phangoapp/phamodels
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security fixes in filedfield and imagefield

Browse source
This commit is contained in:
Antonio de la Rosa 2016-12-08 04:42:29 +01:00
parent 83392e732e
commit 001ee79c2a
2 changed files with 179 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

74
src/CoreFields/FileField.php
View file

@ -60,44 +60,58 @@ class FileField extends PhangoField {
if($_FILES[$file_field]['tmp_name']!='') if($_FILES[$file_field]['tmp_name']!='')
{ {
if(is_uploaded_file($_FILES[$file_field]['tmp_name']))
$name_file=basename($_FILES[$file_field]['tmp_name']);
if($this->prefix_id)
{ {
$name_file=hash('sha256', (call_user_func_array($this->func_token, array(25)))).'_'.$name_file; $name_file=basename($_FILES[$file_field]['tmp_name']);
if($this->prefix_id)
{
$name_file=hash('sha256', (call_user_func_array($this->func_token, array(25)))).'_'.$name_file;
}
if( move_uploaded_file ( $_FILES[$file_field]['tmp_name'] , $this->path.'/'.$name_file ) )
{
if($old_file!='')
{
if(!@unlink($this->path.'/'.$old_file))
{
$this->std_error=I18n::lang('common', 'cannot_delete_old_file', 'Cannot delete old files, please, check permissions');
}
}
return $name_file;
//return $this->path.'/'.$_FILES[$file]['name'];
}
else
{
$this->std_error=I18n::lang('common', 'error_cannot_upload_this_file_to_the_server', 'Error: Cannot upload this file to the server');
$this->error=1;
return '';
}
} }
else
{
if( move_uploaded_file ( $_FILES[$file_field]['tmp_name'] , $this->path.'/'.$name_file ) ) $this->std_error=I18n::lang('common', 'error_cannot_upload_this_file_to_the_server', 'Error: Cannot upload this file to the server');
{
if($old_file!='') $this->error=1;
{
if(!@unlink($this->path.'/'.$old_file)) return '';
{
$this->std_error=I18n::lang('common', 'cannot_delete_old_file', 'Cannot delete old files, please, check permissions');
}
} }
return $name_file;
//return $this->path.'/'.$_FILES[$file]['name'];
}
else
{
$this->std_error=I18n::lang('common', 'error_cannot_upload_this_file_to_the_server', 'Error: Cannot upload this file to the server');
$this->error=1;
return '';
}
} }

