当前位置: 首页>>代码示例>>PHP>>正文


PHP Validator::isInsecurePath方法代码示例

本文整理汇总了PHP中Validator::isInsecurePath方法的典型用法代码示例。如果您正苦于以下问题:PHP Validator::isInsecurePath方法的具体用法?PHP Validator::isInsecurePath怎么用?PHP Validator::isInsecurePath使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在Validator的用法示例。


在下文中一共展示了Validator::isInsecurePath方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: uploadTo

 /**
  * Check the uploaded files and move them to the target directory
  *
  * @param string $strTarget
  *
  * @return array
  *
  * @throws \Exception
  */
 public function uploadTo($strTarget)
 {
     if ($strTarget == '' || \Validator::isInsecurePath($strTarget)) {
         throw new \InvalidArgumentException('Invalid target path ' . $strTarget);
     }
     $maxlength_kb = $this->getMaximumUploadSize();
     $maxlength_kb_readable = $this->getReadableSize($maxlength_kb);
     $arrUploaded = array();
     $arrFiles = $this->getFilesFromGlobal();
     foreach ($arrFiles as $file) {
         // Sanitize the filename
         try {
             $file['name'] = \StringUtil::sanitizeFileName($file['name']);
         } catch (\InvalidArgumentException $e) {
             \Message::addError($GLOBALS['TL_LANG']['ERR']['filename']);
             $this->blnHasError = true;
             continue;
         }
         // Invalid file name
         if (!\Validator::isValidFileName($file['name'])) {
             \Message::addError($GLOBALS['TL_LANG']['ERR']['filename']);
             $this->blnHasError = true;
         } elseif (!is_uploaded_file($file['tmp_name'])) {
             if ($file['error'] == 1 || $file['error'] == 2) {
                 \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable));
                 $this->blnHasError = true;
             } elseif ($file['error'] == 3) {
                 \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filepartial'], $file['name']));
                 $this->blnHasError = true;
             } elseif ($file['error'] > 0) {
                 \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['fileerror'], $file['error'], $file['name']));
                 $this->blnHasError = true;
             }
         } elseif ($file['size'] > $maxlength_kb) {
             \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable));
             $this->blnHasError = true;
         } else {
             $strExtension = strtolower(substr($file['name'], strrpos($file['name'], '.') + 1));
             // File type not allowed
             if (!in_array($strExtension, \StringUtil::trimsplit(',', strtolower(\Config::get('uploadTypes'))))) {
                 \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filetype'], $strExtension));
                 $this->blnHasError = true;
             } else {
                 $this->import('Files');
                 $strNewFile = $strTarget . '/' . $file['name'];
                 // Set CHMOD and resize if neccessary
                 if ($this->Files->move_uploaded_file($file['tmp_name'], $strNewFile)) {
                     $this->Files->chmod($strNewFile, \Config::get('defaultFileChmod'));
                     // Notify the user
                     \Message::addConfirmation(sprintf($GLOBALS['TL_LANG']['MSC']['fileUploaded'], $file['name']));
                     $this->log('File "' . $strNewFile . '" has been uploaded', __METHOD__, TL_FILES);
                     // Resize the uploaded image if necessary
                     $this->resizeUploadedImage($strNewFile);
                     $arrUploaded[] = $strNewFile;
                 }
             }
         }
     }
     return $arrUploaded;
 }
开发者ID:qzminski,项目名称:contao-core-bundle,代码行数:69,代码来源:FileUpload.php

