本文整理汇总了PHP中Validator::isInsecurePath方法的典型用法代码示例。如果您正苦于以下问题:PHP Validator::isInsecurePath方法的具体用法?PHP Validator::isInsecurePath怎么用?PHP Validator::isInsecurePath使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Validator
的用法示例。
在下文中一共展示了Validator::isInsecurePath方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: uploadTo
/**
* Check the uploaded files and move them to the target directory
*
* @param string $strTarget
*
* @return array
*
* @throws \Exception
*/
public function uploadTo($strTarget)
{
if ($strTarget == '' || \Validator::isInsecurePath($strTarget)) {
throw new \InvalidArgumentException('Invalid target path ' . $strTarget);
}
$maxlength_kb = $this->getMaximumUploadSize();
$maxlength_kb_readable = $this->getReadableSize($maxlength_kb);
$arrUploaded = array();
$arrFiles = $this->getFilesFromGlobal();
foreach ($arrFiles as $file) {
// Sanitize the filename
try {
$file['name'] = \StringUtil::sanitizeFileName($file['name']);
} catch (\InvalidArgumentException $e) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['filename']);
$this->blnHasError = true;
continue;
}
// Invalid file name
if (!\Validator::isValidFileName($file['name'])) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['filename']);
$this->blnHasError = true;
} elseif (!is_uploaded_file($file['tmp_name'])) {
if ($file['error'] == 1 || $file['error'] == 2) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable));
$this->blnHasError = true;
} elseif ($file['error'] == 3) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filepartial'], $file['name']));
$this->blnHasError = true;
} elseif ($file['error'] > 0) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['fileerror'], $file['error'], $file['name']));
$this->blnHasError = true;
}
} elseif ($file['size'] > $maxlength_kb) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable));
$this->blnHasError = true;
} else {
$strExtension = strtolower(substr($file['name'], strrpos($file['name'], '.') + 1));
// File type not allowed
if (!in_array($strExtension, \StringUtil::trimsplit(',', strtolower(\Config::get('uploadTypes'))))) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filetype'], $strExtension));
$this->blnHasError = true;
} else {
$this->import('Files');
$strNewFile = $strTarget . '/' . $file['name'];
// Set CHMOD and resize if neccessary
if ($this->Files->move_uploaded_file($file['tmp_name'], $strNewFile)) {
$this->Files->chmod($strNewFile, \Config::get('defaultFileChmod'));
// Notify the user
\Message::addConfirmation(sprintf($GLOBALS['TL_LANG']['MSC']['fileUploaded'], $file['name']));
$this->log('File "' . $strNewFile . '" has been uploaded', __METHOD__, TL_FILES);
// Resize the uploaded image if necessary
$this->resizeUploadedImage($strNewFile);
$arrUploaded[] = $strNewFile;
}
}
}
}
return $arrUploaded;
}
示例2: getTemplate
/**
* Find a particular template file and return its path
*
* @param string $strTemplate The name of the template
* @param string $strFormat The file extension
*
* @return string The path to the template file
*
* @throws \InvalidArgumentException If $strFormat is unknown
* @throws \RuntimeException If the template group folder is insecure
*/
public static function getTemplate($strTemplate, $strFormat = 'html5')
{
$arrAllowed = trimsplit(',', \Config::get('templateFiles'));
array_push($arrAllowed, 'html5');
// see #3398
if (!in_array($strFormat, $arrAllowed)) {
throw new \InvalidArgumentException('Invalid output format ' . $strFormat);
}
$strTemplate = basename($strTemplate);
// Check for a theme folder
if (TL_MODE == 'FE') {
