From 0a3934c24ac1993d5bf3b499c04f170f57395156 Mon Sep 17 00:00:00 2001 From: Go Johansson Date: Sat, 22 Jan 2022 22:38:39 +0100 Subject: [PATCH] Anti-dupe and filter bugs fixed --- static/php/includes/Core.namespace.php | 3 +- static/php/includes/Upload.class.php | 83 ++++++++++++++------------ 2 files changed, 46 insertions(+), 40 deletions(-) diff --git a/static/php/includes/Core.namespace.php b/static/php/includes/Core.namespace.php index 142e5bf..bbb216b 100644 --- a/static/php/includes/Core.namespace.php +++ b/static/php/includes/Core.namespace.php @@ -327,7 +327,7 @@ public function antiDupe() $q->execute(); $result = $q->fetch(); if ($result['count'] > 0) { - Upload::$NEW_NAME_FULL = $result['filename']; + return $result['filename']; } } catch (Exception) { throw new Exception('Cant check for dupes in DB.', 500); @@ -359,4 +359,3 @@ public function newIntoDB() } - diff --git a/static/php/includes/Upload.class.php b/static/php/includes/Upload.class.php index 8c7c073..d4cd657 100644 --- a/static/php/includes/Upload.class.php +++ b/static/php/includes/Upload.class.php @@ -72,13 +72,29 @@ public function diverseArray($files): array public function uploadFile(): array { (new Settings())->loadConfig(); + (new Upload())->fileInfo(); - if (Settings::$ANTI_DUPE) { - (new Database())->antiDupe(); + if (Settings::$BLACKLIST_DB) { + (new Database())->checkFileBlacklist(); } - (new Upload())->generateName(); + if (Settings::$FILTER_MODE) { + self::checkMimeBlacklist(); + self::checkExtensionBlacklist(); + } + if (Settings::$ANTI_DUPE) { + $result = (new Database())->antiDupe(); + if (isset($result)) { + self::$NEW_NAME_FULL = $result; + } else { + (new Upload())->generateName(); + } + } + + if (!Settings::$ANTI_DUPE) { + (new Upload())->generateName(); + } if (!is_dir(Settings::$FILES_ROOT)) { throw new Exception('File storage path not accessible.', 500); @@ -107,12 +123,13 @@ public function uploadFile(): array 'size' => self::$FILE_SIZE ]; } + public function fileInfo() { if (isset($_FILES['files'])) { $finfo = finfo_open(FILEINFO_MIME_TYPE); self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE); - $extension = explode('.',self::$FILE_NAME,2); + $extension = explode('.', self::$FILE_NAME, 2); self::$FILE_EXTENSION = $extension['1']; finfo_close($finfo); @@ -123,13 +140,32 @@ public function fileInfo() } } } + /** * @throws Exception */ - public function generateName(): string + public function checkMimeBlacklist() { - (new Upload())->fileInfo(); + if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) { + throw new Exception('Filetype not allowed.', 415); + } + } + + /** + * @throws Exception + */ + public function checkExtensionBlacklist() + { + if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) { + throw new Exception('Filetype not allowed.', 415); + } + } + /** + * @throws Exception + */ + public function generateName(): string + { do { if (Settings::$FILES_RETRIES === 0) { throw new Exception('Gave up trying to find an unused name!', 500); @@ -140,41 +176,12 @@ public function generateName(): string self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))]; } - if(isset(self::$FILE_EXTENSION)){ + if (isset(self::$FILE_EXTENSION)) { self::$NEW_NAME_FULL = self::$NEW_NAME; - self::$NEW_NAME_FULL .= '.'.self::$FILE_EXTENSION; - } - - if (Settings::$BLACKLIST_DB) { - (new Database())->checkFileBlacklist(); - } - - if (Settings::$FILTER_MODE) { - self::checkMimeBlacklist(); - self::checkExtensionBlacklist(); + self::$NEW_NAME_FULL .= '.' . self::$FILE_EXTENSION; } } while ((new Database())->dbCheckNameExists() > 0); return self::$NEW_NAME_FULL; } - - /** - * @throws Exception - */ - public function checkMimeBlacklist() - { - if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) { - throw new Exception('Filetype not allowed.', 415); - } - } - - /** - * @throws Exception - */ - public function checkExtensionBlacklist() - { - if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) { - throw new Exception('Filetype not allowed.', 415); - } - } -} +} \ No newline at end of file