Search

Methods

Back to PhocacartFileUpload class

Method canUpload

public static
canUpload
(mixed $file, mixed &$err, mixed $manager = '', mixed $frontEnd = 0, mixed $chunkEnabled = 0, mixed $realSize = 0)
Class: PhocacartFileUpload
Project: Phoca Cart

Method canUpload - Source code

public static function canUpload($file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0)
{
    $paramsC = PhocacartUtils::getComponentParameters();
    if ($frontEnd == 1) {
        $aft = $paramsC->get('allowed_file_types_upload_frontend', '{gif=image/gif}{jpeg=image/jpeg}{jpg=image/jpeg}{png=image/png}{webp=image/webp}');
        //$dft = $paramsC->get( 'disallowed_file_types_upload', '' );
        $allowedMimeType = PhocacartFile::getMimeTypeString($aft);
        //$disallowedMimeType = PhocacartFile::getMimeTypeString($dft);
        $ignoreUploadCh = 0;
        $ignoreUploadCheck = $paramsC->get('ignore_file_types_check', 0);
        if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4) {
            $ignoreUploadCh = 1;
        }
    } else {
        $aft = $paramsC->get('allowed_file_types_upload_backend', '{gif=image/gif}{jpeg=image/jpeg}{jpg=image/jpeg}{png=image/png}{webp=image/webp}{tar=application/x-tar}{tgz=application/x-tar}{zip=application/x-zip}{rar=application/x-rar-compressed}{tar=application/tar}{tgz=application/tar}{zip=application/zip}{rar=application/rar-compressed}{pdf=application/pdf}{txt=text/plain}{xml=text/xml}{doc=application/msword}{xls=application/vnd.ms-excel}{ppt=application/powerpoint}{odt=application/vnd.oasis.opendocument.text}{ods=application/vnd.oasis.opendocument.spreadsheet}{odp=application/vnd.oasis.opendocument.presentation}{docx=application/vnd.openxmlformats-officedocument.wordprocessingml.document}{xlsx=application/vnd.openxmlformats-officedocument.spreadsheetml.sheet}{pptx=application/vnd.openxmlformats-officedocument.presentationml.presentation}{mp3=audio/mpeg}{mp4=video/mp4}');
        //$dft = $paramsC->get( 'disallowed_file_types_download', '' );
        $allowedMimeType = PhocacartFile::getMimeTypeString($aft);
        //$disallowedMimeType = PhocacartFile::getMimeTypeString($dft);
        $ignoreUploadCh = 0;
        $ignoreUploadCheck = $paramsC->get('ignore_file_types_check', 0);
        if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 5) {
            $ignoreUploadCh = 1;
        }
    }
    $paramsL = array();
    $group = PhocacartUtilsSettings::getManagerGroup($manager);
    $paramsL['upload_extensions'] = $allowedMimeType['ext'];
    $paramsL['image_extensions'] = 'gif,jpg,png,jpeg,webp';
    $paramsL['upload_mime'] = $allowedMimeType['mime'];
    //$paramsL['upload_mime_illegal']	='application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
    //$paramsL['upload_ext_illegal']	= $disallowedMimeType['ext'];
    // The file doesn't exist
    if (empty($file['name'])) {
        $err = 'COM_PHOCACART_WARNING_INPUT_FILE_UPLOAD';
        return false;
    }
    // Not safe file
    jimport('joomla.filesystem.file');
    if ($file['name'] !== File::makesafe($file['name'])) {
        $err = 'COM_PHOCACART_WARNFILENAME';
        return false;
    }
    $format = strtolower(File::getExt($file['name']));
    if ($ignoreUploadCh == 1) {
    } else {
        $allowable = explode(',', $paramsL['upload_extensions']);
        $allowableImage = explode(',', $paramsL['image_extensions']);
        /*$notAllowable 	= explode( ',', $paramsL['upload_ext_illegal']);
          if(in_array($format, $notAllowable)) {
              $err = 'COM_PHOCACART_WARNFILETYPE_DISALLOWED';
              return false;
          }*/
        //if (!in_array($format, $allowable)) {
        // Check file extensions able to upload
        if ($format == '' || $format == false || !in_array($format, $allowable)) {
            $err = 'COM_PHOCACART_WARNFILETYPE_NOT_ALLOWED';
            return false;
        }
        // Some views can only upload images, so additional check to allowed file mime types
        if ($group['i'] == 1) {
            if (!in_array($format, $allowableImage)) {
                $err = 'COM_PHOCACART_WARNFILETYPE_NOT_ALLOWED';
                return false;
            }
        }
    }
    // Max size of image
    // If chunk method is used, we need to get computed size
    if ((int) $frontEnd > 0) {
        $maxSize = $paramsC->get('upload_maxsize_frontend', 3145728);
    } else {
        $maxSize = $paramsC->get('upload_maxsize', 3145728);
    }
    if ($chunkEnabled == 1) {
        if ((int) $maxSize > 0 && (int) $realSize > (int) $maxSize) {
            $err = 'COM_PHOCACART_WARNFILETOOLARGE';
            return false;
        }
    } else {
        if ((int) $maxSize > 0 && (int) $file['size'] > (int) $maxSize) {
            $err = 'COM_PHOCACART_WARNFILETOOLARGE';
            return false;
        }
    }
    // User (only in ucp) - Check the size of all files by users
    /*if ($frontEnd == 2) {
                $user 				= PhocacartUser::getUser();
                $maxUserUploadSize 	= (int)$paramsC->get( 'user_files_max_size', 20971520 );
                $maxUserUploadCount	= (int)$paramsC->get( 'user_files_max_count', 5 );
                $allFile	= PhocacartUser:: getUserFileInfo($file, $user->id);
    
