[pLog-svn] r4383 - in plog/trunk: class/action/admin
class/data/validator class/gallery locale templates/admin
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Mon Dec 11 21:49:15 GMT 2006
Author: oscar
Date: 2006-12-11 21:49:15 +0000 (Mon, 11 Dec 2006)
New Revision: 4383
Modified:
plog/trunk/class/action/admin/adminaddresourceaction.class.php
plog/trunk/class/data/validator/uploadvalidator.class.php
plog/trunk/class/gallery/galleryconstants.php
plog/trunk/locale/locale_en_UK.php
plog/trunk/templates/admin/globalsettings_uploads.template
Log:
added support for 'whitelisting' files or file types instead of blacklisting. When both the blacklist (upload_forbidden_files) and the whitelist (upload_allowed_files) are set, the white list will always take priority.
Modified: plog/trunk/class/action/admin/adminaddresourceaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaddresourceaction.class.php 2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/class/action/admin/adminaddresourceaction.class.php 2006-12-11 21:49:15 UTC (rev 4383)
@@ -112,6 +112,8 @@
else {
if( $res == GALLERY_ERROR_RESOURCE_FORBIDDEN_EXTENSION )
$errorMessage .= $this->_locale->pr("error_resource_forbidden_extension", $file["name"])."<br/>";
+ elseif( $res == GALLERY_ERROR_RESOURCE_NOT_WHITELISTED_EXTENSION )
+ $errorMessage .= $this->_locale->pr("error_resource_not_whitelisted_extension", $file["name"])."<br/>";
elseif( $res == GALLERY_ERROR_RESOURCE_TOO_BIG )
$errorMessage .= $this->_locale->pr("error_resource_too_big", $file["name"])."<br/>";
elseif( $res == GALLERY_ERROR_UPLOADS_NOT_ENABLED )
Modified: plog/trunk/class/data/validator/uploadvalidator.class.php
===================================================================
--- plog/trunk/class/data/validator/uploadvalidator.class.php 2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/class/data/validator/uploadvalidator.class.php 2006-12-11 21:49:15 UTC (rev 4383)
@@ -8,6 +8,7 @@
define( "UPLOAD_VALIDATOR_ERROR_UPLOAD_TOO_BIG", -1 );
define( "UPLOAD_VALIDATOR_ERROR_FORBIDDEN_EXTENSION", -2 );
+ define( "UPLOAD_VALIDATOR_ERROR_NOT_WHITELISTED_EXTENSION", -10 );
/**
* \ingroup Validator
@@ -47,6 +48,7 @@
$config =& Config::getConfig();
$forbiddenFilesStr = $config->getValue( "upload_forbidden_files" );
+ $allowedFilesStr = $config->getValue( "upload_allowed_files" );
$maxUploadSize = $config->getValue( "maximum_file_upload_size" );
// check if we received an object of the right type, or else just quit
@@ -59,10 +61,23 @@
return UPLOAD_VALIDATOR_ERROR_UPLOAD_TOO_BIG;
}
- // return true if there's nothing to do
- if( empty($forbiddenFilesStr) || !$forbiddenFilesStr )
- return true;
+ if( $allowedFilesStr != "" )
+ $result = $this->validateWhitelist( $upload, $allowedFilesStr );
+ elseif( $forbiddenFilesStr != "" )
+ $result = $this->validateBlacklist( $upload, $forbiddenFilesStr );
+ else
+ $result = true;
+
+ return( $result );
+ }
+ /**
+ * @private
+ * Validates the given uploaded file agains a blackist/list of forbidden extensions
+ * @return Returns true if successful or false otherwise
+ */
+ function validateBlacklist( $upload, $forbiddenFilesStr )
+ {
// check if the filename extension is forbidden or not
$fileName = basename($upload->getFileName());
foreach( explode( " ", $forbiddenFilesStr ) as $file ) {
@@ -71,7 +86,26 @@
}
}
- return true;
- }
+ return true;
+ }
+
+ /**
+ * @private
+ * Validates the given uploaded file agains a whitelist/list of allowed extensions
+ * @return Returns true if successful or false otherwise
+ */
+ function validateWhitelist( $upload, $allowedFilesStr )
+ {
+ // check if the filename extension is one of the allowed ones or not
+ $fileName = basename($upload->getFileName());
+ foreach( explode( " ", $allowedFilesStr ) as $file ) {
+ if( Glob::myFnmatch( $file, $fileName )) {
+ print("it's a valid file!");
+ return true;
+ }
+ }
+
+ return UPLOAD_VALIDATOR_ERROR_NOT_WHITELISTED_EXTENSION;
+ }
}
?>
Modified: plog/trunk/class/gallery/galleryconstants.php
===================================================================
--- plog/trunk/class/gallery/galleryconstants.php 2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/class/gallery/galleryconstants.php 2006-12-11 21:49:15 UTC (rev 4383)
@@ -37,6 +37,7 @@
define( "GALLERY_ERROR_RESOURCE_FORBIDDEN_EXTENSION", -2 );
define( "GALLERY_ERROR_QUOTA_EXCEEDED", -3 );
define( "GALLERY_ERROR_ADDING_RESOURCE", -4 );
+ define( "GALLERY_ERROR_RESOURCE_NOT_WHITELISTED_EXTENSION", -10 );
define( "GALLERY_ERROR_UPLOADS_NOT_ENABLED", -200 );
define( "GALLERY_NO_ERROR", true );
Modified: plog/trunk/locale/locale_en_UK.php
===================================================================
--- plog/trunk/locale/locale_en_UK.php 2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/locale/locale_en_UK.php 2006-12-11 21:49:15 UTC (rev 4383)
@@ -1213,4 +1213,7 @@
$messages['show_comments_max'] = 'Comments per page';
$messages['show_comments_max_help'] = 'Maximum number of comments per page';
$messages['hard_show_comments_max_help'] = 'Hard limit for the number of comments per page';
+
+$messages['error_resource_not_whitelisted_extension'] = 'The type of the file is not one of the allowed ones.';
+$messages['help_upload_allowed_files'] = 'Space-separated list of file types that are allowed to be uploaded. Usage of \'*\' and \'?\' is allowed. If both upload_forbidden_file and this option are set, the whitelist (upload_allowed_files) takes precedence over the blacklist [Default = None]';
?>
\ No newline at end of file
Modified: plog/trunk/templates/admin/globalsettings_uploads.template
===================================================================
--- plog/trunk/templates/admin/globalsettings_uploads.template 2006-12-11 21:47:16 UTC (rev 4382)
+++ plog/trunk/templates/admin/globalsettings_uploads.template 2006-12-11 21:49:15 UTC (rev 4383)
@@ -19,4 +19,10 @@
<div class="formHelp">{$locale->tr("help_upload_forbidden_files")}</div>
<input style="width:100%" type="text" name="config[upload_forbidden_files]" value="{$upload_forbidden_files}"/>
</div>
+ <!-- upload_allowed_files -->
+ <div class="field">
+ <label for="config[upload_allowed_files]">upload_allowed_files</label>
+ <div class="formHelp">{$locale->tr("help_upload_allowed_files")}</div>
+ <input style="width:100%" type="text" name="config[upload_allowed_files]" value="{$upload_allowed_files}"/>
+ </div>
</div>
\ No newline at end of file
More information about the pLog-svn
mailing list