Spade
Mini Shell
| Directory:~$ /home/lmsyaran/public_html/administrator/components/com_hikamarket/helpers/ |
| [Home] [System Details] [Kill Me] |
<?php
/**
* @package HikaMarket for Joomla!
* @version 3.1.1
* @author Obsidev S.A.R.L.
* @copyright (C) 2011-2020 OBSIDEV. All rights reserved.
* @license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
*/
defined('_JEXEC') or die('Restricted access');
?><?php
class hikamarketUploadHelper {
protected $options;
protected $imagesExt = array('jpg', 'jpeg',
'gif', 'png');
public function __construct() {
$this->setOptions();
}
public function setOptions($options = null) {
$this->options = array(
'upload_dir' => HIKASHOP_MEDIA.'upload'.DS,
'upload_url' =>
JURI::base(true).'/media/'.HIKASHOP_COMPONENT.'/upload/',
'param_name' => 'files',
'max_file_size' => null,
'min_file_size' => 1,
'accept_file_types' => '/.+$/i',
'max_number_of_files' => null,
'max_width' => null,
'max_height' => null,
'min_width' => 1,
'min_height' => 1,
'send_header' => false,
'orient_image' => false,
'image_versions' => array()
);
if(empty($options))
return;
foreach($options as $k => $v) {
if(!is_array($v) || empty($this->options[$k]))
$this->options[$k] = $v;
else
$this->options[$k] = array_merge($this->options[$k], $v);
}
}
public function process($options = null) {
JSession::checkToken() || die('Invalid Token');
if(!empty($options))
$this->setOptions($options);
if(!empty($this->options['send_header']) &&
!headers_sent()) {
header('Pragma: no-cache');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('X-Content-Type-Options: nosniff');
}
$upload = reset($_FILES);
if(isset($_FILES[$this->options['param_name']]))
$upload = $_FILES[$this->options['param_name']];
if(empty($upload))
return null;
$uploaded_file = isset($upload['tmp_name']) ?
$upload['tmp_name'] : null;
$name = isset($_SERVER['HTTP_X_FILE_NAME']) ?
$_SERVER['HTTP_X_FILE_NAME'] : (isset($upload['name'])
? $upload['name'] : null);
$size = isset($_SERVER['HTTP_X_FILE_SIZE']) ?
$_SERVER['HTTP_X_FILE_SIZE'] : (isset($upload['size'])
? $upload['size'] : null);
$type = isset($_SERVER['HTTP_X_FILE_TYPE']) ?
$_SERVER['HTTP_X_FILE_TYPE'] : (isset($upload['type'])
? $upload['type'] : null);
$error = isset($upload['error']) ? $upload['error'] :
null;
$slice = null;
if(isset($_POST['slices']) &&
(int)$_POST['slices'] > 1) {
$slice = array(
'index' => (int)@$_POST['slice'],
'total' => $_POST['slices'],
'size' => (int)@$_POST['slice_size'],
'total_size' => (int)@$_POST['slices_size'],
);
}
$file = new stdClass();
$file->name = $this->trim_file_name($name, $type);
$file->size = intval($size);
$file->type = $type;
if(empty($this->options['sub_folder']))
$this->options['sub_folder'] = '';
$shopConfig = hikashop_config();
if($options['type'] == 'file')
$allowed_extensions = $shopConfig->get('allowedfiles');
else
$allowed_extensions = $shopConfig->get('allowedimages');
if(!empty($this->options['allowed_extensions'])) {
$allowed_extensions =
$this->options['allowed_extensions'];
}
if(!empty($error)) {
$file->error = $error;
} else if(empty($file->name)) {
$file->error = 'missingFileName';
} else if(!is_uploaded_file($uploaded_file)) {
$file->error = 'missingData';
} else if(!empty($this->options['max_file_size']) &&
$file->size > $this->options['max_file_size']) {
$file->error = 'maxFileSize';
} else if(!empty($this->options['max_file_size']) &&
isset($slice['total_size']) &&
$slice['total_size'] >
$this->options['max_file_size']) {
$file->error = 'maxFileSize';
} else if(!empty($this->options['min_file_size']) &&
$file->size < $this->options['min_file_size']) {
$file->error = 'minFileSize';
}
if(!empty($file->error))
return $file;
$file_path = strtolower(JFile::makeSafe($name));
if(!strpos($file_path, '.')){
$file->error = 'The file name "' . $name .
