public static function canUpload($file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0)
{
$paramsC = ComponentHelper::getParams('com_phocadownload');
$enable_xss_check = $paramsC->get('enable_xss_check', 1);
if ($frontEnd == 1) {
$aft = $paramsC->get('allowed_file_types_upload', PhocaDownloadSettings::getDefaultAllowedMimeTypesUpload());
$dft = $paramsC->get('disallowed_file_types_upload', '');
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
// 1 ... upload all
// 2 ... upload admin only
// 4 ... upload and download all
// 5 ... upload and download admin only
$ignoreUploadCheck = $paramsC->get('ignore_file_types_check', 2);
if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4) {
$ignoreUploadCh = 1;
}
} else {
$aft = $paramsC->get('allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload());
$dft = $paramsC->get('disallowed_file_types_download', '');
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $paramsC->get('ignore_file_types_check', 2);
if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4 || $ignoreUploadCheck == 2 || $ignoreUploadCheck == 5) {
$ignoreUploadCh = 1;
}
}
$paramsL = array();
$group = PhocaDownloadSettings::getManagerGroup($manager);
if ($group['f'] == 2) {
$paramsL['upload_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['image_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png';
$paramsL['upload_mime_illegal'] = 'application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
} else {
$paramsL['upload_extensions'] = $allowedMimeType['ext'];
$paramsL['image_extensions'] = 'bmp,gif,jpg,png,jpeg';
$paramsL['upload_mime'] = $allowedMimeType['mime'];
$paramsL['upload_mime_illegal'] = $disallowedMimeType['mime'];
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
}
// The file doesn't exist
if (empty($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNING_INPUT_FILE_UPLOAD';
return false;
}
// Not safe file
jimport('joomla.filesystem.file');
if ($file['name'] !== File::makesafe($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNFILENAME';
return false;
}
$format = strtolower(File::getExt($file['name']));
if ($ignoreUploadCh == 1) {
} else {
$allowable = explode(',', $paramsL['upload_extensions']);
$notAllowable = explode(',', $paramsL['upload_ext_illegal']);
if (in_array($format, $notAllowable)) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED';
return false;
}
//if (!in_array($format, $allowable)) {
if ($format == '' || $format == false || !in_array($format, $allowable)) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_NOT_ALLOWED';
return false;
}
}
// Max size of image
// If chunk method is used, we need to get computed size
$maxSize = $paramsC->get('upload_maxsize', 3145728);
if ((int) $frontEnd > 0) {
$maxSize = $paramsC->get('user_file_upload_size', 3145728);
} else {
$maxSize = $paramsC->get('upload_maxsize', 3145728);
}
if ($chunkEnabled == 1) {
if ((int) $maxSize > 0 && (int) $realSize > (int) $maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
} else {
if ((int) $maxSize > 0 && (int) $file['size'] > (int) $maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
}
// User (only in ucp) - Check the size of all files by users
if ($frontEnd == 2) {
$user = Factory::getUser();
$maxUserUploadSize = (int) $paramsC->get('user_files_max_size', 20971520);
$maxUserUploadCount = (int) $paramsC->get('user_files_max_count', 5);
$allFile = PhocaDownloadUser::getUserFileInfo($file, $user->id);
if ($chunkEnabled == 1) {
$fileSize = $realSize;
} else {
$fileSize = $file['size'];
}
if ((int) $maxUserUploadSize > 0 && (int) $allFile['size'] > $maxUserUploadSize) {
$err = Text::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOLARGE');
return false;
}
if ((int) $allFile['count'] > $maxUserUploadCount) {
$err = Text::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOMUCH');
return false;
}
}
// Image check
$imginfo = null;
$images = explode(',', $paramsL['image_extensions']);
if (in_array($format, $images)) {
// if its an image run it through getimagesize
$group = PhocaDownloadSettings::getManagerGroup($manager);
if ($group['i'] == 1) {
if ($chunkEnabled != 1) {
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDIMG';
$err = $imginfo[0];
return false;
}
}
}
} else {
if (!in_array($format, $images)) {
// if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $paramsL['upload_mime']);
$illegal_mime = explode(',', $paramsL['upload_mime_illegal']);
if (function_exists('finfo_open')) {
// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name'], FILEINFO_MIME_TYPE);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
finfo_close($finfo);
} else {
if (function_exists('mime_content_type')) {
// we have mime magic
$type = mime_content_type($file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
}
}
}
}
// XSS Check
if ((int) $enable_xss_check == 3 || (int) $enable_xss_check == 1 && $frontEnd > 0 || (int) $enable_xss_check == 2 && $frontEnd == 0) {
$xss_check = file_get_contents($file['tmp_name'], false, null, -1, 256);
$html_tags = PhocaDownloadSettings::getHTMLTagsUpload();
foreach ($html_tags as $tag) {
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
$err = 'COM_PHOCADOWNLOAD_WARNIEXSS';
return false;
}
}
}
return true;
}