示例2: getTemplate

 /**
  * Find a particular template file and return its path
  *
  * @param string $strTemplate The name of the template
  * @param string $strFormat   The file extension
  *
  * @return string The path to the template file
  *
  * @throws \InvalidArgumentException If $strFormat is unknown
  * @throws \RuntimeException         If the template group folder is insecure
  */
 public static function getTemplate($strTemplate, $strFormat = 'html5')
 {
     $arrAllowed = trimsplit(',', \Config::get('templateFiles'));
     array_push($arrAllowed, 'html5');
     // see #3398
     if (!in_array($strFormat, $arrAllowed)) {
         throw new \InvalidArgumentException('Invalid output format ' . $strFormat);
     }
     $strTemplate = basename($strTemplate);
     // Check for a theme folder
     if (TL_MODE == 'FE') {
         /** @var \PageModel $objPage */
         global $objPage;
         if ($objPage->templateGroup != '') {
             if (\Validator::isInsecurePath($objPage->templateGroup)) {
                 throw new \RuntimeException('Invalid path ' . $objPage->templateGroup);
             }
             return \TemplateLoader::getPath($strTemplate, $strFormat, $objPage->templateGroup);
         }
     }
     return \TemplateLoader::getPath($strTemplate, $strFormat);
 }
开发者ID:StephenGWills,项目名称:sample-contao-app,代码行数:33,代码来源:Controller.php

示例3: addFilesBreadcrumb

    /**
     * Add a breadcrumb menu to the file tree
     *
     * @param string $strKey
     *
     * @throws \RuntimeException
     */
    public static function addFilesBreadcrumb($strKey = 'tl_files_node')
    {
        $objSession = \Session::getInstance();
        // Set a new node
        if (isset($_GET['node'])) {
            // Check the path (thanks to Arnaud Buchoux)
            if (\Validator::isInsecurePath(\Input::get('node', true))) {
                throw new \RuntimeException('Insecure path ' . \Input::get('node', true));
            }
            $objSession->set($strKey, \Input::get('node', true));
            \Controller::redirect(preg_replace('/(&|\\?)node=[^&]*/', '', \Environment::get('request')));
        }
        $strNode = $objSession->get($strKey);
        if ($strNode == '') {
            return;
        }
        // Check the path (thanks to Arnaud Buchoux)
        if (\Validator::isInsecurePath($strNode)) {
            throw new \RuntimeException('Insecure path ' . $strNode);
        }
        // Currently selected folder does not exist
        if (!is_dir(TL_ROOT . '/' . $strNode)) {
            $objSession->set($strKey, '');
            return;
        }
        $objUser = \BackendUser::getInstance();
        $strPath = \Config::get('uploadPath');
        $arrNodes = explode('/', preg_replace('/^' . preg_quote(\Config::get('uploadPath'), '/') . '\\//', '', $strNode));
        $arrLinks = array();
        // Add root link
        $arrLinks[] = '<img src="' . TL_FILES_URL . 'system/themes/' . \Backend::getTheme() . '/images/filemounts.gif" width="18" height="18" alt=""> <a href="' . \Controller::addToUrl('node=') . '" title="' . specialchars($GLOBALS['TL_LANG']['MSC']['selectAllNodes']) . '">' . $GLOBALS['TL_LANG']['MSC']['filterAll'] . '</a>';
        // Generate breadcrumb trail
        foreach ($arrNodes as $strFolder) {
            $strPath .= '/' . $strFolder;
            // Do not show pages which are not mounted
            if (!$objUser->hasAccess($strPath, 'filemounts')) {
                continue;
            }
            // No link for the active folder
            if ($strPath == $strNode) {
                $arrLinks[] = '<img src="' . TL_FILES_URL . 'system/themes/' . \Backend::getTheme() . '/images/folderC.gif" width="18" height="18" alt=""> ' . $strFolder;
            } else {
                $arrLinks[] = '<img src="' . TL_FILES_URL . 'system/themes/' . \Backend::getTheme() . '/images/folderC.gif" width="18" height="18" alt=""> <a href="' . \Controller::addToUrl('node=' . $strPath) . '" title="' . specialchars($GLOBALS['TL_LANG']['MSC']['selectNode']) . '">' . $strFolder . '</a>';
            }
        }
        // Check whether the node is mounted
        if (!$objUser->hasAccess($strNode, 'filemounts')) {
            $objSession->set($strKey, '');
            \System::log('Folder ID ' . $strNode . ' was not mounted', __METHOD__, TL_ERROR);
            \Controller::redirect('contao/main.php?act=error');
        }
        // Limit tree
        $GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root'] = array($strNode);
        // Insert breadcrumb menu
        $GLOBALS['TL_DCA']['tl_files']['list']['sorting']['breadcrumb'] .= '

