch($error)
+ switch ($error)
{
- case 1: // UPLOAD_ERR_INI_SIZE
- $this->set_error('upload_file_exceeds_limit');
+ case UPLOAD_ERR_INI_SIZE:
+ $this->set_error('upload_file_exceeds_limit', 'info');
break;
- case 2: // UPLOAD_ERR_FORM_SIZE
- $this->set_error('upload_file_exceeds_form_limit');
+ case UPLOAD_ERR_FORM_SIZE:
+ $this->set_error('upload_file_exceeds_form_limit', 'info');
break;
- case 3: // UPLOAD_ERR_PARTIAL
- $this->set_error('upload_file_partial');
+ case UPLOAD_ERR_PARTIAL:
+ $this->set_error('upload_file_partial', 'debug');
break;
- case 4: // UPLOAD_ERR_NO_FILE
- $this->set_error('upload_no_file_selected');
+ case UPLOAD_ERR_NO_FILE:
+ $this->set_error('upload_no_file_selected', 'debug');
break;
- case 6: // UPLOAD_ERR_NO_TMP_DIR
- $this->set_error('upload_no_temp_directory');
+ case UPLOAD_ERR_NO_TMP_DIR:
+ $this->set_error('upload_no_temp_directory', 'error');
break;
- case 7: // UPLOAD_ERR_CANT_WRITE
- $this->set_error('upload_unable_to_write_file');
+ case UPLOAD_ERR_CANT_WRITE:
+ $this->set_error('upload_unable_to_write_file', 'error');
break;
- case 8: // UPLOAD_ERR_EXTENSION
- $this->set_error('upload_stopped_by_extension');
+ case UPLOAD_ERR_EXTENSION:
+ $this->set_error('upload_stopped_by_extension', 'debug');
break;
- default : $this->set_error('upload_no_file_selected');
+ default:
+ $this->set_error('upload_no_file_selected', 'debug');
break;
}
return FALSE;
}
-
// Set the uploaded data as class variables
- $this->file_temp = $_FILES[$field]['tmp_name'];
- $this->file_size = $_FILES[$field]['size'];
- $this->_file_mime_type($_FILES[$field]);
- $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type);
+ $this->file_temp = $_file['tmp_name'];
+ $this->file_size = $_file['size'];
+
+ // Skip MIME type detection?
+ if ($this->detect_mime !== FALSE)
+ {
+ $this->_file_mime_type($_file);
+ }
+
+ $this->file_type = preg_replace('/^(.+?);.*$/', '\\1', $this->file_type);
$this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
- $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
+ $this->file_name = $this->_prep_filename($_file['name']);
$this->file_ext = $this->get_extension($this->file_name);
$this->client_name = $this->file_name;
// Is the file type allowed to be uploaded?
if ( ! $this->is_allowed_filetype())
{
- $this->set_error('upload_invalid_filetype');
+ $this->set_error('upload_invalid_filetype', 'debug');
return FALSE;
}
// if we're overriding, let's now make sure the new name and type is allowed
- if ($this->_file_name_override != '')
+ if ($this->_file_name_override !== '')
{
$this->file_name = $this->_prep_filename($this->_file_name_override);
@@ -220,16 +477,15 @@ class CI_Upload {
{
$this->file_name .= $this->file_ext;
}
-
- // An extension was provided, lets have it!
else
{
- $this->file_ext = $this->get_extension($this->_file_name_override);
+ // An extension was provided, let's have it!
+ $this->file_ext = $this->get_extension($this->_file_name_override);
}
if ( ! $this->is_allowed_filetype(TRUE))
{
- $this->set_error('upload_invalid_filetype');
+ $this->set_error('upload_invalid_filetype', 'debug');
return FALSE;
}
}
@@ -243,20 +499,20 @@ class CI_Upload {
// Is the file size within the allowed maximum?
if ( ! $this->is_allowed_filesize())
{
- $this->set_error('upload_invalid_filesize');
+ $this->set_error('upload_invalid_filesize', 'info');
return FALSE;
}
// Are the image dimensions within the allowed size?
- // Note: This can fail if the server has an open_basdir restriction.
