From 1dc8b3d7d14cae624f0dd40ccf0ac19866eedffd Mon Sep 17 00:00:00 2001
From: Anthony Borghi <anthony.borghi@veremes.com>
Date: Wed, 17 Oct 2018 15:21:45 +0200
Subject: [PATCH] Ajout des fonctions pour interagir avec les 3 zones de
stockage de fichiers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reprise de uploadFile :
- changement empreinte de la fonction
- changement pour retourner le chemin en cas de succès
- simplification du code
- Utilisation d'un structure de ficheir commune entre POST et PUT
ajout de la fonction extractFileStruct pour transformer la strcuture POST ou PUT en une structure générique
ajout de uploadInwsdataDir, uploadInPublicdir, uploadInUploadDir pour upload un fichier dans wsdata, public ou upload
---
vas/rest/class/vmlib/phpUtil.inc | 391 ++++++++++++++++++++++---------
1 file changed, 281 insertions(+), 110 deletions(-)
diff --git a/vas/rest/class/vmlib/phpUtil.inc b/vas/rest/class/vmlib/phpUtil.inc
index dee4b832..a89eab29 100755
--- a/vas/rest/class/vmlib/phpUtil.inc
+++ b/vas/rest/class/vmlib/phpUtil.inc
@@ -30,148 +30,319 @@ function stripslashes_deep($aString) {
*@param $sFileType Type of file needed.
*@param $sServerPath New path of the file.
*@param $sMaxSize Maximal size of the file.
- *@return $sErrorMsg The error message.
+ *@param $aFileValues File structure generated by extractFileStruct.
+ *@return $sErrorMsg The error message or the final file path on success.
*/
-function uploadFile($sNomObjet, $sFileType, $sServerPath, $sMaxSize) {
+function uploadFile($sNomObjet, $sFileType, $sServerPath, $sMaxSize, $aFileValues) {
global $properties, $sFolderLib;
loadLang($sFolderLib, $properties["language"], $sFolderLib . "/");
- $aExtensionPicture = array('gif', 'jpg', 'jpeg', 'png');
- $aExtensionPictureAndPdf = array('gif', 'jpg', 'jpeg', 'png', 'pdf');
- $aExtensionFile = array('pdf', 'gif', 'jpg', 'jpeg', 'png', 'txt');
- $aExtensionZip = array('zip', 'gex');
- $aExtensionFmw = array('fmw');
+
+ $aExtension = array(
+ "image" => array('gif', 'jpg', 'jpeg', 'png'),
+ "image-pdf" => array('gif', 'jpg', 'jpeg', 'png', 'pdf'),
+ "document" => array('pdf', 'gif', 'jpg', 'jpeg', 'png', 'txt'),
+ "pdf" => array('pdf'),
+ "zip" => array('zip', 'gex'),
+ "fmw" => array('fmw')
+ );
$aForbiddenExtension = explode('|', str_replace("*.", "", $properties['forbidden_extension']));
- $sTmpFile = $_FILES[$sNomObjet]['tmp_name'];
- // Si l'utilisateur n'a indiqué aucun fichier à uploader, il ne se passe rien
+ $sTmpFile = "";