<ul id="tl_breadcrumb">
  <li>' . implode(' &gt; </li><li>', $arrLinks) . '</li>
</ul>';
    }
开发者ID:StephenGWills,项目名称:sample-contao-app,代码行数:67,代码来源:Backend.php

示例4: addNewTemplate

    /**
     * Create a new template
     *
     * @return string
     */
    public function addNewTemplate()
    {
        $strError = '';
        // Copy an existing template
        if (Input::post('FORM_SUBMIT') == 'tl_create_template') {
            $strOriginal = Input::post('original');
            if (Validator::isInsecurePath($strOriginal)) {
                throw new RuntimeException('Invalid path ' . $strOriginal);
            }
            $strTarget = Input::post('target');
            if (Validator::isInsecurePath($strTarget)) {
                throw new RuntimeException('Invalid path ' . $strTarget);
            }
            // Validate the source path
            if (strncmp($strOriginal, 'system/modules/', 15) !== 0 || !file_exists(TL_ROOT . '/' . $strOriginal)) {
                $strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['invalid'], $strOriginal);
            } else {
                // Validate the target path
                if (strncmp($strTarget, 'templates', 9) !== 0 || !is_dir(TL_ROOT . '/' . $strTarget)) {
                    $strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['invalid'], $strTarget);
                } else {
                    $strTarget .= '/' . basename($strOriginal);
                    // Check whether the target file exists
                    if (file_exists(TL_ROOT . '/' . $strTarget)) {
                        $strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['exists'], $strTarget);
                    } else {
                        $this->import('Files');
                        $this->Files->copy($strOriginal, $strTarget);
                        $this->redirect($this->getReferer());
                    }
                }
            }
        }
        $arrAllTemplates = array();
        $arrAllowed = trimsplit(',', Config::get('templateFiles'));
        // Get all templates
        foreach (ModuleLoader::getActive() as $strModule) {
            // Continue if there is no templates folder
            if ($strModule == 'repository' || !is_dir(TL_ROOT . '/system/modules/' . $strModule . '/templates')) {
                continue;
            }
            /** @var \SplFileInfo[] $objFiles */
            $objFiles = new SortedIterator(new RecursiveIteratorIterator(new RecursiveDirectoryIterator(TL_ROOT . '/system/modules/' . $strModule . '/templates', FilesystemIterator::UNIX_PATHS | FilesystemIterator::FOLLOW_SYMLINKS | FilesystemIterator::SKIP_DOTS)));
            foreach ($objFiles as $objFile) {
                $strExtension = pathinfo($objFile->getFilename(), PATHINFO_EXTENSION);
                if (in_array($strExtension, $arrAllowed)) {
                    $strRelpath = str_replace(TL_ROOT . '/', '', $objFile->getPathname());
                    $arrAllTemplates[$strModule][basename($strRelpath)] = $strRelpath;
                }
            }
        }
        $strAllTemplates = '';
        // Group the templates by module
        foreach ($arrAllTemplates as $k => $v) {
            $strAllTemplates .= '<optgroup label="' . $k . '">';
            foreach ($v as $kk => $vv) {
                $strAllTemplates .= sprintf('<option value="%s"%s>%s</option>', $vv, Input::post('original') == $vv ? ' selected="selected"' : '', $kk);
            }
            $strAllTemplates .= '</optgroup>';
        }
        // Show form
        return '
<div id="tl_buttons">
<a href="' . $this->getReferer(true) . '" class="header_back" title="' . specialchars($GLOBALS['TL_LANG']['MSC']['backBTTitle']) . '" accesskey="b" onclick="Backend.getScrollOffset()">' . $GLOBALS['TL_LANG']['MSC']['backBT'] . '</a>
</div>' . ($strError != '' ? '

