当前位置: 首页>>代码示例>>PHP>>正文


PHP tao_helpers_File::securityCheck方法代码示例

本文整理汇总了PHP中tao_helpers_File::securityCheck方法的典型用法代码示例。如果您正苦于以下问题:PHP tao_helpers_File::securityCheck方法的具体用法?PHP tao_helpers_File::securityCheck怎么用?PHP tao_helpers_File::securityCheck使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在tao_helpers_File的用法示例。


在下文中一共展示了tao_helpers_File::securityCheck方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: retrieveFile

 /**
  * get the link and return the file that match it
  * @param string $link the link provided by storeFile
  * @return string $filename the file that match the link
  * @throws \common_exception_Error
  */
 public function retrieveFile($link)
 {
     if (!\tao_helpers_File::securityCheck($link)) {
         throw new \common_exception_Error('Unsecure file link found');
     }
     return $this->getBaseDir() . $link;
 }
开发者ID:oat-sa,项目名称:extension-tao-mediamanager,代码行数:13,代码来源:SimpleFileManagement.php

示例2: export

 /**
  * (non-PHPdoc)
  * @see tao_models_classes_export_ExportHandler::export()
  */
 public function export($formValues, $destination)
 {
     $file = null;
     if (isset($formValues['filename']) === true) {
         $instances = is_string($formValues['instances']) ? array($formValues['instances']) : $formValues['instances'];
         if (count($instances) > 0) {
             $fileName = $formValues['filename'] . '_' . time() . '.zip';
             $path = tao_helpers_File::concat(array($destination, $fileName));
             if (tao_helpers_File::securityCheck($path, true) === false) {
                 throw new common_Exception('Unauthorized file name for QTI Test ZIP archive.');
             }
             // Create a new ZIP archive to store data related to the QTI Test.
             $zip = new ZipArchive();
             if ($zip->open($path, ZipArchive::CREATE) !== true) {
                 throw new common_Exception("Unable to create ZIP archive for QTI Test at location '" . $path . "'.");
             }
             // Create an empty IMS Manifest as a basis.
             $manifest = taoQtiTest_helpers_Utils::emptyImsManifest();
             foreach ($instances as $instance) {
                 $testResource = new core_kernel_classes_Resource($instance);
                 $testExporter = new taoQtiTest_models_classes_export_QtiTestExporter($testResource, $zip, $manifest);
                 common_Logger::d('Export ' . $instance);
                 $testExporter->export();
             }
             $file = $path;
             $zip->close();
         } else {
             common_Logger::w("No instance in form to export");
         }
     } else {
         common_Logger::w("Missing filename for QTI Test export using Export Handler '" . __CLASS__ . "'.");
     }
     return $file;
 }
开发者ID:nagyist,项目名称:extension-tao-testqti,代码行数:38,代码来源:class.TestExport.php

示例3: outputFile

 public static function outputFile($relPath, $filename = null)
 {
     $fullpath = self::getExportPath() . DIRECTORY_SEPARATOR . $relPath;
     if (tao_helpers_File::securityCheck($fullpath, true) && file_exists($fullpath)) {
         Context::getInstance()->getResponse()->setContentHeader(tao_helpers_File::getMimeType($fullpath));
         $fileName = empty($filename) ? basename($fullpath) : $filename;
         header('Content-Disposition: attachment; fileName="' . $fileName . '"');
         header("Content-Length: " . filesize($fullpath));
         //Clean all levels of output buffering
         while (ob_get_level() > 0) {
             ob_end_clean();
         }
         flush();
         $fp = fopen($fullpath, "r");
         if ($fp !== false) {
             while (!feof($fp)) {
                 echo fread($fp, 65536);
                 flush();
             }
             fclose($fp);
             @unlink($fullpath);
         } else {
             common_Logger::e('Unable to open File to export' . $fullpath);
         }
     } else {
         common_Logger::e('Could not find File to export: ' . $fullpath);
     }
 }
开发者ID:nagyist,项目名称:tao-core,代码行数:28,代码来源:class.Export.php

