Code Coverage
 
Classes and Traits
Functions and Methods
Lines
Total
0.00% covered (danger)
0.00%
0 / 1
35.71% covered (danger)
35.71%
5 / 14
CRAP
23.38% covered (danger)
23.38%
36 / 154
plupload
0.00% covered (danger)
0.00%
0 / 1
35.71% covered (danger)
35.71%
5 / 14
652.87
23.38% covered (danger)
23.38%
36 / 154
 __construct
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
8 / 8
 handle_upload
0.00% covered (danger)
0.00%
0 / 1
12
0.00% covered (danger)
0.00%
0 / 26
 configure
0.00% covered (danger)
0.00%
0 / 1
6
0.00% covered (danger)
0.00%
0 / 15
 is_active
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
1 / 1
 is_multipart
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 2
 emit_error
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 9
 generate_filter_string
0.00% covered (danger)
0.00%
0 / 1
12
0.00% covered (danger)
0.00%
0 / 17
 generate_resize_string
100.00% covered (success)
100.00%
1 / 1
4
100.00% covered (success)
100.00%
12 / 12
 get_chunk_size
100.00% covered (success)
100.00%
1 / 1
4
100.00% covered (success)
100.00%
12 / 12
 temporary_filepath
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 7
 integrate_uploaded_file
0.00% covered (danger)
0.00%
0 / 1
156
0.00% covered (danger)
0.00%
0 / 30
 prepare_temporary_directory
0.00% covered (danger)
0.00%
0 / 1
6
0.00% covered (danger)
0.00%
0 / 9
 set_default_directories
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
3 / 3
 set_upload_directories
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 3
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\plupload;
/**
* This class handles all server-side plupload functions
*/
class plupload
{
    /**
    * @var string
    */
    protected $phpbb_root_path;
    /**
    * @var \phpbb\config\config
    */
    protected $config;
    /**
    * @var \phpbb\request\request_interface
    */
    protected $request;
    /**
    * @var \phpbb\user
    */
    protected $user;
    /**
    * @var \bantu\IniGetWrapper\IniGetWrapper
    */
    protected $php_ini;
    /**
    * @var \phpbb\mimetype\guesser
    */
    protected $mimetype_guesser;
    /**
    * Final destination for uploaded files, i.e. the "files" directory.
    * @var string
    */
    protected $upload_directory;
    /**
    * Temporary upload directory for plupload uploads.
    * @var string
    */
    protected $temporary_directory;
    /**
    * Constructor.
    *
    * @param string $phpbb_root_path
    * @param \phpbb\config\config $config
    * @param \phpbb\request\request_interface $request
    * @param \phpbb\user $user
    * @param \bantu\IniGetWrapper\IniGetWrapper $php_ini
    * @param \phpbb\mimetype\guesser $mimetype_guesser
    */
    public function __construct($phpbb_root_path, \phpbb\config\config $config, \phpbb\request\request_interface $request, \phpbb\user $user, \bantu\IniGetWrapper\IniGetWrapper $php_ini, \phpbb\mimetype\guesser $mimetype_guesser)
    {
        $this->phpbb_root_path = $phpbb_root_path;
        $this->config = $config;
        $this->request = $request;
        $this->user = $user;
        $this->php_ini = $php_ini;
        $this->mimetype_guesser = $mimetype_guesser;
        $this->set_default_directories();
    }
    /**
    * Plupload allows for chunking so we must check for that and assemble
    * the whole file first before performing any checks on it.
    *
    * @param string $form_name The name of the file element in the upload form
    *
    * @return array|null    null if there are no chunks to piece together
    *                        otherwise array containing the path to the
    *                        pieced-together file and its size
    */
    public function handle_upload($form_name)
    {
        $chunks_expected = $this->request->variable('chunks', 0);
        // If chunking is disabled or we are not using plupload, just return
        // and handle the file as usual
        if ($chunks_expected < 2)
        {
            return;
        }
        $file_name = $this->request->variable('name', '');
        $chunk = $this->request->variable('chunk', 0);
        $this->user->add_lang('plupload');
        $this->prepare_temporary_directory();
        $file_path = $this->temporary_filepath($file_name);
        $this->integrate_uploaded_file($form_name, $chunk, $file_path);
        // If we are done with all the chunks, strip the .part suffix and then
        // handle the resulting file as normal, otherwise die and await the
        // next chunk.
