]> jfr.im git - uguu.git/blob - static/php/includes/Upload.class.php
projects / uguu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix for filename extension bug
[uguu.git] / static / php / includes / Upload.class.php
1 <?php
2 /*
3 * Uguu
4 *
5 * @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se>
6 *
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 */
20
21
22 require_once 'Core.namespace.php';
23
24 use Core\Database as Database;
25 use Core\Settings as Settings;
26
27 class Upload
28 {
29
30 public static string $FILE_NAME;
31 public static mixed $FILE_EXTENSION;
32 public static string $FILE_MIME;
33 public static string $SHA1;
34 public static string $NEW_NAME;
35 public static string $NEW_NAME_FULL;
36 public static mixed $IP;
37
38 public static string $FILE_SIZE;
39 public static string $TEMP_FILE;
40
41
42 public static function reFiles($files): array
43 {
44 $result = [];
45 $files = self::diverseArray($files);
46
47 foreach ($files as $file) {
48 self::$FILE_NAME = $file['name'];
49 self::$FILE_SIZE = $file['size'];
50 self::$TEMP_FILE = $file['tmp_name'];
51 self::$SHA1 = sha1_file(self::$TEMP_FILE);
52 $result[] = [self::$FILE_NAME, self::$FILE_SIZE, self::$TEMP_FILE, self::$SHA1];
53 }
54 return $result;
55 }
56
57 public static function diverseArray($files): array
58 {
59 $result = [];
60
61 foreach ($files as $key1 => $value1) {
62 foreach ($value1 as $key2 => $value2) {
63 $result[$key2][$key1] = $value2;
64 }
65 }
66 return $result;
67 }
68
69 /**
70 * @throws Exception
71 */
72 public static function uploadFile(): array
73 {
74 Settings::loadConfig();
75 self::fileInfo();
76
77 if (Settings::$BLACKLIST_DB) {
78 Database::checkFileBlacklist();
79 }
80
81 if (Settings::$FILTER_MODE) {
82 self::checkMimeBlacklist();
83 if(!is_null(self::$FILE_EXTENSION)){
84 self::checkExtensionBlacklist();
85 }
86 }
87
88 if (Settings::$ANTI_DUPE) {
89 Database::antiDupe();
90 }
91
92 if (!Settings::$ANTI_DUPE) {
93 self::generateName();
94 }
95
96 if (!is_dir(Settings::$FILES_ROOT)) {
97 throw new Exception('File storage path not accessible.', 500);
98 }
99
100 if (!move_uploaded_file(self::$TEMP_FILE, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) {
101 throw new Exception('Failed to move file to destination', 500);
102 }
103
104 if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) {
105 throw new Exception('Failed to change file permissions', 500);
106 }
107
108 Database::newIntoDB();
109
110 if (Settings::$SSL) {
111 $preURL = 'https://';
112 } else {
113 $preURL = 'http://';
114 }
115
116 return [
117 'hash' => self::$SHA1,
118 'name' => self::$FILE_NAME,
119 'url' => $preURL . Settings::$URL . '/' . rawurlencode(self::$NEW_NAME_FULL),
120 'size' => self::$FILE_SIZE
121 ];
122 }
123
124 public static function getIP()
125 {
126 if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
127 self::$IP = $_SERVER['HTTP_CLIENT_IP'];
128 }
129 if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
130 self::$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
131 }
132 if (!isset(self::$IP)) {
133 self::$IP = $_SERVER['REMOTE_ADDR'];
134 }
135 }
136
137 public static function fileInfo()
138 {
139 if (isset($_FILES['files'])) {
140 $finfo = finfo_open(FILEINFO_MIME_TYPE);
141 self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE);
142 finfo_close($finfo);
143
144 $extension = explode('.', self::$FILE_NAME);
145 if(substr_count(self::$FILE_NAME, '.') === 0) {
146 self::$FILE_EXTENSION = null;
147 } elseif(substr_count(self::$FILE_NAME, '.') > 1) {
148 self::$FILE_EXTENSION = $extension[count($extension)-2].'.'.$extension[count($extension)-1];
149 } else {
150 self::$FILE_EXTENSION = $extension[count($extension)-1];
151 }
152
153 if (Settings::$LOG_IP) {
154 self::getIP();
155 } else {
156 self::$IP = null;
157 }
158 }
159 }
160
161 /**
162 * @throws Exception
163 */
164 public static function checkMimeBlacklist()
165 {
166 if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
167 throw new Exception('Filetype not allowed.', 415);
168 }
169 }
170
171 /**
172 * Check if file extension is blacklisted
173 * if it does throw an exception.
174 *
175 * @throws Exception
176 */
177 public static function checkExtensionBlacklist()
178 {
179 if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
180 throw new Exception('Filetype not allowed.', 415);
181 }
182 }
183
184 /**
185 * @throws Exception
186 */
187 public static function generateName()
188 {
189 do {
190 if (Settings::$FILES_RETRIES === 0) {
191 throw new Exception('Gave up trying to find an unused name!', 500);
192 }
193
194 self::$NEW_NAME = '';
195 for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) {
196 self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
197 }
198
199 self::$NEW_NAME_FULL = self::$NEW_NAME;
200
201 if (!is_null(self::$FILE_EXTENSION)) {
202 self::$NEW_NAME_FULL .= '.' . self::$FILE_EXTENSION;
203 }
204
205 } while (Database::dbCheckNameExists() > 0);
206 }
207 }
Image host (fork of https://github.com/nokonoko/Uguu)