/** @var \PageModel $objPage */
global $objPage;
if ($objPage->templateGroup != '') {
if (\Validator::isInsecurePath($objPage->templateGroup)) {
throw new \RuntimeException('Invalid path ' . $objPage->templateGroup);
}
return \TemplateLoader::getPath($strTemplate, $strFormat, $objPage->templateGroup);
}
}
return \TemplateLoader::getPath($strTemplate, $strFormat);
}
示例3: addFilesBreadcrumb
/**
* Add a breadcrumb menu to the file tree
*
* @param string $strKey
*
* @throws \RuntimeException
*/
public static function addFilesBreadcrumb($strKey = 'tl_files_node')
{
$objSession = \Session::getInstance();
// Set a new node
if (isset($_GET['node'])) {
// Check the path (thanks to Arnaud Buchoux)
if (\Validator::isInsecurePath(\Input::get('node', true))) {
throw new \RuntimeException('Insecure path ' . \Input::get('node', true));
}
$objSession->set($strKey, \Input::get('node', true));
\Controller::redirect(preg_replace('/(&|\\?)node=[^&]*/', '', \Environment::get('request')));
}
$strNode = $objSession->get($strKey);
if ($strNode == '') {
return;
}
// Check the path (thanks to Arnaud Buchoux)
if (\Validator::isInsecurePath($strNode)) {
throw new \RuntimeException('Insecure path ' . $strNode);
}
// Currently selected folder does not exist
if (!is_dir(TL_ROOT . '/' . $strNode)) {
$objSession->set($strKey, '');
return;
}
$objUser = \BackendUser::getInstance();
$strPath = \Config::get('uploadPath');
$arrNodes = explode('/', preg_replace('/^' . preg_quote(\Config::get('uploadPath'), '/') . '\\//', '', $strNode));
$arrLinks = array();
// Add root link
$arrLinks[] = '<img src="' . TL_FILES_URL . 'system/themes/' . \Backend::getTheme() . '/images/filemounts.gif" width="18" height="18" alt=""> <a href="' . \Controller::addToUrl('node=') . '" title="' . specialchars($GLOBALS['TL_LANG']['MSC']['selectAllNodes']) . '">' . $GLOBALS['TL_LANG']['MSC']['filterAll'] . '</a>';
// Generate breadcrumb trail
foreach ($arrNodes as $strFolder) {
$strPath .= '/' . $strFolder;
// Do not show pages which are not mounted
if (!$objUser->hasAccess($strPath, 'filemounts')) {
continue;
}
// No link for the active folder
if ($strPath == $strNode) {
$arrLinks[] = '<img src="' . TL_FILES_URL . 'system/themes/' . \Backend::getTheme() . '/images/folderC.gif" width="18" height="18" alt=""> ' . $strFolder;
} else {
$arrLinks[] = '<img src="' . TL_FILES_URL . 'system/themes/' . \Backend::getTheme() . '/images/folderC.gif" width="18" height="18" alt=""> <a href="' . \Controller::addToUrl('node=' . $strPath) . '" title="' . specialchars($GLOBALS['TL_LANG']['MSC']['selectNode']) . '">' . $strFolder . '</a>';
}
}
// Check whether the node is mounted
if (!$objUser->hasAccess($strNode, 'filemounts')) {
$objSession->set($strKey, '');
\System::log('Folder ID ' . $strNode . ' was not mounted', __METHOD__, TL_ERROR);
\Controller::redirect('contao/main.php?act=error');
}
// Limit tree
$GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root'] = array($strNode);
// Insert breadcrumb menu
$GLOBALS['TL_DCA']['tl_files']['list']['sorting']['breadcrumb'] .= '
<ul id="tl_breadcrumb">
<li>' . implode(' > </li><li>', $arrLinks) . '</li>
</ul>';
}
示例4: addNewTemplate
/**
* Create a new template
*
* @return string
*/
public function addNewTemplate()
{
$strError = '';
// Copy an existing template
if (Input::post('FORM_SUBMIT') == 'tl_create_template') {
$strOriginal = Input::post('original');
if (Validator::isInsecurePath($strOriginal)) {
throw new RuntimeException('Invalid path ' . $strOriginal);
}
$strTarget = Input::post('target');
