[uguu.git] / static / php / classes / Upload.php

<?php
/*
 * Uguu
 *
 * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
require_once 'Database.class.php';

class Upload extends Database, errorReport
{
    public $FILE_NAME;
    public $FILE_EXTENSION;
    public $FILE_MIME;

    public $NEW_NAME;
    public $NEW_NAME_FULL;

    public function fileInfo ($file)
    {
        if (isset($_FILES['files'])) {
            $this->FILE_NAME = '';
            $this->FILE_NAME = $file->name;
            $finfo = finfo_open(FILEINFO_MIME_TYPE);
            $this->FILE_MIME = finfo_file($finfo, $file->tempfile);
            finfo_close($finfo);

            // Check if extension is a double-dot extension and, if true, override $ext
            foreach ($this->DOUBLE_DOTS as $ddot) {
                if (stripos(strrev($this->FILE_NAME), $ddot) === 0) {
                    $this->FILE_EXTENSION = strrev($ddot);
                } else {
                    $this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
                }
            }
        }
    }

public function checkFileBlacklist ($hash){
    $q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
    $q->bindValue(':hash', $hash, PDO::PARAM_STR);
    $q->execute();
    $result = $q->fetch();
    if ($result['count'] > 0) {
        http_response_code(415);
        throw new Exception(
            'File blacklisted!',
            415
        );
        exit(0);
    }
}

public function checkExtensionBlacklist($ext){
    //Check if EXT is blacklisted
    if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
        http_response_code(415);
        throw new Exception(
            'File type not allowed!',
            415
        );
        exit(0);
    }
}

public function checkMimeBlacklist($mime){
    //check if MIME is blacklisted
    if (in_array($mime, unserialize($this->BLOCKED_MIME))) {
        http_response_code(415);
        throw new Exception(
            'File type not allowed!',
            415
        );
        exit(0);
    }
}

    public function generateName($file)
    {
        $this->fileInfo($file);
        $error = new
        do {
            // Iterate until we reach the maximum number of retries
            if ($this->FILES_RETRIES-- === 0) {
                $error->throwError('500', 'Gave up trying to find an unused name', true);
            }


            for ($i = 0; $i < $this->NAME_LENGTH; ++$i) {
                $this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))];
            }

            // Add the extension to the file name
            if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') {
                $this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION;
            }

            // Check if the file hash is blacklisted
            if($this->BLACKLIST_DB){
                $this->checkFileBlacklist($file->getSha1());
            }

            // Check if extension or mime is blacklisted
            if($this->FILTER_MODE) {
                $this->checkMimeBlacklist($this->FILE_MIME);
                $this->checkExtensionBlacklist($this->FILE_EXTENSION);
            }

            // Check if a file with the same name does already exist in the database
            $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
            $q->bindValue(':name', $name, PDO::PARAM_STR);
            $q->execute();
            $result = $q->fetchColumn();
            // If it does, generate a new name
        } while ($result > 0);

        return $name;
    }
}
Commit	Line	Data
99a7284a GJ	1	<?php
	2	/*
	3	* Uguu
	4	*
	5	* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
	6	*
	7	* This program is free software: you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License as published by
	9	* the Free Software Foundation, either version 3 of the License, or
	10	* (at your option) any later version.
	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program. If not, see <https://www.gnu.org/licenses/>.
	19	*/
	20	require_once 'Database.class.php';
	21
	22	class Upload extends Database, errorReport
	23	{
	24	public $FILE_NAME;
	25	public $FILE_EXTENSION;
	26	public $FILE_MIME;
	27
	28	public $NEW_NAME;
	29	public $NEW_NAME_FULL;
	30
	31	public function fileInfo ($file)
	32	{
	33	if (isset($_FILES['files'])) {
	34	$this->FILE_NAME = '';
	35	$this->FILE_NAME = $file->name;
	36	$finfo = finfo_open(FILEINFO_MIME_TYPE);
	37	$this->FILE_MIME = finfo_file($finfo, $file->tempfile);
	38	finfo_close($finfo);
	39
	40	// Check if extension is a double-dot extension and, if true, override $ext
	41	foreach ($this->DOUBLE_DOTS as $ddot) {
	42	if (stripos(strrev($this->FILE_NAME), $ddot) === 0) {
	43	$this->FILE_EXTENSION = strrev($ddot);
	44	} else {
	45	$this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
	46	}
	47	}
	48	}
	49	}
	50
	51	public function checkFileBlacklist ($hash){
	52	$q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
	53	$q->bindValue(':hash', $hash, PDO::PARAM_STR);
	54	$q->execute();
	55	$result = $q->fetch();
	56	if ($result['count'] > 0) {
	57	http_response_code(415);
	58	throw new Exception(
	59	'File blacklisted!',
	60	415
	61	);
	62	exit(0);
	63	}
	64	}
65
66	public function checkExtensionBlacklist($ext){
67	//Check if EXT is blacklisted
68	if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
69	http_response_code(415);
70	throw new Exception(
71	'File type not allowed!',
72	415
73	);
74	exit(0);
75	}
76	}
77
78	public function checkMimeBlacklist($mime){
79	//check if MIME is blacklisted
80	if (in_array($mime, unserialize($this->BLOCKED_MIME))) {
81	http_response_code(415);
82	throw new Exception(
83	'File type not allowed!',
84	415
85	);
86	exit(0);
87	}
88	}
89
90	public function generateName($file)
91	{
92	$this->fileInfo($file);
93	$error = new
94	do {
95	// Iterate until we reach the maximum number of retries
96	if ($this->FILES_RETRIES-- === 0) {
97	$error->throwError('500', 'Gave up trying to find an unused name', true);
98	}
99
100
101
102
103	for ($i = 0; $i < $this->NAME_LENGTH; ++$i) {
104	$this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))];
105	}
106
107	// Add the extension to the file name
108	if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') {
109	$this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION;
110	}
111
112	// Check if the file hash is blacklisted
113	if($this->BLACKLIST_DB){
114	$this->checkFileBlacklist($file->getSha1());
115	}
116
117	// Check if extension or mime is blacklisted
118	if($this->FILTER_MODE) {
119	$this->checkMimeBlacklist($this->FILE_MIME);
120	$this->checkExtensionBlacklist($this->FILE_EXTENSION);
121	}
122
123	// Check if a file with the same name does already exist in the database
124	$q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
125	$q->bindValue(':name', $name, PDO::PARAM_STR);
126	$q->execute();
127	$result = $q->fetchColumn();
128	// If it does, generate a new name
129	} while ($result > 0);
130
131	return $name;
132	}
133	}