                if ($chunkEnabled == 1) {
                    $fileSize = $realSize;
                } else {
                    $fileSize = $file['size'];
                }
    
                if ((int)$maxUserUploadSize > 0 && (int) $allFile['size'] > $maxUserUploadSize) {
                    $err = Text::_('COM_PHOCACART_WARNUSERFILESTOOLARGE');
                    return false;
                }
    
                if ((int) $allFile['count'] > $maxUserUploadCount) {
                    $err = Text::_('COM_PHOCACART_WARNUSERFILESTOOMUCH');
                    return false;
                }
            }*/
    // Image check
    $imginfo = null;
    $images = explode(',', $paramsL['image_extensions']);
    if (in_array($format, $images)) {
        // if its an image run it through getimagesize
        if ($group['i'] == 1) {
            if ($chunkEnabled != 1) {
                if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
                    $err = 'COM_PHOCACART_WARNINVALIDIMG';
                    if (isset($imginfo[0]) && $imginfo[0] != '') {
                        $err = $imginfo[0];
                    }
                    return false;
                }
            }
        }
    } else {
        if (!in_array($format, $images)) {
            // if its not an image...and we're not ignoring it
            $allowed_mime = explode(',', $paramsL['upload_mime']);
            //$illegal_mime = explode(',', $paramsL['upload_mime_illegal']);
            if (function_exists('finfo_open')) {
                // We have fileinfo
                $finfo = finfo_open(FILEINFO_MIME);
                $type = finfo_file($finfo, $file['tmp_name'], FILEINFO_MIME_TYPE);
                if (strlen($type) && !in_array($type, $allowed_mime)) {
                    $err = 'COM_PHOCACART_WARNINVALIDMIME';
                    return false;
                }
                finfo_close($finfo);
            } else {
                if (function_exists('mime_content_type')) {
                    // we have mime magic
                    $type = mime_content_type($file['tmp_name']);
                    if (strlen($type) && !in_array($type, $allowed_mime)) {
                        $err = 'COM_PHOCACART_WARNINVALIDMIME';
                        return false;
                    }
                }
            }
        }
    }
    // XSS Check
    $xss_check = file_get_contents($file['tmp_name'], false, null, -1, 256);
    $html_tags = PhocacartUtilsSettings::getHTMLTagsUpload();
    foreach ($html_tags as $tag) {
        // A tag is '<tagname ', so we need to add < and a space or '<tagname>'
        if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
            $err = 'COM_PHOCACART_WARNIEXSS';
            return false;
        }
    }
    return true;
}