        if ($chunk == $chunks_expected - 1)
        {
            rename("{$file_path}.part", $file_path);
            // Reset upload directories to defaults once completed
            $this->set_default_directories();
            // Need to modify some of the $_FILES values to reflect the new file
            return array(
                'tmp_name' => $file_path,
                'name' => $this->request->variable('real_filename', '', true),
                'size' => filesize($file_path),
                'type' => $this->mimetype_guesser->guess($file_path, $file_name),
            );
        }
        else
        {
            $json_response = new \phpbb\json_response();
            $json_response->send(array(
                'jsonrpc' => '2.0',
                'id' => 'id',
                'result' => null,
            ));
        }
    }
    /**
    * Fill in the plupload configuration options in the template
    *
    * @param \phpbb\cache\service        $cache
    * @param \phpbb\template\template    $template
    * @param string                        $s_action The URL to submit the POST data to
    * @param int                        $forum_id The ID of the forum
    * @param int                        $max_files Maximum number of files allowed. 0 for unlimited.
    *
    * @return null
    */
    public function configure(\phpbb\cache\service $cache, \phpbb\template\template $template, $s_action, $forum_id, $max_files)
    {
        $filters = $this->generate_filter_string($cache, $forum_id);
        $chunk_size = $this->get_chunk_size();
        $resize = $this->generate_resize_string();
        $template->assign_vars(array(
            'S_RESIZE'            => $resize,
            'S_PLUPLOAD'        => true,
            'FILTERS'            => $filters,
            'CHUNK_SIZE'        => $chunk_size,
            'S_PLUPLOAD_URL'    => htmlspecialchars_decode($s_action),
            'MAX_ATTACHMENTS'    => $max_files,
            'ATTACH_ORDER'        => ($this->config['display_order']) ? 'asc' : 'desc',
            'L_TOO_MANY_ATTACHMENTS'    => $this->user->lang('TOO_MANY_ATTACHMENTS', $max_files),
        ));
        $this->user->add_lang('plupload');
    }
    /**
    * Checks whether the page request was sent by plupload or not
    *
    * @return bool
    */
    public function is_active()
    {
        return $this->request->header('X-PHPBB-USING-PLUPLOAD', false);
    }
    /**
    * Returns whether the current HTTP request is a multipart request.
    *
    * @return bool
    */
    public function is_multipart()
    {
        $content_type = $this->request->server('CONTENT_TYPE');
        return strpos($content_type, 'multipart') === 0;
    }
    /**
    * Sends an error message back to the client via JSON response
    *
    * @param int $code        The error code
    * @param string $msg    The translation string of the message to be sent
    *
    * @return null
    */
    public function emit_error($code, $msg)
    {
        $json_response = new \phpbb\json_response();
        $json_response->send(array(
            'jsonrpc' => '2.0',
            'id' => 'id',
            'error' => array(
                'code' => $code,
                'message' => $this->user->lang($msg),
            ),
        ));
    }
    /**
     * Looks at the list of allowed extensions and generates a string
     * appropriate for use in configuring plupload with
     *
     * @param \phpbb\cache\service    $cache        Cache service object
     * @param string                $forum_id    The forum identifier
     *
     * @return string
     */
    public function generate_filter_string(\phpbb\cache\service $cache, $forum_id)
    {
        $groups = [];
        $filters = [];
        $attach_extensions = $cache->obtain_attach_extensions($forum_id);
        unset($attach_extensions['_allowed_']);
        // Re-arrange the extension array to $groups[$group_name][]
        foreach ($attach_extensions as $extension => $extension_info)
        {
            $groups[$extension_info['group_name']]['extensions'][] = $extension;
            $groups[$extension_info['group_name']]['max_file_size'] = (int) $extension_info['max_filesize'];
        }
        foreach ($groups as $group => $group_info)
        {
            $filters[] = sprintf(
                "{title: '%s', extensions: '%s', max_file_size: %s}",
                addslashes(ucfirst(strtolower($group))),
                addslashes(implode(',', $group_info['extensions'])),
                $group_info['max_file_size']
            );
        }
        return implode(',', $filters);
    }
    /**
    * Generates a string that is used to tell plupload to automatically resize
    * files before uploading them.