示例4: export

 /**
  * (non-PHPdoc)
  * @see tao_models_classes_export_ExportHandler::export()
  */
 public function export($formValues, $destination)
 {
     $report = common_report_Report::createSuccess();
     if (isset($formValues['filename']) === true) {
         $instances = is_string($formValues['instances']) ? array($formValues['instances']) : $formValues['instances'];
         if (count($instances) > 0) {
             $fileName = $formValues['filename'] . '_' . time() . '.zip';
             $path = tao_helpers_File::concat(array($destination, $fileName));
             if (tao_helpers_File::securityCheck($path, true) === false) {
                 throw new common_Exception('Unauthorized file name for QTI Test ZIP archive.');
             }
             // Create a new ZIP archive to store data related to the QTI Test.
             $zip = new ZipArchive();
             if ($zip->open($path, ZipArchive::CREATE) !== true) {
                 throw new common_Exception("Unable to create ZIP archive for QTI Test at location '" . $path . "'.");
             }
             // Create an empty IMS Manifest as a basis.
             $manifest = $this->createManifest();
             foreach ($instances as $instance) {
                 $testResource = new core_kernel_classes_Resource($instance);
                 $testExporter = $this->createExporter($testResource, $zip, $manifest);
                 common_Logger::d('Export ' . $instance);
                 $subReport = $testExporter->export();
                 if ($report->getType() !== common_report_Report::TYPE_ERROR && ($subReport->containsError() || $subReport->getType() === common_report_Report::TYPE_ERROR)) {
                     $report->setType(common_report_Report::TYPE_ERROR);
                     $report->setMessage(__('Not all test could be export', $testResource->getLabel()));
                 }
                 $report->add($subReport);
             }
             $report->setData($path);
             $zip->close();
         } else {
             common_Logger::w("No instance in form to export");
         }
     } else {
         common_Logger::w("Missing filename for QTI Test export using Export Handler '" . __CLASS__ . "'.");
     }
     return $report;
 }
开发者ID:oat-sa,项目名称:extension-tao-testqti,代码行数:43,代码来源:class.TestExport.php

示例5: exportCompiledDelivery

 /**
  * export a compiled delivery into an archive
  * 
  * @param core_kernel_classes_Resource $compiledDelivery
  * @throws Exception
  * @return string
  */
 public static function exportCompiledDelivery(core_kernel_classes_Resource $compiledDelivery)
 {
     $fileName = tao_helpers_Display::textCleaner($compiledDelivery->getLabel()) . '.zip';
     $path = tao_helpers_File::concat(array(tao_helpers_Export::getExportPath(), $fileName));
     if (!tao_helpers_File::securityCheck($path, true)) {
         throw new Exception('Unauthorized file name');
     }
     $zipArchive = new ZipArchive();
     if ($zipArchive->open($path, ZipArchive::CREATE) !== true) {
         throw new Exception('Unable to create archive at ' . $path);
     }
     $taoDeliveryVersion = common_ext_ExtensionsManager::singleton()->getInstalledVersion('taoDelivery');
     $data = array('dir' => array(), 'label' => $compiledDelivery->getLabel(), 'version' => $taoDeliveryVersion);
     $directories = $compiledDelivery->getPropertyValues(new core_kernel_classes_Property(PROPERTY_COMPILEDDELIVERY_DIRECTORY));
     foreach ($directories as $id) {
         $directory = tao_models_classes_service_FileStorage::singleton()->getDirectoryById($id);
         tao_helpers_File::addFilesToZip($zipArchive, $directory->getPath(), $directory->getRelativePath());
         $data['dir'][$id] = $directory->getRelativePath();
     }
     $runtime = $compiledDelivery->getUniquePropertyValue(new core_kernel_classes_Property(PROPERTY_COMPILEDDELIVERY_RUNTIME));
     $serviceCall = tao_models_classes_service_ServiceCall::fromResource($runtime);
     $data['runtime'] = base64_encode($serviceCall->serializeToString());
     $rdfExporter = new tao_models_classes_export_RdfExporter();
     $rdfdata = $rdfExporter->getRdfString(array($compiledDelivery));
     if (!$zipArchive->addFromString('delivery.rdf', $rdfdata)) {
         throw common_Exception('Unable to add metadata to exported delivery assembly');
     }
     $data['meta'] = 'delivery.rdf';
     $content = json_encode($data);
     //'<?php return '.common_Utils::toPHPVariableString($data).";";
     if (!$zipArchive->addFromString(self::MANIFEST_FILE, $content)) {
         $zipArchive->close();
         unlink($path);
         throw common_Exception('Unable to add manifest to exported delivery assembly');
     }
     $zipArchive->close();
     return $path;
 }
开发者ID:swapnilaptara,项目名称:tao-aptara-assess,代码行数:45,代码来源:class.Assembler.php

