MDL-31112 Repository upload - check for completely null files (likely…

… to be folders uploaded by mistake via drag and drop)
moodle · Feb 14, 2012 · 87ed3a5 · 87ed3a5
1 parent 5fc420e
commit 87ed3a5
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 0 deletions.
diff --git a/repository/upload/lang/en/repository_upload.php b/repository/upload/lang/en/repository_upload.php
@@ -34,3 +34,4 @@
 $string['upload_error_no_tmp_dir'] = 'PHP is missing a temporary folder.';
 $string['upload_error_cant_write'] = 'Failed to write file to disk.';
 $string['upload_error_extension'] = 'A PHP extension stopped the file upload.';
+$string['upload_error_invalid_file'] = 'The file \'{$a}\' has no data in it - did you try to upload a folder?';
diff --git a/repository/upload/lib.php b/repository/upload/lib.php
@@ -129,6 +129,12 @@ public function upload($saveas_filename, $maxbytes) {
             }
         }
 
+        // Check the file has some non-null contents - usually an indication that a user has
+        // tried to upload a folder by mistake
+        if (!$this->check_valid_contents($_FILES[$elname]['tmp_name'])) {
+            throw new moodle_exception('upload_error_invalid_file', 'repository_upload', '', $record->filename);
+        }
+
         if ($this->mimetypes != '*') {
             // check filetype
             $filemimetype = mimeinfo('type', $_FILES[$elname]['name']);
@@ -178,6 +184,32 @@ public function upload($saveas_filename, $maxbytes) {
         }
     }
 
+    /**
+     * Checks the contents of the given file is not completely NULL - this can happen if a
+     * user drags & drops a folder onto a filemanager / filepicker element
+     * @param filepath full path (including filename) to file to check
+     * @return true if file has at least one non-null byte within it
+     */
+    protected function check_valid_contents($filepath) {
+        $buffersize = 4096;
+
+        $fp = fopen($filepath, 'r');
+        if (!$fp) {
+            return false; // Cannot read the file - something has gone wrong
+        }
+        while (!feof($fp)) {
+            // Read the file 4k at a time
+            $data = fread($fp, $buffersize);
+            if (preg_match('/[^\0]+/', $data)) {
+                fclose($fp);
+                return true; // Return as soon as a non-null byte is found
+            }
+        }
+        // Entire file is NULL
+        fclose($fp);
+        return false;
+    }
+
     /**
      * Return a upload form
      * @return array