Subversion-Projekte lars-tiefland.ci

<?php

/**

 * CodeIgniter

 *

 * An open source application development framework for PHP

 *

 * This content is released under the MIT License (MIT)

 *

 * Copyright (c) 2014 - 2018, British Columbia Institute of Technology

 *

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

 * THE SOFTWARE.

 *

 * @package	CodeIgniter

 * @author	EllisLab Dev Team

 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)

 * @copyright	Copyright (c) 2014 - 2018, British Columbia Institute of Technology (http://bcit.ca/)

 * @license	http://opensource.org/licenses/MIT	MIT License

 * @link	https://codeigniter.com

 * @since	Version 1.0.0

 * @filesource

 */

defined('BASEPATH') OR exit('No direct script access allowed');

/**

 * File Uploading Class

 *

 * @package		CodeIgniter

 * @subpackage	Libraries

 * @category	Uploads

 * @author		EllisLab Dev Team

 * @link		https://codeigniter.com/user_guide/libraries/file_uploading.html

 */

class CI_Upload {

	/**

	 * Maximum file size

	 *

	 * @var	int

	 */

	public $max_size = 0;

	/**

	 * Maximum image width

	 *

	 * @var	int

	 */

	public $max_width = 0;

	/**

	 * Maximum image height

	 *

	 * @var	int

	 */

	public $max_height = 0;

	/**

	 * Minimum image width

	 *

	 * @var	int

	 */

	public $min_width = 0;

	/**

	 * Minimum image height

	 *

	 * @var	int

	 */

	public $min_height = 0;

	/**

	 * Maximum filename length

	 *

	 * @var	int

	 */

	public $max_filename = 0;

	/**

	 * Maximum duplicate filename increment ID

	 *

	 * @var	int

	 */

	public $max_filename_increment = 100;

	/**

	 * Allowed file types

	 *

	 * @var	string

	 */

	public $allowed_types = '';

	/**

	 * Temporary filename

	 *

	 * @var	string

	 */

	public $file_temp = '';

	/**

	 * Filename

	 *

	 * @var	string

	 */

	public $file_name = '';

	/**

	 * Original filename

	 *

	 * @var	string

	 */

	public $orig_name = '';

	/**

	 * File type

	 *

	 * @var	string

	 */

	public $file_type = '';

	/**

	 * File size

	 *

	 * @var	int

	 */

	public $file_size = NULL;

	/**

	 * Filename extension

	 *

	 * @var	string

	 */

	public $file_ext = '';

	/**

	 * Force filename extension to lowercase

	 *

	 * @var	string

	 */

	public $file_ext_tolower = FALSE;

	/**

	 * Upload path

	 *

	 * @var	string

	 */

	public $upload_path = '';

	/**

	 * Overwrite flag

	 *

	 * @var	bool

	 */

	public $overwrite = FALSE;

	/**

	 * Obfuscate filename flag

	 *

	 * @var	bool

	 */

	public $encrypt_name = FALSE;

	/**

	 * Is image flag

	 *

	 * @var	bool

	 */

	public $is_image = FALSE;

	/**

	 * Image width

	 *

	 * @var	int

	 */

	public $image_width = NULL;

	/**

	 * Image height

	 *

	 * @var	int

	 */

	public $image_height = NULL;

	/**

	 * Image type

	 *

	 * @var	string

	 */

	public $image_type = '';

	/**

	 * Image size string

	 *

	 * @var	string

	 */

	public $image_size_str = '';

	/**

	 * Error messages list

	 *

	 * @var	array

	 */

	public $error_msg = array();

	/**

	 * Remove spaces flag

	 *

	 * @var	bool

	 */

	public $remove_spaces = TRUE;

	/**

	 * MIME detection flag

	 *

	 * @var	bool

	 */

	public $detect_mime = TRUE;

	/**

	 * XSS filter flag

	 *

	 * @var	bool

	 */

	public $xss_clean = FALSE;

	/**

	 * Apache mod_mime fix flag

	 *

	 * @var	bool

	 */

	public $mod_mime_fix = TRUE;

	/**

	 * Temporary filename prefix

	 *

	 * @var	string

	 */

	public $temp_prefix = 'temp_file_';

	/**

	 * Filename sent by the client

	 *

	 * @var	bool

	 */

	public $client_name = '';