if (Validator::isInsecurePath($strTarget)) {
throw new RuntimeException('Invalid path ' . $strTarget);
}
// Validate the source path
if (strncmp($strOriginal, 'system/modules/', 15) !== 0 || !file_exists(TL_ROOT . '/' . $strOriginal)) {
$strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['invalid'], $strOriginal);
} else {
// Validate the target path
if (strncmp($strTarget, 'templates', 9) !== 0 || !is_dir(TL_ROOT . '/' . $strTarget)) {
$strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['invalid'], $strTarget);
} else {
$strTarget .= '/' . basename($strOriginal);
// Check whether the target file exists
if (file_exists(TL_ROOT . '/' . $strTarget)) {
$strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['exists'], $strTarget);
} else {
$this->import('Files');
$this->Files->copy($strOriginal, $strTarget);
$this->redirect($this->getReferer());
}
}
}
}
$arrAllTemplates = array();
$arrAllowed = trimsplit(',', Config::get('templateFiles'));
// Get all templates
foreach (ModuleLoader::getActive() as $strModule) {
// Continue if there is no templates folder
if ($strModule == 'repository' || !is_dir(TL_ROOT . '/system/modules/' . $strModule . '/templates')) {
continue;
}
/** @var \SplFileInfo[] $objFiles */
$objFiles = new SortedIterator(new RecursiveIteratorIterator(new RecursiveDirectoryIterator(TL_ROOT . '/system/modules/' . $strModule . '/templates', FilesystemIterator::UNIX_PATHS | FilesystemIterator::FOLLOW_SYMLINKS | FilesystemIterator::SKIP_DOTS)));
foreach ($objFiles as $objFile) {
$strExtension = pathinfo($objFile->getFilename(), PATHINFO_EXTENSION);
if (in_array($strExtension, $arrAllowed)) {
$strRelpath = str_replace(TL_ROOT . '/', '', $objFile->getPathname());
$arrAllTemplates[$strModule][basename($strRelpath)] = $strRelpath;
}
}
}
$strAllTemplates = '';
// Group the templates by module
foreach ($arrAllTemplates as $k => $v) {
$strAllTemplates .= '<optgroup label="' . $k . '">';
foreach ($v as $kk => $vv) {
$strAllTemplates .= sprintf('<option value="%s"%s>%s</option>', $vv, Input::post('original') == $vv ? ' selected="selected"' : '', $kk);
}
$strAllTemplates .= '</optgroup>';
}
// Show form
return '
<div id="tl_buttons">
<a href="' . $this->getReferer(true) . '" class="header_back" title="' . specialchars($GLOBALS['TL_LANG']['MSC']['backBTTitle']) . '" accesskey="b" onclick="Backend.getScrollOffset()">' . $GLOBALS['TL_LANG']['MSC']['backBT'] . '</a>
</div>' . ($strError != '' ? '
<div class="tl_message">
<p class="tl_error">' . $strError . '</p>
</div>' : '') . '
<form action="' . ampersand(Environment::get('request')) . '" id="tl_create_template" class="tl_form" method="post">
<div class="tl_formbody_edit">
<input type="hidden" name="FORM_SUBMIT" value="tl_create_template">
<input type="hidden" name="REQUEST_TOKEN" value="' . REQUEST_TOKEN . '">
<div class="tl_tbox">
<div>
<h3><label for="ctrl_original">' . $GLOBALS['TL_LANG']['tl_templates']['original'][0] . '</label></h3>
<select name="original" id="ctrl_original" class="tl_select tl_chosen" onfocus="Backend.getScrollOffset()">' . $strAllTemplates . '</select>' . ($GLOBALS['TL_LANG']['tl_templates']['original'][1] && Config::get('showHelp') ? '
<p class="tl_help tl_tip">' . $GLOBALS['TL_LANG']['tl_templates']['original'][1] . '</p>' : '') . '
</div>
<div>
<h3><label for="ctrl_target">' . $GLOBALS['TL_LANG']['tl_templates']['target'][0] . '</label></h3>
<select name="target" id="ctrl_target" class="tl_select" onfocus="Backend.getScrollOffset()"><option value="templates">templates</option>' . $this->getTargetFolders('templates') . '</select>' . ($GLOBALS['TL_LANG']['tl_templates']['target'][1] && Config::get('showHelp') ? '