$sErrorMsg = "";
-
- if ($sTmpFile == '') {
- if ($_FILES[$sNomObjet]['name'] != "") {
- switch ($_FILES[$sNomObjet]['error']) {
- case "1" :
- $sErrorMsg = ERROR_DOWNLOAD_FILE . $_FILES[$sNomObjet]['name'] . " : " . ERROR_UPLOAD_MAX_FILE_SIZE;
- break;
- case "2" :
- $sErrorMsg = ERROR_DOWNLOAD_FILE . $_FILES[$sNomObjet]['name'] . " : " . ERROR_MAX_FILE_SIZE;
- break;
- case "3" :
- $sErrorMsg = ERROR_DOWNLOAD_FILE . $_FILES[$sNomObjet]['name'] . " : " . ERROR_PARTIAL_DOWNLOAD;
- break;
- case "4" :
- $sErrorMsg = ERROR_NO_FILE_DOWNLOADED;
- break;
- case "6" :
- $sErrorMsg = ERROR_DOWNLOAD_FILE . $_FILES[$sNomObjet]['name'] . " : " . ERROR_MISSING_TEMP_FOLDER;
- break;
- case "7" :
- $sErrorMsg = ERROR_DOWNLOAD_FILE . $_FILES[$sNomObjet]['name'] . " : " . ERROR_WRITING_DISK;
- break;
- case "8" :
- $sErrorMsg = ERROR_DOWNLOAD_FILE . $_FILES[$sNomObjet]['name'] . " : " . ERROR_PHP_EXT_SEND;
- break;
+ // si pas de aValues il y a eu une erreur pendant l'upload dans tmp du PUT
+ if (!empty($aFileValues)){
+ $sTmpFile = $aFileValues['tmp_name'];
+
+ // Si l'utilisateur n'a indiqué aucun fichier à uploader, il ne se passe rien
+ if ($sTmpFile == '') {
+ if ($aFileValues['name'] != "") {
+ switch ($aFileValues['error']) {
+ case "1" :
+ $sErrorMsg = ERROR_DOWNLOAD_FILE . $aFileValues['name'] . " : " . ERROR_UPLOAD_MAX_FILE_SIZE;
+ break;
+ case "2" :
+ $sErrorMsg = ERROR_DOWNLOAD_FILE . $aFileValues['name'] . " : " . ERROR_MAX_FILE_SIZE;
+ break;
+ case "3" :
+ $sErrorMsg = ERROR_DOWNLOAD_FILE . $aFileValues['name'] . " : " . ERROR_PARTIAL_DOWNLOAD;
+ break;
+ case "4" :
+ $sErrorMsg = ERROR_NO_FILE_DOWNLOADED;
+ break;
+ case "6" :
+ $sErrorMsg = ERROR_DOWNLOAD_FILE . $aFileValues['name'] . " : " . ERROR_MISSING_TEMP_FOLDER;
+ break;
+ case "7" :
+ $sErrorMsg = ERROR_DOWNLOAD_FILE . $aFileValues['name'] . " : " . ERROR_WRITING_DISK;
+ break;
+ case "8" :
+ $sErrorMsg = ERROR_DOWNLOAD_FILE . $aFileValues['name'] . " : " . ERROR_PHP_EXT_SEND;
+ break;
+ }
+ writeToErrorLog($sErrorMsg);
}
- writeToErrorLog($sErrorMsg);
+ return $sErrorMsg;
}
- return $sErrorMsg;
- }
- $aTemp = explode("\\", $sServerPath);
- if (is_uploaded_file($sTmpFile)) {
- if (!in_array(extension($aTemp[count($aTemp) - 1]), $aForbiddenExtension)) {
+
+ $aTemp = explode("/", $sServerPath);
+
+ $sFileName = end($aTemp);
+ $sFileExtension = extension($sFileName);
+
+ if (!in_array($sFileExtension, $aForbiddenExtension)) {
//Teste si le fichier correspont au format voulu.
