From 3bda8dfa32ebdc99f21c538ede14f788580b3550 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roland=20H=C3=A4der?= <roland@mxchange.org> Date: Thu, 23 Jun 2022 06:04:05 +0200 Subject: [PATCH] Changes: - changed more double-quotes to single - cleaned up js_upload/file-uploader/server/php.php a lot - added some type-hints --- .../advancedcontentfilter.php | 28 +- blackout/blackout.php | 16 +- js_upload/file-uploader/server/php.php | 285 +++++++++--------- 3 files changed, 172 insertions(+), 157 deletions(-) diff --git a/advancedcontentfilter/advancedcontentfilter.php b/advancedcontentfilter/advancedcontentfilter.php index 9f6a7cff..45ab3f3e 100644 --- a/advancedcontentfilter/advancedcontentfilter.php +++ b/advancedcontentfilter/advancedcontentfilter.php @@ -64,7 +64,7 @@ function advancedcontentfilter_install(App $a) Hook::add('dbstructure_definition' , __FILE__, 'advancedcontentfilter_dbstructure_definition'); DBStructure::performUpdate(); - Logger::notice("installed advancedcontentfilter"); + Logger::notice('installed advancedcontentfilter'); } /* @@ -73,20 +73,20 @@ function advancedcontentfilter_install(App $a) function advancedcontentfilter_dbstructure_definition(App $a, &$database) { - $database["advancedcontentfilter_rules"] = [ - "comment" => "Advancedcontentfilter addon rules", - "fields" => [ - "id" => ["type" => "int unsigned", "not null" => "1", "extra" => "auto_increment", "primary" => "1", "comment" => "Auto incremented rule id"], - "uid" => ["type" => "int unsigned", "not null" => "1", "comment" => "Owner user id"], - "name" => ["type" => "varchar(255)", "not null" => "1", "comment" => "Rule name"], - "expression" => ["type" => "mediumtext" , "not null" => "1", "comment" => "Expression text"], - "serialized" => ["type" => "mediumtext" , "not null" => "1", "comment" => "Serialized parsed expression"], - "active" => ["type" => "boolean" , "not null" => "1", "default" => "1", "comment" => "Whether the rule is active or not"], - "created" => ["type" => "datetime" , "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => "Creation date"], + $database['advancedcontentfilter_rules'] = [ + 'comment' => 'Advancedcontentfilter addon rules', + 'fields' => [ + 'id' => ['type' => 'int unsigned', 'not null' => '1', 'extra' => 'auto_increment', 'primary' => '1', 'comment' => 'Auto incremented rule id'], + 'uid' => ['type' => 'int unsigned', 'not null' => '1', 'comment' => 'Owner user id'], + 'name' => ['type' => 'varchar(255)', 'not null' => '1', 'comment' => 'Rule name'], + 'expression' => ['type' => 'mediumtext' , 'not null' => '1', 'comment' => 'Expression text'], + 'serialized' => ['type' => 'mediumtext' , 'not null' => '1', 'comment' => 'Serialized parsed expression'], + 'active' => ['type' => 'boolean' , 'not null' => '1', 'default' => '1', 'comment' => 'Whether the rule is active or not'], + 'created' => ['type' => 'datetime' , 'not null' => '1', 'default' => DBA::NULL_DATETIME, 'comment' => 'Creation date'], ], - "indexes" => [ - "PRIMARY" => ["id"], - "uid_active" => ["uid", "active"], + 'indexes' => [ + 'PRIMARY' => ['id'], + 'uid_active' => ['uid', 'active'], ] ]; } diff --git a/blackout/blackout.php b/blackout/blackout.php index 18e74570..ecb04c76 100644 --- a/blackout/blackout.php +++ b/blackout/blackout.php @@ -82,17 +82,17 @@ function blackout_redirect ($a, $b) { function blackout_addon_admin(&$a, &$o) { $mystart = DI::config()->get('blackout','begindate'); - if (! is_string($mystart)) { $mystart = "YYYY-MM-DD hh:mm"; } + if (! is_string($mystart)) { $mystart = 'YYYY-MM-DD hh:mm'; } $myend = DI::config()->get('blackout','enddate'); - if (! is_string($myend)) { $myend = "YYYY-MM-DD hh:mm"; } + if (! is_string($myend)) { $myend = 'YYYY-MM-DD hh:mm'; } $myurl = DI::config()->get('blackout','url'); - if (! is_string($myurl)) { $myurl = "https://www.example.com"; } - $t = Renderer::getMarkupTemplate( "admin.tpl", "addon/blackout/" ); + if (! is_string($myurl)) { $myurl = 'https://www.example.com'; } + $t = Renderer::getMarkupTemplate( 'admin.tpl', 'addon/blackout/' ); $date1 = DateTime::createFromFormat('Y-m-d G:i', $mystart); $date2 = DateTime::createFromFormat('Y-m-d G:i', $myend); // a note for the admin - $adminnote = ""; + $adminnote = ''; if ($date2 < $date1) { $adminnote = DI::l10n()->t("The end-date is prior to the start-date of the blackout, you should fix this."); } else { @@ -100,9 +100,9 @@ function blackout_addon_admin(&$a, &$o) { } $o = Renderer::replaceMacros($t, [ '$submit' => DI::l10n()->t('Save Settings'), - '$rurl' => ["rurl", DI::l10n()->t("Redirect