<p class="tl_help tl_tip">' . $GLOBALS['TL_LANG']['tl_templates']['target'][1] . '</p>' : '') . '
</div>
</div>
</div>
<div class="tl_formbody_submit">
<div class="tl_submit_container">
<input type="submit" name="create" id="create" class="tl_submit" accesskey="s" value="' . specialchars($GLOBALS['TL_LANG']['tl_templates']['newTpl']) . '">
</div>
</div>
</form>';
}
示例5: isValid
/**
* Check a file operation
*
* @param string $strFile
*
* @return boolean
*/
protected function isValid($strFile)
{
$strFolder = \Input::get('pid', true);
// Check the path
if (\Validator::isInsecurePath($strFile)) {
$this->log('Invalid file name "' . $strFile . '" (hacking attempt)', __METHOD__, TL_ERROR);
$this->redirect('contao/main.php?act=error');
} elseif (\Validator::isInsecurePath($strFolder)) {
$this->log('Invalid folder name "' . $strFolder . '" (hacking attempt)', __METHOD__, TL_ERROR);
$this->redirect('contao/main.php?act=error');
}
// Check for valid file types
if (!empty($this->arrValidFileTypes) && is_file(TL_ROOT . '/' . $strFile)) {
$fileinfo = preg_replace('/.*\\.(.*)$/ui', '$1', $strFile);
if (!in_array(strtolower($fileinfo), $this->arrValidFileTypes)) {
$this->log('File "' . $strFile . '" is not an allowed file type', __METHOD__, TL_ERROR);
$this->redirect('contao/main.php?act=error');
}
}
// Check whether the file is within the files directory
if (!preg_match('/^' . preg_quote(\Config::get('uploadPath'), '/') . '/i', $strFile)) {
$this->log('File or folder "' . $strFile . '" is not within the files directory', __METHOD__, TL_ERROR);
$this->redirect('contao/main.php?act=error');
}
// Check whether the parent folder is within the files directory
if ($strFolder && !preg_match('/^' . preg_quote(\Config::get('uploadPath'), '/') . '/i', $strFolder)) {
$this->log('Parent folder "' . $strFolder . '" is not within the files directory', __METHOD__, TL_ERROR);
$this->redirect('contao/main.php?act=error');
}
// Do not allow file operations on root folders
if (\Input::get('act') == 'edit' || \Input::get('act') == 'paste' || \Input::get('act') == 'delete') {
$this->import('BackendUser', 'User');
if (!$this->User->isAdmin && in_array($strFile, $this->User->filemounts)) {
$this->log('Attempt to edit, copy, move or delete the root folder "' . $strFile . '"', __METHOD__, TL_ERROR);
$this->redirect('contao/main.php?act=error');
}
}
return true;
}
示例6: doReplace
//.........这里部分代码省略.........
$rel = $value;
break;
case 'mode':
$mode = $value;
break;
case 'size':
$size = (int) $value;
break;
case 'template':
$strTemplate = preg_replace('/[^a-z0-9_]/i', '', $value);
break;
}
}
$strFile = $arrChunks[0];
}
if (\Validator::isUuid($strFile)) {
// Handle UUIDs
$objFile = \FilesModel::findByUuid($strFile);
if ($objFile === null) {
$arrCache[$strTag] = '';
break;
}
$strFile = $objFile->path;
} elseif (is_numeric($strFile)) {
// Handle numeric IDs (see #4805)
$objFile = \FilesModel::findByPk($strFile);
if ($objFile === null) {
$arrCache[$strTag] = '';
break;
}
$strFile = $objFile->path;
} else {
// Check the path
if (\Validator::isInsecurePath($strFile)) {
throw new \RuntimeException('Invalid path ' . $strFile);
}
}
// Check the maximum image width
if (\Config::get('maxImageWidth') > 0 && $width > \Config::get('maxImageWidth')) {
$width = \Config::get('maxImageWidth');
$height = null;
}
// Generate the thumbnail image
try {
// Image
if (strtolower($elements[0]) == 'image') {
$dimensions = '';
