TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change extension checking method

Browse Source 
modifié:         core/lib/Thelia/Config/Resources/config.xml
	modifié:         core/lib/Thelia/Controller/Admin/FileController.php
	supprimé:        core/lib/Thelia/Tools/MimeTypeTools.php
	supprimé:        local/config/mime.types
This commit is contained in:
Benjamin Perche
2014-08-04 10:42:04 +02:00
parent ddcaf9fbab
commit b01a6d9871
4 changed files with 45 additions and 1790 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/lib/Thelia/Config/Resources/config.xml
View File

@@ -137,8 +137,7 @@
<service id="session.listener" class="Thelia\Core\EventListener\SessionListener"> <service id="session.listener" class="Thelia\Core\EventListener\SessionListener">
<tag name="kernel.event_subscriber"/> <tag name="kernel.event_subscriber"/>
</service> </service>
<service id="tools.mime_type" class="Thelia\Tools\MimeTypeTools" />
<!-- Archive builders --> <!-- Archive builders -->
<service id="thelia.manager.archive_builder_manager" class="Thelia\Core\FileFormat\Archive\ArchiveBuilderManager"> <service id="thelia.manager.archive_builder_manager" class="Thelia\Core\FileFormat\Archive\ArchiveBuilderManager">

94
core/lib/Thelia/Controller/Admin/FileController.php
View File

@@ -54,16 +54,6 @@ class FileController extends BaseAdminController
return $this->container->get('thelia.file_manager'); return $this->container->get('thelia.file_manager');
} }
/**
* Get the mime type tools
*
* @return MimeTypeTools
*/
public function getMimeTypeTools()
{
return $this->container->get('tools.mime_type');
}
/** /**
* Manage how a file collection has to be saved * Manage how a file collection has to be saved
* *
@@ -71,7 +61,7 @@ class FileController extends BaseAdminController
* @param string $parentType Parent Type owning files being saved (product, category, content, etc.) * @param string $parentType Parent Type owning files being saved (product, category, content, etc.)
* @param string $objectType Object type, e.g. image or document * @param string $objectType Object type, e.g. image or document
* @param array $validMimeTypes an array of valid mime types. If empty, any mime type is allowed. * @param array $validMimeTypes an array of valid mime types. If empty, any mime type is allowed.
* @param array $blackList an array of blacklisted mime types. * @param array $extBlackList an array of blacklisted extensions.
* @return Response * @return Response
*/ */
public function saveFileAjaxAction( public function saveFileAjaxAction(
@@ -79,7 +69,7 @@ class FileController extends BaseAdminController
$parentType, $parentType,
$objectType, $objectType,
$validMimeTypes = array(), $validMimeTypes = array(),
$blackList = array() $extBlackList = array()
) { ) {
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) { if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) {
return $response; return $response;
@@ -106,51 +96,44 @@ class FileController extends BaseAdminController
return new ResponseRest($message, 'text', 403); return new ResponseRest($message, 'text', 403);
} }
$mimeType = $fileBeingUploaded->getMimeType();
$mimeTypeTools = $this->getMimeTypeTools();
$validateMimeType = $mimeTypeTools
->validateMimeTypeExtension(
$mimeType,
$fileBeingUploaded->getClientOriginalName()
);
$message = null; $message = null;
$realFileName = $fileBeingUploaded->getClientOriginalName();
if ($validateMimeType === $mimeTypeTools::TYPE_NOT_MATCH) {
$message = $this->getTranslator()
->trans(
"There's a conflict between your file extension \"%ext\" and the mime type \"%mime\"",
[
'%mime' => $mimeType,
'%ext' => $fileBeingUploaded->getClientOriginalExtension()
]
);
}
if (! empty($validMimeTypes)) { if (! empty($validMimeTypes)) {
$mimeType = $fileBeingUploaded->getMimeType();
// Check if we have the proper file type if (!isset($validMimeTypes[$mimeType])) {
$isValid = false;
if (in_array($mimeType, $validMimeTypes)) {
$isValid = true;
}
if (! $isValid) {
$message = $this->getTranslator() $message = $this->getTranslator()
->trans( ->trans(
'Only files having the following mime type are allowed: %types%', 'Only files having the following mime type are allowed: %types%',
[ '%types%' => implode(', ', $validMimeTypes)] [ '%types%' => implode(', ', $validMimeTypes)]
); );
} }
}
if (!empty($blackList)) { $regex = "#(".implode("|", $validMimeTypes[$mimeType]).")$#i";
if (in_array($mimeType, $blackList)) {
if (!preg_match($regex, $realFileName)) {
$message = $this->getTranslator() $message = $this->getTranslator()
->trans( ->trans(
'Files with the following mime type are not allowed: %type, please do an archive of the file if you want to upload it', "There's a conflict between your file extension \"%ext\" and the mime type \"%mime\"",
[ '%type' => $mimeType] [
'%mime' => $mimeType,
'%ext' => $fileBeingUploaded->getClientOriginalExtension()
]
);
}
}
if (!empty($extBlackList)) {
$regex = "#(".implode("|", $extBlackList).")$#i";
if (preg_match($regex, $realFileName)) {
$message = $this->getTranslator()
->trans(
'Files with the following extension are not allowed: %extension, please do an archive of the file if you want to upload it',
[
'%extension' => $fileBeingUploaded->getClientOriginalExtension(),
]
); );
} }
} }
@@ -219,7 +202,16 @@ class FileController extends BaseAdminController
*/ */
public function saveImageAjaxAction($parentId, $parentType) public function saveImageAjaxAction($parentId, $parentType)
{ {
return $this->saveFileAjaxAction($parentId, $parentType, 'image', ['image/jpeg' , 'image/png' ,'image/gif']); return $this->saveFileAjaxAction(
$parentId,
$parentType,
'image',
[
'image/jpeg' => ["jpg", "jpeg"],
'image/png' => ["png"],
'image/gif' => ["gif"],
]
);
} }
/** /**
@@ -238,11 +230,13 @@ class FileController extends BaseAdminController
'document', 'document',
[], [],
[ [
'text/x-php', "php",
'application/x-httpd-php', "php3",
'application/x-httpd-php3', "php4",
'application/x-httpd-php4', "php5",
'application/x-httpd-php5', "php6",
"asp",
"aspx",
] ]
); );
} }

