]>
Commit | Line | Data |
---|---|---|
99a7284a GJ |
1 | <?php |
2 | /* | |
3 | * Uguu | |
4 | * | |
5 | * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko> | |
6 | * | |
7 | * This program is free software: you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published by | |
9 | * the Free Software Foundation, either version 3 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | * GNU General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License | |
18 | * along with this program. If not, see <https://www.gnu.org/licenses/>. | |
19 | */ | |
20 | require_once 'Database.class.php'; | |
21 | ||
22 | class Upload extends Database, errorReport | |
23 | { | |
24 | public $FILE_NAME; | |
25 | public $FILE_EXTENSION; | |
26 | public $FILE_MIME; | |
27 | ||
28 | public $NEW_NAME; | |
29 | public $NEW_NAME_FULL; | |
30 | ||
31 | public function fileInfo ($file) | |
32 | { | |
33 | if (isset($_FILES['files'])) { | |
34 | $this->FILE_NAME = ''; | |
35 | $this->FILE_NAME = $file->name; | |
36 | $finfo = finfo_open(FILEINFO_MIME_TYPE); | |
37 | $this->FILE_MIME = finfo_file($finfo, $file->tempfile); | |
38 | finfo_close($finfo); | |
39 | ||
40 | // Check if extension is a double-dot extension and, if true, override $ext | |
41 | foreach ($this->DOUBLE_DOTS as $ddot) { | |
42 | if (stripos(strrev($this->FILE_NAME), $ddot) === 0) { | |
43 | $this->FILE_EXTENSION = strrev($ddot); | |
44 | } else { | |
45 | $this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION); | |
46 | } | |
47 | } | |
48 | } | |
49 | } | |
50 | ||
51 | public function checkFileBlacklist ($hash){ | |
52 | $q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)'); | |
53 | $q->bindValue(':hash', $hash, PDO::PARAM_STR); | |
54 | $q->execute(); | |
55 | $result = $q->fetch(); | |
56 | if ($result['count'] > 0) { | |
57 | http_response_code(415); | |
58 | throw new Exception( | |
59 | 'File blacklisted!', | |
60 | 415 | |
61 | ); | |
62 | exit(0); | |
63 | } | |
64 | } | |
65 | ||
66 | public function checkExtensionBlacklist($ext){ | |
67 | //Check if EXT is blacklisted | |
68 | if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { | |
69 | http_response_code(415); | |
70 | throw new Exception( | |
71 | 'File type not allowed!', | |
72 | 415 | |
73 | ); | |
74 | exit(0); | |
75 | } | |
76 | } | |
77 | ||
78 | public function checkMimeBlacklist($mime){ | |
79 | //check if MIME is blacklisted | |
80 | if (in_array($mime, unserialize($this->BLOCKED_MIME))) { | |
81 | http_response_code(415); | |
82 | throw new Exception( | |
83 | 'File type not allowed!', | |
84 | 415 | |
85 | ); | |
86 | exit(0); | |
87 | } | |
88 | } | |
89 | ||
90 | public function generateName($file) | |
91 | { | |
92 | $this->fileInfo($file); | |
93 | $error = new | |
94 | do { | |
95 | // Iterate until we reach the maximum number of retries | |
96 | if ($this->FILES_RETRIES-- === 0) { | |
97 | $error->throwError('500', 'Gave up trying to find an unused name', true); | |
98 | } | |
99 | ||
100 | ||
101 | ||
102 | ||
103 | for ($i = 0; $i < $this->NAME_LENGTH; ++$i) { | |
104 | $this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))]; | |
105 | } | |
106 | ||
107 | // Add the extension to the file name | |
108 | if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') { | |
109 | $this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION; | |
110 | } | |
111 | ||
112 | // Check if the file hash is blacklisted | |
113 | if($this->BLACKLIST_DB){ | |
114 | $this->checkFileBlacklist($file->getSha1()); | |
115 | } | |
116 | ||
117 | // Check if extension or mime is blacklisted | |
118 | if($this->FILTER_MODE) { | |
119 | $this->checkMimeBlacklist($this->FILE_MIME); | |
120 | $this->checkExtensionBlacklist($this->FILE_EXTENSION); | |
121 | } | |
122 | ||
123 | // Check if a file with the same name does already exist in the database | |
124 | $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)'); | |
125 | $q->bindValue(':name', $name, PDO::PARAM_STR); | |
126 | $q->execute(); | |
127 | $result = $q->fetchColumn(); | |
128 | // If it does, generate a new name | |
129 | } while ($result > 0); | |
130 | ||
131 | return $name; | |
132 | } | |
133 | } |