$imageObj = \Image::create($strFile, array($width, $height, $mode));
$src = $imageObj->executeResize()->getResizedPath();
$objFile = new \File(rawurldecode($src));
// Add the image dimensions
if (($imgSize = $objFile->imageSize) !== false) {
$dimensions = ' width="' . $imgSize[0] . '" height="' . $imgSize[1] . '"';
}
$arrCache[$strTag] = '<img src="' . TL_FILES_URL . $src . '" ' . $dimensions . ' alt="' . $alt . '"' . ($class != '' ? ' class="' . $class . '"' : '') . '>';
} else {
$picture = \Picture::create($strFile, array(0, 0, $size))->getTemplateData();
$picture['alt'] = $alt;
$picture['class'] = $class;
$pictureTemplate = new \FrontendTemplate($strTemplate);
$pictureTemplate->setData($picture);
$arrCache[$strTag] = $pictureTemplate->parse();
}
// Add a lightbox link
if ($rel != '') {
if (strncmp($rel, 'lightbox', 8) !== 0) {
示例7: addNewTemplate
/**
* Create a new template
*
* @return string
*/
public function addNewTemplate()
{
$arrAllTemplates = array();
$arrAllowed = StringUtil::trimsplit(',', strtolower(Config::get('templateFiles')));
/** @var SplFileInfo[] $files */
$files = System::getContainer()->get('contao.resource_finder')->findIn('templates')->files()->name('/\\.(' . implode('|', $arrAllowed) . ')$/');
foreach ($files as $file) {
$strRelpath = str_replace(TL_ROOT . DIRECTORY_SEPARATOR, '', $file->getPathname());
$strModule = preg_replace('@^(vendor|system/modules)/([^/]+(/.*-bundle)?)/.*$@', '$2', strtr($strRelpath, '\\', '/'));
$arrAllTemplates[$strModule][$strRelpath] = basename($strRelpath);
}
$strError = '';
// Copy an existing template
if (Input::post('FORM_SUBMIT') == 'tl_create_template') {
$strOriginal = Input::post('original', true);
if (Validator::isInsecurePath($strOriginal)) {
throw new RuntimeException('Invalid path ' . $strOriginal);
}
$strTarget = Input::post('target', true);
if (Validator::isInsecurePath($strTarget)) {
throw new RuntimeException('Invalid path ' . $strTarget);
}
// Validate the target path
if (strncmp($strTarget, 'templates', 9) !== 0 || !is_dir(TL_ROOT . '/' . $strTarget)) {
$strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['invalid'], $strTarget);
} else {
$blnFound = false;
// Validate the source path
foreach ($arrAllTemplates as $arrTemplates) {
if (isset($arrTemplates[$strOriginal])) {
$blnFound = true;
break;
}
}
if (!$blnFound) {
$strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['invalid'], $strOriginal);
} else {
$strTarget .= '/' . basename($strOriginal);
// Check whether the target file exists
if (file_exists(TL_ROOT . '/' . $strTarget)) {
$strError = sprintf($GLOBALS['TL_LANG']['tl_templates']['exists'], $strTarget);
} else {
$this->import('Files');
$this->Files->copy($strOriginal, $strTarget);
$this->redirect($this->getReferer());
}
}
}
}
$strAllTemplates = '';
// Group the templates by module
foreach ($arrAllTemplates as $k => $v) {
$strAllTemplates .= '<optgroup label="' . $k . '">';
foreach ($v as $kk => $vv) {
$strAllTemplates .= sprintf('<option value="%s"%s>%s</option>', $kk, Input::post('original') == $kk ? ' selected="selected"' : '', $vv);
}
$strAllTemplates .= '</optgroup>';
}
// Show form
return '
<div id="tl_buttons">
<a href="' . $this->getReferer(true) . '" class="header_back" title="' . StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['backBTTitle']) . '" accesskey="b" onclick="Backend.getScrollOffset()">' . $GLOBALS['TL_LANG']['MSC']['backBT'] . '</a>
</div>' . ($strError != '' ? '
<div class="tl_message">
<p class="tl_error">' . $strError . '</p>
</div>' : '') . '
