Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Differences Between: [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403] [Versions 39 and 310]

   1  <?php
   2  
   3  namespace Moodle;
   4  
   5  use stdClass;
   6  /**
   7   * Class
   8   */
   9  class H5peditorFile {
  10    private $result, $field, $interface;
  11    public $type, $name, $path, $mime, $size;
  12  
  13    /**
  14     * Constructor. Process data for file uploaded through the editor.
  15     */
  16    function __construct($interface) {
  17      $field = filter_input(INPUT_POST, 'field', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
  18  
  19      // Check for file upload.
  20      if ($field === NULL || empty($_FILES) || !isset($_FILES['file'])) {
  21        return;
  22      }
  23  
  24      $this->interface = $interface;
  25  
  26      // Create a new result object.
  27      $this->result = new stdClass();
  28  
  29      // Get the field.
  30      $this->field = json_decode($field);
  31  
  32      // Handle temporarily uploaded form file
  33      if (function_exists('finfo_file')) {
  34        $finfo = finfo_open(FILEINFO_MIME_TYPE);
  35        $this->type = finfo_file($finfo, $_FILES['file']['tmp_name']);
  36        finfo_close($finfo);
  37      }
  38      elseif (function_exists('mime_content_type')) {
  39        // Deprecated, only when finfo isn't available.
  40        $this->type = mime_content_type($_FILES['file']['tmp_name']);
  41      }
  42      else {
  43        $this->type = $_FILES['file']['type'];
  44      }
  45  
  46      $this->extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
  47      $this->size = $_FILES['file']['size'];
  48    }
  49  
  50    /**
  51     * Indicates if an uploaded file was found or not.
  52     *
  53     * @return boolean
  54     */
  55    public function isLoaded() {
  56      return is_object($this->result);
  57    }
  58  
  59    /**
  60     * Check current file up agains mime types and extensions in the given list.
  61     *
  62     * @param array $mimes List to check against.
  63     * @return boolean
  64     */
  65    public function check($mimes) {
  66      $ext = strtolower($this->extension);
  67      foreach ($mimes as $mime => $extension) {
  68        if (is_array($extension)) {
  69          // Multiple extensions
  70          if (in_array($ext, $extension)) {
  71            $this->type = $mime;
  72            return TRUE;
  73          }
  74        }
  75        elseif (/*$this->type === $mime && */$ext === $extension) {
  76          // TODO: Either remove everything that has to do with mime types, or make it work
  77          // Currently we're experiencing trouble with mime types on different servers...
  78          $this->type = $mime;
  79          return TRUE;
  80        }
  81      }
  82      return FALSE;
  83    }
  84  
  85    /**
  86     * Validate the file.
  87     *
  88     * @return boolean
  89     */
  90    public function validate() {
  91      if (isset($this->result->error)) {
  92        return FALSE;
  93      }
  94  
  95      // Check for field type.
  96      if (!isset($this->field->type)) {
  97        $this->result->error = $this->interface->t('Unable to get field type.');
  98        return FALSE;
  99      }
 100  
 101      $whitelist = explode(' ', $this->interface->getWhitelist(
 102        FALSE,
 103        H5PCore::$defaultContentWhitelist,
 104        H5PCore::$defaultLibraryWhitelistExtras
 105      ));
 106  
 107      // Check if mime type is allowed.
 108      $isValidMime = !isset($this->field->mimes) || in_array($this->type, $this->field->mimes);
 109      $isPhp = substr($this->extension, 0, 3) === 'php';
 110      $isWhitelisted = in_array(strtolower($this->extension), $whitelist);
 111      if (!$isValidMime || !$isWhitelisted || $isPhp) {
 112        $this->result->error = $this->interface->t("File type isn't allowed.");
 113        return FALSE;
 114      }
 115  
 116      // Type specific validations.
 117      switch ($this->field->type) {
 118        default:
 119          $this->result->error = $this->interface->t('Invalid field type.');
 120          return FALSE;
 121  
 122        case 'image':
 123          $allowed = array(
 124            'image/png' => 'png',
 125            'image/jpeg' => array('jpg', 'jpeg'),
 126            'image/gif' => 'gif',
 127          );
 128          if (!$this->check($allowed)) {
 129            $this->result->error = $this->interface->t('Invalid image file format. Use jpg, png or gif.');
 130            return FALSE;
 131          }
 132  
 133          // Image size from temp file
 134          $image = @getimagesize($_FILES['file']['tmp_name']);
 135  
 136          if (!$image) {
 137            $this->result->error = $this->interface->t('File is not an image.');
 138            return FALSE;
 139          }
 140  
 141          $this->result->width = $image[0];
 142          $this->result->height = $image[1];
 143          $this->result->mime = $this->type;
 144          break;
 145  
 146        case 'audio':
 147          $allowed = array(
 148            'audio/mpeg' => 'mp3',
 149            'audio/mp3' => 'mp3',
 150            'audio/mp4' => 'm4a',
 151            'audio/x-wav' => 'wav',
 152            'audio/wav' => 'wav',
 153            //'application/ogg' => 'ogg',
 154            'audio/ogg' => 'ogg',
 155            //'video/ogg' => 'ogg',
 156          );
 157          if (!$this->check($allowed)) {
 158            $this->result->error = $this->interface->t('Invalid audio file format. Use mp3 or wav.');
 159            return FALSE;
 160  
 161          }
 162  
 163          $this->result->mime = $this->type;
 164          break;
 165  
 166        case 'video':
 167          $allowed = array(
 168            'video/mp4' => 'mp4',
 169            'video/webm' => 'webm',
 170           // 'application/ogg' => 'ogv',
 171            'video/ogg' => 'ogv',
 172          );
 173          if (!$this->check($allowed)) {
 174            $this->result->error = $this->interface->t('Invalid video file format. Use mp4 or webm.');
 175            return FALSE;
 176          }
 177  
 178          $this->result->mime = $this->type;
 179          break;
 180  
 181        case 'file':
 182          // TODO: Try to get file extension for type and check that it matches the current extension.
 183          $this->result->mime = $this->type;
 184      }
 185  
 186      return TRUE;
 187    }
 188  
 189    /**
 190     * Get the type of the current file.
 191     *
 192     * @return string
 193     */
 194    public function getType() {
 195      return $this->field->type;
 196    }
 197  
 198    /**
 199     * Get the name of the current file.
 200     *
 201     * @return string
 202     */
 203    public function getName() {
 204      static $name;
 205  
 206      if (empty($name)) {
 207        $name = uniqid($this->field->name . '-');
 208  
 209        $matches = array();
 210        preg_match('/([a-z0-9]{1,})$/i', $_FILES['file']['name'], $matches);
 211        if (isset($matches[0])) {
 212          $name .= '.' . $matches[0];
 213        }
 214      }
 215  
 216      return $name;
 217    }
 218  
 219    /**
 220     * Get result from file processing.
 221     */
 222    public function getResult() {
 223      return json_encode($this->result);
 224    }
 225  
 226    /**
 227     * Print result from file processing.
 228     */
 229    public function printResult() {
 230      $this->result->path = $this->getType() . 's/' . $this->getName() . '#tmp';
 231  
 232      // text/plain is used to support IE
 233      header('Cache-Control: no-cache');
 234      header('Content-Type: text/plain; charset=utf-8');
 235  
 236      print $this->getResult();
 237    }
 238  }