示例6: download

 /**
  * Download custom styles
  */
 public function download()
 {
     if (!$this->hasRequestParameter('uri')) {
         throw new common_exception_MissingParameter('uri', __METHOD__);
     }
     if (!$this->hasRequestParameter('stylesheetUri')) {
         throw new common_exception_MissingParameter('stylesheetUri', __METHOD__);
     }
     if (!$this->hasRequestParameter('lang')) {
         throw new common_exception_MissingParameter('lang', __METHOD__);
     }
     $item = new \core_kernel_classes_Resource($this->getRequestParameter('uri'));
     $lang = $this->getRequestParameter('lang');
     $styleSheet = $this->getRequestParameter('stylesheetUri');
     if (!\tao_helpers_File::securityCheck($styleSheet, true)) {
         throw new \common_exception_Error('invalid stylesheet path "' . $styleSheet . '"');
     }
     header('Set-Cookie: fileDownload=true');
     setcookie('fileDownload', 'true', 0, '/');
     header('Content-type: application/octet-stream');
     header(sprintf('Content-Disposition: attachment; filename=%s', basename($styleSheet)));
     echo CssHelper::downloadCssFile($item, $lang, $styleSheet);
 }
开发者ID:nagyist,项目名称:extension-tao-itemqti,代码行数:26,代码来源:QtiCssAuthoring.php

示例7: getContent

 /**
  * Get XML content.
  *
  * @access protected
  * @author Aleh Hutnikau, <hutnikau@1pt.com>
  * @param boolean $refresh load content again.
  * @return string
  */
 protected function getContent($refresh = false)
 {
     if ($this->content === null || $refresh) {
         try {
             switch ($this->sourceType) {
                 case self::SOURCE_FILE:
                     //check file
                     if (!file_exists($this->source)) {
                         throw new Exception("File {$this->source} not found.");
                     }
                     if (!is_readable($this->source)) {
                         throw new Exception("Unable to read file {$this->source}.");
                     }
                     if (!preg_match("/\\.{$this->fileExtension}\$/", basename($this->source))) {
                         throw new Exception("Wrong file extension in " . basename($this->source) . ", {$this->fileExtension} extension is expected");
                     }
                     if (!tao_helpers_File::securityCheck($this->source)) {
                         throw new Exception("{$this->source} seems to contain some security issues");
                     }
                     $this->content = file_get_contents($this->source);
                     break;
                 case self::SOURCE_URL:
                     //only same domain
                     if (!preg_match("/^" . preg_quote(BASE_URL, '/') . "/", $this->source)) {
                         throw new Exception("The given uri must be in the domain {$_SERVER['HTTP_HOST']}");
                     }
                     $this->content = tao_helpers_Request::load($this->source, true);
                     break;
                 case self::SOURCE_STRING:
                     $this->content = $this->source;
                     break;
                 case self::SOURCE_FLYFILE:
                     if (!$this->source->exists()) {
                         throw new common_Exception('Source file does not exists ("' . $this->source->getPath() . '").');
                     }
                     if (!($this->content = $this->source->read())) {
                         throw new common_Exception('Unable to read file ("' . $this->source->getPath() . '").');
                     }
                     break;
             }
         } catch (Exception $e) {
             $this->addError($e);
         }
     }
     return $this->content;
 }
开发者ID:oat-sa,项目名称:tao-core,代码行数:54,代码来源:class.Parser.php