$bAllowUpload = false;
$sFormat = "";
- switch ($sFileType) {
- case "image" :
- if (in_array(extension($aTemp[count($aTemp) - 1]), $aExtensionPicture)) {
- $bAllowUpload = true;
- } else {
- foreach ($aExtensionPicture as $sValue) {
- $sFormat .= " " . $sValue;
- }
- writeToErrorLog(ERROR_FILE . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType);
- $sErrorMsg = FILE_LABEL_PHPUTIL . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType . ERROR_VALID_FILE . $sFormat . '.';
- }
- break;
- case "image-pdf" :
- if (in_array(extension($aTemp[count($aTemp) - 1]), $aExtensionPictureAndPdf)) {
- $bAllowUpload = true;
- } else {
- foreach ($aExtensionPictureAndPdf as $sValue) {
- $sFormat .= " " . $sValue;
- }
- writeToErrorLog(ERROR_FILE . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType);
- $sErrorMsg = FILE_LABEL_PHPUTIL . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType . ERROR_VALID_FILE . $sFormat . '.';
- }
- break;
- case "document" :
- if (in_array(extension($aTemp[count($aTemp) - 1]), $aExtensionFile)) {
- $bAllowUpload = true;
- } else {
- foreach ($aExtensionFile as $sValue) {
- $sFormat .= " " . $sValue;
- }
- writeToErrorLog(ERROR_FILE . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType);
- $sErrorMsg = FILE_LABEL_PHPUTIL . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType . ERROR_VALID_FILE . $sFormat . '.';
- }
- break;
- case "zip" :
- if (in_array(extension($aTemp[count($aTemp) - 1]), $aExtensionZip)) {
- $bAllowUpload = true;
- } else {
- foreach ($aExtensionZip as $sValue) {
- $sFormat .= " " . $sValue;
- }
- writeToErrorLog(ERROR_FILE . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType);
- $sErrorMsg = FILE_LABEL_PHPUTIL . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType . ERROR_VALID_FILE . $sFormat . '.';
- }
- break;
- case "fmw" :
- if (in_array(extension($aTemp[count($aTemp) - 1]), $aExtensionFmw)) {
- $bAllowUpload = true;
- } else {
- foreach ($aExtensionFmw as $sValue) {
- $sFormat .= " " . $sValue;
- }
- writeToErrorLog(ERROR_FILE . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType);
- $sErrorMsg = FILE_LABEL_PHPUTIL . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType . ERROR_VALID_FILE . $sFormat . '.';
- }
- break;
- default :
+ if (in_array($sFileType, array_keys($aExtension))){
+ if (in_array($sFileExtension, $aExtension[$sFileType])) {
$bAllowUpload = true;
-
- break;
+ } else {
+ foreach ($aExtensionPicture as $sValue) {
+ $sFormat .= " " . $sValue;
+ }
+ writeToErrorLog(ERROR_FILE . $aFileValues['name'] . ERROR_NOT_FILE . $sFileType);
+ $sErrorMsg = FILE_LABEL_PHPUTIL . $aFileValues['name'] . ERROR_NOT_FILE . $sFileType . ERROR_VALID_FILE . $sFormat . '.';
+ }
+ } else {
+ $bAllowUpload = true;
}
//Teste si le fichier n'est pas de trop grande taille.
- if ($_FILES[$sNomObjet]['size'] > $sMaxSize || $_FILES[$sNomObjet]['error'] == 1) {
+ if ($aFileValues['size'] > $sMaxSize || $aFileValues['error'] == 1) {
$bAllowUpload = false;
- if ($_FILES[$sNomObjet]['size'] > $sMaxSize)
- $sErrorMsg .= FILE_LABEL_PHPUTIL . $_FILES[$sNomObjet]['name'] . OF_LABEL_PHPUTIL . $_FILES[$sNomObjet]['size'] . ERROR_EXCEED_MAX_SIZE . ' (' . $sMaxSize . LABEL_BYTES_PHPUTIL . ').';
- if ($_FILES[$sNomObjet]['error'] > $sMaxSize)
- $sErrorMsg .= FILE_LABEL_PHPUTIL . $_FILES[$sNomObjet]['name'] . ERROR_EXCEED_MAX_SIZE_PHP . ' (' . $sMaxSize . LABEL_BYTES_PHPUTIL . ').';
+ if ($aFileValues['size'] > $sMaxSize)
+ $sErrorMsg .= FILE_LABEL_PHPUTIL . $aFileValues['name'] . OF_LABEL_PHPUTIL . $aFileValues['size'] . ERROR_EXCEED_MAX_SIZE . ' (' . $sMaxSize . LABEL_BYTES_PHPUTIL . ').';
+ if ($aFileValues['error'] > $sMaxSize)
+ $sErrorMsg .= FILE_LABEL_PHPUTIL . $aFileValues['name'] . ERROR_EXCEED_MAX_SIZE_PHP . ' (' . $sMaxSize . LABEL_BYTES_PHPUTIL . ').';
}
+
//Lance l'upload.
