Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
23.66% covered (danger)
23.66%
31 / 131
35.71% covered (danger)
35.71%
5 / 14
CRAP
0.00% covered (danger)
0.00%
0 / 1
plupload
23.66% covered (danger)
23.66%
31 / 131
35.71% covered (danger)
35.71%
5 / 14
645.96
0.00% covered (danger)
0.00%
0 / 1
 __construct
100.00% covered (success)
100.00%
7 / 7
100.00% covered (success)
100.00%
1 / 1
1
 handle_upload
0.00% covered (danger)
0.00%
0 / 25
0.00% covered (danger)
0.00%
0 / 1
12
 configure
0.00% covered (danger)
0.00%
0 / 14
0.00% covered (danger)
0.00%
0 / 1
6
 is_active
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 is_multipart
0.00% covered (danger)
0.00%
0 / 2
0.00% covered (danger)
0.00%
0 / 1
2
 emit_error
0.00% covered (danger)
0.00%
0 / 9
0.00% covered (danger)
0.00%
0 / 1
2
 generate_filter_string
0.00% covered (danger)
0.00%
0 / 15
0.00% covered (danger)
0.00%
0 / 1
12
 generate_resize_string
100.00% covered (success)
100.00%
11 / 11
100.00% covered (success)
100.00%
1 / 1
4
 get_chunk_size
100.00% covered (success)
100.00%
10 / 10
100.00% covered (success)
100.00%
1 / 1
4
 temporary_filepath
0.00% covered (danger)
0.00%
0 / 7
0.00% covered (danger)
0.00%
0 / 1
2
 integrate_uploaded_file
0.00% covered (danger)
0.00%
0 / 20
0.00% covered (danger)
0.00%
0 / 1
156
 prepare_temporary_directory
0.00% covered (danger)
0.00%
0 / 6
0.00% covered (danger)
0.00%
0 / 1
6
 set_default_directories
100.00% covered (success)
100.00%
2 / 2
100.00% covered (success)
100.00%
1 / 1
1
 set_upload_directories
0.00% covered (danger)
0.00%
0 / 2
0.00% covered (danger)
0.00%
0 / 1
2
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14namespace phpbb\plupload;
15
16/**
17* This class handles all server-side plupload functions
18*/
19class plupload
20{
21    /**
22    * @var string
23    */
24    protected $phpbb_root_path;
25
26    /**
27    * @var \phpbb\config\config
28    */
29    protected $config;
30
31    /**
32    * @var \phpbb\request\request
33    */
34    protected $request;
35
36    /**
37    * @var \phpbb\user
38    */
39    protected $user;
40
41    /**
42    * @var \bantu\IniGetWrapper\IniGetWrapper
43    */
44    protected $php_ini;
45
46    /**
47    * @var \phpbb\mimetype\guesser
48    */
49    protected $mimetype_guesser;
50
51    /**
52    * Final destination for uploaded files, i.e. the "files" directory.
53    * @var string
54    */
55    protected $upload_directory;
56
57    /**
58    * Temporary upload directory for plupload uploads.
59    * @var string
60    */
61    protected $temporary_directory;
62
63    /**
64    * Constructor.
65    *
66    * @param string $phpbb_root_path
67    * @param \phpbb\config\config $config
68    * @param \phpbb\request\request $request
69    * @param \phpbb\user $user
70    * @param \bantu\IniGetWrapper\IniGetWrapper $php_ini
71    * @param \phpbb\mimetype\guesser $mimetype_guesser
72    */
73    public function __construct($phpbb_root_path, \phpbb\config\config $config, \phpbb\request\request $request, \phpbb\user $user, \bantu\IniGetWrapper\IniGetWrapper $php_ini, \phpbb\mimetype\guesser $mimetype_guesser)
74    {
75        $this->phpbb_root_path = $phpbb_root_path;
76        $this->config = $config;
77        $this->request = $request;
78        $this->user = $user;
79        $this->php_ini = $php_ini;
80        $this->mimetype_guesser = $mimetype_guesser;
81
82        $this->set_default_directories();
83    }
84
85    /**
86    * Plupload allows for chunking so we must check for that and assemble
87    * the whole file first before performing any checks on it.
88    *
89    * @param string $form_name The name of the file element in the upload form
90    *
91    * @return array|null    null if there are no chunks to piece together
92    *                        otherwise array containing the path to the
93    *                        pieced-together file and its size
94    */
95    public function handle_upload($form_name)
96    {
97        $chunks_expected = $this->request->variable('chunks', 0);
98
99        // If chunking is disabled or we are not using plupload, just return
100        // and handle the file as usual
101        if ($chunks_expected < 2)
102        {
103            return null;
104        }
105
106        $file_name = $this->request->variable('name', '');
107        $chunk = $this->request->variable('chunk', 0);
108
109        $this->user->add_lang('plupload');
110        $this->prepare_temporary_directory();
111
112        $file_path = $this->temporary_filepath($file_name);
113        $this->integrate_uploaded_file($form_name, $chunk, $file_path);
114
115        // If we are done with all the chunks, strip the .part suffix and then
116        // handle the resulting file as normal, otherwise die and await the
117        // next chunk.