<div class="tl_message">
<p class="tl_error">' . $strError . '</p>
</div>' : '') . '

<form action="' . ampersand(Environment::get('request')) . '" id="tl_create_template" class="tl_form" method="post">
<div class="tl_formbody_edit">
<input type="hidden" name="FORM_SUBMIT" value="tl_create_template">
<input type="hidden" name="REQUEST_TOKEN" value="' . REQUEST_TOKEN . '">
<div class="tl_tbox">
<div>
  <h3><label for="ctrl_original">' . $GLOBALS['TL_LANG']['tl_templates']['original'][0] . '</label></h3>
  <select name="original" id="ctrl_original" class="tl_select tl_chosen" onfocus="Backend.getScrollOffset()">' . $strAllTemplates . '</select>' . ($GLOBALS['TL_LANG']['tl_templates']['original'][1] && Config::get('showHelp') ? '
  <p class="tl_help tl_tip">' . $GLOBALS['TL_LANG']['tl_templates']['original'][1] . '</p>' : '') . '
</div>
<div>
  <h3><label for="ctrl_target">' . $GLOBALS['TL_LANG']['tl_templates']['target'][0] . '</label></h3>
  <select name="target" id="ctrl_target" class="tl_select" onfocus="Backend.getScrollOffset()"><option value="templates">templates</option>' . $this->getTargetFolders('templates') . '</select>' . ($GLOBALS['TL_LANG']['tl_templates']['target'][1] && Config::get('showHelp') ? '
  <p class="tl_help tl_tip">' . $GLOBALS['TL_LANG']['tl_templates']['target'][1] . '</p>' : '') . '
</div>
</div>
</div>

<div class="tl_formbody_submit">
<div class="tl_submit_container">
  <input type="submit" name="create" id="create" class="tl_submit" accesskey="s" value="' . specialchars($GLOBALS['TL_LANG']['tl_templates']['newTpl']) . '">
</div>
</div>
</form>';
    }
开发者ID:StephenGWills,项目名称:sample-contao-app,代码行数:100,代码来源:tl_templates.php

示例5: isValid

 /**
  * Check a file operation
  *
  * @param string $strFile
  *
  * @return boolean
  */
 protected function isValid($strFile)
 {
     $strFolder = \Input::get('pid', true);
     // Check the path
     if (\Validator::isInsecurePath($strFile)) {
         $this->log('Invalid file name "' . $strFile . '" (hacking attempt)', __METHOD__, TL_ERROR);
         $this->redirect('contao/main.php?act=error');
     } elseif (\Validator::isInsecurePath($strFolder)) {
         $this->log('Invalid folder name "' . $strFolder . '" (hacking attempt)', __METHOD__, TL_ERROR);
         $this->redirect('contao/main.php?act=error');
     }
     // Check for valid file types
     if (!empty($this->arrValidFileTypes) && is_file(TL_ROOT . '/' . $strFile)) {
         $fileinfo = preg_replace('/.*\\.(.*)$/ui', '$1', $strFile);
         if (!in_array(strtolower($fileinfo), $this->arrValidFileTypes)) {
             $this->log('File "' . $strFile . '" is not an allowed file type', __METHOD__, TL_ERROR);
             $this->redirect('contao/main.php?act=error');
         }
     }
     // Check whether the file is within the files directory
     if (!preg_match('/^' . preg_quote(\Config::get('uploadPath'), '/') . '/i', $strFile)) {
         $this->log('File or folder "' . $strFile . '" is not within the files directory', __METHOD__, TL_ERROR);
         $this->redirect('contao/main.php?act=error');
     }
     // Check whether the parent folder is within the files directory
     if ($strFolder && !preg_match('/^' . preg_quote(\Config::get('uploadPath'), '/') . '/i', $strFolder)) {
         $this->log('Parent folder "' . $strFolder . '" is not within the files directory', __METHOD__, TL_ERROR);
         $this->redirect('contao/main.php?act=error');
     }
     // Do not allow file operations on root folders
     if (\Input::get('act') == 'edit' || \Input::get('act') == 'paste' || \Input::get('act') == 'delete') {
         $this->import('BackendUser', 'User');
         if (!$this->User->isAdmin && in_array($strFile, $this->User->filemounts)) {
             $this->log('Attempt to edit, copy, move or delete the root folder "' . $strFile . '"', __METHOD__, TL_ERROR);
             $this->redirect('contao/main.php?act=error');
         }
     }
     return true;
 }
开发者ID:eknoes,项目名称:core,代码行数:46,代码来源:DC_Folder.php