if ($bAllowUpload) {
if (!copy($sTmpFile, $sServerPath)) {
- writeToErrorLog(ERROR_COPYING_FILE . $_FILES[$sNomObjet]['name'] . ON_SERVER_PHPUTIL . ', ' . $sTmpFile . ', ' . $sServerPath);
- $sErrorMsg = ERROR_COPYING_FILE . $_FILES[$sNomObjet]['name'] . ON_SERVER_PHPUTIL . '.';
+ writeToErrorLog(ERROR_COPYING_FILE . $aFileValues['name'] . ON_SERVER_PHPUTIL . ', ' . $sTmpFile . ', ' . $sServerPath);
+ $sErrorMsg = ERROR_COPYING_FILE . $aFileValues['name'] . ON_SERVER_PHPUTIL . '.';
}
unlink($sTmpFile);
+ $sErrorMsg = $sServerPath;
//chmod($sServerPath,755);
}
} else {
- writeToErrorLog(ERROR_FILE . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType);
- $sErrorMsg = FILE_LABEL_PHPUTIL . $_FILES[$sNomObjet]['name'] . ERROR_NOT_FILE . $sFileType . ERROR_VALID_FILE . $sFormat . '.';
+ writeToErrorLog(ERROR_FILE . $aFileValues['name'] . ERROR_NOT_FILE . $sFileType);
+ $sErrorMsg = FILE_LABEL_PHPUTIL . $aFileValues['name'] . ERROR_NOT_FILE . $sFileType . ERROR_VALID_FILE . $sFormat . '.';
}
} else {
- writeToErrorLog(ERROR_FILE . $_FILES[$sNomObjet]['name'] . ERROR_DOWNLOAD_SERVER);
- $sErrorMsg = FILE_LABEL_PHPUTIL . $_FILES[$sNomObjet]['name'] . ERROR_DOWNLOAD_SERVER . ' (' . ERROR_CODE_PHPUTIL . $_FILES[$sNomObjet]['error'] . ').';
+ writeToErrorLog(ERROR_FILE . "File" . ERROR_DOWNLOAD_SERVER);
+ $sErrorMsg = FILE_LABEL_PHPUTIL . "File" . ERROR_DOWNLOAD_SERVER . '.';
}
return $sErrorMsg;
}
+/**
+ *This method convert $_FILE struct or the aValues File to a File Struct usable by uploadFile.
+ *@file vmlib/phpUtil.inc
+ *@param $sField Name of the field.
+ *@param $aValues $aValues to copy file in tmp.
+ *@return $aFileStruct FileStuct or null if an error block the write in tmp.
+ */
+function extractFileStruct ($sField, $aValues = null){
+ global $properties;
+ if (empty($aValues)){
+ // Extract From Post $File Struct
+ return $aFileStruc = array(
+ "name" => $_FILES[$sField]['name'],
+ "tmp_name" => $_FILES[$sField]['tmp_name'],
+ "error" => $_FILES[$sField]['error'],
+ "size" => $_FILES[$sField]['size']
+ );
+ } else {
+ // Extraction de $aValues, on le met dans tmp pour préparer la copie dans upload file
+ $sTmpFile = $properties['extract_dir'] . "/" . getUniqRandomId();
+ $oFile = fopen($sTmpFile, 'w+');
+ if (!$oFile){
+ writeToErrorLog("Can't open file in " . $properties['extract_dir']);
+ return null;
+ }else{
+ fwrite($oFile, $aValues[$sField . "_file"]);
+ fclose($oFile);
+ return $aFileStruc = array(
+ "name" => $aValues[$sField . "_name"],
+ "tmp_name" => $sTmpFile,
+ "error" => "0",
+ "size" => filesize($sTmpFile)
+ );
+ }
+ }
+}
+
+/**
+ *This method upload a file in ws_data.