	// --------------------------------------------------------------------

	/**

	 * Filename override

	 *

	 * @var	string

	 */

	protected $_file_name_override = '';

	/**

	 * MIME types list

	 *

	 * @var	array

	 */

	protected $_mimes = array();

	/**

	 * CI Singleton

	 *

	 * @var	object

	 */

	protected $_CI;

	// --------------------------------------------------------------------

	/**

	 * Constructor

	 *

	 * @param	array	$config

	 * @return	void

	 */

	public function __construct($config = array())

	{

		empty($config) OR $this->initialize($config, FALSE);

		$this->_mimes =& get_mimes();

		$this->_CI =& get_instance();

		log_message('info', 'Upload Class Initialized');

	}

	// --------------------------------------------------------------------

	/**

	 * Initialize preferences

	 *

	 * @param	array	$config

	 * @param	bool	$reset

	 * @return	CI_Upload

	 */

	public function initialize(array $config = array(), $reset = TRUE)

	{

		$reflection = new ReflectionClass($this);

		if ($reset === TRUE)

		{

			$defaults = $reflection->getDefaultProperties();

			foreach (array_keys($defaults) as $key)

			{

				if ($key[0] === '_')

				{

					continue;

				}

				if (isset($config[$key]))

				{

					if ($reflection->hasMethod('set_'.$key))

					{

						$this->{'set_'.$key}($config[$key]);

					}

					else

					{

						$this->$key = $config[$key];

					}

				}

				else

				{

					$this->$key = $defaults[$key];

				}

			}

		}

		else

		{

			foreach ($config as $key => &$value)

			{

				if ($key[0] !== '_' && $reflection->hasProperty($key))

				{

					if ($reflection->hasMethod('set_'.$key))

					{

						$this->{'set_'.$key}($value);

					}

					else

					{

						$this->$key = $value;

					}

				}

			}

		}

		// if a file_name was provided in the config, use it instead of the user input

		// supplied file name for all uploads until initialized again

		$this->_file_name_override = $this->file_name;

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Perform the file upload

	 *

	 * @param	string	$field

	 * @return	bool

	 */

	public function do_upload($field = 'userfile')

	{

		// Is $_FILES[$field] set? If not, no reason to continue.

		if (isset($_FILES[$field]))

		{

			$_file = $_FILES[$field];

		}

		// Does the field name contain array notation?

		elseif (($c = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $field, $matches)) > 1)

		{

			$_file = $_FILES;

			for ($i = 0; $i < $c; $i++)

			{

				// We can't track numeric iterations, only full field names are accepted

				if (($field = trim($matches[0][$i], '[]')) === '' OR ! isset($_file[$field]))

				{

					$_file = NULL;

					break;

				}

				$_file = $_file[$field];

			}

		}

		if ( ! isset($_file))

		{

			$this->set_error('upload_no_file_selected', 'debug');

			return FALSE;

		}

		// Is the upload path valid?

		if ( ! $this->validate_upload_path())

		{

			// errors will already be set by validate_upload_path() so just return FALSE

			return FALSE;

		}

		// Was the file able to be uploaded? If not, determine the reason why.

		if ( ! is_uploaded_file($_file['tmp_name']))

		{

			$error = isset($_file['error']) ? $_file['error'] : 4;

			switch ($error)

			{

				case UPLOAD_ERR_INI_SIZE:

					$this->set_error('upload_file_exceeds_limit', 'info');

					break;

				case UPLOAD_ERR_FORM_SIZE:

					$this->set_error('upload_file_exceeds_form_limit', 'info');

					break;

				case UPLOAD_ERR_PARTIAL:

					$this->set_error('upload_file_partial', 'debug');

					break;

				case UPLOAD_ERR_NO_FILE:

					$this->set_error('upload_no_file_selected', 'debug');

					break;

				case UPLOAD_ERR_NO_TMP_DIR:

					$this->set_error('upload_no_temp_directory', 'error');

					break;

				case UPLOAD_ERR_CANT_WRITE:

					$this->set_error('upload_unable_to_write_file', 'error');

					break;

				case UPLOAD_ERR_EXTENSION:

					$this->set_error('upload_stopped_by_extension', 'debug');

					break;

				default:

					$this->set_error('upload_no_file_selected', 'debug');

					break;

			}

			return FALSE;

		}

		// Set the uploaded data as class variables

		$this->file_temp = $_file['tmp_name'];