示例6: doReplace


//.........这里部分代码省略.........
                                 $rel = $value;
                                 break;
                             case 'mode':
                                 $mode = $value;
                                 break;
                             case 'size':
                                 $size = (int) $value;
                                 break;
                             case 'template':
                                 $strTemplate = preg_replace('/[^a-z0-9_]/i', '', $value);
                                 break;
                         }
                     }
                     $strFile = $arrChunks[0];
                 }
                 if (\Validator::isUuid($strFile)) {
                     // Handle UUIDs
                     $objFile = \FilesModel::findByUuid($strFile);
                     if ($objFile === null) {
                         $arrCache[$strTag] = '';
                         break;
                     }
                     $strFile = $objFile->path;
                 } elseif (is_numeric($strFile)) {
                     // Handle numeric IDs (see #4805)
                     $objFile = \FilesModel::findByPk($strFile);
                     if ($objFile === null) {
                         $arrCache[$strTag] = '';
                         break;
                     }
                     $strFile = $objFile->path;
                 } else {
                     // Check the path
                     if (\Validator::isInsecurePath($strFile)) {
                         throw new \RuntimeException('Invalid path ' . $strFile);
                     }
                 }
                 // Check the maximum image width
                 if (\Config::get('maxImageWidth') > 0 && $width > \Config::get('maxImageWidth')) {
                     $width = \Config::get('maxImageWidth');
                     $height = null;
                 }
                 // Generate the thumbnail image
                 try {
                     // Image
                     if (strtolower($elements[0]) == 'image') {
                         $dimensions = '';
                         $imageObj = \Image::create($strFile, array($width, $height, $mode));
                         $src = $imageObj->executeResize()->getResizedPath();
                         $objFile = new \File(rawurldecode($src));
                         // Add the image dimensions
                         if (($imgSize = $objFile->imageSize) !== false) {
                             $dimensions = ' width="' . $imgSize[0] . '" height="' . $imgSize[1] . '"';
                         }
                         $arrCache[$strTag] = '<img src="' . TL_FILES_URL . $src . '" ' . $dimensions . ' alt="' . $alt . '"' . ($class != '' ? ' class="' . $class . '"' : '') . '>';
                     } else {
                         $picture = \Picture::create($strFile, array(0, 0, $size))->getTemplateData();
                         $picture['alt'] = $alt;
                         $picture['class'] = $class;
                         $pictureTemplate = new \FrontendTemplate($strTemplate);
                         $pictureTemplate->setData($picture);
                         $arrCache[$strTag] = $pictureTemplate->parse();
                     }
                     // Add a lightbox link
                     if ($rel != '') {
                         if (strncmp($rel, 'lightbox', 8) !== 0) {
开发者ID:bytehead,项目名称:core-bundle,代码行数:67,代码来源:InsertTags.php

