xref: /webtrees/app/Http/RequestHandlers/UploadMediaAction.php (revision 89f7189b61a494347591c99bdb92afb7d8b66e1b) 
18ce3bd73SGreg Roach<?php
28ce3bd73SGreg Roach
38ce3bd73SGreg Roach/**
48ce3bd73SGreg Roach * webtrees: online genealogy
5*89f7189bSGreg Roach * Copyright (C) 2021 webtrees development team
68ce3bd73SGreg Roach * This program is free software: you can redistribute it and/or modify
78ce3bd73SGreg Roach * it under the terms of the GNU General Public License as published by
88ce3bd73SGreg Roach * the Free Software Foundation, either version 3 of the License, or
98ce3bd73SGreg Roach * (at your option) any later version.
108ce3bd73SGreg Roach * This program is distributed in the hope that it will be useful,
118ce3bd73SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
128ce3bd73SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
138ce3bd73SGreg Roach * GNU General Public License for more details.
148ce3bd73SGreg Roach * You should have received a copy of the GNU General Public License
15*89f7189bSGreg Roach * along with this program. If not, see <https://www.gnu.org/licenses/>.
168ce3bd73SGreg Roach */
178ce3bd73SGreg Roach
188ce3bd73SGreg Roachdeclare(strict_types=1);
198ce3bd73SGreg Roach
208ce3bd73SGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers;
218ce3bd73SGreg Roach
228ce3bd73SGreg Roachuse Fisharebest\Webtrees\FlashMessages;
238ce3bd73SGreg Roachuse Fisharebest\Webtrees\Functions\Functions;
248ce3bd73SGreg Roachuse Fisharebest\Webtrees\Html;
258ce3bd73SGreg Roachuse Fisharebest\Webtrees\I18N;
268ce3bd73SGreg Roachuse Fisharebest\Webtrees\Log;
278ce3bd73SGreg Roachuse Fisharebest\Webtrees\Registry;
288ce3bd73SGreg Roachuse Fisharebest\Webtrees\Services\MediaFileService;
298ce3bd73SGreg Roachuse Psr\Http\Message\ResponseInterface;
308ce3bd73SGreg Roachuse Psr\Http\Message\ServerRequestInterface;
318ce3bd73SGreg Roachuse Psr\Http\Message\UploadedFileInterface;
328ce3bd73SGreg Roachuse Psr\Http\Server\RequestHandlerInterface;
338ce3bd73SGreg Roachuse Throwable;
348ce3bd73SGreg Roach
358ce3bd73SGreg Roachuse function assert;
368ce3bd73SGreg Roachuse function e;
378ce3bd73SGreg Roachuse function preg_match;
388ce3bd73SGreg Roachuse function redirect;
398ce3bd73SGreg Roachuse function route;
408ce3bd73SGreg Roachuse function str_replace;
418ce3bd73SGreg Roachuse function substr;
428ce3bd73SGreg Roachuse function trim;
438ce3bd73SGreg Roach
448ce3bd73SGreg Roachuse const UPLOAD_ERR_OK;
458ce3bd73SGreg Roach
468ce3bd73SGreg Roach/**
478ce3bd73SGreg Roach * Manage media from the control panel.
488ce3bd73SGreg Roach */
498ce3bd73SGreg Roachclass UploadMediaAction implements RequestHandlerInterface
508ce3bd73SGreg Roach{
518ce3bd73SGreg Roach    /** @var MediaFileService */
528ce3bd73SGreg Roach    private $media_file_service;
538ce3bd73SGreg Roach
548ce3bd73SGreg Roach    /**
558ce3bd73SGreg Roach     * MediaController constructor.