URL"), $myurl, DI::l10n()->t("All your visitors from the web will be redirected to this URL."), "", "", "url"], - '$startdate' => ["startdate", DI::l10n()->t("Begin of the Blackout"), $mystart, DI::l10n()->t("Format is <tt>YYYY-MM-DD hh:mm</tt>; <em>YYYY</em> year, <em>MM</em> month, <em>DD</em> day, <em>hh</em> hour and <em>mm</em> minute.")], - '$enddate' => ["enddate", DI::l10n()->t("End of the Blackout"), $myend, ""], + '$rurl' => ['rurl', DI::l10n()->t("Redirect URL"), $myurl, DI::l10n()->t("All your visitors from the web will be redirected to this URL."), '', '', 'url'], + '$startdate' => ['startdate', DI::l10n()->t("Begin of the Blackout"), $mystart, DI::l10n()->t("Format is <tt>YYYY-MM-DD hh:mm</tt>; <em>YYYY</em> year, <em>MM</em> month, <em>DD</em> day, <em>hh</em> hour and <em>mm</em> minute.")], + '$enddate' => ['enddate', DI::l10n()->t("End of the Blackout"), $myend, ''], '$adminnote' => $adminnote, '$aboutredirect' => DI::l10n()->t("<strong>Note</strong>: The redirect will be active from the moment you press the submit button. Users currently logged in will <strong>not</strong> be thrown out but can't login again after logging out while the blackout is still in place."), ]); diff --git a/js_upload/file-uploader/server/php.php b/js_upload/file-uploader/server/php.php index 915c86c6..2248c8f0 100644 --- a/js_upload/file-uploader/server/php.php +++ b/js_upload/file-uploader/server/php.php @@ -4,155 +4,170 @@ * Handle file uploads via XMLHttpRequest */ class qqUploadedFileXhr { - /** - * Save the file to the specified path - * @return boolean TRUE on success - */ - function save($path) { - $input = fopen("php://input", "r"); - $temp = tmpfile(); - $realSize = stream_copy_to_stream($input, $temp); - fclose($input); - - if ($realSize != $this->getSize()){ - return false; - } - - $target = fopen($path, "w"); - fseek($temp, 0, SEEK_SET); - stream_copy_to_stream($temp, $target); - fclose($target); - - return true; - } - function getName() { - return $_GET['qqfile']; - } - function getSize() { - if (isset($_SERVER["CONTENT_LENGTH"])){ - return (int)$_SERVER["CONTENT_LENGTH"]; - } else { - throw new Exception('Getting content length is not supported.'); - } - } + /** + * Save the file to the specified path + * @return boolean TRUE on success + */ + public function save(string $path): bool + { + $input = fopen('php://input', 'r'); + $temp = tmpfile(); + $realSize = stream_copy_to_stream($input, $temp); + fclose($input); + + if ($realSize != $this->getSize()) { + return false; + } + + $target = fopen($path, 'w'); + fseek($temp, 0, SEEK_SET); + stream_copy_to_stream($temp, $target); + fclose($target); + + return true; + } + + public function getName(): string + { + return $_GET['qqfile']; + } + + public function getSize(): int + { + if (isset($_SERVER['CONTENT_LENGTH'])) { + return (int)$_SERVER['CONTENT_LENGTH']; + } else { + throw new Exception('Getting content length is not supported.'); + } + } } /** * Handle file uploads via regular form post (uses the $_FILES array) */ -class qqUploadedFileForm { - /** - * Save the file to the specified path - * @return boolean TRUE on success - */ - function save($path) { - if(!move_uploaded_file($_FILES['qqfile']['tmp_name'], $path)){ - return false; - } - return true; - } - function getName() { - return $_FILES['qqfile']['name']; - } - function getSize() { - return $_FILES['qqfile']['size']; - } +class qqUploadedFileForm { + /** + * Save the file to the specified path + * @return boolean TRUE on success + */ + public function save(string $path): bool + { + if(!move_uploaded_file($_FILES['qqfile']['tmp_name'], $path)) { + return false; + } + return true; + } + + public function getName(): string + { + return $_FILES['qqfile']['name']; + } + + public function getSize(): int + { + return $_FILES['qqfile']['size']; + } } class qqFileUploader { - private $allowedExtensions = array(); - private $sizeLimit = 10485760; - private $file; + private $allowedExtensions = []; + private $sizeLimit = 10485760; + private $file; - function __construct(array $allowedExtensions = array(), $sizeLimit = 10485760){ - $allowedExtensions = array_map("strtolower", $allowedExtensions); - - $this->allowedExtensions = $allowedExtensions; - $this->sizeLimit = $sizeLimit; - - $this->checkServerSettings(); + public function __construct(array $allowedExtensions = [], $sizeLimit = 10485760) + { + $allowedExtensions = array_map('strtolower', $allowedExtensions); + + $this->allowedExtensions = $allowedExtensions; + $this->sizeLimit = $sizeLimit; + + $this->checkServerSettings(); - if (isset($_GET['qqfile'])) { - $this->file = new qqUploadedFileXhr(); - } elseif (isset($_FILES['qqfile'])) { - $this->file = new qqUploadedFileForm(); - } else { - $this->file = false; - } - } - - private function checkServerSettings(){ - $postSize = $this->toBytes(ini_get('post_max_size')); - $uploadSize = $this->toBytes(ini_get('upload_max_filesize')); - - if ($postSize < $this->sizeLimit || $uploadSize < $this->sizeLimit){ - $size = max(1, $this->sizeLimit / 1024 / 1024) . 