示例7: addNewTemplate

    /**
     * Create a new template
     *
     * @return string
     */
    public function addNewTemplate()
    {
        $arrAllTemplates = array();
        $arrAllowed = StringUtil::trimsplit(',', strtolower(Config::get('templateFiles')));
        /** @var SplFileInfo[] $files */
        $files = System::getContainer()->get('contao.resource_finder')->findIn('templates')->files()->name('/\\.(' . implode('|', $arrAllowed) . ')$/');
        foreach ($files as $file) {
            $strRelpath = str_replace(TL_ROOT . DIRECTORY_SEPARATOR, '', $file->getPathname());
            $strModule = preg_replace('@^(vendor|system/modules)/([^/]+(/.*-bundle)?)/.*$@', '$2', strtr($strRelpath, '\\', '/'));
            $arrAllTemplates[$strModule][$strRelpath] = basename($strRelpath);
        }
        $strError = '';
        // Copy an existing template
        if (Input::post('FORM_SUBMIT') == 'tl_create_template') {
            $strOriginal = Input::post('original', true);
            if (Validator::isInsecurePath($strOriginal)) {
                throw new RuntimeException('Invalid path ' . $strOriginal);
            }
            $strTarget = Input::post('target', true);
            if (Validator::isInsecurePath($strTarget)) {
                throw new RuntimeException('Invalid path ' . $strTarget);
            }
            // Validate the target path
            if (strncmp($strTarget, 'templates', 9) !== 0 || !is_dir(TL_ROOT . '/' . $strTarget)) {
                $strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['invalid'], $strTarget);
            } else {
                $blnFound = false;
                // Validate the source path
                foreach ($arrAllTemplates as $arrTemplates) {
                    if (isset($arrTemplates[$strOriginal])) {
                        $blnFound = true;
                        break;
                    }
                }
                if (!$blnFound) {
                    $strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['invalid'], $strOriginal);
                } else {
                    $strTarget .= '/' . basename($strOriginal);
                    // Check whether the target file exists
                    if (file_exists(TL_ROOT . '/' . $strTarget)) {
                        $strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['exists'], $strTarget);
                    } else {
                        $this->import('Files');
                        $this->Files->copy($strOriginal, $strTarget);
                        $this->redirect($this->getReferer());
                    }
                }
            }
        }
        $strAllTemplates = '';
        // Group the templates by module
        foreach ($arrAllTemplates as $k => $v) {
            $strAllTemplates .= '<optgroup label="' . $k . '">';
            foreach ($v as $kk => $vv) {
                $strAllTemplates .= sprintf('<option value="%s"%s>%s</option>', $kk, Input::post('original') == $kk ? ' selected="selected"' : '', $vv);
            }
            $strAllTemplates .= '</optgroup>';
        }
        // Show form
        return '
<div id="tl_buttons">
<a href="' . $this->getReferer(true) . '" class="header_back" title="' . StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['backBTTitle']) . '" accesskey="b" onclick="Backend.getScrollOffset()">' . $GLOBALS['TL_LANG']['MSC']['backBT'] . '</a>
</div>' . ($strError != '' ? '

<div class="tl_message">
<p class="tl_error">' . $strError . '</p>
</div>' : '') . '

<form action="' . ampersand(Environment::get('request')) . '" id="tl_create_template" class="tl_form" method="post">
<div class="tl_formbody_edit">
<input type="hidden" name="FORM_SUBMIT" value="tl_create_template">
<input type="hidden" name="REQUEST_TOKEN" value="' . REQUEST_TOKEN . '">
<fieldset class="tl_tbox nolegend">
<div>
  <h3><label for="ctrl_original">' . $GLOBALS['TL_LANG']['tl_templates']['original'][0] . '</label></h3>
  <select name="original" id="ctrl_original" class="tl_select tl_chosen" onfocus="Backend.getScrollOffset()">' . $strAllTemplates . '</select>' . ($GLOBALS['TL_LANG']['tl_templates']['original'][1] && Config::get('showHelp') ? '
  <p class="tl_help tl_tip">' . $GLOBALS['TL_LANG']['tl_templates']['original'][1] . '</p>' : '') . '
</div>
<div>
  <h3><label for="ctrl_target">' . $GLOBALS['TL_LANG']['tl_templates']['target'][0] . '</label></h3>
  <select name="target" id="ctrl_target" class="tl_select" onfocus="Backend.getScrollOffset()"><option value="templates">templates</option>' . $this->getTargetFolders('templates') . '</select>' . ($GLOBALS['TL_LANG']['tl_templates']['target'][1] && Config::get('showHelp') ? '
  <p class="tl_help tl_tip">' . $GLOBALS['TL_LANG']['tl_templates']['target'][1] . '</p>' : '') . '
</div>
</fieldset>
</div>