568ce3bd73SGreg Roach     *
578ce3bd73SGreg Roach     * @param MediaFileService $media_file_service
588ce3bd73SGreg Roach     */
598ce3bd73SGreg Roach    public function __construct(MediaFileService $media_file_service)
608ce3bd73SGreg Roach    {
618ce3bd73SGreg Roach        $this->media_file_service = $media_file_service;
628ce3bd73SGreg Roach    }
638ce3bd73SGreg Roach
648ce3bd73SGreg Roach    /**
658ce3bd73SGreg Roach     * @param ServerRequestInterface $request
668ce3bd73SGreg Roach     *
678ce3bd73SGreg Roach     * @return ResponseInterface
688ce3bd73SGreg Roach     */
698ce3bd73SGreg Roach    public function handle(ServerRequestInterface $request): ResponseInterface
708ce3bd73SGreg Roach    {
718ce3bd73SGreg Roach        $data_filesystem = Registry::filesystem()->data();
728ce3bd73SGreg Roach
738ce3bd73SGreg Roach        $params = (array) $request->getParsedBody();
748ce3bd73SGreg Roach
758ce3bd73SGreg Roach        $all_folders = $this->media_file_service->allMediaFolders($data_filesystem);
768ce3bd73SGreg Roach
778ce3bd73SGreg Roach        foreach ($request->getUploadedFiles() as $key => $uploaded_file) {
788ce3bd73SGreg Roach            assert($uploaded_file instanceof UploadedFileInterface);
798ce3bd73SGreg Roach            if ($uploaded_file->getClientFilename() === '') {
808ce3bd73SGreg Roach                continue;
818ce3bd73SGreg Roach            }
828ce3bd73SGreg Roach            if ($uploaded_file->getError() !== UPLOAD_ERR_OK) {
838ce3bd73SGreg Roach                FlashMessages::addMessage(Functions::fileUploadErrorText($uploaded_file->getError()), 'danger');
848ce3bd73SGreg Roach                continue;
858ce3bd73SGreg Roach            }
868ce3bd73SGreg Roach            $key = substr($key, 9);
878ce3bd73SGreg Roach
888ce3bd73SGreg Roach            $folder   = $params['folder' . $key];
898ce3bd73SGreg Roach            $filename = $params['filename' . $key];
908ce3bd73SGreg Roach
918ce3bd73SGreg Roach            // If no filename specified, use the original filename.
928ce3bd73SGreg Roach            if ($filename === '') {
938ce3bd73SGreg Roach                $filename = $uploaded_file->getClientFilename();
948ce3bd73SGreg Roach            }
958ce3bd73SGreg Roach
968ce3bd73SGreg Roach            // Validate the folder
978ce3bd73SGreg Roach            if (!$all_folders->contains($folder)) {
988ce3bd73SGreg Roach                break;
998ce3bd73SGreg Roach            }
1008ce3bd73SGreg Roach
1018ce3bd73SGreg Roach            // Validate the filename.
1028ce3bd73SGreg Roach            $filename = str_replace('\\', '/', $filename);
1038ce3bd73SGreg Roach            $filename = trim($filename, '/');
1048ce3bd73SGreg Roach
1058ce3bd73SGreg Roach            if (preg_match('/([:])/', $filename, $match)) {
1068ce3bd73SGreg Roach                // Local media files cannot contain certain special characters, especially on MS Windows
1078ce3bd73SGreg Roach                FlashMessages::addMessage(I18N::translate('Filenames are not allowed to contain the character “%s”.', $match[1]));
1088ce3bd73SGreg Roach                continue;
1098ce3bd73SGreg Roach            }
1108ce3bd73SGreg Roach
1118ce3bd73SGreg Roach            if (preg_match('/(\.(php|pl|cgi|bash|sh|bat|exe|com|htm|html|shtml))$/i', $filename, $match)) {
1128ce3bd73SGreg Roach                // Do not allow obvious script files.
1138ce3bd73SGreg Roach                FlashMessages::addMessage(I18N::translate('Filenames are not allowed to have the extension “%s”.', $match[1]));
1148ce3bd73SGreg Roach                continue;
1158ce3bd73SGreg Roach            }
1168ce3bd73SGreg Roach
1178ce3bd73SGreg Roach            $path = $folder . $filename;
1188ce3bd73SGreg Roach
1198ce3bd73SGreg Roach            if ($data_filesystem->has($path)) {
1208ce3bd73SGreg Roach                FlashMessages::addMessage(I18N::translate('The file %s already exists. Use another filename.', $path, 'error'));
1218ce3bd73SGreg Roach                continue;
1228ce3bd73SGreg Roach            }
1238ce3bd73SGreg Roach
1248ce3bd73SGreg Roach            // Now copy the file to the correct location.
1258ce3bd73SGreg Roach            try {
1268ce3bd73SGreg Roach                $data_filesystem->writeStream($path, $uploaded_file->getStream()->detach());
1278ce3bd73SGreg Roach                FlashMessages::addMessage(I18N::translate('The file %s has been uploaded.', Html::filename($path)), 'success');
1288ce3bd73SGreg Roach                Log::addMediaLog('Media file ' . $path . ' uploaded');
1298ce3bd73SGreg Roach            } catch (Throwable $ex) {
1308ce3bd73SGreg Roach                FlashMessages::addMessage(I18N::translate('There was an error uploading your file.') . '<br>' . e($ex->getMessage()), 'danger');
1318ce3bd73SGreg Roach            }
1328ce3bd73SGreg Roach        }
1338ce3bd73SGreg Roach
1348ce3bd73SGreg Roach        $url = route(UploadMediaPage::class);
1358ce3bd73SGreg Roach
1368ce3bd73SGreg Roach        return redirect($url);
1378ce3bd73SGreg Roach    }
1388ce3bd73SGreg Roach}
139