		$this->file_size = $_file['size'];

		// Skip MIME type detection?

		if ($this->detect_mime !== FALSE)

		{

			$this->_file_mime_type($_file);

		}

		$this->file_type = preg_replace('/^(.+?);.*$/', '\\1', $this->file_type);

		$this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));

		$this->file_name = $this->_prep_filename($_file['name']);

		$this->file_ext	 = $this->get_extension($this->file_name);

		$this->client_name = $this->file_name;

		// Is the file type allowed to be uploaded?

		if ( ! $this->is_allowed_filetype())

		{

			$this->set_error('upload_invalid_filetype', 'debug');

			return FALSE;

		}

		// if we're overriding, let's now make sure the new name and type is allowed

		if ($this->_file_name_override !== '')

		{

			$this->file_name = $this->_prep_filename($this->_file_name_override);

			// If no extension was provided in the file_name config item, use the uploaded one

			if (strpos($this->_file_name_override, '.') === FALSE)

			{

				$this->file_name .= $this->file_ext;

			}

			else

			{

				// An extension was provided, let's have it!

				$this->file_ext	= $this->get_extension($this->_file_name_override);

			}

			if ( ! $this->is_allowed_filetype(TRUE))

			{

				$this->set_error('upload_invalid_filetype', 'debug');

				return FALSE;

			}

		}

		// Convert the file size to kilobytes

		if ($this->file_size > 0)

		{

			$this->file_size = round($this->file_size/1024, 2);

		}

		// Is the file size within the allowed maximum?

		if ( ! $this->is_allowed_filesize())

		{

			$this->set_error('upload_invalid_filesize', 'info');

			return FALSE;

		}

		// Are the image dimensions within the allowed size?

		// Note: This can fail if the server has an open_basedir restriction.

		if ( ! $this->is_allowed_dimensions())

		{

			$this->set_error('upload_invalid_dimensions', 'info');

			return FALSE;

		}

		// Sanitize the file name for security

		$this->file_name = $this->_CI->security->sanitize_filename($this->file_name);

		// Truncate the file name if it's too long

		if ($this->max_filename > 0)

		{

			$this->file_name = $this->limit_filename_length($this->file_name, $this->max_filename);

		}

		// Remove white spaces in the name

		if ($this->remove_spaces === TRUE)

		{

			$this->file_name = preg_replace('/\s+/', '_', $this->file_name);

		}

		if ($this->file_ext_tolower && ($ext_length = strlen($this->file_ext)))

		{

			// file_ext was previously lower-cased by a get_extension() call

			$this->file_name = substr($this->file_name, 0, -$ext_length).$this->file_ext;

		}

		/*

		 * Validate the file name

		 * This function appends an number onto the end of

		 * the file if one with the same name already exists.

		 * If it returns false there was a problem.

		 */

		$this->orig_name = $this->file_name;

		if (FALSE === ($this->file_name = $this->set_filename($this->upload_path, $this->file_name)))

		{

			return FALSE;

		}

		/*

		 * Run the file through the XSS hacking filter

		 * This helps prevent malicious code from being

		 * embedded within a file. Scripts can easily

		 * be disguised as images or other file types.

		 */

		if ($this->xss_clean && $this->do_xss_clean() === FALSE)

		{

			$this->set_error('upload_unable_to_write_file', 'error');

			return FALSE;

		}

		/*

		 * Move the file to the final destination

		 * To deal with different server configurations

		 * we'll attempt to use copy() first. If that fails

		 * we'll use move_uploaded_file(). One of the two should

		 * reliably work in most environments

		 */

		if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name))

		{

			if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name))

			{

				$this->set_error('upload_destination_error', 'error');

				return FALSE;

			}

		}

		/*

		 * Set the finalized image dimensions

		 * This sets the image width/height (assuming the

		 * file was an image). We use this information

		 * in the "data" function.

		 */

		$this->set_image_properties($this->upload_path.$this->file_name);

		return TRUE;

	}

	// --------------------------------------------------------------------

	/**

	 * Finalized Data Array

	 *

	 * Returns an associative array containing all of the information

	 * related to the upload, allowing the developer easy access in one array.

