X-Git-Url: https://jfr.im/git/uguu.git/blobdiff_plain/45bc029d8ecd5c53572656010ad4ba750d5b8960..0a3934c24ac1993d5bf3b499c04f170f57395156:/static/php/includes/Upload.class.php diff --git a/static/php/includes/Upload.class.php b/static/php/includes/Upload.class.php index 8c7c073..d4cd657 100644 --- a/static/php/includes/Upload.class.php +++ b/static/php/includes/Upload.class.php @@ -72,13 +72,29 @@ class Upload public function uploadFile(): array { (new Settings())->loadConfig(); + (new Upload())->fileInfo(); - if (Settings::$ANTI_DUPE) { - (new Database())->antiDupe(); + if (Settings::$BLACKLIST_DB) { + (new Database())->checkFileBlacklist(); } - (new Upload())->generateName(); + if (Settings::$FILTER_MODE) { + self::checkMimeBlacklist(); + self::checkExtensionBlacklist(); + } + if (Settings::$ANTI_DUPE) { + $result = (new Database())->antiDupe(); + if (isset($result)) { + self::$NEW_NAME_FULL = $result; + } else { + (new Upload())->generateName(); + } + } + + if (!Settings::$ANTI_DUPE) { + (new Upload())->generateName(); + } if (!is_dir(Settings::$FILES_ROOT)) { throw new Exception('File storage path not accessible.', 500); @@ -107,12 +123,13 @@ class Upload 'size' => self::$FILE_SIZE ]; } + public function fileInfo() { if (isset($_FILES['files'])) { $finfo = finfo_open(FILEINFO_MIME_TYPE); self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE); - $extension = explode('.',self::$FILE_NAME,2); + $extension = explode('.', self::$FILE_NAME, 2); self::$FILE_EXTENSION = $extension['1']; finfo_close($finfo); @@ -123,13 +140,32 @@ class Upload } } } + /** * @throws Exception */ - public function generateName(): string + public function checkMimeBlacklist() { - (new Upload())->fileInfo(); + if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) { + throw new Exception('Filetype not allowed.', 415); + } + } + + /** + * @throws Exception + */ + public function checkExtensionBlacklist() + { + if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) { + throw new Exception('Filetype not allowed.', 415); + } + } + /** + * @throws Exception + */ + public function generateName(): string + { do { if (Settings::$FILES_RETRIES === 0) { throw new Exception('Gave up trying to find an unused name!', 500); @@ -140,41 +176,12 @@ class Upload self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))]; } - if(isset(self::$FILE_EXTENSION)){ + if (isset(self::$FILE_EXTENSION)) { self::$NEW_NAME_FULL = self::$NEW_NAME; - self::$NEW_NAME_FULL .= '.'.self::$FILE_EXTENSION; - } - - if (Settings::$BLACKLIST_DB) { - (new Database())->checkFileBlacklist(); - } - - if (Settings::$FILTER_MODE) { - self::checkMimeBlacklist(); - self::checkExtensionBlacklist(); + self::$NEW_NAME_FULL .= '.' . self::$FILE_EXTENSION; } } while ((new Database())->dbCheckNameExists() > 0); return self::$NEW_NAME_FULL; } - - /** - * @throws Exception - */ - public function checkMimeBlacklist() - { - if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) { - throw new Exception('Filetype not allowed.', 415); - } - } - - /** - * @throws Exception - */ - public function checkExtensionBlacklist() - { - if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) { - throw new Exception('Filetype not allowed.', 415); - } - } -} +} \ No newline at end of file