5 * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 require_once 'Database.class.php';
22 class Upload
extends Database
, errorReport
25 public $FILE_EXTENSION;
29 public $NEW_NAME_FULL;
31 public function fileInfo ($file)
33 if (isset($_FILES['files'])) {
34 $this->FILE_NAME
= '';
35 $this->FILE_NAME
= $file->name
;
36 $finfo = finfo_open(FILEINFO_MIME_TYPE
);
37 $this->FILE_MIME
= finfo_file($finfo, $file->tempfile
);
40 // Check if extension is a double-dot extension and, if true, override $ext
41 foreach ($this->DOUBLE_DOTS
as $ddot) {
42 if (stripos(strrev($this->FILE_NAME
), $ddot) === 0) {
43 $this->FILE_EXTENSION
= strrev($ddot);
45 $this->FILE_EXTENSION
= pathinfo($file->name
, PATHINFO_EXTENSION
);
51 public function checkFileBlacklist ($hash){
52 $q = $this->db
->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
53 $q->bindValue(':hash', $hash, PDO
::PARAM_STR
);
55 $result = $q->fetch();
56 if ($result['count'] > 0) {
57 http_response_code(415);
66 public function checkExtensionBlacklist($ext){
67 //Check if EXT is blacklisted
68 if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS
))) {
69 http_response_code(415);
71 'File type not allowed!',
78 public function checkMimeBlacklist($mime){
79 //check if MIME is blacklisted
80 if (in_array($mime, unserialize($this->BLOCKED_MIME
))) {
81 http_response_code(415);
83 'File type not allowed!',
90 public function generateName($file)
92 $this->fileInfo($file);
95 // Iterate until we reach the maximum number of retries
96 if ($this->FILES_RETRIES
-- === 0) {
97 $error->throwError('500', 'Gave up trying to find an unused name', true);
103 for ($i = 0; $i < $this->NAME_LENGTH
; ++
$i) {
104 $this->NEW_NAME
.= $this->ID_CHARSET
[mt_rand(0, strlen($this->ID_CHARSET
))];
107 // Add the extension to the file name
108 if (isset($this->FILE_EXTENSION
) && $this->FILE_EXTENSION
!== '') {
109 $this->NEW_NAME_FULL
= $this->NEW_NAME
.'.'.$this->FILE_EXTENSION
;
112 // Check if the file hash is blacklisted
113 if($this->BLACKLIST_DB
){
114 $this->checkFileBlacklist($file->getSha1());
117 // Check if extension or mime is blacklisted
118 if($this->FILTER_MODE
) {
119 $this->checkMimeBlacklist($this->FILE_MIME
);
120 $this->checkExtensionBlacklist($this->FILE_EXTENSION
);
123 // Check if a file with the same name does already exist in the database
124 $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
125 $q->bindValue(':name', $name, PDO
::PARAM_STR
);
127 $result = $q->fetchColumn();
128 // If it does, generate a new name
129 } while ($result > 0);