From ce2b69675075444c9e40b72bcdd42ab7edbbe633 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Fri, 28 Jan 2011 22:51:06 +0100 Subject: update to CI 2.0 Signed-off-by: Florian Pritz --- system/libraries/Upload.php | 508 ++++++++++++++++++++++++-------------------- 1 file changed, 273 insertions(+), 235 deletions(-) mode change 100644 => 100755 system/libraries/Upload.php (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php old mode 100644 new mode 100755 index a97b7bdfb..8f84ffd7e --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -2,11 +2,11 @@ /** * CodeIgniter * - * An open source application development framework for PHP 4.3.2 or newer + * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -25,59 +25,59 @@ * @link http://codeigniter.com/user_guide/libraries/file_uploading.html */ class CI_Upload { - - var $max_size = 0; - var $max_width = 0; - var $max_height = 0; - var $max_filename = 0; - var $allowed_types = ""; - var $file_temp = ""; - var $file_name = ""; - var $orig_name = ""; - var $file_type = ""; - var $file_size = ""; - var $file_ext = ""; - var $upload_path = ""; - var $overwrite = FALSE; - var $encrypt_name = FALSE; - var $is_image = FALSE; - var $image_width = ''; - var $image_height = ''; - var $image_type = ''; - var $image_size_str = ''; - var $error_msg = array(); - var $mimes = array(); - var $remove_spaces = TRUE; - var $xss_clean = FALSE; - var $temp_prefix = "temp_file_"; - var $client_name = ''; - - var $_file_name_override = ''; + + public $max_size = 0; + public $max_width = 0; + public $max_height = 0; + public $max_filename = 0; + public $allowed_types = ""; + public $file_temp = ""; + public $file_name = ""; + public $orig_name = ""; + public $file_type = ""; + public $file_size = ""; + public $file_ext = ""; + public $upload_path = ""; + public $overwrite = FALSE; + public $encrypt_name = FALSE; + public $is_image = FALSE; + public $image_width = ''; + public $image_height = ''; + public $image_type = ''; + public $image_size_str = ''; + public $error_msg = array(); + public $mimes = array(); + public $remove_spaces = TRUE; + public $xss_clean = FALSE; + public $temp_prefix = "temp_file_"; + public $client_name = ''; + + protected $_file_name_override = ''; + /** * Constructor * * @access public */ - function CI_Upload($props = array()) + public function __construct($props = array()) { if (count($props) > 0) { $this->initialize($props); } - + log_message('debug', "Upload Class Initialized"); } - + // -------------------------------------------------------------------- - + /** * Initialize preferences * - * @access public * @param array * @return void - */ - function initialize($config = array()) + */ + public function initialize($config = array()) { $defaults = array( 'max_size' => 0, @@ -105,9 +105,9 @@ class CI_Upload { 'xss_clean' => FALSE, 'temp_prefix' => "temp_file_", 'client_name' => '' - ); - - + ); + + foreach ($defaults as $key => $val) { if (isset($config[$key])) @@ -120,28 +120,27 @@ class CI_Upload { else { $this->$key = $config[$key]; - } + } } else { $this->$key = $val; } } - + // if a file_name was provided in the config, use it instead of the user input // supplied file name for all uploads until initialized again $this->_file_name_override = $this->file_name; } - + // -------------------------------------------------------------------- - + /** * Perform the file upload * - * @access public * @return bool - */ - function do_upload($field = 'userfile') + */ + public function do_upload($field = 'userfile') { // Is $_FILES[$field] set? If not, no reason to continue. if ( ! isset($_FILES[$field])) @@ -149,7 +148,7 @@ class CI_Upload { $this->set_error('upload_no_file_selected'); return FALSE; } - + // Is the upload path valid? if ( ! $this->validate_upload_path()) { @@ -171,10 +170,10 @@ class CI_Upload { $this->set_error('upload_file_exceeds_form_limit'); break; case 3: // UPLOAD_ERR_PARTIAL - $this->set_error('upload_file_partial'); + $this->set_error('upload_file_partial'); break; case 4: // UPLOAD_ERR_NO_FILE - $this->set_error('upload_no_file_selected'); + $this->set_error('upload_no_file_selected'); break; case 6: // UPLOAD_ERR_NO_TMP_DIR $this->set_error('upload_no_temp_directory'); @@ -192,9 +191,10 @@ class CI_Upload { return FALSE; } + // Set the uploaded data as class variables - $this->file_temp = $_FILES[$field]['tmp_name']; - $this->file_size = $_FILES[$field]['size']; + $this->file_temp = $_FILES[$field]['tmp_name']; + $this->file_size = $_FILES[$field]['size']; $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); @@ -207,20 +207,31 @@ class CI_Upload { $this->set_error('upload_invalid_filetype'); return FALSE; } - + // if we're overriding, let's now make sure the new name and type is allowed if ($this->_file_name_override != '') { $this->file_name = $this->_prep_filename($this->_file_name_override); - $this->file_ext = $this->get_extension($this->file_name); + + // If no extension was provided in the file_name config item, use the uploaded one + if(strpos($this->_file_name_override, '.') === FALSE) + { + $this->file_name .