163
src/CoreFields/ImageField.php
View file

@ -78,129 +78,142 @@ class ImageField extends PhangoField {
if(trim($_FILES[$file_name]['tmp_name'])!=='') if(trim($_FILES[$file_name]['tmp_name'])!=='')
{ {
if(is_uploaded_file($_FILES[$file_name]['tmp_name']))
$name_image=$_FILES[$file_name]['name'];
$base_name_image=basename($name_image);
$file_extension=pathinfo($base_name_image, PATHINFO_EXTENSION);
$base_name_image=str_replace('.'.$file_extension, '', $base_name_image);
$name_image=$base_name_image.'.jpg';
if($this->prefix_id)
{ {
$name_image=hash('sha256', (call_user_func_array($this->func_token, array(25)))).'_'.$name_image; $name_image=$_FILES[$file_name]['name'];
} $base_name_image=basename($name_image);
$manager = new ImageManager(array('driver' => $this->driver)); $file_extension=pathinfo($base_name_image, PATHINFO_EXTENSION);
if( ($image=$manager->make($_FILES[$file_name]['tmp_name']))!=false) $base_name_image=str_replace('.'.$file_extension, '', $base_name_image);
{
if($old_image!='') $name_image=$base_name_image.'.jpg';
{
if(!@unlink($this->path.'/'.$old_image)) if($this->prefix_id)
{ {
$this->std_error=I18n::lang('common', 'cannot_delete_old_image', 'Cannot delete old images, please, check permissions');
}
$base_old_image=basename($old_image); $name_image=hash('sha256', (call_user_func_array($this->func_token, array(25)))).'_'.$name_image;
foreach($this->img_width as $prefix => $width) }
{
if(!@unlink($this->path.'/'.$prefix.'_'.$base_old_image)) $manager = new ImageManager(array('driver' => $this->driver));
{
// $this->error=true; if( ($image=$manager->make($_FILES[$file_name]['tmp_name']))!=false)
{
$this->std_error=I18n::lang('common', 'cannot_delete_old_image', 'Cannot delete old thumb images, please, check permissions'); if($old_image!='')
} {
} if(!@unlink($this->path.'/'.$old_image))
} {
$this->std_error=I18n::lang('common', 'cannot_delete_old_image', 'Cannot delete old images, please, check permissions');
}
$image->backup(); $base_old_image=basename($old_image);
//$with= foreach($this->img_width as $prefix => $width)
{
//if(make('foo.jpg')->resize(300, 200)->save('bar.jpg'); if(!@unlink($this->path.'/'.$prefix.'_'.$base_old_image))
{
$real_size=$image->width(); // $this->error=true;
$max_size=0; $this->std_error=I18n::lang('common', 'cannot_delete_old_image', 'Cannot delete old thumb images, please, check permissions');
}
if(isset($this->img_width[''])) }
{ }
if($this->img_width['']<$real_size) $image->backup();
{
$max_size=$this->img_width['']; //$with=
unset($this->img_width['']); //if(make('foo.jpg')->resize(300, 200)->save('bar.jpg');
} $real_size=$image->width();
} $max_size=0;
if($this->thumb) if(isset($this->img_width['']))
{ {
foreach($this->img_width as $prefix => $width) if($this->img_width['']<$real_size)
{ {
$image->reset(); $max_size=$this->img_width[''];
//In nexts versions, save in tmp and move with ftp copy. unset($this->img_width['']);
if(!$image->resize($width, null, function ($constraint) {$constraint->aspectRatio();})->encode('jpg', $this->quality_jpeg)->save($this->path.'/'.$prefix.'_'.$name_image)) }
{
$this->error=true; }
$this->std_error=I18n::lang('common', 'cannot_save_images', 'Cannot save images. Please, check permissions'); if($this->thumb)
{
} foreach($this->img_width as $prefix => $width)
{
} $image->reset();
} //In nexts versions, save in tmp and move with ftp copy.
//Copy the image if(!$image->resize($width, null, function ($constraint) {$constraint->aspectRatio();})->encode('jpg', $this->quality_jpeg)->save($this->path.'/'.$prefix.'_'.$name_image))
{
$image->reset(); $this->error=true;
if($max_size>0) $this->std_error=I18n::lang('common', 'cannot_save_images', 'Cannot save images. Please, check permissions');
{
$image->resize( $max_size, null, function ($constraint) {$constraint->aspectRatio();}); }
} }
if(!$image->encode('jpg', $this->quality_jpeg)->save($this->path.'/'.$name_image)) }
{
//Copy the image
$image->reset();
if($max_size>0)
{
$image->resize( $max_size, null, function ($constraint) {$constraint->aspectRatio();});
}
if(!$image->encode('jpg', $this->quality_jpeg)->save($this->path.'/'.$name_image))
{
$this->error=1;
$this->std_error=I18n::lang('common', 'cannot_save_images', 'Cannot save images, please, check permissions');
return '';
}
return $name_image;
}
else
{
$this->std_error=I18n::lang('common', 'no_valid_image', 'This image is wrong');
$this->error=1; $this->error=1;
$this->std_error=I18n::lang('common', 'cannot_save_images', 'Cannot save images, please, check permissions'); return '';
return '';
}
return $name_image;
}
} }
else else
{ {
$this->std_error=I18n::lang('common', 'no_valid_image', 'This image is wrong'); $this->std_error=I18n::lang('common', 'no_valid_image', 'This image is not upload');
$this->error=1; $this->error=1;