+ // Note: This can fail if the server has an open_basedir restriction.
if ( ! $this->is_allowed_dimensions())
{
- $this->set_error('upload_invalid_dimensions');
+ $this->set_error('upload_invalid_dimensions', 'info');
return FALSE;
}
// Sanitize the file name for security
- $this->file_name = $this->clean_file_name($this->file_name);
+ $this->file_name = $this->_CI->security->sanitize_filename($this->file_name);
// Truncate the file name if it's too long
if ($this->max_filename > 0)
@@ -265,9 +521,15 @@ class CI_Upload {
}
// Remove white spaces in the name
- if ($this->remove_spaces == TRUE)
+ if ($this->remove_spaces === TRUE)
+ {
+ $this->file_name = preg_replace('/\s+/', '_', $this->file_name);
+ }
+
+ if ($this->file_ext_tolower && ($ext_length = strlen($this->file_ext)))
{
- $this->file_name = preg_replace("/\s+/", "_", $this->file_name);
+ // file_ext was previously lower-cased by a get_extension() call
+ $this->file_name = substr($this->file_name, 0, -$ext_length).$this->file_ext;
}
/*
@@ -277,44 +539,35 @@ class CI_Upload {
* If it returns false there was a problem.
*/
$this->orig_name = $this->file_name;
-
- if ($this->overwrite == FALSE)
+ if (FALSE === ($this->file_name = $this->set_filename($this->upload_path, $this->file_name)))
{
- $this->file_name = $this->set_filename($this->upload_path, $this->file_name);
-
- if ($this->file_name === FALSE)
- {
- return FALSE;
- }
+ return FALSE;
}
/*
* Run the file through the XSS hacking filter
* This helps prevent malicious code from being
- * embedded within a file. Scripts can easily
+ * embedded within a file. Scripts can easily
* be disguised as images or other file types.
*/
- if ($this->xss_clean)
+ if ($this->xss_clean && $this->do_xss_clean() === FALSE)
{
- if ($this->do_xss_clean() === FALSE)
- {
- $this->set_error('upload_unable_to_write_file');
- return FALSE;
- }
+ $this->set_error('upload_unable_to_write_file', 'error');
+ return FALSE;
}
/*
* Move the file to the final destination
* To deal with different server configurations
- * we'll attempt to use copy() first. If that fails
- * we'll use move_uploaded_file(). One of the two should
+ * we'll attempt to use copy() first. If that fails
+ * we'll use move_uploaded_file(). One of the two should
* reliably work in most environments
*/
if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name))
{
if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name))
{
- $this->set_error('upload_destination_error');
+ $this->set_error('upload_destination_error', 'error');
return FALSE;
}
}
@@ -322,7 +575,7 @@ class CI_Upload {
/*
* Set the finalized image dimensions
* This sets the image width/height (assuming the
- * file was an image). We use this information
+ * file was an image). We use this information
* in the "data" function.
*/
$this->set_image_properties($this->upload_path.$this->file_name);
@@ -338,26 +591,34 @@ class CI_Upload {
* Returns an associative array containing all of the information
* related to the upload, allowing the developer easy access in one array.
*
- * @return array
+ * @param string $index
+ * @return mixed
*/
- public function data()
+ public function data($index = NULL)
{
- return array (
- 'file_name' => $this->file_name,
- 'file_type' => $this->file_type,
- 'file_path' => $this->upload_path,
- 'full_path' => $this->upload_path.$this->file_name,
- 'raw_name' => str_replace($this->file_ext, '', $this->file_name),
- 'orig_name' => $this->orig_name,
- 'client_name' => $this->client_name,
- 'file_ext' => $this->file_ext,
- 'file_size' => $this->file_size,
- 'is_image' => $this->is_image(),
- 'image_width' => $this->image_width,
- 'image_height' => $this->image_height,
- 'image_type' => $this->image_type,
- 'image_size_str' => $this->image_size_str,
- );
+ $data = array(
+ 'file_name' => $this->file_name,
+ 'file_type' => $this->file_type,
+ 'file_path' => $this->upload_path,
+ 'full_path' => $this->upload_path.$this->file_name,
+ 'raw_name' => substr($this->file_name, 0, -strlen($this->file_ext)),
+ 'orig_name' => $this->orig_name,
+ 'client_name' => $this->client_name,
+ 'file_ext' => $this->file_ext,
+ 'file_size' => $this->file_size,
+ 'is_image' => $this->is_image(),
+ 'image_width' => $this->image_width,
+ 'image_height' => $this->image_height,
+ 'image_type' => $this->image_type,
+ 'image_size_str' => $this->image_size_str,
+ );
+
+ if ( ! empty($index))
+ {
+ return isset($data[$index]) ? $data[$index] : NULL;
+ }
+
+ return $data;
}
// --------------------------------------------------------------------
@@ -365,13 +626,14 @@ class CI_Upload {
/**
* Set Upload Path
*
- * @param string
- * @return void
+ * @param string $path
+ * @return CI_Upload
*/
public function set_upload_path($path)
{
// Make sure it has a trailing slash
$this->upload_path = rtrim($path, '/').'/';
+ return $this;
}
// --------------------------------------------------------------------
@@ -383,19 +645,18 @@ class CI_Upload {
* existence of a file with the same name. If found, it will append a
* number to the end of the filename to avoid overwriting a pre-existing file.