'" is not valid. Please change it.';
return $file;
}
if(!empty($slice) && $slice['index'] > 0 &&
substr($file_path, -5) == '.part') {
$pos = strrpos($file_path, '_');
$file_path = substr($file_path, 0, $pos);
}
if(!preg_match('#\.('.str_replace(array(',','.'),
array('|','\.'),
$allowed_extensions).')$#Ui', $file_path, $extension) ||
preg_match('#\.(php.?|.?htm.?|pl|py|jsp|asp|sh|cgi)$#Ui',
$file_path)) {
$file->error = JText::sprintf('ACCEPTED_TYPE',
substr($file_path,strrpos($file_path, '.') + 1),
$allowed_extensions);
return $file;
}
$file_path = str_replace(array('.',' '),
'_', substr($file_path, 0, strpos($file_path,$extension[0]))) .
$extension[0];
if(empty($slice) || $slice['index'] == 0) {
$file_path_origin = $file_path;
if(JFile::exists($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path)) {
$pos = strrpos($file_path, '.');
$file_path = substr($file_path, 0, $pos) . '_' . rand() .
'.' . substr($file_path, $pos + 1);
}
if(!empty($slice)) {
$pos = strrpos($file_path, '.');
$file_path .= '_' . $slice['total_size'] .
'-' . $slice['size'] . '.part';
$file->partial = true;
if(JFile::exists($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path)) {
clearstatcache();
$current_filesize = filesize($this->options['upload_dir']
. $this->options['sub_folder'] . $file_path);
$current_slice = $current_filesize / $slice['size'];
if(is_int($current_slice)) {
$file->name = $file_path;
$file->resume = true;
$file->slice = $current_slice;
return $file;
}
$pos = strrpos($file_path_origin, '.');
$file_path = substr($file_path_origin, 0, $pos) . '_' .
rand() . '.' . substr($file_path_origin, $pos + 1) .
'_' . $slice['total_size'] . '-' .
$slice['size'] . '.part';
}
}
if(!JFile::upload($uploaded_file,
$this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path)) {
if(!move_uploaded_file($uploaded_file,
$this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path)) {
$file->error = JText::sprintf('FAIL_UPLOAD',
$uploaded_file, $this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path);
return $file;
}
}
} else {
$file_path = strtolower(JFile::makeSafe($name));
if(substr($file_path, -5) != '.part' ||
!JFile::exists($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path)) {
$file->error = 'partialUploadNotFound';
return $file;
}
clearstatcache();
$current_filesize = filesize($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path);
if($current_filesize != ((int)$slice['index'] *
(int)$slice['size'])) {
$file->error = 'partialUploadInvalid';
return $file;
}
$destFile = fopen($this->options['upload_dir'] .
$this->options['sub_folder'] .$file_path, 'ab');
$sourceFile = fopen($uploaded_file, 'rb');
while(!feof($sourceFile)) {
$c = fread($sourceFile, 8192);
fwrite($destFile, $c);
}
fclose($destFile);
fclose($sourceFile);
if(((int)$slice['index'] + 1) ==
(int)$slice['total']) {
clearstatcache();
$current_filesize = filesize($this->options['upload_dir']
. $this->options['sub_folder'] . $file_path);
if((int)$current_filesize != (int)$slice['total_size']) {
$file->error = 'partialUploadSizeError';
return $file;
}
$pos = strrpos($file_path, '_');
$orgin_path = substr($file_path, 0, $pos);
rename($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path,
$this->options['upload_dir'] .