	 *

	 * @param	string	$index

	 * @return	mixed

	 */

	public function data($index = NULL)

	{

		$data = array(

				'file_name'		=> $this->file_name,

				'file_type'		=> $this->file_type,

				'file_path'		=> $this->upload_path,

				'full_path'		=> $this->upload_path.$this->file_name,

				'raw_name'		=> substr($this->file_name, 0, -strlen($this->file_ext)),

				'orig_name'		=> $this->orig_name,

				'client_name'		=> $this->client_name,

				'file_ext'		=> $this->file_ext,

				'file_size'		=> $this->file_size,

				'is_image'		=> $this->is_image(),

				'image_width'		=> $this->image_width,

				'image_height'		=> $this->image_height,

				'image_type'		=> $this->image_type,

				'image_size_str'	=> $this->image_size_str,

			);

		if ( ! empty($index))

		{

			return isset($data[$index]) ? $data[$index] : NULL;

		}

		return $data;

	}

	// --------------------------------------------------------------------

	/**

	 * Set Upload Path

	 *

	 * @param	string	$path

	 * @return	CI_Upload

	 */

	public function set_upload_path($path)

	{

		// Make sure it has a trailing slash

		$this->upload_path = rtrim($path, '/').'/';

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Set the file name

	 *

	 * This function takes a filename/path as input and looks for the

	 * existence of a file with the same name. If found, it will append a

	 * number to the end of the filename to avoid overwriting a pre-existing file.

	 *

	 * @param	string	$path

	 * @param	string	$filename

	 * @return	string

	 */

	public function set_filename($path, $filename)

	{

		if ($this->encrypt_name === TRUE)

		{

			$filename = md5(uniqid(mt_rand())).$this->file_ext;

		}

		if ($this->overwrite === TRUE OR ! file_exists($path.$filename))

		{

			return $filename;

		}

		$filename = str_replace($this->file_ext, '', $filename);

		$new_filename = '';

		for ($i = 1; $i < $this->max_filename_increment; $i++)

		{

			if ( ! file_exists($path.$filename.$i.$this->file_ext))

			{

				$new_filename = $filename.$i.$this->file_ext;

				break;

			}

		}

		if ($new_filename === '')

		{

			$this->set_error('upload_bad_filename', 'debug');

			return FALSE;

		}

		return $new_filename;

	}

	// --------------------------------------------------------------------

	/**

	 * Set Maximum File Size

	 *

	 * @param	int	$n

	 * @return	CI_Upload

	 */

	public function set_max_filesize($n)

	{

		$this->max_size = ($n < 0) ? 0 : (int) $n;

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Set Maximum File Size

	 *

	 * An internal alias to set_max_filesize() to help with configuration

	 * as initialize() will look for a set_<property_name>() method ...

	 *

	 * @param	int	$n

	 * @return	CI_Upload

	 */

	protected function set_max_size($n)

	{

		return $this->set_max_filesize($n);

	}

	// --------------------------------------------------------------------

	/**

	 * Set Maximum File Name Length

	 *

	 * @param	int	$n

	 * @return	CI_Upload

	 */

	public function set_max_filename($n)

	{

		$this->max_filename = ($n < 0) ? 0 : (int) $n;

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Set Maximum Image Width

	 *

	 * @param	int	$n

	 * @return	CI_Upload

	 */

	public function set_max_width($n)

	{

		$this->max_width = ($n < 0) ? 0 : (int) $n;

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Set Maximum Image Height

	 *

	 * @param	int	$n

	 * @return	CI_Upload

	 */

	public function set_max_height($n)

	{

		$this->max_height = ($n < 0) ? 0 : (int) $n;

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Set minimum image width

	 *

	 * @param	int	$n

	 * @return	CI_Upload

	 */

	public function set_min_width($n)

	{

		$this->min_width = ($n < 0) ? 0 : (int) $n;

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Set minimum image height

	 *

	 * @param	int	$n

	 * @return	CI_Upload

	 */

	public function set_min_height($n)

	{

		$this->min_height = ($n < 0) ? 0 : (int) $n;

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Set Allowed File Types

	 *

	 * @param	mixed	$types

	 * @return	CI_Upload

	 */

	public function set_allowed_types($types)

	{

		$this->allowed_types = (is_array($types) OR $types === '*')

			? $types

			: explode('|', $types);

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Set Image Properties

	 *

	 * Uses GD to determine the width/height/type of image

	 *

	 * @param	string	$path

	 * @return	CI_Upload

	 */

	public function set_image_properties($path = '')

	{

		if ($this->is_image() && function_exists('getimagesize'))

		{

			if (FALSE !== ($D = @getimagesize($path)))

			{

				$types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');

				$this->image_width	= $D[0];

				$this->image_height	= $D[1];

				$this->image_type	= isset($types[$D[2]]) ? $types[$D[2]] : 'unknown';

				$this->image_size_str	= $D[3]; // string containing height and width

			}

		}

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Set XSS Clean

	 *

	 * Enables the XSS flag so that the file that was uploaded

	 * will be run through the XSS filter.