*
- * @param string
- * @param string
+ * @param string $path
+ * @param string $filename
* @return string
*/
public function set_filename($path, $filename)
{
- if ($this->encrypt_name == TRUE)
+ if ($this->encrypt_name === TRUE)
{
- mt_srand();
$filename = md5(uniqid(mt_rand())).$this->file_ext;
}
- if ( ! file_exists($path.$filename))
+ if ($this->overwrite === TRUE OR ! file_exists($path.$filename))
{
return $filename;
}
@@ -403,7 +664,7 @@ class CI_Upload {
$filename = str_replace($this->file_ext, '', $filename);
$new_filename = '';
- for ($i = 1; $i < 100; $i++)
+ for ($i = 1; $i < $this->max_filename_increment; $i++)
{
if ( ! file_exists($path.$filename.$i.$this->file_ext))
{
@@ -412,9 +673,9 @@ class CI_Upload {
}
}
- if ($new_filename == '')
+ if ($new_filename === '')
{
- $this->set_error('upload_bad_filename');
+ $this->set_error('upload_bad_filename', 'debug');
return FALSE;
}
else
@@ -428,12 +689,29 @@ class CI_Upload {
/**
* Set Maximum File Size
*
- * @param integer
- * @return void
+ * @param int $n
+ * @return CI_Upload
*/
public function set_max_filesize($n)
{
- $this->max_size = ((int) $n < 0) ? 0: (int) $n;
+ $this->max_size = ($n < 0) ? 0 : (int) $n;
+ return $this;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set Maximum File Size
+ *
+ * An internal alias to set_max_filesize() to help with configuration
+ * as initialize() will look for a set_<property_name>() method ...
+ *
+ * @param int $n
+ * @return CI_Upload
+ */
+ protected function set_max_size($n)
+ {
+ return $this->set_max_filesize($n);
}
// --------------------------------------------------------------------
@@ -441,12 +719,13 @@ class CI_Upload {
/**
* Set Maximum File Name Length
*
- * @param integer
- * @return void
+ * @param int $n
+ * @return CI_Upload
*/
public function set_max_filename($n)
{
- $this->max_filename = ((int) $n < 0) ? 0: (int) $n;
+ $this->max_filename = ($n < 0) ? 0 : (int) $n;
+ return $this;
}
// --------------------------------------------------------------------
@@ -454,12 +733,13 @@ class CI_Upload {
/**
* Set Maximum Image Width
*
- * @param integer
- * @return void
+ * @param int $n
+ * @return CI_Upload
*/
public function set_max_width($n)
{
- $this->max_width = ((int) $n < 0) ? 0: (int) $n;
+ $this->max_width = ($n < 0) ? 0 : (int) $n;
+ return $this;
}
// --------------------------------------------------------------------
@@ -467,12 +747,41 @@ class CI_Upload {
/**
* Set Maximum Image Height
*
- * @param integer
- * @return void
+ * @param int $n
+ * @return CI_Upload
*/
public function set_max_height($n)
{
- $this->max_height = ((int) $n < 0) ? 0: (int) $n;
+ $this->max_height = ($n < 0) ? 0 : (int) $n;
+ return $this;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set minimum image width
+ *
+ * @param int $n
+ * @return CI_Upload
+ */
+ public function set_min_width($n)
+ {
+ $this->min_width = ($n < 0) ? 0 : (int) $n;
+ return $this;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set minimum image height
+ *
+ * @param int $n
+ * @return CI_Upload
+ */
+ public function set_min_height($n)
+ {
+ $this->min_height = ($n < 0) ? 0 : (int) $n;
+ return $this;
}
// --------------------------------------------------------------------
@@ -480,17 +789,15 @@ class CI_Upload {
/**
* Set Allowed File Types
*
- * @param string
- * @return void
+ * @param mixed $types
+ * @return CI_Upload
*/
public function set_allowed_types($types)
{
- if ( ! is_array($types) && $types == '*')
- {
- $this->allowed_types = '*';
- return;
- }
- $this->allowed_types = explode('|', $types);