示例8: uploadFile

 /**
  * Get, check and move the file uploaded (described in the posetedFile parameter)
  * 
  * @param array $postedFile
  * @param string $folder
  * @return array $data
  */
 protected function uploadFile($postedFile, $folder)
 {
     $returnValue = array();
     if (isset($postedFile['tmp_name']) && isset($postedFile['name'])) {
         $tempFile = $postedFile['tmp_name'];
         $targetPath = tao_helpers_File::concat(array($this->rootFolder, $folder));
         if (tao_helpers_File::securityCheck($targetPath)) {
             if (!file_exists($targetPath)) {
                 mkdir($targetPath);
             }
             $targetFile = tao_helpers_File::concat(array($targetPath, uniqid() . '_' . $postedFile['name']));
             if (move_uploaded_file($tempFile, $targetFile)) {
                 $returnValue['uploaded'] = true;
                 $data = $postedFile;
                 $data['type'] = tao_helpers_File::getMimeType($targetFile);
                 $data['uploaded_file'] = $targetFile;
                 $returnValue['name'] = $postedFile['name'];
                 $returnValue['uploaded_file'] = $targetFile;
                 $returnValue['data'] = serialize($data);
             }
         }
     }
     return $returnValue;
 }
开发者ID:nagyist,项目名称:tao-core,代码行数:31,代码来源:class.File.php

示例9: secureEncode

 /**
  * Verify paths and encode the file
  * 
  * @param string $basedir
  * @param string $source
  * @throws \tao_models_classes_FileNotFoundException
  * @throws \common_exception_Error
  * @return string
  */
 protected static function secureEncode($basedir, $source)
 {
     $components = parse_url($source);
     if (!isset($components['scheme'])) {
         // relative path
         if (\tao_helpers_File::securityCheck($source, false)) {
             if (file_exists($basedir . $source)) {
                 return 'data:' . FsUtils::getMimeType($basedir . $source) . ';' . 'base64,' . base64_encode(file_get_contents($basedir . $source));
             } else {
                 throw new \tao_models_classes_FileNotFoundException($source);
             }
         } else {
             throw new \common_exception_Error('Invalid source path "' . $source . '"');
         }
     } else {
         // url, just return it as is
         return $source;
     }
 }
开发者ID:oat-sa,项目名称:extension-tao-mediamanager,代码行数:28,代码来源:SharedStimulusPackageImporter.php