+ *@file vmlib/phpUtil.inc
+ *@param $sModule Name of the module.
+ *@param $sObject Name of the object.
+ *@param $mId Id of the current object.
+ *@param $sField field name (generally DB column name).
+ *@param $aValues Vitis $aValues.
+ *@param $iMaxSize Maximum size to upload on server. (set to -1 to disable this control)
+ *@param $sFileTypeCtrl Type of the document. (set to all to disable this control)
+ *@return $sErrorMsg The error message.
+ */
+function uploadInWsDataDir ($sModule, $sObject, $mId, $sField, $aValues, $iMaxSize = -1, $sFileTypeCtrl = "all"){
+ global $properties;
+
+ // on controle les attributs pour éviter les mauvais placements
+ if (strpos($sModule, '/') > -1){
+ writeToErrorLog("Module can't contain path : " . $sModule);
+ return "Module can't contain path : " . $sModule;
+ }
+
+ if (strpos($sObject, "/") > -1){
+ writeToErrorLog("Object can't contain path : " . $sObject);
+ return "Object can't contain path : " . $sObject;
+ }
+
+ if (strpos($mId, "/") > -1){
+ writeToErrorLog("Id can't contain path : " . $mId);
+ return "Id can't contain path : " . $mId;
+ }
+
+ if (strpos($sField, "/") > -1){
+ writeToErrorLog("Field can't contain path : " . $sField);
+ return "Field can't contain path : " . $sField;
+ }
+ // on génére la Structure fichier
+ $aFileStruct = extractFileStruct ($sField, $aValues);
+ // on génére la destination
+ $sDestDir = $properties['ws_data_dir'] . "/" . $sModule . "/" . $sObject . "/" . $mId . "/" . $sField;
+ $sDestPath = $sDestDir . "/" . $aFileStruct["name"];
+
+ // on controle la destination pour éviter les mauvais placements
+ if (strpos($sDestPath, "/\.\./") > -1){
+ writeToErrorLog("This function doesn't accept relative reference : " . $sDestPath);
+ return "This function doesn't accept relative reference : " . $sDestPath;
+ }
+ // si taille max vaut -1 alors taille max = taille fichier + 1
+ if ($iMaxSize == -1){
+ $iMaxSize = $aFileStruct["size"] + 1;
+ }
+ // création du fichier si besoin
+ if (!is_dir($sDestDir)){
+ if(!mkdir($sDestDir, 0777, true)){
+ writeToErrorLog("Can't create directory " . $sDestDir);
+ return "Can't create directory " . $sDestDir;
+ }
+ }
+ // Upload du fichier
+ return uploadFile($sField, $sFileTypeCtrl, $sDestPath, $iMaxSize, $aFileStruct);
+}
+/**
+ *This method upload a file in Public.
+ *@file vmlib/phpUtil.inc
+ *@param $sModule Name of the module.
+ *@param $sRandomUniqId Uniq folder to use to stock file(s) (set it to "auto" to let the function create this folder).
+ *@param $sField field name (generally DB column name).
+ *@param $aValues Vitis $aValues.
+ *@param $iMaxSize Maximum size to upload on server. (set to -1 to disable this control)
+ *@param $sFileTypeCtrl Type of the document. (set to all to disable this control)
+ *@return $sErrorMsg The error message or the file path if success.