+ $this->allowed_types = (is_array($types) OR $types === '*')
+ ? $types
+ : explode('|', $types);
+ return $this;
}
// --------------------------------------------------------------------
@@ -500,28 +807,25 @@ class CI_Upload {
*
* Uses GD to determine the width/height/type of image
*
- * @param string
- * @return void
+ * @param string $path
+ * @return CI_Upload
*/
public function set_image_properties($path = '')
{
- if ( ! $this->is_image())
- {
- return;
- }
-
- if (function_exists('getimagesize'))
+ if ($this->is_image() && function_exists('getimagesize'))
{
if (FALSE !== ($D = @getimagesize($path)))
{
$types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
- $this->image_width = $D['0'];
- $this->image_height = $D['1'];
- $this->image_type = ( ! isset($types[$D['2']])) ? 'unknown' : $types[$D['2']];
- $this->image_size_str = $D['3']; // string containing height and width
+ $this->image_width = $D[0];
+ $this->image_height = $D[1];
+ $this->image_type = isset($types[$D[2]]) ? $types[$D[2]] : 'unknown';
+ $this->image_size_str = $D[3]; // string containing height and width
}
}
+
+ return $this;
}
// --------------------------------------------------------------------
@@ -532,12 +836,13 @@ class CI_Upload {
* Enables the XSS flag so that the file that was uploaded
* will be run through the XSS filter.
*
- * @param bool
- * @return void
+ * @param bool $flag
+ * @return CI_Upload
*/
public function set_xss_clean($flag = FALSE)
{
- $this->xss_clean = ($flag == TRUE) ? TRUE : FALSE;
+ $this->xss_clean = ($flag === TRUE);
+ return $this;
}
// --------------------------------------------------------------------
@@ -559,19 +864,14 @@ class CI_Upload {
{
$this->file_type = 'image/png';
}
-
- if (in_array($this->file_type, $jpeg_mimes))
+ elseif (in_array($this->file_type, $jpeg_mimes))
{
$this->file_type = 'image/jpeg';
}
- $img_mimes = array(
- 'image/gif',
- 'image/jpeg',
- 'image/png',
- );
+ $img_mimes = array('image/gif', 'image/jpeg', 'image/png');
- return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
+ return in_array($this->file_type, $img_mimes, TRUE);
}
// --------------------------------------------------------------------
@@ -579,37 +879,33 @@ class CI_Upload {
/**
* Verify that the filetype is allowed
*
+ * @param bool $ignore_mime
* @return bool
*/
public function is_allowed_filetype($ignore_mime = FALSE)
{
- if ($this->allowed_types == '*')
+ if ($this->allowed_types === '*')
{
return TRUE;
}
- if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
+ if (empty($this->allowed_types) OR ! is_array($this->allowed_types))
{
- $this->set_error('upload_no_file_types');
+ $this->set_error('upload_no_file_types', 'debug');
return FALSE;
}
$ext = strtolower(ltrim($this->file_ext, '.'));
- if ( ! in_array($ext, $this->allowed_types))
+ if ( ! in_array($ext, $this->allowed_types, TRUE))
{
return FALSE;
}
// Images get some additional checks
- $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
-
- if (in_array($ext, $image_types))
+ if (in_array($ext, array('gif', 'jpg', 'jpeg', 'jpe', 'png'), TRUE) && @getimagesize($this->file_temp) === FALSE)
{
- if (getimagesize($this->file_temp) === FALSE)
- {
- return FALSE;
- }
+ return FALSE;
}
if ($ignore_mime === TRUE)
@@ -617,18 +913,11 @@ class CI_Upload {
return TRUE;
}
- $mime = $this->mimes_types($ext);
-
- if (is_array($mime))
- {
- if (in_array($this->file_type, $mime, TRUE))
- {
- return TRUE;
- }
- }
- elseif ($mime == $this->file_type)
+ if (isset($this->_mimes[$ext]))
{
- return TRUE;
+ return is_array($this->_mimes[$ext])