<div class="tl_formbody_submit">
<div class="tl_submit_container">
  <button type="submit" name="create" id="create" class="tl_submit" accesskey="s">' . $GLOBALS['TL_LANG']['tl_templates']['newTpl'] . '</button>
</div>
</div>
</form>';
    }
开发者ID:qzminski,项目名称:contao-core-bundle,代码行数:98,代码来源:tl_templates.php

示例8: addTemplatesToArchive

 /**
  * Add templates to the archive
  *
  * @param \ZipWriter $objArchive
  * @param string     $strFolder
  */
 protected function addTemplatesToArchive(\ZipWriter $objArchive, $strFolder)
 {
     // Strip the templates folder name
     $strFolder = preg_replace('@^templates/@', '', $strFolder);
     // Re-add the templates folder name
     if ($strFolder == '') {
         $strFolder = 'templates';
     } else {
         $strFolder = 'templates/' . $strFolder;
     }
     if (\Validator::isInsecurePath($strFolder)) {
         throw new \RuntimeException('Insecure path ' . $strFolder);
     }
     // Return if the folder does not exist
     if (!is_dir(TL_ROOT . '/' . $strFolder)) {
         return;
     }
     $arrAllowed = trimsplit(',', \Config::get('templateFiles'));
     array_push($arrAllowed, 'sql');
     // see #7048
     // Add all template files to the archive
     foreach (scan(TL_ROOT . '/' . $strFolder) as $strFile) {
         if (preg_match('/\\.(' . implode('|', $arrAllowed) . ')$/', $strFile) && strncmp($strFile, 'be_', 3) !== 0 && strncmp($strFile, 'nl_', 3) !== 0) {
             $objArchive->addFile($strFolder . '/' . $strFile);
         }
     }
 }
开发者ID:Jobu,项目名称:core,代码行数:33,代码来源:Theme.php

示例9: checkFile

 /**
  * Check the given file path string if it is a regular file an UUID or an numeric ID
  *
  * @param string $filePath
  * @return \File
  */
 protected static function checkFile($filePath)
 {
     if (\Validator::isUuid($filePath)) {
         // Handle UUIDs
         $objFile = \FilesModel::findByUuid($filePath);
         $filePath = $objFile->path;
     } elseif (is_numeric($filePath)) {
         // Handle numeric IDs (see #4805)
         $objFile = \FilesModel::findByPk($filePath);
         $filePath = $objFile->path;
     } else {
         // Check the path
         if (\Validator::isInsecurePath($filePath)) {
             throw new \RuntimeException('Invalid path ' . $filePath);
         }
     }
     return new \File($filePath, true);
 }
开发者ID:teamsisu,项目名称:contao-greyify,代码行数:24,代码来源:Greyify.php

示例10: checkUploadPath

 /**
  * Check the upload path
  *
  * @param mixed $varValue
  *
  * @return mixed
  *
  * @throws Exception
  */
 public function checkUploadPath($varValue)
 {
     if ($varValue == '' || Validator::isInsecurePath($varValue)) {
         throw new Exception($GLOBALS['TL_LANG']['ERR']['invalidName']);
     }
     if (preg_match('@^(assets|contao|plugins|share|system|templates|vendor)(/|$)@', $varValue)) {
         throw new Exception($GLOBALS['TL_LANG']['ERR']['invalidName']);
     }
     return $varValue;
 }
开发者ID:StephenGWills,项目名称:sample-contao-app,代码行数:19,代码来源:tl_settings.php

示例11: validate

 /**
  * Validate a path
  *
  * @throws \RuntimeException If the given paths are not valid
  */
 protected function validate()
 {
     foreach (func_get_args() as $strPath) {
         if ($strPath == '') {
             throw new \RuntimeException('No file or folder name given');
         } elseif (\Validator::isInsecurePath($strPath)) {
             throw new \RuntimeException('Invalid file or folder name ' . $strPath);
         }
     }
 }
开发者ID:bytehead,项目名称:core-bundle,代码行数:15,代码来源:Files.php

