From: John Runyon Date: Wed, 2 Aug 2023 04:23:37 +0000 (-0600) Subject: fix multiple uploads in same request X-Git-Url: https://jfr.im/git/uguu.git/commitdiff_plain/HEAD fix multiple uploads in same request --- diff --git a/src/Classes/Upload.php b/src/Classes/Upload.php index 8821dbc..d5ee641 100644 --- a/src/Classes/Upload.php +++ b/src/Classes/Upload.php @@ -22,7 +22,6 @@ class Upload extends Response { - public array $FILE_INFO; public array $fingerPrintInfo; private mixed $Connector; @@ -40,7 +39,7 @@ $result = []; $files = $this->diverseArray($files); foreach ($files as $file) { - $this->FILE_INFO = [ + $FILE_INFO = [ 'TEMP_NAME' => $file['tmp_name'], 'NAME' => strip_tags($this->checkNameLength($file['name'])), 'SIZE' => $file['size'], @@ -53,26 +52,17 @@ // Check if anti dupe is enabled if ($this->Connector->CONFIG['ANTI_DUPE']) { // Check if hash exists in DB, if it does return the name of the file - $dupeResult = $this->Connector->antiDupe($this->FILE_INFO['SHA1']); + $dupeResult = $this->Connector->antiDupe($FILE_INFO['SHA1']); if ($dupeResult['result']) { - $this->FILE_INFO['FILENAME'] = $dupeResult['name']; - $this->FILE_INFO['DUPE'] = true; + $FILE_INFO['FILENAME'] = $dupeResult['name']; + $FILE_INFO['DUPE'] = true; } } // If its not a dupe then generate a new name - if (!$this->FILE_INFO['DUPE']) { - $this->FILE_INFO['FILENAME'] = $this->generateName($this->FILE_INFO['EXTENSION']); + if (!$FILE_INFO['DUPE']) { + $FILE_INFO['FILENAME'] = $this->generateName($FILE_INFO['EXTENSION']); } - $result[] = [ - $this->FILE_INFO['TEMP_NAME'], - $this->FILE_INFO['NAME'], - $this->FILE_INFO['SIZE'], - $this->FILE_INFO['SHA1'], - $this->FILE_INFO['EXTENSION'], - $this->FILE_INFO['MIME'], - $this->FILE_INFO['DUPE'], - $this->FILE_INFO['FILENAME'], - ]; + $result[] = $FILE_INFO; } return $result; } @@ -120,7 +110,7 @@ * * @return array An array containing the hash, name, url, and size of the file. */ - public function uploadFile():array + public function uploadFile($FILE_INFO):array { switch (true) { case $this->Connector->CONFIG['RATE_LIMIT']: @@ -139,43 +129,43 @@ } // Continue case $this->Connector->CONFIG['BLACKLIST_DB']: - $this->Connector->checkFileBlacklist($this->FILE_INFO['SHA1']); + $this->Connector->checkFileBlacklist($FILE_INFO['SHA1']); // Continue - case $this->Connector->CONFIG['FILTER_MODE'] && empty($this->FILE_INFO['EXTENSION']): - $this->checkMimeBlacklist(); + case $this->Connector->CONFIG['FILTER_MODE'] && empty($FILE_INFO['EXTENSION']): + $this->checkMimeBlacklist($FILE_INFO); // Continue - case $this->Connector->CONFIG['FILTER_MODE'] && !empty($this->FILE_INFO['EXTENSION']): - $this->checkMimeBlacklist(); - $this->checkExtensionBlacklist(); + case $this->Connector->CONFIG['FILTER_MODE'] && !empty($FILE_INFO['EXTENSION']): + $this->checkMimeBlacklist($FILE_INFO); + $this->checkExtensionBlacklist($FILE_INFO); // Continue } // If its not a dupe then skip checking if file can be written and // skip inserting it into the DB. - if (!$this->FILE_INFO['DUPE']) { + if (!$FILE_INFO['DUPE']) { if (!is_dir($this->Connector->CONFIG['FILES_ROOT'])) { $this->Connector->response->error(500, 'File storage path not accessible.'); } if ( !move_uploaded_file( - $this->FILE_INFO['TEMP_NAME'], + $FILE_INFO['TEMP_NAME'], $this->Connector->CONFIG['FILES_ROOT'] . - $this->FILE_INFO['FILENAME'], + $FILE_INFO['FILENAME'], ) ) { $this->Connector->response->error(500, 'Failed to move file to destination.'); } - if (!chmod($this->Connector->CONFIG['FILES_ROOT'] . $this->FILE_INFO['FILENAME'], 0644)) { + if (!chmod($this->Connector->CONFIG['FILES_ROOT'] . $FILE_INFO['FILENAME'], 0644)) { $this->Connector->response->error(500, 'Failed to change file permissions.'); } - $this->Connector->newIntoDB($this->FILE_INFO, $this->fingerPrintInfo); + $this->Connector->newIntoDB($FILE_INFO, $this->fingerPrintInfo); } return [ - 'hash' => $this->FILE_INFO['SHA1'], - 'name' => $this->FILE_INFO['NAME'], - 'filename' => $this->FILE_INFO['FILENAME'], - 'url' => 'https://' . $this->Connector->CONFIG['FILE_DOMAIN'] . '/' . $this->FILE_INFO['FILENAME'], - 'size' => $this->FILE_INFO['SIZE'], - 'dupe' => $this->FILE_INFO['DUPE'], + 'hash' => $FILE_INFO['SHA1'], + 'name' => $FILE_INFO['NAME'], + 'filename' => $FILE_INFO['FILENAME'], + 