'M'; - die("{'error':'increase post_max_size and upload_max_filesize to $size'}"); - } - } - - private function toBytes($str){ - $val = trim($str); - $last = strtolower($str[strlen($str)-1]); - switch($last) { - case 'g': $val *= 1024; - case 'm': $val *= 1024; - case 'k': $val *= 1024; - } - return $val; - } - - /** - * Returns array('success'=>true) or array('error'=>'error message') - */ - function handleUpload($uploadDirectory, $replaceOldFile = FALSE){ - if (!is_writable($uploadDirectory)){ - return array('error' => "Server error. Upload directory isn't writable."); - } - - if (!$this->file){ - return array('error' => 'No files were uploaded.'); - } - - $size = $this->file->getSize(); - - if ($size == 0) { - return array('error' => 'File is empty'); - } - - if ($size > $this->sizeLimit) { - return array('error' => 'File is too large'); - } - - $pathinfo = pathinfo($this->file->getName()); - $filename = $pathinfo['filename']; - //$filename = md5(uniqid()); - $ext = $pathinfo['extension']; + if (isset($_GET['qqfile'])) { + $this->file = new qqUploadedFileXhr(); + } elseif (isset($_FILES['qqfile'])) { + $this->file = new qqUploadedFileForm(); + } else { + $this->file = false; + } + } - if($this->allowedExtensions && !in_array(strtolower($ext), $this->allowedExtensions)){ - $these = implode(', ', $this->allowedExtensions); - return array('error' => 'File has an invalid extension, it should be one of '. $these . '.'); - } - - if(!$replaceOldFile){ - /// don't overwrite previous files that were uploaded - while (file_exists($uploadDirectory . $filename . '.' . $ext)) { - $filename .= rand(10, 99); - } - } - - if ($this->file->save($uploadDirectory . $filename . '.' . $ext)){ - return array('success'=>true); - } else { - return array('error'=> 'Could not save uploaded file.' . - 'The upload was cancelled, or server error encountered'); - } - - } + private function checkServerSettings() + { + $postSize = $this->toBytes(ini_get('post_max_size')); + $uploadSize = $this->toBytes(ini_get('upload_max_filesize')); + + if ($postSize < $this->sizeLimit || $uploadSize < $this->sizeLimit) { + $size = max(1, $this->sizeLimit / 1024 / 1024) . 'M'; + die("{'error':'increase post_max_size and upload_max_filesize to $size'}"); + } + } + + private function toBytes(string $str): int + { + $val = trim($str); + $last = strtolower($str[strlen($str) - 1]); + + switch($last) { + case 'g': $val *= 1024; + case 'm': $val *= 1024; + case 'k': $val *= 1024; + } + + return $val; + } + + /** + * Returns array('success'=>true) or array('error'=>'error message') + */ + public function handleUpload(string $uploadDirectory, bool $replaceOldFile = false): array + { + if (!is_writable($uploadDirectory)) { + return ['error' => "Server error. Upload directory isn't writable."]; + } + + if (!$this->file) { + return ['error' => 'No files were uploaded.']; + } + + $size = $this->file->getSize(); + + if ($size == 0) { + return ['error' => 'File is empty']; + } + + if ($size > $this->sizeLimit) { + return ['error' => 'File is too large']; + } + + $pathinfo = pathinfo($this->file->getName()); + $filename = $pathinfo['filename']; + //$filename = md5(uniqid()); + $ext = $pathinfo['extension']; + + if($this->allowedExtensions && !in_array(strtolower($ext), $this->allowedExtensions)) { + $these = implode(', ', $this->allowedExtensions); + return ['error' => 'File has an invalid extension, it should be one of '. $these . '.']; + } + + if(!$replaceOldFile) { + /// don't overwrite previous files that were uploaded + while (file_exists($uploadDirectory . $filename . '.' . $ext)) { + $filename .= rand(10, 99); + } + } + + if ($this->file->save($uploadDirectory . $filename . '.' . $ext)) { + return ['success' => true]; + } else { + return ['error'=> 'Could not save uploaded file. The upload was cancelled, or server error encountered']; + } + } } // list of valid extensions, ex. array("jpeg", "xml", "bmp") -$allowedExtensions = array(); +$allowedExtensions = []; + // max file size in bytes $sizeLimit = 10 * 1024 * 1024;