Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
- Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
- PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
Differences Between: [Versions 311 and 401] [Versions 311 and 402] [Versions 311 and 403] [Versions 39 and 311]
1 <?php 2 3 namespace Moodle; 4 5 use stdClass; 6 /** 7 * Class 8 */ 9 class H5peditorFile { 10 private $result, $field, $interface; 11 public $type, $name, $path, $mime, $size; 12 13 /** 14 * Constructor. Process data for file uploaded through the editor. 15 */ 16 function __construct($interface) { 17 $field = filter_input(INPUT_POST, 'field', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); 18 19 // Check for file upload. 20 if ($field === NULL || empty($_FILES) || !isset($_FILES['file'])) { 21 return; 22 } 23 24 $this->interface = $interface; 25 26 // Create a new result object. 27 $this->result = new stdClass(); 28 29 // Get the field. 30 $this->field = json_decode($field); 31 32 // Handle temporarily uploaded form file 33 if (function_exists('finfo_file')) { 34 $finfo = finfo_open(FILEINFO_MIME_TYPE); 35 $this->type = finfo_file($finfo, $_FILES['file']['tmp_name']); 36 finfo_close($finfo); 37 } 38 elseif (function_exists('mime_content_type')) { 39 // Deprecated, only when finfo isn't available. 40 $this->type = mime_content_type($_FILES['file']['tmp_name']); 41 } 42 else { 43 $this->type = $_FILES['file']['type']; 44 } 45 46 $this->extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION); 47 $this->size = $_FILES['file']['size']; 48 } 49 50 /** 51 * Indicates if an uploaded file was found or not. 52 * 53 * @return boolean 54 */ 55 public function isLoaded() { 56 return is_object($this->result); 57 } 58 59 /** 60 * Check current file up agains mime types and extensions in the given list. 61 * 62 * @param array $mimes List to check against. 63 * @return boolean 64 */ 65 public function check($mimes) { 66 $ext = strtolower($this->extension); 67 foreach ($mimes as $mime => $extension) { 68 if (is_array($extension)) { 69 // Multiple extensions 70 if (in_array($ext, $extension)) { 71 $this->type = $mime; 72 return TRUE; 73 } 74 } 75 elseif (/*$this->type === $mime && */$ext === $extension) { 76 // TODO: Either remove everything that has to do with mime types, or make it work 77 // Currently we're experiencing trouble with mime types on different servers... 78 $this->type = $mime; 79 return TRUE; 80 } 81 } 82 return FALSE; 83 } 84 85 /** 86 * Validate the file. 87 * 88 * @return boolean 89 */ 90 public function validate() { 91 if (isset($this->result->error)) { 92 return FALSE; 93 } 94 95 // Check for field type. 96 if (!isset($this->field->type)) { 97 $this->result->error = $this->interface->t('Unable to get field type.'); 98 return FALSE; 99 } 100 101 $whitelist = explode(' ', $this->interface->getWhitelist( 102 FALSE, 103 H5PCore::$defaultContentWhitelist, 104 H5PCore::$defaultLibraryWhitelistExtras 105 )); 106 107 // Check if mime type is allowed. 108 $isValidMime = !isset($this->field->mimes) || in_array($this->type, $this->field->mimes); 109 $isPhp = substr($this->extension, 0, 3) === 'php'; 110 $isWhitelisted = in_array(strtolower($this->extension), $whitelist); 111 if (!$isValidMime || !$isWhitelisted || $isPhp) { 112 $this->result->error = $this->interface->t("File type isn't allowed."); 113 return FALSE; 114 } 115 116 // Type specific validations. 117 switch ($this->field->type) { 118 default: 119 $this->result->error = $this->interface->t('Invalid field type.'); 120 return FALSE; 121 122 case 'image': 123 $allowed = array( 124 'image/png' => 'png', 125 'image/jpeg' => array('jpg', 'jpeg'), 126 'image/gif' => 'gif', 127 ); 128 if (!$this->check($allowed)) { 129 $this->result->error = $this->interface->t('Invalid image file format. Use jpg, png or gif.'); 130 return FALSE; 131 } 132 133 // Image size from temp file 134 $image = @getimagesize($_FILES['file']['tmp_name']); 135 136 if (!$image) { 137 $this->result->error = $this->interface->t('File is not an image.'); 138 return FALSE; 139 } 140 141 $this->result->width = $image[0]; 142 $this->result->height = $image[1]; 143 $this->result->mime = $this->type; 144 break; 145 146 case 'audio': 147 $allowed = array( 148 'audio/mpeg' => 'mp3', 149 'audio/mp3' => 'mp3', 150 'audio/mp4' => 'm4a', 151 'audio/x-wav' => 'wav', 152 'audio/wav' => 'wav', 153 //'application/ogg' => 'ogg', 154 'audio/ogg' => 'ogg', 155 //'video/ogg' => 'ogg', 156 ); 157 if (!$this->check($allowed)) { 158 $this->result->error = $this->interface->t('Invalid audio file format. Use mp3 or wav.'); 159 return FALSE; 160 161 } 162 163 $this->result->mime = $this->type; 164 break; 165 166 case 'video': 167 $allowed = array( 168 'video/mp4' => 'mp4', 169 'video/webm' => 'webm', 170 // 'application/ogg' => 'ogv', 171 'video/ogg' => 'ogv', 172 ); 173 if (!$this->check($allowed)) { 174 $this->result->error = $this->interface->t('Invalid video file format. Use mp4 or webm.'); 175 return FALSE; 176 } 177 178 $this->result->mime = $this->type; 179 break; 180 181 case 'file': 182 // TODO: Try to get file extension for type and check that it matches the current extension. 183 $this->result->mime = $this->type; 184 } 185 186 return TRUE; 187 } 188 189 /** 190 * Get the type of the current file. 191 * 192 * @return string 193 */ 194 public function getType() { 195 return $this->field->type; 196 } 197 198 /** 199 * Get the name of the current file. 200 * 201 * @return string 202 */ 203 public function getName() { 204 static $name; 205 206 if (empty($name)) { 207 $name = uniqid($this->field->name . '-'); 208 209 $matches = array(); 210 preg_match('/([a-z0-9]{1,})$/i', $_FILES['file']['name'], $matches); 211 if (isset($matches[0])) { 212 $name .= '.' . $matches[0]; 213 } 214 } 215 216 return $name; 217 } 218 219 /** 220 * Get result from file processing. 221 */ 222 public function getResult() { 223 return json_encode($this->result); 224 } 225 226 /** 227 * Print result from file processing. 228 */ 229 public function printResult() { 230 $this->result->path = $this->getType() . 's/' . $this->getName() . '#tmp'; 231 232 // text/plain is used to support IE 233 header('Cache-Control: no-cache'); 234 header('Content-Type: text/plain; charset=utf-8'); 235 236 print $this->getResult(); 237 } 238 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