示例10: validate

 /**
  * Short description of method validate
  *
  * @access public
  * @author Bertrand Chevrier, <bertrand.chevrier@tudor.lu>
  * @param  string schema
  * @return boolean
  */
 public function validate($schema = '')
 {
     //You know sometimes you think you have enough time, but it is not always true ...
     //(timeout in hudson with the generis-hard test suite)
     helpers_TimeOutHelper::setTimeOutLimit(helpers_TimeOutHelper::MEDIUM);
     $forced = $this->valid;
     $this->valid = true;
     try {
         switch ($this->sourceType) {
             case self::SOURCE_FILE:
                 //check file
                 if (!file_exists($this->source)) {
                     throw new Exception("File {$this->source} not found.");
                 }
                 if (!is_readable($this->source)) {
                     throw new Exception("Unable to read file {$this->source}.");
                 }
                 if (!preg_match("/\\.{$this->fileExtension}\$/", basename($this->source))) {
                     throw new Exception("Wrong file extension in " . basename($this->source) . ", {$this->fileExtension} extension is expected");
                 }
                 if (!tao_helpers_File::securityCheck($this->source)) {
                     throw new Exception("{$this->source} seems to contain some security issues");
                 }
                 break;
             case self::SOURCE_URL:
                 //only same domain
                 if (!preg_match("/^" . preg_quote(BASE_URL, '/') . "/", $this->source)) {
                     throw new Exception("The given uri must be in the domain {$_SERVER['HTTP_HOST']}");
                 }
                 break;
         }
     } catch (Exception $e) {
         if ($forced) {
             throw $e;
         } else {
             $this->addError($e);
         }
     }
     if ($this->valid && !$forced) {
         //valida can be true if forceValidation has been called
         $this->valid = false;
         try {
             libxml_use_internal_errors(true);
             $dom = new DomDocument();
             $loadResult = false;
             switch ($this->sourceType) {
                 case self::SOURCE_FILE:
                     $loadResult = $dom->load($this->source);
                     break;
                 case self::SOURCE_URL:
                     $xmlContent = tao_helpers_Request::load($this->source, true);
                     $loadResult = $dom->loadXML($xmlContent);
                     break;
                 case self::SOURCE_STRING:
                     $loadResult = $dom->loadXML($this->source);
                     break;
             }
             if ($loadResult) {
                 if (!empty($schema)) {
                     $this->valid = $dom->schemaValidate($schema);
                 } else {
                     $this->valid = true;
                     //only well-formed
                 }
             }
             if (!$this->valid) {
                 $this->addErrors(libxml_get_errors());
             }
             libxml_clear_errors();
         } catch (DOMException $de) {
             $this->addError($de);
         }
     }
     $returnValue = $this->valid;
     helpers_TimeOutHelper::reset();
     return (bool) $returnValue;
 }
开发者ID:swapnilaptara,项目名称:tao-aptara-assess,代码行数:85,代码来源:class.Parser.php

示例11: md5

    die;
}
$config = (include $configPath);
$compiledPath = $config['options']['path'];
$secretPassphrase = $config['options']['secret'];
$ttl = $config['options']['ttl'];
$correctToken = md5($timestamp . $subPath . $secretPassphrase);
if (time() - $timestamp > $ttl || $token != $correctToken) {
    header('HTTP/1.0 403 Forbidden');
    die;
}
$path = array();
foreach (explode('/', $subPath . $file) as $ele) {
    $path[] = rawurldecode($ele);
}
$filename = $compiledPath . implode(DIRECTORY_SEPARATOR, $path);
if (strpos($filename, '?')) {
    // A query string is provided with the file to be retrieved - clean up!
    $parts = explode('?', $filename);
    $filename = $parts[0];
}
if (tao_helpers_File::securityCheck($filename, true)) {
    header('Content-Type: ' . tao_helpers_File::getMimeType($filename, true));
    $fp = fopen($filename, 'rb');
    if ($fp === false) {
        header("HTTP/1.0 404 Not Found");
    } else {
        fpassthru($fp);
    }
}
exit;
开发者ID:nagyist,项目名称:tao-core,代码行数:31,代码来源:getFile.php

示例12: getMediaResource

 /**
  * Load an item external media
  * It prevents to get it direclty in the data folder that access is denied
  * @requiresRight uri READ
  * @deprecated
  */
 public function getMediaResource()
 {
     if ($this->hasRequestParameter('path')) {
         $item = null;
         if ($this->hasRequestParameter('uri') && $this->hasRequestParameter('classUri')) {
             $item = $this->getCurrentInstance();
         } else {
             if ($this->hasSessionAttribute('uri') && $this->hasSessionAttribute('classUri')) {
                 $classUri = tao_helpers_Uri::decode($this->getSessionAttribute('classUri'));
                 if ($this->getClassService()->isItemClass(new core_kernel_classes_Class($classUri))) {
                     $item = new core_kernel_classes_Resource(tao_helpers_Uri::decode($this->getSessionAttribute('uri')));
                 }
             }
         }
         if (!is_null($item)) {
             $path = urldecode($this->getRequestParameter('path'));
             if (!tao_helpers_File::securityCheck($path)) {
                 throw new Exception('Unauthorized path ' . $path);
             }
             if (preg_match('/(.)+\\/filemanager\\/views\\/data\\//i', $path)) {
                 // check if the file is linked to the file manager
                 $resource = preg_replace('/(.)+\\/filemanager\\/views\\/data\\//i', ROOT_PATH . '/filemanager/views/data/', $path);
             } else {
                 // look in the item's dedicated folder. it should be a resource
                 // that is local to the item, not it the file manager
                 // $folder is the item's dedicated folder path, $path the path to the resource, relative to $folder
                 $folder = $this->getClassService()->getItemFolder($item);
                 $resource = tao_helpers_File::concat(array($folder, $path));
             }
             if (file_exists($resource)) {
                 $mimeType = tao_helpers_File::getMimeType($resource);
                 //allow only images, video, flash (and css?)
                 if (preg_match("/^(image|video|audio|application\\/x-shockwave-flash)/", $mimeType)) {
                     header("Content-Type: {$mimeType}; charset utf-8");
                     print trim(file_get_contents($resource));
                 }
             }
         }
     }
 }
开发者ID:nagyist,项目名称:tao-extension-tao-item,代码行数:46,代码来源:class.Items.php