+ ? in_array($this->file_type, $this->_mimes[$ext], TRUE)
+ : ($this->_mimes[$ext] === $this->file_type);
}
return FALSE;
@@ -643,14 +932,7 @@ class CI_Upload {
*/
public function is_allowed_filesize()
{
- if ($this->max_size != 0 AND $this->file_size > $this->max_size)
- {
- return FALSE;
- }
- else
- {
- return TRUE;
- }
+ return ($this->max_size === 0 OR $this->max_size > $this->file_size);
}
// --------------------------------------------------------------------
@@ -671,17 +953,25 @@ class CI_Upload {
{
$D = @getimagesize($this->file_temp);
- if ($this->max_width > 0 AND $D['0'] > $this->max_width)
+ if ($this->max_width > 0 && $D[0] > $this->max_width)
{
return FALSE;
}
- if ($this->max_height > 0 AND $D['1'] > $this->max_height)
+ if ($this->max_height > 0 && $D[1] > $this->max_height)
{
return FALSE;
}
- return TRUE;
+ if ($this->min_width > 0 && $D[0] < $this->min_width)
+ {
+ return FALSE;
+ }
+
+ if ($this->min_height > 0 && $D[1] < $this->min_height)
+ {
+ return FALSE;
+ }
}
return TRUE;
@@ -694,35 +984,34 @@ class CI_Upload {
*
* Verifies that it is a valid upload path with proper permissions.
*
- *
* @return bool
*/
public function validate_upload_path()
{
- if ($this->upload_path == '')
+ if ($this->upload_path === '')
{
- $this->set_error('upload_no_filepath');
+ $this->set_error('upload_no_filepath', 'error');
return FALSE;
}
- if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE)
+ if (realpath($this->upload_path) !== FALSE)
{
- $this->upload_path = str_replace("\\", "/", realpath($this->upload_path));
+ $this->upload_path = str_replace('\\', '/', realpath($this->upload_path));
}
- if ( ! @is_dir($this->upload_path))
+ if ( ! is_dir($this->upload_path))
{
- $this->set_error('upload_no_filepath');
+ $this->set_error('upload_no_filepath', 'error');
return FALSE;
}
if ( ! is_really_writable($this->upload_path))
{
- $this->set_error('upload_not_writable');
+ $this->set_error('upload_not_writable', 'error');
return FALSE;
}
- $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path);
+ $this->upload_path = preg_replace('/(.+?)\/*$/', '\\1/', $this->upload_path);
return TRUE;
}
@@ -731,57 +1020,20 @@ class CI_Upload {
/**
* Extract the file extension
*
- * @param string
+ * @param string $filename
* @return string
*/
public function get_extension($filename)
{
$x = explode('.', $filename);
- return '.'.end($x);
- }
- // --------------------------------------------------------------------
+ if (count($x) === 1)
+ {
+ return '';
+ }
- /**
- * Clean the file name for security
- *
- * @param string
- * @return string
- */
- public function clean_file_name($filename)
- {
- $bad = array(
- "<!--",
- "-->",
- "'",
- "<",
- ">",
- '"',
- '&',
- '$',
- '=',
- ';',
- '?',
- '/',
- "%20",
- "%22",
- "%3c", // <
- "%253c", // <
- "%3e", // >
- "%0e", // >
- "%28", // (
- "%29", // )
- "%2528", // (
- "%26", // &
- "%24", // $
- "%3f", // ?
- "%3b", // ;
- "%3d" // =
- );
-
- $filename = str_replace($bad, '', $filename);
-
- return stripslashes($filename);
+ $ext = ($this->file_ext_tolower) ? strtolower(end($x)) : end($x);
+ return '.'.$ext;
}
// --------------------------------------------------------------------
@@ -789,7 +1041,8 @@ class CI_Upload {
/**
* Limit the File Name Length
*
- * @param string
+ * @param string $filename
+ * @param int $length
* @return string
*/
public function limit_filename_length($filename, $length)
@@ -819,7 +1072,7 @@ class CI_Upload {
* I'm not sure that it won't negatively affect certain files in unexpected ways,
* but so far I haven't found that it causes trouble.