+ */
+function uploadInPublicDir($sModule, $sField, $aValues, $sRandomUniqId = "auto", $iMaxSize = -1, $sFileTypeCtrl = "all"){
+ global $properties;
+
+ // on controle les attributs pour éviter les mauvais placements
+ if (strpos($sModule, '/') > -1){
+ writeToErrorLog("Module can't contain path : " . $sModule);
+ return "Module can't contain path : " . $sModule;
+ }
+ if (strpos($sField, "/") > -1){
+ writeToErrorLog("Field can't contain path : " . $sField);
+ return "Field can't contain path : " . $sField;
+ }
+ // on génére la Structure fichier
+ $aFileStruct = extractFileStruct ($sField, $aValues);
+ // on génére le dossier unique si besoin
+ if($sRandomUniqId == "auto"){
+ $sRandomUniqId = getUniqRandomId();
+ }
+ // on génére la destination
+ $sDestDir = $properties['dir_export'] . "/" . $sModule . "/" . $sRandomUniqId;
+ $sDestPath = $sDestDir . "/" . $aFileStruct["name"];
+
+ // on controle la destination pour éviter les mauvais placements
+ if (strpos($sDestPath, "/\.\./") > -1){
+ writeToErrorLog("This function doesn't accept relative reference : " . $sDestPath);
+ return "This function doesn't accept relative reference : " . $sDestPath;
+ }
+ // si taille max vaut -1 alors taille max = taille fichier + 1
+ if ($iMaxSize == -1){
+ $iMaxSize = $aFileStruct["size"] + 1;
+ }
+
+ // création du fichier si besoin
+ if (!is_dir($sDestDir)){
+ if(!mkdir($sDestDir, 0777, true)){
+ writeToErrorLog("Can't create directory " . $sDestDir);
+ return "Can't create directory " . $sDestDir;
+ }
+ }
+ // Upload du fichier
+ return uploadFile($sField, $sFileTypeCtrl, $sDestPath, $iMaxSize, $aFileStruct);
+}
+
+/**
+ *This method upload a file in Upload.
+ *@file vmlib/phpUtil.inc
+ *@param $sModule Name of the module.
+ *@param $sRandomUniqId Uniq folder to use to stock file(s) (set it to "auto" to let the function create this folder).
+ *@param $sField field name (generally DB column name).
+ *@param $aValues Vitis $aValues.
+ *@param $iMaxSize Maximum size to upload on server. (set to -1 to disable this control)
+ *@param $sFileTypeCtrl Type of the document. (set to all to disable this control)
+ *@return $sErrorMsg The error message or the file path if success.
+ */
+function uploadInUploadDir($sModule, $sField, $aValues, $sRandomUniqId = "auto", $iMaxSize = -1, $sFileTypeCtrl = "all"){
+ global $properties;
+
+ // on controle les attributs pour éviter les mauvais placements
+ if (strpos($sModule, '/') > -1){
+ writeToErrorLog("Module can't contain path : " . $sModule);
+ return "Module can't contain path : " . $sModule;
+ }
+ if (strpos($sField, "/") > -1){
+ writeToErrorLog("Field can't contain path : " . $sField);
+ return "Field can't contain path : " . $sField;
+ }
+ // on génére la Structure fichier
+ $aFileStruct = extractFileStruct ($sField, $aValues);
+ // on génére le dossier unique si besoin
+ if($sRandomUniqId == "auto"){
+ $sRandomUniqId = getUniqRandomId();
+ }
+ // on génére la destination
+ $sDestDir = $properties['upload_dir'] . "/" . $sModule . "/" . $sRandomUniqId;
+ $sDestPath = $sDestDir . "/" . $aFileStruct["name"];
+
+ // on controle la destination pour éviter les mauvais placements
+ if (strpos($sDestPath, "/\.\./") > -1){
+ writeToErrorLog("This function doesn't accept relative reference : " . $sDestPath);
+ return "This function doesn't accept relative reference : " . $sDestPath;
+ }
+ // si taille max vaut -1 alors taille max = taille fichier + 1
+ if ($iMaxSize == -1){
+ $iMaxSize = $aFileStruct["size"] + 1;
+ }
+
+ // création du fichier si besoin
+ if (!is_dir($sDestDir)){
+ if(!mkdir($sDestDir, 0777, true)){
+ writeToErrorLog("Can't create directory " . $sDestDir);
+ return "Can't create directory " . $sDestDir;
+ }
+ }
+ // Upload du fichier
+ return uploadFile($sField, $sFileTypeCtrl, $sDestPath, $iMaxSize, $aFileStruct);
+}
+
/**
*This method return the extension of a file.
*@file vmlib/phpUtil.inc
--
GitLab