143
core/lib/Thelia/Tools/MimeTypeTools.php
View File

@@ -1,143 +0,0 @@
<?php
/*************************************************************************************/
/* This file is part of the Thelia package. */
/* */
/* Copyright (c) OpenStudio */
/* email : dev@thelia.net */
/* web : http://www.thelia.net */
/* */
/* For the full copyright and license information, please view the LICENSE.txt */
/* file that was distributed with this source code. */
/*************************************************************************************/
namespace Thelia\Tools;
use Thelia\Core\Translation\Translator;
use Thelia\Exception\FileException;
/**
* Class MimeTypeTools
* @package Thelia\Tools
* @author Benjamin Perche <bperche@openstudio.fr>
*/
class MimeTypeTools
{
const TYPES_FILE = "local/config/mime.types";
const TYPE_UNKNOWN = 0;
const TYPE_NOT_MATCH = 1;
const TYPE_MATCH = 2;
protected static $typesCache;
/**
* @param $mimeType
* @return array|bool
*/
public function guessExtensionsFromMimeType($mimeType)
{
if (null === static::$typesCache) {
static::$typesCache = $this->parseFile();
}
if (!is_scalar($mimeType) || !isset(static::$typesCache[$mimeType])) {
return false;
}
return static::$typesCache[$mimeType];
}
/**
* @param $mimeType
* @param $fileName
* @return bool
*/
public function validateMimeTypeExtension($mimeType, $fileName)
{
$mimeType = strtolower($mimeType);
$extensions = $this->guessExtensionsFromMimeType($mimeType);
if (false === $extensions || !is_scalar($fileName)) {
return static::TYPE_UNKNOWN;
}
$extensions = implode("|", $extensions);
$oneMatch = preg_match("#\.$extensions{1}$#i", $fileName);
return (bool) $oneMatch ? static::TYPE_MATCH : static::TYPE_NOT_MATCH;
}
/**
* @param null $filePath
* @return array
* @throws \Thelia\Exception\FileException
*/
public function parseFile($filePath = null)
{
if (null === $filePath) {
$filePath = THELIA_ROOT . static::TYPES_FILE;
}
$fileHandle = @fopen($filePath, "r");
if ($fileHandle === false) {
throw new FileException(
Translator::getInstance()->trans(
"The file %file could not be opened",
[
"%file" => $filePath,
]
)
);
}
$typesArray = [];
while (false !== $line = fgets($fileHandle)) {
$line = $this->realTrim($line);
$line = preg_replace("#\#.*$#", "", $line);
$table = explode(" ", $line);
$mime = array_shift($table);
if (!empty($table) && !empty($mime)) {
$typesArray[$mime] = $table;
}
}
if (!feof($fileHandle)) {
throw new FileException(
Translator::getInstance()->trans(
"An error occurred while reading the file %file",
[
"%file" => $filePath,
]
)
);
}
return $typesArray;
}
/**
* @param $string
* @param string $characterMask
* @return mixed|string
*/
public function realTrim($string, $characterMask = "\t\n\r ")
{
$string = trim($string, $characterMask);
$charLen = strlen($characterMask);
$string = preg_replace(
"#[$characterMask]+#",
" ",
$string
);
return $string;
}
}

1595
local/config/mime.types
View File

File diff suppressed because it is too large Load Diff