示例12: uploadTo

 /**
  * Check the uploaded files and move them to the target directory
  *
  * @param string $strTarget
  *
  * @return array
  *
  * @throws \Exception
  */
 public function uploadTo($strTarget)
 {
     if ($strTarget == '' || \Validator::isInsecurePath($strTarget)) {
         throw new \InvalidArgumentException('Invalid target path ' . $strTarget);
     }
     $maxlength_kb = $this->getMaximumUploadSize();
     $maxlength_kb_readable = $this->getReadableSize($maxlength_kb);
     $arrUploaded = array();
     $arrFiles = $this->getFilesFromGlobal();
     foreach ($arrFiles as $file) {
         // Sanitize the filename
         try {
             $file['name'] = \String::sanitizeFileName($file['name']);
         } catch (\InvalidArgumentException $e) {
             \Message::addError($GLOBALS['TL_LANG']['ERR']['filename']);
             $this->blnHasError = true;
             continue;
         }
         // Invalid file name
         if (!\Validator::isValidFileName($file['name'])) {
             \Message::addError($GLOBALS['TL_LANG']['ERR']['filename']);
             $this->blnHasError = true;
         } elseif (!is_uploaded_file($file['tmp_name'])) {
             if ($file['error'] == 1 || $file['error'] == 2) {
                 \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable));
                 $this->log('File "' . $file['name'] . '" exceeds the maximum file size of ' . $maxlength_kb_readable, __METHOD__, TL_ERROR);
                 $this->blnHasError = true;
             } elseif ($file['error'] == 3) {
                 \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filepartial'], $file['name']));
                 $this->log('File "' . $file['name'] . '" was only partially uploaded', __METHOD__, TL_ERROR);
                 $this->blnHasError = true;
             } elseif ($file['error'] > 0) {
                 \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['fileerror'], $file['error'], $file['name']));
                 $this->log('File "' . $file['name'] . '" could not be uploaded (error ' . $file['error'] . ')', __METHOD__, TL_ERROR);
                 $this->blnHasError = true;
             }
         } elseif ($file['size'] > $maxlength_kb) {
             \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable));
             $this->log('File "' . $file['name'] . '" exceeds the maximum file size of ' . $maxlength_kb_readable, __METHOD__, TL_ERROR);
             $this->blnHasError = true;
         } else {
             $strExtension = pathinfo($file['name'], PATHINFO_EXTENSION);
             $arrAllowedTypes = trimsplit(',', strtolower(\Config::get('uploadTypes')));
             // File type not allowed
             if (!in_array(strtolower($strExtension), $arrAllowedTypes)) {
                 \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filetype'], $strExtension));
                 $this->log('File type "' . $strExtension . '" is not allowed to be uploaded (' . $file['name'] . ')', __METHOD__, TL_ERROR);
                 $this->blnHasError = true;
             } else {
                 $this->import('Files');
                 $strNewFile = $strTarget . '/' . $file['name'];
                 // Set CHMOD and resize if neccessary
                 if ($this->Files->move_uploaded_file($file['tmp_name'], $strNewFile)) {
                     $this->Files->chmod($strNewFile, \Config::get('defaultFileChmod'));
                     $blnResized = $this->resizeUploadedImage($strNewFile, $file);
                     // Notify the user
                     if (!$blnResized) {
                         \Message::addConfirmation(sprintf($GLOBALS['TL_LANG']['MSC']['fileUploaded'], $file['name']));
                         $this->log('File "' . $file['name'] . '" uploaded successfully', __METHOD__, TL_FILES);
                     }
                     $arrUploaded[] = $strNewFile;
                 }
             }
         }
     }
     return $arrUploaded;
 }
开发者ID:juergen83,项目名称:contao,代码行数:76,代码来源:FileUpload.php


注:本文中的Validator::isInsecurePath方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。