= $this->file_ext; + } + + // An extension was provided, lets have it! + else + { + $this->file_ext = $this->get_extension($this->_file_name_override); + } if ( ! $this->is_allowed_filetype(TRUE)) { $this->set_error('upload_invalid_filetype'); - return FALSE; + return FALSE; } } - + // Convert the file size to kilobytes if ($this->file_size > 0) { @@ -244,7 +255,7 @@ class CI_Upload { // Sanitize the file name for security $this->file_name = $this->clean_file_name($this->file_name); - + // Truncate the file name if it's too long if ($this->max_filename > 0) { @@ -268,13 +279,28 @@ class CI_Upload { if ($this->overwrite == FALSE) { $this->file_name = $this->set_filename($this->upload_path, $this->file_name); - + if ($this->file_name === FALSE) { return FALSE; } } + /* + * Run the file through the XSS hacking filter + * This helps prevent malicious code from being + * embedded within a file. Scripts can easily + * be disguised as images or other file types. + */ + if ($this->xss_clean) + { + if ($this->do_xss_clean() === FALSE) + { + $this->set_error('upload_unable_to_write_file'); + return FALSE; + } + } + /* * Move the file to the final destination * To deal with different server configurations @@ -286,21 +312,10 @@ class CI_Upload { { if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name)) { - $this->set_error('upload_destination_error'); - return FALSE; + $this->set_error('upload_destination_error'); + return FALSE; } } - - /* - * Run the file through the XSS hacking filter - * This helps prevent malicious code from being - * embedded within a file. Scripts can easily - * be disguised as images or other file types. - */ - if ($this->xss_clean == TRUE) - { - $this->do_xss_clean(); - } /* * Set the finalized image dimensions @@ -312,19 +327,18 @@ class CI_Upload { return TRUE; } - + // -------------------------------------------------------------------- - + /** * Finalized Data Array - * + * * Returns an associative array containing all of the information * related to the upload, allowing the developer easy access in one array. * - * @access public * @return array - */ - function data() + */ + public function data() { return array ( 'file_name' => $this->file_name, @@ -343,24 +357,23 @@ class CI_Upload { 'image_size_str' => $this->image_size_str, ); } - + // -------------------------------------------------------------------- - + /** * Set Upload Path * - * @access public * @param string * @return void - */ - function set_upload_path($path) + */ + public function set_upload_path($path) { // Make sure it has a trailing slash $this->upload_path = rtrim($path, '/').'/'; } - + // -------------------------------------------------------------------- - + /** * Set the file name * @@ -368,29 +381,28 @@ class CI_Upload { * existence of a file with the same name. If found, it will append a * number to the end of the filename to avoid overwriting a pre-existing file. * - * @access public * @param string * @param string * @return string - */ - function set_filename($path, $filename) + */ + public function set_filename($path, $filename) { if ($this->encrypt_name == TRUE) - { + { mt_srand(); - $filename = md5(uniqid(mt_rand())).$this->file_ext; + $filename = md5(uniqid(mt_rand())).$this->file_ext; } - + if ( ! file_exists($path.$filename)) { return $filename; } - + $filename = str_replace($this->file_ext, '', $filename); - + $new_filename = ''; for ($i = 1; $i < 100; $i++) - { + { if ( ! file_exists($path.$filename.$i.$this->file_ext)) { $new_filename = $filename.$i.$this->file_ext; @@ -408,89 +420,88 @@ class CI_Upload { return $new_filename; } } - + // -------------------------------------------------------------------- - + /** * Set Maximum File Size * - * @access public * @param integer * @return void - */ - function set_max_filesize($n) + */ + public function set_max_filesize($n) { $this->max_size = ((int) $n < 0) ? 0: (int) $n; } - + // -------------------------------------------------------------------- - + /** * Set Maximum File Name Length * - * @access public * @param integer * @return void - */ - function set_max_filename($n) + */ + public function set_max_filename($n) { $this->max_filename = ((int) $n < 0) ? 0: (int) $n; } // -------------------------------------------------------------------- - + /** * Set Maximum Image Width * - * @access public * @param integer * @return void - */ - function set_max_width($n) + */ + public function set_max_width($n) { $this->max_width = ((int) $n < 0) ? 0: (int) $n; } - + // -------------------------------------------------------------------- - + /** * Set Maximum Image Height * - * @access public * @param integer * @return void - */ - function set_max_height($n) + */ + public function set_max_height($n) { $this->max_height = ((int) $n < 0) ? 