$this->options['sub_folder'] . $orgin_path);
$file_path = $orgin_path;
} else
$file->partial = true;
}
if($options['type'] != 'file' &&
strpos($file->name, '.') !== false &&
!empty($this->options['orient_image'])) {
$ext = strtolower(substr($file->name, strrpos($file->name,
'.') + 1));
if(!in_array($ext, $this->imagesExt))
$this->orient_image($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path);
}
$file->name = $file_path;
$file->path = $this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path;
$file->url = $this->options['upload_url'] .
$this->options['sub_folder'] . rawurlencode($file->name);
$file->size = filesize($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path);
return $file;
}
public function processFallback($options = null) {
JSession::checkToken() || die('Invalid Token');
if(!empty($options)) {
$this->setOptions($options);
}
$upload = isset($_FILES[$this->options['param_name']]) ?
$_FILES[$this->options['param_name']] : reset($_FILES);
$info = array();
if($upload && is_array($upload['tmp_name'])) {
foreach ($upload['tmp_name'] as $index => $value) {
$info[] = $this->handle_file_upload(
$upload['tmp_name'][$index],
isset($_SERVER['HTTP_X_FILE_NAME']) ?
$_SERVER['HTTP_X_FILE_NAME'] :
$upload['name'][$index],
isset($_SERVER['HTTP_X_FILE_SIZE']) ?
$_SERVER['HTTP_X_FILE_SIZE'] :
$upload['size'][$index],
isset($_SERVER['HTTP_X_FILE_TYPE']) ?
$_SERVER['HTTP_X_FILE_TYPE'] :
$upload['type'][$index],
$upload['error'][$index],
$options,
$index
);
}
} else if($upload || isset($_SERVER['HTTP_X_FILE_NAME'])) {
$info[] = $this->handle_file_upload(
isset($upload['tmp_name']) ? $upload['tmp_name'] :
null,
isset($_SERVER['HTTP_X_FILE_NAME']) ?
$_SERVER['HTTP_X_FILE_NAME'] : (isset($upload['name'])
? $upload['name'] : null),
isset($_SERVER['HTTP_X_FILE_SIZE']) ?
$_SERVER['HTTP_X_FILE_SIZE'] : (isset($upload['size'])
? $upload['size'] : null),
isset($_SERVER['HTTP_X_FILE_TYPE']) ?
$_SERVER['HTTP_X_FILE_TYPE'] : (isset($upload['type'])
? $upload['type'] : null),
isset($upload['error']) ? $upload['error'] : null,
$options
);
}
return $info;
}
protected function get_file_object($file_name) {
$file_path = $this->options['upload_dir'].$file_name;
if (is_file($file_path) && $file_name[0] !== '.') {
$file = new stdClass();
$file->name = $file_name;
$file->path = $file_path;
$file->size = filesize($file_path);
$file->url =
$this->options['upload_url'].rawurlencode($file->name);
return $file;
}
return null;
}
protected function get_file_objects() {
if(!is_dir($this->options['upload_dir']))
return array();
return array_values( array_filter( array_map( array($this,
'get_file_object'),
scandir($this->options['upload_dir']) ) ) );
}
protected function validate($uploaded_file, $file, $error, $options,
$index) {
if($error) {
$file->error = $error;
return false;
}
if(!$file->name) {
$file->error = 'missingFileName';
return false;
}
if(!preg_match($this->options['accept_file_types'],
$file->name)) {
$file->error = 'acceptFileTypes';
return false;
}
if($uploaded_file && is_uploaded_file($uploaded_file)) {
$file_size = filesize($uploaded_file);
} else {
$file_size = $_SERVER['CONTENT_LENGTH'];
}
if($this->options['max_file_size'] && ( $file_size
> $this->options['max_file_size'] || $file->size >
$this->options['max_file_size']) ) {
$file->error = 'maxFileSize';
return false;
}
if($this->options['min_file_size'] && $file_size
< $this->options['min_file_size']) {
$file->error = 'minFileSize';
return false;
}
if(is_int($this->options['max_number_of_files']) &&
( count($this->get_file_objects()) >=
$this->options['max_number_of_files']) ) {
$file->error = 'maxNumberOfFiles';
return false;
}
if($options['type'] == 'file') {
} else {
list($img_width, $img_height) = @getimagesize($uploaded_file);
