Browse Source

Anti-dupe and filter bugs fixed

remotes/r4jeshwar/master v1.4.0
Go Johansson 5 months ago
parent
commit
0a3934c24a
  1. 3
      static/php/includes/Core.namespace.php
  2. 83
      static/php/includes/Upload.class.php

3
static/php/includes/Core.namespace.php

@ -327,7 +327,7 @@ namespace Core {
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
Upload::$NEW_NAME_FULL = $result['filename'];
return $result['filename'];
}
} catch (Exception) {
throw new Exception('Cant check for dupes in DB.', 500);
@ -359,4 +359,3 @@ namespace Core {
}

83
static/php/includes/Upload.class.php

@ -72,13 +72,29 @@ class Upload
public function uploadFile(): array
{
(new Settings())->loadConfig();
(new Upload())->fileInfo();
if (Settings::$ANTI_DUPE) {
(new Database())->antiDupe();
if (Settings::$BLACKLIST_DB) {
(new Database())->checkFileBlacklist();
}
(new Upload())->generateName();
if (Settings::$FILTER_MODE) {
self::checkMimeBlacklist();
self::checkExtensionBlacklist();
}
if (Settings::$ANTI_DUPE) {
$result = (new Database())->antiDupe();
if (isset($result)) {
self::$NEW_NAME_FULL = $result;
} else {
(new Upload())->generateName();
}
}
if (!Settings::$ANTI_DUPE) {
(new Upload())->generateName();
}
if (!is_dir(Settings::$FILES_ROOT)) {
throw new Exception('File storage path not accessible.', 500);
@ -107,12 +123,13 @@ class Upload
'size' => self::$FILE_SIZE
];
}
public function fileInfo()
{
if (isset($_FILES['files'])) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE);
$extension = explode('.',self::$FILE_NAME,2);
$extension = explode('.', self::$FILE_NAME, 2);
self::$FILE_EXTENSION = $extension['1'];
finfo_close($finfo);
@ -123,13 +140,32 @@ class Upload
}
}
}
/**
* @throws Exception
*/
public function generateName(): string
public function checkMimeBlacklist()
{
(new Upload())->fileInfo();
if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
throw new Exception('Filetype not allowed.', 415);
}
}
/**
* @throws Exception
*/
public function checkExtensionBlacklist()
{
if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
throw new Exception('Filetype not allowed.', 415);
}
}
/**
* @throws Exception
*/
public function generateName(): string
{
do {
if (Settings::$FILES_RETRIES === 0) {
throw new Exception('Gave up trying to find an unused name!', 500);
@ -140,41 +176,12 @@ class Upload
self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
}
if(isset(self::$FILE_EXTENSION)){
if (isset(self::$FILE_EXTENSION)) {
self::$NEW_NAME_FULL = self::$NEW_NAME;
self::$NEW_NAME_FULL .= '.'.self::$FILE_EXTENSION;
}
if (Settings::$BLACKLIST_DB) {
(new Database())->checkFileBlacklist();
}
if (Settings::$FILTER_MODE) {
self::checkMimeBlacklist();
self::checkExtensionBlacklist();
self::$NEW_NAME_FULL .= '.' . self::$FILE_EXTENSION;
}
} while ((new Database())->dbCheckNameExists() > 0);
return self::$NEW_NAME_FULL;
}
/**
* @throws Exception
*/
public function checkMimeBlacklist()
{
if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
throw new Exception('Filetype not allowed.', 415);
}
}
/**
* @throws Exception
*/
public function checkExtensionBlacklist()
{
if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
throw new Exception('Filetype not allowed.', 415);
}
}
}
}
Loading…
Cancel
Save