0: (int) $n; } - + // -------------------------------------------------------------------- - + /** * Set Allowed File Types * - * @access public * @param string * @return void - */ - function set_allowed_types($types) + */ + public function set_allowed_types($types) { + if ( ! is_array($types) && $types == '*') + { + $this->allowed_types = '*'; + return; + } $this->allowed_types = explode('|', $types); } - + // -------------------------------------------------------------------- - + /** * Set Image Properties * * Uses GD to determine the width/height/type of image * - * @access public * @param string * @return void - */ - function set_image_properties($path = '') + */ + public function set_image_properties($path = '') { if ( ! $this->is_image()) { @@ -500,7 +511,7 @@ class CI_Upload { if (function_exists('getimagesize')) { if (FALSE !== ($D = @getimagesize($path))) - { + { $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png'); $this->image_width = $D['0']; @@ -510,45 +521,43 @@ class CI_Upload { } } } - + // -------------------------------------------------------------------- - + /** * Set XSS Clean * * Enables the XSS flag so that the file that was uploaded * will be run through the XSS filter. * - * @access public * @param bool * @return void */ - function set_xss_clean($flag = FALSE) + public function set_xss_clean($flag = FALSE) { $this->xss_clean = ($flag == TRUE) ? TRUE : FALSE; } - + // -------------------------------------------------------------------- - + /** * Validate the image * - * @access public * @return bool - */ - function is_image() + */ + public function is_image() { // IE will sometimes return odd mime-types during upload, so here we just standardize all // jpegs or pngs to the same file type. $png_mimes = array('image/x-png'); $jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg'); - + if (in_array($this->file_type, $png_mimes)) { $this->file_type = 'image/png'; } - + if (in_array($this->file_type, $jpeg_mimes)) { $this->file_type = 'image/jpeg'; @@ -558,29 +567,33 @@ class CI_Upload { 'image/gif', 'image/jpeg', 'image/png', - ); + ); return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE; } - + // -------------------------------------------------------------------- - + /** * Verify that the filetype is allowed * - * @access public * @return bool - */ - function is_allowed_filetype($ignore_mime = FALSE) + */ + public function is_allowed_filetype($ignore_mime = FALSE) { + if ($this->allowed_types == '*') + { + return TRUE; + } + if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types)) { $this->set_error('upload_no_file_types'); return FALSE; } - + $ext = strtolower(ltrim($this->file_ext, '.')); - + if ( ! in_array($ext, $this->allowed_types)) { return FALSE; @@ -594,40 +607,39 @@ class CI_Upload { if (getimagesize($this->file_temp) === FALSE) { return FALSE; - } + } } if ($ignore_mime === TRUE) { return TRUE; } - + $mime = $this->mimes_types($ext); - + if (is_array($mime)) { if (in_array($this->file_type, $mime, TRUE)) { return TRUE; - } + } } elseif ($mime == $this->file_type) { return TRUE; } - + return FALSE; } - + // -------------------------------------------------------------------- - + /** * Verify that the file is within the allowed size * - * @access public * @return bool - */ - function is_allowed_filesize() + */ + public function is_allowed_filesize() { if ($this->max_size != 0 AND $this->file_size > $this->max_size) { @@ -638,16 +650,15 @@ class CI_Upload { return TRUE; } } - + // -------------------------------------------------------------------- - + /** * Verify that the image is within the allowed width/height * - * @access public * @return bool - */ - function is_allowed_dimensions() + */ + public function is_allowed_dimensions() { if ( ! $this->is_image()) { @@ -673,26 +684,25 @@ class CI_Upload { return TRUE; } - + // -------------------------------------------------------------------- - + /** * Validate Upload Path * * Verifies that it is a valid upload path with proper permissions. * * - * @access public * @return bool - */ - function validate_upload_path() + */ + public function validate_upload_path() { if ($this->upload_path == '') { $this->set_error('upload_no_filepath'); return FALSE; } - + if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE) { $this->upload_path = str_replace("\\", "/", realpath($this->upload_path)); @@ -713,32 +723,30 @@ class CI_Upload { $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path); return TRUE; } - + // -------------------------------------------------------------------- - + /** * Extract the file extension * - * @access public * @param string * @return string - */ - function get_extension($filename) + */ + public function get_extension($filename) { $x = explode('.', $filename); return '.'.end($x); - } - + } + // -------------------------------------------------------------------- - + /** * Clean the file name for security * - * @access public * @param string * @return string - */ - function clean_file_name($filename) + */ + public function clean_file_name($filename) { $bad = array( "