示例13: add

 /**
  * Add content to file
  *
  * @see \oat\tao\model\media\MediaManagement::add
  * @param string $source
  * @param string $fileName
  * @param string $parent
  * @return array
  * @throws \common_Exception
  * @throws \tao_models_classes_FileNotFoundException
  */
 public function add($source, $fileName, $parent)
 {
     if (!\tao_helpers_File::securityCheck($fileName, true)) {
         throw new \common_Exception('Unsecured filename "' . $fileName . '"');
     }
     if (($resource = fopen($source, 'r')) === false) {
         throw new \common_Exception('Unable to read content of file ("' . $source . '")');
     }
     $file = $this->getItemDirectory()->getDirectory($parent)->getFile($fileName);
     $writeSuccess = $file->put($resource);
     fclose($resource);
     if (!$writeSuccess) {
         throw new \common_Exception('Unable to write file ("' . $fileName . '")');
     }
     return $this->getInfoFromFile($file);
 }
开发者ID:oat-sa,项目名称:extension-tao-item,代码行数:27,代码来源:LocalItemSource.php

示例14: add

 /**
  * (non-PHPdoc)
  * @see \oat\tao\model\media\MediaManagement::add
  */
 public function add($source, $fileName, $parent)
 {
     if (!\tao_helpers_File::securityCheck($fileName, true)) {
         throw new \common_Exception('Unsecured filename "' . $fileName . '"');
     }
     $sysPath = $this->getSysPath($parent . $fileName);
     if (!tao_helpers_File::copy($source, $sysPath)) {
         throw new \common_exception_Error('Unable to move file ' . $source);
     }
     $fileData = $this->getFileInfo('/' . ltrim($parent, '/') . $fileName, array());
     return $fileData;
 }
开发者ID:nagyist,项目名称:tao-extension-tao-item,代码行数:16,代码来源:LocalItemSource.php

示例15: delete

 /**
  * delete the selected file or folder
  *
  * @author CRP Henri Tudor - TAO Team - {@link http://www.tao.lu}
  */
 public function delete()
 {
     $data = array('deleted' => false);
     if ($this->hasRequestParameter('file')) {
         $file = urldecode($this->getRequestParameter('file'));
         if (tao_helpers_File::securityCheck($file, true)) {
             $data['deleted'] = unlink(filemanager_helpers_FileUtils::cleanConcat(array(filemanager_helpers_FileUtils::getBasePath(), $file)));
         }
     }
     if ($this->hasRequestParameter("folder")) {
         $folder = urldecode($this->getRequestParameter('folder'));
         if (tao_helpers_File::securityCheck($folder, true)) {
             if (filemanager_helpers_FileUtils::deleteFolder(filemanager_helpers_FileUtils::cleanConcat(array(filemanager_helpers_FileUtils::getBasePath(), $folder)), true)) {
                 $data['deleted'] = true;
             }
         }
     }
     echo json_encode($data);
 }
开发者ID:oat-sa,项目名称:extension-tao-filemanager,代码行数:24,代码来源:class.Browser.php


注:本文中的tao_helpers_File::securityCheck方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。