gallery3-debian/modules/gallery/helpers/legal_file.php

<?php defined("SYSPATH") or die("No direct script access.");
/**
 * Gallery - a web based photo album viewer and editor
 * Copyright (C) 2000-2013 Bharat Mediratta
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or (at
 * your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
 */
class legal_file_Core {
  private static $photo_types_by_extension;
  private static $movie_types_by_extension;
  private static $photo_extensions;
  private static $movie_extensions;
  private static $photo_types;
  private static $movie_types;
  private static $blacklist = array("php", "php3", "php4", "php5", "phtml", "phtm", "shtml", "shtm",
                                    "pl", "cgi", "asp", "sh", "py", "c", "js");

  /**
   * Create a default list of allowed photo MIME types paired with their extensions and then let
   * modules modify it.  This is an ordered map, mapping extensions to their MIME types.
   * Extensions cannot be duplicated, but MIMEs can (e.g. jpeg and jpg both map to image/jpeg).
   *
   * @param string $extension (opt.) - return MIME of extension; if not given, return complete array
   */
  static function get_photo_types_by_extension($extension=null) {
    if (empty(self::$photo_types_by_extension)) {
      $types_by_extension_wrapper = new stdClass();
      $types_by_extension_wrapper->types_by_extension = array(
        "jpg" => "image/jpeg", "jpeg" => "image/jpeg", "gif" => "image/gif", "png" => "image/png");
      module::event("photo_types_by_extension", $types_by_extension_wrapper);
      foreach (self::$blacklist as $key) {
        unset($types_by_extension_wrapper->types_by_extension[$key]);
      }
      self::$photo_types_by_extension = $types_by_extension_wrapper->types_by_extension;
    }
    if ($extension) {
      // return matching MIME type
      $extension = strtolower($extension);
      if (isset(self::$photo_types_by_extension[$extension])) {
        return self::$photo_types_by_extension[$extension];
      } else {
        return null;
      }
    } else {
      // return complete array
      return self::$photo_types_by_extension;
    }
  }

  /**
   * Create a default list of allowed movie MIME types paired with their extensions and then let
   * modules modify it.  This is an ordered map, mapping extensions to their MIME types.
   * Extensions cannot be duplicated, but MIMEs can (e.g. jpeg and jpg both map to image/jpeg).
   *
   * @param string $extension (opt.) - return MIME of extension; if not given, return complete array
   */
  static function get_movie_types_by_extension($extension=null) {
    if (empty(self::$movie_types_by_extension)) {
      $types_by_extension_wrapper = new stdClass();
      $types_by_extension_wrapper->types_by_extension = array(
        "flv" => "video/x-flv", "mp4" => "video/mp4", "m4v" => "video/x-m4v");
      module::event("movie_types_by_extension", $types_by_extension_wrapper);
      foreach (self::$blacklist as $key) {
        unset($types_by_extension_wrapper->types_by_extension[$key]);
      }
      self::$movie_types_by_extension = $types_by_extension_wrapper->types_by_extension;
    }
    if ($extension) {
      // return matching MIME type
      $extension = strtolower($extension);
      if (isset(self::$movie_types_by_extension[$extension])) {
        return self::$movie_types_by_extension[$extension];
      } else {
        return null;
      }
    } else {
      // return complete array
      return self::$movie_types_by_extension;
    }
  }

  /**
   * Create a merged list of all allowed photo and movie MIME types paired with their extensions.
   *
   * @param string $extension (opt.) - return MIME of extension; if not given, return complete array
   */
  static function get_types_by_extension($extension=null) {
    $types_by_extension = legal_file::get_photo_types_by_extension();
    if (movie::allow_uploads()) {
      $types_by_extension = array_merge($types_by_extension,
                                        legal_file::get_movie_types_by_extension());
    }
    if ($extension) {
      // return matching MIME type
      $extension = strtolower($extension);
      if (isset($types_by_extension[$extension])) {
        return $types_by_extension[$extension];
      } else {
        return null;
      }
    } else {
      // return complete array
      return $types_by_extension;
    }
  }

  /**
   * Create a default list of allowed photo extensions and then let modules modify it.
   *
   * @param string $extension (opt.) - return true if allowed; if not given, return complete array
   */
  static function get_photo_extensions($extension=null) {
    if (empty(self::$photo_extensions)) {
      $extensions_wrapper = new stdClass();
      $extensions_wrapper->extensions = array_keys(legal_file::get_photo_types_by_extension());
      module::event("legal_photo_extensions", $extensions_wrapper);
      self::$photo_extensions = array_diff($extensions_wrapper->extensions, self::$blacklist);
    }
    if ($extension) {
      // return true if in array, false if not
      return in_array(strtolower($extension), self::$photo_extensions);
    } else {
      // return complete array
      return self::$photo_extensions;
    }
  }

  /**
   * Create a default list of allowed movie extensions and then let modules modify it.
   *
   * @param string $extension (opt.) - return true if allowed; if not given, return complete array
   */
  static function get_movie_extensions($extension=null) {
    if (empty(self::$movie_extensions)) {
      $extensions_wrapper = new stdClass();
      $extensions_wrapper->extensions = array_keys(legal_file::get_movie_types_by_extension());
      module::event("legal_movie_extensions", $extensions_wrapper);
      self::$movie_extensions = array_diff($extensions_wrapper->extensions, self::$blacklist);
    }
    if ($extension) {
      // return true if in array, false if not
      return in_array(strtolower($extension), self::$movie_extensions);
    } else {
      // return complete array
      return self::$movie_extensions;
    }
  }

