1
0
mirror of https://github.com/nokonoko/Uguu.git synced 2024-01-06 13:35:15 +00:00
uguu/static/php/classes/Upload.php
Go Johansson 99a7284a22 changes
2022-01-21 20:58:25 +01:00

133 lines
4.2 KiB
PHP

<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
require_once 'Database.class.php';
class Upload extends Database, errorReport
{
public $FILE_NAME;
public $FILE_EXTENSION;
public $FILE_MIME;
public $NEW_NAME;
public $NEW_NAME_FULL;
public function fileInfo ($file)
{
if (isset($_FILES['files'])) {
$this->FILE_NAME = '';
$this->FILE_NAME = $file->name;
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$this->FILE_MIME = finfo_file($finfo, $file->tempfile);
finfo_close($finfo);
// Check if extension is a double-dot extension and, if true, override $ext
foreach ($this->DOUBLE_DOTS as $ddot) {
if (stripos(strrev($this->FILE_NAME), $ddot) === 0) {
$this->FILE_EXTENSION = strrev($ddot);
} else {
$this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
}
}
}
}
public function checkFileBlacklist ($hash){
$q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
$q->bindValue(':hash', $hash, PDO::PARAM_STR);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
http_response_code(415);
throw new Exception(
'File blacklisted!',
415
);
exit(0);
}
}
public function checkExtensionBlacklist($ext){
//Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
}
public function checkMimeBlacklist($mime){
//check if MIME is blacklisted
if (in_array($mime, unserialize($this->BLOCKED_MIME))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
}
public function generateName($file)
{
$this->fileInfo($file);
$error = new
do {
// Iterate until we reach the maximum number of retries
if ($this->FILES_RETRIES-- === 0) {
$error->throwError('500', 'Gave up trying to find an unused name', true);
}
for ($i = 0; $i < $this->NAME_LENGTH; ++$i) {
$this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))];
}
// Add the extension to the file name
if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') {
$this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION;
}
// Check if the file hash is blacklisted
if($this->BLACKLIST_DB){
$this->checkFileBlacklist($file->getSha1());
}
// Check if extension or mime is blacklisted
if($this->FILTER_MODE) {
$this->checkMimeBlacklist($this->FILE_MIME);
$this->checkExtensionBlacklist($this->FILE_EXTENSION);
}
// Check if a file with the same name does already exist in the database
$q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
$q->bindValue(':name', $name, PDO::PARAM_STR);
$q->execute();
$result = $q->fetchColumn();
// If it does, generate a new name
} while ($result > 0);
return $name;
}
}