*
- * @return void
+ * @return string
*/
public function do_xss_clean()
{
@@ -830,23 +1083,34 @@ class CI_Upload {
return FALSE;
}
- if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') != '')
+ if (memory_get_usage() && ($memory_limit = ini_get('memory_limit')) > 0)
{
- $current = ini_get('memory_limit') * 1024 * 1024;
-
- // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output
- // into scientific notation. number_format() ensures this number is an integer
- // http://bugs.php.net/bug.php?id=43053
-
- $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', '');
+ $memory_limit = str_split($memory_limit, strspn($memory_limit, '1234567890'));
+ if ( ! empty($memory_limit[1]))
+ {
+ switch ($memory_limit[1][0])
+ {
+ case 'g':
+ case 'G':
+ $memory_limit[0] *= 1024 * 1024 * 1024;
+ break;
+ case 'm':
+ case 'M':
+ $memory_limit[0] *= 1024 * 1024;
+ break;
+ default:
+ break;
+ }
+ }
- ini_set('memory_limit', $new_memory); // When an integer is used, the value is measured in bytes. - PHP.net
+ $memory_limit = (int) ceil(filesize($file) + $memory_limit[0]);
+ ini_set('memory_limit', $memory_limit); // When an integer is used, the value is measured in bytes. - PHP.net
}
// If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but
// IE can be fooled into mime-type detecting a malformed image as an html file, thus executing an XSS attack on anyone
- // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this
- // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of
+ // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this
+ // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of
// processor power and time if it is actually a clean image, as it will be in nearly all instances _except_ an
// attempted XSS attack.
@@ -864,14 +1128,8 @@ class CI_Upload {
// <a, <body, <head, <html, <img, <plaintext, <pre, <script, <table, <title
// title is basically just in SVG, but we filter it anyhow
- if ( ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes))
- {
- return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
- }
- else
- {
- return FALSE;
- }
+ // if it's an image or no "triggers" detected in the first 256 bytes - we're good
+ return ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes);
}
if (($data = @file_get_contents($file)) === FALSE)
@@ -879,8 +1137,7 @@ class CI_Upload {
return FALSE;
}
- $CI =& get_instance();
- return $CI->security->xss_clean($data, TRUE);
+ return $this->_CI->security->xss_clean($data, TRUE);
}
// --------------------------------------------------------------------
@@ -888,29 +1145,22 @@ class CI_Upload {
/**
* Set an error message
*
- * @param string
- * @return void
+ * @param string $msg
+ * @return CI_Upload
*/
- public function set_error($msg)
+ public function set_error($msg, $log_level = 'error')
{
- $CI =& get_instance();
- $CI->lang->load('upload');
+ $this->_CI->lang->load('upload');
- if (is_array($msg))
- {
- foreach ($msg as $val)
- {
- $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val);
- $this->error_msg[] = $msg;
- log_message('error', $msg);
- }
- }
- else
+ is_array($msg) OR $msg = array($msg);
+ foreach ($msg as $val)
{
- $msg = ($CI->lang->line($msg) == FALSE) ? $msg : $CI->lang->line($msg);
+ $msg = ($this->_CI->lang->line($val) === FALSE) ? $val : $this->_CI->lang->line($val);
$this->error_msg[] = $msg;
- log_message('error', $msg);
+ log_message($log_level, $msg);
}
+
+ return $this;
}
// --------------------------------------------------------------------
@@ -918,56 +1168,13 @@ class CI_Upload {
/**
* Display the error message
*
- * @param string
- * @param string
+ * @param string $open
+ * @param string $close
* @return string
*/
public function display_errors($open = '<p>', $close = '</p>')
{
- $str = '';
- foreach ($this->error_msg as $val)
- {
- $str .= $open.$val.$close;
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * List of Mime Types
- *
- * This is a list of mime types. We use it to validate
- * the "allowed types" set by the developer
- *
- * @param string
- * @return string
- */
- public function mimes_types($mime)
- {
- global $mimes;
-
- if (count($this->mimes) == 0)
- {
- if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'))
- {
- include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php');
- }
- elseif (is_file(APPPATH.'config/mimes.php'))
- {
- include(APPPATH.'config//mimes.php');
- }
- else
- {
- return FALSE;
- }
-
- $this->mimes = $mimes;
- unset($mimes);
- }
-
- return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime];
+ return (count($this->error_msg) > 0) ? $open.implode($close.$open, $this->error_msg).$close : '';
}
// --------------------------------------------------------------------
@@ -975,38 +1182,24 @@ class CI_Upload {
/**
* Prep Filename
*
- * Prevents possible script execution from Apache's handling of files multiple extensions
- * http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
+ * Prevents possible script execution from Apache's handling
+ * of files' multiple extensions.