118        if ($chunk == $chunks_expected - 1)
119        {
120            rename("{$file_path}.part", $file_path);
121
122            // Reset upload directories to defaults once completed
123            $this->set_default_directories();
124
125            // Need to modify some of the $_FILES values to reflect the new file
126            return array(
127                'tmp_name' => $file_path,
128                'name' => $this->request->variable('real_filename', '', true),
129                'size' => filesize($file_path),
130                'type' => $this->mimetype_guesser->guess($file_path, $file_name),
131            );
132        }
133        else
134        {
135            $json_response = new \phpbb\json_response();
136            $json_response->send(array(
137                'jsonrpc' => '2.0',
138                'id' => 'id',
139                'result' => null,
140            ));
141            return null;
142        }
143    }
144
145    /**
146    * Fill in the plupload configuration options in the template
147    *
148    * @param \phpbb\cache\service        $cache
149    * @param \phpbb\template\template    $template
150    * @param string                        $s_action The URL to submit the POST data to
151    * @param int                        $forum_id The ID of the forum
152    * @param int                        $max_files Maximum number of files allowed. 0 for unlimited.
153    *
154    * @return void
155    */
156    public function configure(\phpbb\cache\service $cache, \phpbb\template\template $template, $s_action, $forum_id, $max_files)
157    {
158        $filters = $this->generate_filter_string($cache, $forum_id);
159        $chunk_size = $this->get_chunk_size();
160        $resize = $this->generate_resize_string();
161
162        $template->assign_vars(array(
163            'S_RESIZE'            => $resize,
164            'S_PLUPLOAD'        => true,
165            'FILTERS'            => $filters,
166            'CHUNK_SIZE'        => $chunk_size,
167            'S_PLUPLOAD_URL'    => html_entity_decode($s_action, ENT_COMPAT),
168            'MAX_ATTACHMENTS'    => $max_files,
169            'ATTACH_ORDER'        => ($this->config['display_order']) ? 'asc' : 'desc',
170            'L_TOO_MANY_ATTACHMENTS'    => $this->user->lang('TOO_MANY_ATTACHMENTS', $max_files),
171        ));
172
173        $this->user->add_lang('plupload');
174    }
175
176    /**
177    * Checks whether the page request was sent by plupload or not
178    *
179    * @return bool
180    */
181    public function is_active()
182    {
183        return $this->request->header('X-PHPBB-USING-PLUPLOAD', false);
184    }
185
186    /**
187    * Returns whether the current HTTP request is a multipart request.
188    *
189    * @return bool
190    */
191    public function is_multipart()
192    {
193        $content_type = $this->request->server('CONTENT_TYPE');
194
195        return strpos($content_type, 'multipart') === 0;
196    }
197
198    /**
199    * Sends an error message back to the client via JSON response
200    *
201    * @param int $code        The error code
202    * @param string $msg    The translation string of the message to be sent
203    *
204    * @return void
205    */
206    public function emit_error($code, $msg)
207    {
208        $json_response = new \phpbb\json_response();
209        $json_response->send(array(
210            'jsonrpc' => '2.0',
211            'id' => 'id',
212            'error' => array(
213                'code' => $code,
214                'message' => $this->user->lang($msg),
215            ),
216        ));
217    }
218
219    /**
220     * Looks at the list of allowed extensions and generates a string
221     * appropriate for use in configuring plupload with
222     *
223     * @param \phpbb\cache\service    $cache        Cache service object
224     * @param int                    $forum_id    The forum identifier
225     *
226     * @return string
227     */
228    public function generate_filter_string(\phpbb\cache\service $cache, int $forum_id)
229    {
230        $groups = [];
231        $filters = [];
232
233        $attach_extensions = $cache->obtain_attach_extensions($forum_id);
234        unset($attach_extensions['_allowed_']);
235
236        // Re-arrange the extension array to $groups[$group_name][]
237        foreach ($attach_extensions as $extension => $extension_info)
238        {
239            $groups[$extension_info['group_name']]['extensions'][] = $extension;
240            $groups[$extension_info['group_name']]['max_file_size'] = (int) $extension_info['max_filesize'];
241        }
242
243        foreach ($groups as $group => $group_info)
244        {
245            $filters[] = sprintf(
246                "{title: '%s', extensions: '%s', max_file_size: %s}",
247                addslashes(ucfirst(strtolower($group))),
248                addslashes(implode(',', $group_info['extensions'])),
249                $group_info['max_file_size']
250            );
251        }
252
253        return implode(',', $filters);
254    }
255
256    /**
257    * Generates a string that is used to tell plupload to automatically resize
258    * files before uploading them.