<form action="' . ampersand(Environment::get('request')) . '" id="tl_create_template" class="tl_form" method="post">
<div class="tl_formbody_edit">
<input type="hidden" name="FORM_SUBMIT" value="tl_create_template">
<input type="hidden" name="REQUEST_TOKEN" value="' . REQUEST_TOKEN . '">
<fieldset class="tl_tbox nolegend">
<div>
<h3><label for="ctrl_original">' . $GLOBALS['TL_LANG']['tl_templates']['original'][0] . '</label></h3>
<select name="original" id="ctrl_original" class="tl_select tl_chosen" onfocus="Backend.getScrollOffset()">' . $strAllTemplates . '</select>' . ($GLOBALS['TL_LANG']['tl_templates']['original'][1] && Config::get('showHelp') ? '
<p class="tl_help tl_tip">' . $GLOBALS['TL_LANG']['tl_templates']['original'][1] . '</p>' : '') . '
</div>
<div>
<h3><label for="ctrl_target">' . $GLOBALS['TL_LANG']['tl_templates']['target'][0] . '</label></h3>
<select name="target" id="ctrl_target" class="tl_select" onfocus="Backend.getScrollOffset()"><option value="templates">templates</option>' . $this->getTargetFolders('templates') . '</select>' . ($GLOBALS['TL_LANG']['tl_templates']['target'][1] && Config::get('showHelp') ? '
<p class="tl_help tl_tip">' . $GLOBALS['TL_LANG']['tl_templates']['target'][1] . '</p>' : '') . '
</div>
</fieldset>
</div>
<div class="tl_formbody_submit">
<div class="tl_submit_container">
<button type="submit" name="create" id="create" class="tl_submit" accesskey="s">' . $GLOBALS['TL_LANG']['tl_templates']['newTpl'] . '</button>
</div>
</div>
</form>';
}
示例8: addTemplatesToArchive
/**
* Add templates to the archive
*
* @param \ZipWriter $objArchive
* @param string $strFolder
*/
protected function addTemplatesToArchive(\ZipWriter $objArchive, $strFolder)
{
// Strip the templates folder name
$strFolder = preg_replace('@^templates/@', '', $strFolder);
// Re-add the templates folder name
if ($strFolder == '') {
$strFolder = 'templates';
} else {
$strFolder = 'templates/' . $strFolder;
}
if (\Validator::isInsecurePath($strFolder)) {
throw new \RuntimeException('Insecure path ' . $strFolder);
}
// Return if the folder does not exist
if (!is_dir(TL_ROOT . '/' . $strFolder)) {
return;
}
$arrAllowed = trimsplit(',', \Config::get('templateFiles'));
array_push($arrAllowed, 'sql');
// see #7048
// Add all template files to the archive
foreach (scan(TL_ROOT . '/' . $strFolder) as $strFile) {
if (preg_match('/\\.(' . implode('|', $arrAllowed) . ')$/', $strFile) && strncmp($strFile, 'be_', 3) !== 0 && strncmp($strFile, 'nl_', 3) !== 0) {
$objArchive->addFile($strFolder . '/' . $strFile);
}
}
}
示例9: checkFile
/**
* Check the given file path string if it is a regular file an UUID or an numeric ID
*
* @param string $filePath
* @return \File
*/
protected static function checkFile($filePath)
{
if (\Validator::isUuid($filePath)) {
// Handle UUIDs
$objFile = \FilesModel::findByUuid($filePath);
$filePath = $objFile->path;
} elseif (is_numeric($filePath)) {
// Handle numeric IDs (see #4805)
$objFile = \FilesModel::findByPk($filePath);
$filePath = $objFile->path;
} else {
// Check the path
if (\Validator::isInsecurePath($filePath)) {
throw new \RuntimeException('Invalid path ' . $filePath);
}
}
return new \File($filePath, true);
}
示例10: checkUploadPath
/**
* Check the upload path
*
* @param mixed $varValue
*
* @return mixed
*
* @throws Exception
*/
public function checkUploadPath($varValue)
{
if ($varValue == '' || Validator::isInsecurePath($varValue)) {
throw new Exception($GLOBALS['TL_LANG']['ERR']['invalidName']);
}
if (preg_match('@^(assets|contao|plugins|share|system|templates|vendor)(/|$)@', $varValue)) {
