[pLog-svn] r4383 - in plog/trunk: class/action/admin class/data/validator class/gallery locale templates/admin

oscar at devel.lifetype.net oscar at devel.lifetype.net
Mon Dec 11 21:49:15 GMT 2006 

Author: oscar
Date: 2006-12-11 21:49:15 +0000 (Mon, 11 Dec 2006)
New Revision: 4383

Modified:
   plog/trunk/class/action/admin/adminaddresourceaction.class.php
   plog/trunk/class/data/validator/uploadvalidator.class.php
   plog/trunk/class/gallery/galleryconstants.php
   plog/trunk/locale/locale_en_UK.php
   plog/trunk/templates/admin/globalsettings_uploads.template
Log:
added support for 'whitelisting' files or file types instead of blacklisting. When both the blacklist (upload_forbidden_files) and the whitelist (upload_allowed_files) are set, the white list will always take priority.


Modified: plog/trunk/class/action/admin/adminaddresourceaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaddresourceaction.class.php	2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/class/action/admin/adminaddresourceaction.class.php	2006-12-11 21:49:15 UTC (rev 4383)
@@ -112,6 +112,8 @@
 				else {
 					if( $res == GALLERY_ERROR_RESOURCE_FORBIDDEN_EXTENSION ) 
 						$errorMessage .= $this->_locale->pr("error_resource_forbidden_extension", $file["name"])."<br/>";
+					elseif( $res == GALLERY_ERROR_RESOURCE_NOT_WHITELISTED_EXTENSION ) 
+							$errorMessage .= $this->_locale->pr("error_resource_not_whitelisted_extension", $file["name"])."<br/>";
 					elseif( $res == GALLERY_ERROR_RESOURCE_TOO_BIG )
 						$errorMessage .= $this->_locale->pr("error_resource_too_big", $file["name"])."<br/>";
 					elseif( $res == GALLERY_ERROR_UPLOADS_NOT_ENABLED )

Modified: plog/trunk/class/data/validator/uploadvalidator.class.php
===================================================================
--- plog/trunk/class/data/validator/uploadvalidator.class.php	2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/class/data/validator/uploadvalidator.class.php	2006-12-11 21:49:15 UTC (rev 4383)
@@ -8,6 +8,7 @@
 
     define( "UPLOAD_VALIDATOR_ERROR_UPLOAD_TOO_BIG", -1 );
     define( "UPLOAD_VALIDATOR_ERROR_FORBIDDEN_EXTENSION", -2 );
+    define( "UPLOAD_VALIDATOR_ERROR_NOT_WHITELISTED_EXTENSION", -10 );
 
 	/**
 	 * \ingroup Validator
@@ -47,6 +48,7 @@
         	$config =& Config::getConfig();
 
             $forbiddenFilesStr = $config->getValue( "upload_forbidden_files" );
+            $allowedFilesStr = $config->getValue( "upload_allowed_files" );
             $maxUploadSize     = $config->getValue( "maximum_file_upload_size" );
 			
 			// check if we received an object of the right type, or else just quit
@@ -59,10 +61,23 @@
             	return UPLOAD_VALIDATOR_ERROR_UPLOAD_TOO_BIG;
             }
 
-            // return true if there's nothing to do
-            if( empty($forbiddenFilesStr) || !$forbiddenFilesStr )
-            	return true;
+			if( $allowedFilesStr != "" )
+				$result = $this->validateWhitelist( $upload, $allowedFilesStr );
+			elseif( $forbiddenFilesStr != "" )
+				$result = $this->validateBlacklist( $upload, $forbiddenFilesStr );
+			else
+				$result = true;
+				
+			return( $result );
+        }
 
+		/**
+		 * @private
+		 * Validates the given uploaded file agains a blackist/list of forbidden extensions
+		 * @return Returns true if successful or false otherwise
+		 */
+		function validateBlacklist( $upload, $forbiddenFilesStr )
+		{
             // check if the filename extension is forbidden or not
             $fileName = basename($upload->getFileName());
             foreach( explode( " ", $forbiddenFilesStr ) as $file ) {
@@ -71,7 +86,26 @@
                 }
             }
 
-        	return true;
-        }
+        	return true;			
+		}
+		
+		/**
+		 * @private
+		 * Validates the given uploaded file agains a whitelist/list of allowed extensions
+		 * @return Returns true if successful or false otherwise
+		 */		
+		function validateWhitelist( $upload, $allowedFilesStr )
+		{
+            // check if the filename extension is one of the allowed ones or not
+            $fileName = basename($upload->getFileName());
+            foreach( explode( " ", $allowedFilesStr ) as $file ) {
+            	if( Glob::myFnmatch( $file, $fileName )) {
+					print("it's a valid file!");
+                	return true;
+                }
+            }
+
+        	return UPLOAD_VALIDATOR_ERROR_NOT_WHITELISTED_EXTENSION;			
+		}
     }
 ?>

Modified: plog/trunk/class/gallery/galleryconstants.php
===================================================================
--- plog/trunk/class/gallery/galleryconstants.php	2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/class/gallery/galleryconstants.php	2006-12-11 21:49:15 UTC (rev 4383)
@@ -37,6 +37,7 @@
 	define( "GALLERY_ERROR_RESOURCE_FORBIDDEN_EXTENSION", -2 );
 	define( "GALLERY_ERROR_QUOTA_EXCEEDED", -3 );
 	define( "GALLERY_ERROR_ADDING_RESOURCE", -4 );
+	define( "GALLERY_ERROR_RESOURCE_NOT_WHITELISTED_EXTENSION", -10 );
 	define( "GALLERY_ERROR_UPLOADS_NOT_ENABLED", -200 );
 	define( "GALLERY_NO_ERROR", true );
 

Modified: plog/trunk/locale/locale_en_UK.php
===================================================================
--- plog/trunk/locale/locale_en_UK.php	2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/locale/locale_en_UK.php	2006-12-11 21:49:15 UTC (rev 4383)
@@ -1213,4 +1213,7 @@
 $messages['show_comments_max'] = 'Comments per page';
 $messages['show_comments_max_help'] = 'Maximum number of comments per page';
 $messages['hard_show_comments_max_help'] = 'Hard limit for the number of comments per page';
+
+$messages['error_resource_not_whitelisted_extension'] = 'The type of the file is not one of the allowed ones.';
+$messages['help_upload_allowed_files'] = 'Space-separated list of file types that are allowed to be uploaded. Usage of \'*\' and \'?\' is allowed. If both upload_forbidden_file and this option are set, the whitelist (upload_allowed_files) takes precedence over the blacklist [Default = None]';
 ?>
\ No newline at end of file

Modified: plog/trunk/templates/admin/globalsettings_uploads.template
===================================================================
--- plog/trunk/templates/admin/globalsettings_uploads.template	2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/templates/admin/globalsettings_uploads.template	2006-12-11 21:49:15 UTC (rev 4383)
@@ -19,4 +19,10 @@
     <div class="formHelp">{$locale->tr("help_upload_forbidden_files")}</div>
     <input style="width:100%" type="text" name="config[upload_forbidden_files]" value="{$upload_forbidden_files}"/>
    </div>
+   <!-- upload_allowed_files -->
+   <div class="field">
+    <label for="config[upload_allowed_files]">upload_allowed_files</label>
+    <div class="formHelp">{$locale->tr("help_upload_allowed_files")}</div>
+    <input style="width:100%" type="text" name="config[upload_allowed_files]" value="{$upload_allowed_files}"/>
+   </div>
 </div>
\ No newline at end of file

More information about the pLog-svn mailing list