259    *
260    * @return string
261    */
262    public function generate_resize_string()
263    {
264        $resize = '';
265        if ($this->config['img_max_height'] > 0 && $this->config['img_max_width'] > 0)
266        {
267            $preserve_headers_value = $this->config['img_strip_metadata'] ? 'false' : 'true';
268            $resize = sprintf(
269                'resize: {width: %d, height: %d, quality: %d, preserve_headers: %s},',
270                (int) $this->config['img_max_width'],
271                (int) $this->config['img_max_height'],
272                (int) $this->config['img_quality'],
273                $preserve_headers_value
274            );
275        }
276
277        return $resize;
278    }
279
280    /**
281     * Checks various php.ini values to determine the maximum chunk
282     * size a file should be split into for upload.
283     *
284     * The intention is to calculate a value which reflects whatever
285     * the most restrictive limit is set to.  And to then set the chunk
286     * size to half that value, to ensure any required transfer overhead
287     * and POST data remains well within the limit.  Or, if all of the
288     * limits are set to unlimited, the chunk size will also be unlimited.
289     *
290     * @return int
291     *
292     * @access public
293     */
294    public function get_chunk_size()
295    {
296        $max = 0;
297
298        $limits = [
299            $this->php_ini->getBytes('memory_limit'),
300            $this->php_ini->getBytes('upload_max_filesize'),
301            $this->php_ini->getBytes('post_max_size'),
302        ];
303
304        foreach ($limits as $limit_type)
305        {
306            if ($limit_type > 0)
307            {
308                $max = ($max !== 0) ? min($limit_type, $max) : $limit_type;
309            }
310        }
311
312        return (int) floor($max / 2);
313    }
314
315    protected function temporary_filepath($file_name)
316    {
317        // Must preserve the extension for plupload to work.
318        return sprintf(
319            '%s/%s_%s%s',
320            $this->temporary_directory,
321            $this->config['plupload_salt'],
322            md5($file_name),
323            \phpbb\files\filespec::get_extension($file_name)
324        );
325    }
326
327    /**
328    * Checks whether the chunk we are about to deal with was actually uploaded
329    * by PHP and actually exists, if not, it generates an error
330    *
331    * @param string $form_name The name of the file in the form data
332    * @param int $chunk Chunk number
333    * @param string $file_path File path
334    *
335    * @return void
336    */
337    protected function integrate_uploaded_file($form_name, $chunk, $file_path)
338    {
339        $is_multipart = $this->is_multipart();
340        $upload = $this->request->file($form_name);
341        if ($is_multipart && (!isset($upload['tmp_name']) || !is_uploaded_file($upload['tmp_name'])))
342        {
343            $this->emit_error(103, 'PLUPLOAD_ERR_MOVE_UPLOADED');
344        }
345
346        $tmp_file = $this->temporary_filepath($upload['tmp_name']);
347        $filesystem = new \phpbb\filesystem\filesystem();
348
349        if (!$filesystem->is_writable($this->temporary_directory) || !move_uploaded_file($upload['tmp_name'], $tmp_file))
350        {
351            $this->emit_error(103, 'PLUPLOAD_ERR_MOVE_UPLOADED');
352        }
353
354        $out = fopen("{$file_path}.part", $chunk == 0 ? 'wb' : 'ab');
355        if (!$out)
356        {
357            $this->emit_error(102, 'PLUPLOAD_ERR_OUTPUT');
358        }
359
360        $in = fopen(($is_multipart) ? $tmp_file : 'php://input', 'rb');
361        if (!$in)
362        {
363            $this->emit_error(101, 'PLUPLOAD_ERR_INPUT');
364        }
365
366        while ($buf = fread($in, 4096))
367        {
368            fwrite($out, $buf);
369        }
370
371        fclose($in);
372        fclose($out);
373
374        if ($is_multipart)
375        {
376            unlink($tmp_file);
377        }
378    }
379
380    /**
381    * Creates the temporary directory if it does not already exist.
382    *
383    * @return void
384    */
385    protected function prepare_temporary_directory()
386    {
387        if (!file_exists($this->temporary_directory))
388        {
389            mkdir($this->temporary_directory);
390
391            copy(
392                $this->upload_directory . '/index.htm',
393                $this->temporary_directory . '/index.htm'
394            );
395        }
396    }
397
398    /**
399    * Sets the default directories for uploads
400    *
401    * @return void
402    */
403    protected function set_default_directories()
404    {
405        $this->upload_directory = $this->phpbb_root_path . $this->config['upload_path'];
406        $this->temporary_directory = $this->upload_directory . '/plupload';
407    }
408
409    /**
410    * Sets the upload directories to the specified paths
411    *
412    * @param string $upload_directory Upload directory
413    * @param string $temporary_directory Temporary directory
414    *
415    * @return void
416    */
417    public function set_upload_directories($upload_directory, $temporary_directory)
418    {
419        $this->upload_directory = $upload_directory;
420        $this->temporary_directory = $temporary_directory;
421    }
422}