    *
    * @return string
    */
    public function generate_resize_string()
    {
        $resize = '';
        if ($this->config['img_max_height'] > 0 && $this->config['img_max_width'] > 0)
        {
            $preserve_headers_value = $this->config['img_strip_metadata'] ? 'false' : 'true';
            $resize = sprintf(
                'resize: {width: %d, height: %d, quality: %d, preserve_headers: %s},',
                (int) $this->config['img_max_width'],
                (int) $this->config['img_max_height'],
                (int) $this->config['img_quality'],
                $preserve_headers_value
            );
        }
        return $resize;
    }
    /**
     * Checks various php.ini values to determine the maximum chunk
     * size a file should be split into for upload.
     *
     * The intention is to calculate a value which reflects whatever
     * the most restrictive limit is set to.  And to then set the chunk
     * size to half that value, to ensure any required transfer overhead
     * and POST data remains well within the limit.  Or, if all of the
     * limits are set to unlimited, the chunk size will also be unlimited.
     *
     * @return int
     *
     * @access public
     */
    public function get_chunk_size()
    {
        $max = 0;
        $limits = [
            $this->php_ini->getBytes('memory_limit'),
            $this->php_ini->getBytes('upload_max_filesize'),
            $this->php_ini->getBytes('post_max_size'),
        ];
        foreach ($limits as $limit_type)
        {
            if ($limit_type > 0)
            {
                $max = ($max !== 0) ? min($limit_type, $max) : $limit_type;
            }
        }
        return floor($max / 2);
    }
    protected function temporary_filepath($file_name)
    {
        // Must preserve the extension for plupload to work.
        return sprintf(
            '%s/%s_%s%s',
            $this->temporary_directory,
            $this->config['plupload_salt'],
            md5($file_name),
            \phpbb\files\filespec::get_extension($file_name)
        );
    }
    /**
    * Checks whether the chunk we are about to deal with was actually uploaded
    * by PHP and actually exists, if not, it generates an error
    *
    * @param string $form_name The name of the file in the form data
    *
    * @return null
    */
    protected function integrate_uploaded_file($form_name, $chunk, $file_path)
    {
        $is_multipart = $this->is_multipart();
        $upload = $this->request->file($form_name);
        if ($is_multipart && (!isset($upload['tmp_name']) || !is_uploaded_file($upload['tmp_name'])))
        {
            $this->emit_error(103, 'PLUPLOAD_ERR_MOVE_UPLOADED');
        }
        $tmp_file = $this->temporary_filepath($upload['tmp_name']);
        if (!phpbb_is_writable($this->temporary_directory) || !move_uploaded_file($upload['tmp_name'], $tmp_file))
        {
            $this->emit_error(103, 'PLUPLOAD_ERR_MOVE_UPLOADED');
        }
        $out = fopen("{$file_path}.part", $chunk == 0 ? 'wb' : 'ab');
        if (!$out)
        {
            $this->emit_error(102, 'PLUPLOAD_ERR_OUTPUT');
        }
        $in = fopen(($is_multipart) ? $tmp_file : 'php://input', 'rb');
        if (!$in)
        {
            $this->emit_error(101, 'PLUPLOAD_ERR_INPUT');
        }
        while ($buf = fread($in, 4096))
        {
            fwrite($out, $buf);
        }
        fclose($in);
        fclose($out);
        if ($is_multipart)
        {
            unlink($tmp_file);
        }
    }
    /**
    * Creates the temporary directory if it does not already exist.
    *
    * @return null
    */
    protected function prepare_temporary_directory()
    {
        if (!file_exists($this->temporary_directory))
        {
            mkdir($this->temporary_directory);
            copy(
                $this->upload_directory . '/index.htm',
                $this->temporary_directory . '/index.htm'
            );
        }
    }
    /**
    * Sets the default directories for uploads
    *
    * @return null
    */
    protected function set_default_directories()
    {
        $this->upload_directory = $this->phpbb_root_path . $this->config['upload_path'];
        $this->temporary_directory = $this->upload_directory . '/plupload';
    }
    /**
    * Sets the upload directories to the specified paths
    *
    * @param string $upload_directory Upload directory
    * @param string $temporary_directory Temporary directory
    *
    * @return null
    */
    public function set_upload_directories($upload_directory, $temporary_directory)
    {
        $this->upload_directory = $upload_directory;
        $this->temporary_directory = $temporary_directory;
    }
}