1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
<?php
/**
* FORGE upload input library.
*
* $Id$
*
* @package Forge
* @author Kohana Team
* @copyright (c) 2007-2008 Kohana Team
* @license http://kohanaphp.com/license.html
*/
class Form_Upload_Core extends Form_Input {
protected $data = array
(
'class' => 'upload',
'value' => '',
);
protected $protect = array('type', 'label', 'value');
// Upload data
protected $upload;
// Upload directory and filename
protected $directory;
protected $filename;
public function __construct($name, $filename = FALSE)
{
parent::__construct($name);
if ( ! empty($_FILES[$name]))
{
if (empty($_FILES[$name]['tmp_name']) OR is_uploaded_file($_FILES[$name]['tmp_name']))
{
// Cache the upload data in this object
$this->upload = $_FILES[$name];
// Hack to allow file-only inputs, where no POST data is present
$_POST[$name] = $this->upload['name'];
// Set the filename
$this->filename = empty($filename) ? FALSE : $filename;
}
else
{
// Attempt to delete the invalid file
is_writable($_FILES[$name]['tmp_name']) and unlink($_FILES[$name]['tmp_name']);
// Invalid file upload, possible hacking attempt
unset($_FILES[$name]);
}
}
}
/**
* Sets the upload directory.
*
* @param string upload directory
* @return void
*/
public function directory($dir = NULL)
{
// Use the global upload directory by default
empty($dir) and $dir = Kohana::config('upload.directory');
// Make the path asbolute and normalize it
$directory = str_replace('\\', '/', realpath($dir)).'/';
// Make sure the upload director is valid and writable
if ($directory === '/' OR ! is_dir($directory) OR ! is_writable($directory))
throw new Kohana_Exception('upload.not_writable', $dir);
$this->directory = $directory;
}
public function validate()
{
// The upload directory must always be set
empty($this->directory) and $this->directory();
// By default, there is no uploaded file
$filename = '';
if ($status = parent::validate() AND $this->upload['error'] === UPLOAD_ERR_OK)
{
// Set the filename to the original name
$filename = $this->upload['name'];
if (Kohana::config('upload.remove_spaces'))
{
// Remove spaces, due to global upload configuration
$filename = preg_replace('/\s+/', '_', $this->data['value']);
}
if (file_exists($filepath = $this->directory.$filename))
{
if ($this->filename !== TRUE OR ! is_writable($filepath))
{
// Prefix the file so that the filename is unique
$filepath = $this->directory.'uploadfile-'.uniqid(time()).'-'.$this->upload['name'];
}
}
// Move the uploaded file to the upload directory
move_uploaded_file($this->upload['tmp_name'], $filepath);
}
if ( ! empty($_POST[$this->data['name']]))
{
// Reset the POST value to the new filename
$this->data['value'] = $_POST[$this->data['name']] = empty($filepath) ? '' : $filepath;
}
return $status;
}
protected function rule_required()
{
if (empty($this->upload) OR $this->upload['error'] === UPLOAD_ERR_NO_FILE)
{
$this->errors['required'] = TRUE;
}
}
public function rule_allow()
{
if (empty($this->upload['tmp_name']) OR count($types = func_get_args()) == 0)
return;
if (($mime = file::mime($this->upload['tmp_name'])) === FALSE)
{
// Trust the browser
$mime = $this->upload['type'];
}
// Allow nothing by default
$allow = FALSE;
foreach ($types as $type)
{
// Load the mime types
$type = Kohana::config('mimes.'.$type);
if (is_array($type) AND in_array($mime, $type))
{
// Type is valid
$allow = TRUE;
break;
}
}
if ($allow === FALSE)
{
$this->errors['invalid_type'] = TRUE;
}
}
public function rule_size($size)
{
// Skip the field if it is empty
if (empty($this->upload) OR $this->upload['error'] === UPLOAD_ERR_NO_FILE)
return;
$bytes = (int) $size;
switch (substr($size, -2))
{
case 'GB': $bytes *= 1024;
case 'MB': $bytes *= 1024;
case 'KB': $bytes *= 1024;
default: break;
}
if (empty($this->upload['size']) OR $this->upload['size'] > $bytes)
{
$this->errors['max_size'] = array($size);
}
}
protected function html_element()
{
return form::upload($this->data);
}
} // End Form Upload
|