'url' => 'https://' . $this->Connector->CONFIG['FILE_DOMAIN'] . '/' . $FILE_INFO['FILENAME'], + 'size' => $FILE_INFO['SIZE'], + 'dupe' => $FILE_INFO['DUPE'], ]; } @@ -247,7 +237,7 @@ * * @return string The file extension of the file. */ - public function fileExtension(array $file):string + public function fileExtension(array $file):?string { $extension = explode('.', $file['name']); $dotCount = substr_count($file['name'], '.'); @@ -263,9 +253,9 @@ * > Check if the file's MIME type is in the blacklist * */ - public function checkMimeBlacklist():void + public function checkMimeBlacklist($FILE_INFO):void { - if (in_array($this->FILE_INFO['MIME'], $this->Connector->CONFIG['BLOCKED_MIME'])) { + if (in_array($FILE_INFO['MIME'], $this->Connector->CONFIG['BLOCKED_MIME'])) { $this->Connector->response->error(415, 'Filetype not allowed'); } } @@ -274,9 +264,9 @@ * > Check if the file extension is in the blacklist * */ - public function checkExtensionBlacklist():void + public function checkExtensionBlacklist($FILE_INFO):void { - if (in_array($this->FILE_INFO['EXTENSION'], $this->Connector->CONFIG['BLOCKED_EXTENSIONS'])) { + if (in_array($FILE_INFO['EXTENSION'], $this->Connector->CONFIG['BLOCKED_EXTENSIONS'])) { $this->Connector->response->error(415, 'Filetype not allowed'); } } @@ -316,45 +306,45 @@ return $NEW_NAME; } - private function lookupExtension(string $mimetype):string - { - $types = [ - 'image/gif' => 'gif', - 'image/jpeg' => 'jpg', - 'image/avif' => 'avif', - 'image/png' => 'png', - 'image/tiff' => 'tiff', - 'image/vnd.wap.wbmp' => 'wbmp', - 'image/webp' => 'webp', - 'image/x-icon' => 'ico', - 'image/x-jng' => 'jng', - 'image/x-ms-bmp' => 'bmp', - 'application/pdf' => 'pdf', - 'application/postscript' => 'ps', - 'application/x-7z-compressed' => '7z', - 'application/zip' => 'zip', - 'audio/midi' => 'mid', - 'audio/mpeg' => 'mp3', - 'audio/ogg' => 'ogg', - 'audio/x-m4a' => 'm4a', - 'audio/x-realaudio' => 'ra', - 'video/3gpp' => '3gpp', - 'video/mp2t' => 'ts', - 'video/mp4' => 'mp4', - 'video/mpeg' => 'mpeg', - 'video/quicktime' => 'mov', - 'video/webm' => 'webm', - 'video/x-flv' => 'flv', - 'video/x-m4v' => 'm4v', - 'video/x-mng' => 'mng', - 'video/x-ms-asf' => 'asx', - 'video/x-ms-wmv' => 'wmv', - 'video/x-msvideo' => 'avi', - ]; - if (isset($types[$mimetype])) { - return $types[$mimetype]; - } else { - $this->Connector->response->error(400, 'Unknown MIME type. Add a file extension to your filename.'); - } - } + private function lookupExtension(string $mimetype):string + { + $types = [ + 'image/gif' => 'gif', + 'image/jpeg' => 'jpg', + 'image/avif' => 'avif', + 'image/png' => 'png', + 'image/tiff' => 'tiff', + 'image/vnd.wap.wbmp' => 'wbmp', + 'image/webp' => 'webp', + 'image/x-icon' => 'ico', + 'image/x-jng' => 'jng', + 'image/x-ms-bmp' => 'bmp', + 'application/pdf' => 'pdf', + 'application/postscript' => 'ps', + 'application/x-7z-compressed' => '7z', + 'application/zip' => 'zip', + 'audio/midi' => 'mid', + 'audio/mpeg' => 'mp3', + 'audio/ogg' => 'ogg', + 'audio/x-m4a' => 'm4a', + 'audio/x-realaudio' => 'ra', + 'video/3gpp' => '3gpp', + 'video/mp2t' => 'ts', + 'video/mp4' => 'mp4', + 'video/mpeg' => 'mpeg', + 'video/quicktime' => 'mov', + 'video/webm' => 'webm', + 'video/x-flv' => 'flv', + 'video/x-m4v' => 'm4v', + 'video/x-mng' => 'mng', + 'video/x-ms-asf' => 'asx', + 'video/x-ms-wmv' => 'wmv', + 'video/x-msvideo' => 'avi', + ]; + if (isset($types[$mimetype])) { + return $types[$mimetype]; + } else { + $this->Connector->response->error(400, 'Unknown MIME type. Add a file extension to your filename.'); + } + } } diff --git a/src/static/php/upload.php b/src/static/php/upload.php index 7d73373..ea7a427 100644 --- a/src/static/php/upload.php +++ b/src/static/php/upload.php @@ -30,10 +30,8 @@ $fCount = count($files); $upload->fingerPrint($fCount); $res = []; - $i = 0; - while ($i < $fCount) { - $res[] = $upload->uploadFile(); - $i++; + foreach ($files as $f) { + $res[] = $upload->uploadFile($f); } if (!empty($res)) { $upload->send($res); @@ -45,4 +43,4 @@ if (!isset($_FILES['files']) or empty($_FILES['files'])) { $response->error(400, 'No input file(s)'); } - handleFiles($resType, $_FILES['files']); \ No newline at end of file + handleFiles($resType, $_FILES['files']);