if(!is_int($img_width)) {
$file->error = 'invalidFile';
return false;
}
if((!empty($this->options['max_width']) &&
$img_width > $this->options['max_width']) ||
(!empty($this->options['max_height']) && $img_height
> $this->options['max_height'])) {
$file->error = 'maxResolution';
return false;
}
if((!empty($this->options['min_width']) &&
$img_width < $this->options['min_width']) ||
(!empty($this->options['min_height']) && $img_height
< $this->options['min_height'])) {
$file->error = 'minResolution';
return false;
}
}
return true;
}
protected function handle_file_upload($uploaded_file, $name, $size, $type,
$error, $options, $index = null) {
$file = new stdClass();
$file->name = $this->trim_file_name($name, $type, $index);
$file->size = intval($size);
$file->type = $type;
if(empty($this->options['sub_folder']))
$this->options['sub_folder'] = '';
if(!$this->validate($uploaded_file, $file, $error, $options, $index))
return $file;
$shopConfig = hikamarket::config(false);
if($options['type'] == 'file') {
$allowed = $shopConfig->get('allowedfiles');
} else {
$allowed = $shopConfig->get('allowedimages');
}
$file_path = strtolower(JFile::makeSafe($name));
if(!strpos($file_path, '.')){
$file->error = 'The file name "' . $name .
'" is not valid. Please change it.';
return $file;
}
if(!preg_match('#\.('.str_replace(array(',','.'),
array('|','\.'), $allowed).')$#Ui',
$file_path,$extension) ||
preg_match('#\.(php.?|.?htm.?|pl|py|jsp|asp|sh|cgi)$#Ui',
$file_path)) {
$file->error = JText::sprintf('ACCEPTED_TYPE',
substr($file_path,strrpos($file_path, '.') + 1),
str_replace(',',', ',$allowed));
return $file;
}
$file_path = str_replace(array('.',' '),
'_', substr($file_path, 0, strpos($file_path,$extension[0]))) .
$extension[0];
if(JFile::exists($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path)) {
$pos = strrpos($file_path, '.');
$file_path = substr($file_path, 0, $pos) . '_' . rand() .
'.' . substr($file_path, $pos + 1);
}
if(!JFile::upload($uploaded_file,
$this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path)) {
if(!move_uploaded_file($uploaded_file,
$this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path)) {
$file->error = JText::sprintf('FAIL_UPLOAD',
$uploaded_file, $this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path);
return $file;
}
}
$file_size = filesize($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path);
$file->name = $file_path;
$file->path = $this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path;
$file->url = $this->options['upload_url'] .
$this->options['sub_folder'] . rawurlencode($file->name);
if(strpos($file->name, '.') !== false) {
$ext = strtolower(substr($file->name, strrpos($file->name,
'.') + 1));
if(!in_array($ext, $this->imagesExt) &&
$this->options['orient_image']) {
$this->orient_image($this->options['upload_dir'] .
$this->options['sub_folder'] . $file_path);
}
}
return $file;
}
protected function trim_file_name($name, $type) {
$file_name = trim(basename(stripslashes($name)),
".\x00..\x20");
if(strpos($file_name, '.') === false &&
preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches))
$file_name .= '.'.$matches[1];
return $file_name;
}
protected function orient_image($file_path) {
$exif = @exif_read_data($file_path);
if($exif === false)
return false;
$orientation = intval(@$exif['Orientation']);
if(!in_array($orientation, array(3, 6, 8)))
return false;
$image = @imagecreatefromjpeg($file_path);
switch ($orientation) {
case 3:
$image = @imagerotate($image, 180, 0);
break;
case 6:
$image = @imagerotate($image, 270, 0);
break;
case 8:
$image = @imagerotate($image, 90, 0);
break;
default:
return false;
}
$success = imagejpeg($image, $file_path);
@imagedestroy($image);
return $success;
}
}