throw new Exception($GLOBALS['TL_LANG']['ERR']['invalidName']);
}
return $varValue;
}
示例11: validate
/**
* Validate a path
*
* @throws \RuntimeException If the given paths are not valid
*/
protected function validate()
{
foreach (func_get_args() as $strPath) {
if ($strPath == '') {
throw new \RuntimeException('No file or folder name given');
} elseif (\Validator::isInsecurePath($strPath)) {
throw new \RuntimeException('Invalid file or folder name ' . $strPath);
}
}
}
示例12: uploadTo
/**
* Check the uploaded files and move them to the target directory
*
* @param string $strTarget
*
* @return array
*
* @throws \Exception
*/
public function uploadTo($strTarget)
{
if ($strTarget == '' || \Validator::isInsecurePath($strTarget)) {
throw new \InvalidArgumentException('Invalid target path ' . $strTarget);
}
$maxlength_kb = $this->getMaximumUploadSize();
$maxlength_kb_readable = $this->getReadableSize($maxlength_kb);
$arrUploaded = array();
$arrFiles = $this->getFilesFromGlobal();
foreach ($arrFiles as $file) {
// Sanitize the filename
try {
$file['name'] = \String::sanitizeFileName($file['name']);
} catch (\InvalidArgumentException $e) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['filename']);
$this->blnHasError = true;
continue;
}
// Invalid file name
if (!\Validator::isValidFileName($file['name'])) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['filename']);
$this->blnHasError = true;
} elseif (!is_uploaded_file($file['tmp_name'])) {
if ($file['error'] == 1 || $file['error'] == 2) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable));
$this->log('File "' . $file['name'] . '" exceeds the maximum file size of ' . $maxlength_kb_readable, __METHOD__, TL_ERROR);
$this->blnHasError = true;
} elseif ($file['error'] == 3) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filepartial'], $file['name']));
$this->log('File "' . $file['name'] . '" was only partially uploaded', __METHOD__, TL_ERROR);
$this->blnHasError = true;
} elseif ($file['error'] > 0) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['fileerror'], $file['error'], $file['name']));
$this->log('File "' . $file['name'] . '" could not be uploaded (error ' . $file['error'] . ')', __METHOD__, TL_ERROR);
$this->blnHasError = true;
}
} elseif ($file['size'] > $maxlength_kb) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable));
$this->log('File "' . $file['name'] . '" exceeds the maximum file size of ' . $maxlength_kb_readable, __METHOD__, TL_ERROR);
$this->blnHasError = true;
} else {
$strExtension = pathinfo($file['name'], PATHINFO_EXTENSION);
$arrAllowedTypes = trimsplit(',', strtolower(\Config::get('uploadTypes')));
// File type not allowed
if (!in_array(strtolower($strExtension), $arrAllowedTypes)) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['filetype'], $strExtension));
$this->log('File type "' . $strExtension . '" is not allowed to be uploaded (' . $file['name'] . ')', __METHOD__, TL_ERROR);
$this->blnHasError = true;
} else {
$this->import('Files');
$strNewFile = $strTarget . '/' . $file['name'];
// Set CHMOD and resize if neccessary
if ($this->Files->move_uploaded_file($file['tmp_name'], $strNewFile)) {
$this->Files->chmod($strNewFile, \Config::get('defaultFileChmod'));
$blnResized = $this->resizeUploadedImage($strNewFile, $file);
// Notify the user
if (!$blnResized) {
\Message::addConfirmation(sprintf($GLOBALS['TL_LANG']['MSC']['fileUploaded'], $file['name']));
$this->log('File "' . $file['name'] . '" uploaded successfully', __METHOD__, TL_FILES);
}
$arrUploaded[] = $strNewFile;
}
}
}
}
return $arrUploaded;
}