  /**
   * Create a merged list of all allowed photo and movie extensions.
   *
   * @param string $extension (opt.) - return true if allowed; if not given, return complete array
   */
  static function get_extensions($extension=null) {
    $extensions = legal_file::get_photo_extensions();
    if (movie::allow_uploads()) {
      $extensions = array_merge($extensions, legal_file::get_movie_extensions());
    }
    if ($extension) {
      // return true if in array, false if not
      return in_array(strtolower($extension), $extensions);
    } else {
      // return complete array
      return $extensions;
    }
  }

  /**
   * Create a merged list of all photo and movie filename filters,
   * (e.g. "*.gif"), based on allowed extensions.
   */
  static function get_filters() {
    $filters = array();
    foreach (legal_file::get_extensions() as $extension) {
      array_push($filters, "*." . $extension, "*." . strtoupper($extension));
    }
    return $filters;
  }

  /**
   * Create a default list of allowed photo MIME types and then let modules modify it.
   * Can be used to add legal alternatives for default MIME types.
   * (e.g. flv maps to video/x-flv by default, but video/flv is still legal).
   */
  static function get_photo_types() {
    if (empty(self::$photo_types)) {
      $types_wrapper = new stdClass();
      // Need array_unique since types_by_extension can be many-to-one (e.g. jpeg and jpg).
      $types_wrapper->types = array_unique(array_values(legal_file::get_photo_types_by_extension()));
      module::event("legal_photo_types", $types_wrapper);
      self::$photo_types = $types_wrapper->types;
    }
    return self::$photo_types;
  }

  /**
   * Create a default list of allowed movie MIME types and then let modules modify it.
   * Can be used to add legal alternatives for default MIME types.
   * (e.g. flv maps to video/x-flv by default, but video/flv is still legal).
   */
  static function get_movie_types() {
    if (empty(self::$movie_types)) {
      $types_wrapper = new stdClass();
      // Need array_unique since types_by_extension can be many-to-one (e.g. jpeg and jpg).
      $types_wrapper->types = array_unique(array_values(legal_file::get_movie_types_by_extension()));
      $types_wrapper->types[] = "video/flv";
      module::event("legal_movie_types", $types_wrapper);
      self::$movie_types = $types_wrapper->types;
    }
    return self::$movie_types;
  }

  /**
   * Change the extension of a filename.  If the original filename has no
   * extension, add the new one to the end.
   */
  static function change_extension($filename, $new_ext) {
    $filename_no_ext = preg_replace("/\.[^\.\/]*?$/", "", $filename);
    return "{$filename_no_ext}.{$new_ext}";
  }

  /**
   * Reduce the given file to having a single extension.
   */
  static function smash_extensions($filename) {
    if (!$filename) {
      // It's harmless, so return it before it causes issues with pathinfo.
      return $filename;
    }
    $parts = pathinfo($filename);
    $result = "";
    if ($parts["dirname"] != ".") {
      $result .= $parts["dirname"] . "/";
    }
    $parts["filename"] = str_replace(".", "_", $parts["filename"]);
    $parts["filename"] = preg_replace("/[_]+/", "_", $parts["filename"]);
    $parts["filename"] = trim($parts["filename"], "_");
    $result .= isset($parts["extension"]) ? "{$parts['filename']}.{$parts['extension']}" : $parts["filename"];
    return $result;
  }

  /**
   * Sanitize a filename for a given type (given as "photo" or "movie") and a target file format
   * (given as an extension).  This returns a completely legal and valid filename,
   * or throws an exception if the type or extension given is invalid or illegal.  It tries to
   * maintain the filename's original extension even if it's not identical to the given extension
   * (e.g. don't change "JPG" or "jpeg" to "jpg").
   *
   * Note: it is not okay if the extension given is legal but does not match the type (e.g. if
   * extension is "mp4" and type is "photo", it will throw an exception)
   *
   * @param  string $filename  (with no directory)
   * @param  string $extension (can be uppercase or lowercase)
   * @param  string $type      (as "photo" or "movie")
   * @return string sanitized filename (or null if bad extension argument)
   */
  static function sanitize_filename($filename, $extension, $type) {
    // Check if the type is valid - if so, get the mime types of the
    // original and target extensions; if not, throw an exception.
    $original_extension = pathinfo($filename, PATHINFO_EXTENSION);
    switch ($type) {
      case "photo":
        $mime_type = legal_file::get_photo_types_by_extension($extension);
        $original_mime_type = legal_file::get_photo_types_by_extension($original_extension);
        break;
      case "movie":
        $mime_type = legal_file::get_movie_types_by_extension($extension);
        $original_mime_type = legal_file::get_movie_types_by_extension($original_extension);
        break;
      default:
        throw new Exception("@todo INVALID_TYPE");
    }

    // Check if the target extension is blank or invalid - if so, throw an exception.
    if (!$extension || !$mime_type) {
      throw new Exception("@todo ILLEGAL_EXTENSION");
    }

    // Check if the mime types of the original and target extensions match - if not, fix it.
    if (!$original_extension || ($mime_type != $original_mime_type)) {
      $filename = legal_file::change_extension($filename, $extension);
    }

    // It should be a filename without a directory - remove all slashes (and backslashes).
    $filename = str_replace("/", "_", $filename);
    $filename = str_replace("\\", "_", $filename);

    // Remove extra dots from the filename.  This will also remove extraneous underscores.
    $filename = legal_file::smash_extensions($filename);

    // It's possible that the filename has no base (e.g. ".jpg") - if so, give it a generic one.
    if (empty($filename) || (substr($filename, 0, 1) == ".")) {
      $filename = $type . $filename;  // e.g. "photo.jpg" or "movie.mp4"
    }

    return $filename;
  }
}