+ *
+ * @link http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
*
- * @param string
+ * @param string $filename
* @return string
*/
protected function _prep_filename($filename)
{
- if (strpos($filename, '.') === FALSE OR $this->allowed_types == '*')
+ if ($this->mod_mime_fix === FALSE OR $this->allowed_types === '*' OR ($ext_pos = strrpos($filename, '.')) === FALSE)
{
return $filename;
}
- $parts = explode('.', $filename);
- $ext = array_pop($parts);
- $filename = array_shift($parts);
-
- foreach ($parts as $part)
- {
- if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE)
- {
- $filename .= '.'.$part.'_';
- }
- else
- {
- $filename .= '.'.$part;
- }
- }
-
- $filename .= '.'.$ext;
-
- return $filename;
+ $ext = substr($filename, $ext_pos);
+ $filename = substr($filename, 0, $ext_pos);
+ return str_replace('.', '_', $filename).$ext;
}
// --------------------------------------------------------------------
@@ -1017,7 +1210,7 @@ class CI_Upload {
* Detects the (actual) MIME type of the uploaded file, if possible.
* The input array is expected to be $_FILES[$field]
*
- * @param array
+ * @param array $file
* @return void
*/
protected function _file_mime_type($file)
@@ -1025,14 +1218,17 @@ class CI_Upload {
// We'll need this to validate the MIME info string (e.g. text/plain; charset=us-ascii)
$regexp = '/^([a-z\-]+\/[a-z0-9\-\.\+]+)(;\s.+)?$/';
- /* Fileinfo extension - most reliable method
+ /**
+ * Fileinfo extension - most reliable method
*
- * Unfortunately, prior to PHP 5.3 - it's only available as a PECL extension and the
- * more convenient FILEINFO_MIME_TYPE flag doesn't exist.
+ * Apparently XAMPP, CentOS, cPanel and who knows what
+ * other PHP distribution channels EXPLICITLY DISABLE
+ * ext/fileinfo, which is otherwise enabled by default
+ * since PHP 5.3 ...
*/
if (function_exists('finfo_file'))
{
- $finfo = finfo_open(FILEINFO_MIME);
+ $finfo = @finfo_open(FILEINFO_MIME);
if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system
{
$mime = @finfo_file($finfo, $file['tmp_name']);
@@ -1059,16 +1255,18 @@ class CI_Upload {
* Notes:
* - the DIRECTORY_SEPARATOR comparison ensures that we're not on a Windows system
* - many system admins would disable the exec(), shell_exec(), popen() and similar functions
- * due to security concerns, hence the function_exists() checks
+ * due to security concerns, hence the function_usable() checks
*/
if (DIRECTORY_SEPARATOR !== '\\')
{
- $cmd = 'file --brief --mime ' . escapeshellarg($file['tmp_name']) . ' 2>&1';
+ $cmd = function_exists('escapeshellarg')
+ ? 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1'
+ : 'file --brief --mime '.$file['tmp_name'].' 2>&1';
- if (function_exists('exec'))
+ if (function_usable('exec'))
{
/* This might look confusing, as $mime is being populated with all of the output when set in the second parameter.
- * However, we only neeed the last line, which is the actual return value of exec(), and as such - it overwrites
+ * However, we only need the last line, which is the actual return value of exec(), and as such - it overwrites
* anything that could already be set for $mime previously. This effectively makes the second parameter a dummy
* value, which is only put to allow us to get the return status code.
*/
@@ -1080,7 +1278,7 @@ class CI_Upload {
}
}
- if ( (bool) @ini_get('safe_mode') === FALSE && function_exists('shell_exec'))
+ if ( ! ini_get('safe_mode') && function_usable('shell_exec'))
{
$mime = @shell_exec($cmd);
if (strlen($mime) > 0)
@@ -1094,7 +1292,7 @@ class CI_Upload {
}
}
- if (function_exists('popen'))
+ if (function_usable('popen'))
{
$proc = @popen($cmd, 'r');
if (is_resource($proc))
@@ -1127,10 +1325,4 @@ class CI_Upload {
$this->file_type = $file['type'];
}
- // --------------------------------------------------------------------
-
}
-// END Upload Class
-
-/* End of file Upload.php */
-/* Location: ./system/libraries/Upload.php */
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-06-04 11:21:09 +0200