	 *

	 * @param	bool	$flag

	 * @return	CI_Upload

	 */

	public function set_xss_clean($flag = FALSE)

	{

		$this->xss_clean = ($flag === TRUE);

		return $this;

	}

	// --------------------------------------------------------------------

	/**

	 * Validate the image

	 *

	 * @return	bool

	 */

	public function is_image()

	{

		// IE will sometimes return odd mime-types during upload, so here we just standardize all

		// jpegs or pngs to the same file type.

		$png_mimes  = array('image/x-png');

		$jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg');

		if (in_array($this->file_type, $png_mimes))

		{

			$this->file_type = 'image/png';

		}

		elseif (in_array($this->file_type, $jpeg_mimes))

		{

			$this->file_type = 'image/jpeg';

		}

		$img_mimes = array('image/gif',	'image/jpeg', 'image/png');

		return in_array($this->file_type, $img_mimes, TRUE);

	}

	// --------------------------------------------------------------------

	/**

	 * Verify that the filetype is allowed

	 *

	 * @param	bool	$ignore_mime

	 * @return	bool

	 */

	public function is_allowed_filetype($ignore_mime = FALSE)

	{

		if ($this->allowed_types === '*')

		{

			return TRUE;

		}

		if (empty($this->allowed_types) OR ! is_array($this->allowed_types))

		{

			$this->set_error('upload_no_file_types', 'debug');

			return FALSE;

		}

		$ext = strtolower(ltrim($this->file_ext, '.'));

		if ( ! in_array($ext, $this->allowed_types, TRUE))

		{

			return FALSE;

		}

		// Images get some additional checks

		if (in_array($ext, array('gif', 'jpg', 'jpeg', 'jpe', 'png'), TRUE) && @getimagesize($this->file_temp) === FALSE)

		{

			return FALSE;

		}

		if ($ignore_mime === TRUE)

		{

			return TRUE;

		}

		if (isset($this->_mimes[$ext]))

		{

			return is_array($this->_mimes[$ext])

				? in_array($this->file_type, $this->_mimes[$ext], TRUE)

				: ($this->_mimes[$ext] === $this->file_type);

		}

		return FALSE;

	}

	// --------------------------------------------------------------------

	/**

	 * Verify that the file is within the allowed size

	 *

	 * @return	bool

	 */

	public function is_allowed_filesize()

	{

		return ($this->max_size === 0 OR $this->max_size > $this->file_size);

	}

	// --------------------------------------------------------------------

	/**

	 * Verify that the image is within the allowed width/height

	 *

	 * @return	bool

	 */

	public function is_allowed_dimensions()

	{

		if ( ! $this->is_image())

		{

			return TRUE;

		}

		if (function_exists('getimagesize'))

		{

			$D = @getimagesize($this->file_temp);

			if ($this->max_width > 0 && $D[0] > $this->max_width)

			{

				return FALSE;

			}

			if ($this->max_height > 0 && $D[1] > $this->max_height)

			{

				return FALSE;

			}

			if ($this->min_width > 0 && $D[0] < $this->min_width)

			{

				return FALSE;

			}

			if ($this->min_height > 0 && $D[1] < $this->min_height)

			{

				return FALSE;

			}

		}

		return TRUE;

	}

	// --------------------------------------------------------------------

	/**

	 * Validate Upload Path

	 *

	 * Verifies that it is a valid upload path with proper permissions.

	 *

	 * @return	bool

	 */

	public function validate_upload_path()

	{

		if ($this->upload_path === '')

		{

			$this->set_error('upload_no_filepath', 'error');

			return FALSE;

		}

		if (realpath($this->upload_path) !== FALSE)

		{

			$this->upload_path = str_replace('\\', '/', realpath($this->upload_path));

		}

		if ( ! is_dir($this->upload_path))

		{