Permalink
Browse files

added file upload check ability

Added var $_acceptable_upload_mime_types
Added method: addAcceptableUploadMimeTypes()
  • Loading branch information...
1 parent 1cca323 commit 85a202494782a21a9fe9199e071dfe3bbdef4133 FwrMedia committed Jul 28, 2012
Showing with 47 additions and 2 deletions.
  1. +21 −2 README
  2. +26 −0 catalog/includes/classes/form_handler.php
View
23 README
@@ -9,7 +9,7 @@ Features/benefits:
- Protects the script from contribution developers who "forget" to sanitise form input.
Changelog: 28th July 2012
-Added shortform usage, added reset(), added setDefaultSanitiser( string ),
+Added shortform usage, added reset(), added setDefaultSanitiser( string ), added file uploads check
Standard Usage:
Validates CSRF, applies type casting and sanitisation to values, ensures required form keys are in place, extracts any optionals.
@@ -90,4 +90,23 @@ The optional keys are extracted from _POST if they happen to be present and thei
along with the required key=>value(s)
This allows a lot of flexibility, reduction of core code, reduction of code complexity and the definate
-knowledge that all variables extracted have been typecast and sanitised.
+knowledge that all variables extracted have been typecast and sanitised.
+
+File uploads example: -
+
+ if (($extracted = $formHandler->addAcceptableUploadMimeTypes(array('image/jpeg', 'image/png', 'image/gif'))
+ ->setRequiredFormKeys(array( 'action' => 'some_action', 'my_image' => 'uploaded_file'))
+ ->validate()) !== false) {}
+
+The switch code:
+
+ case 'file':
+ case 'uploaded_file':
+ if ( PHP_VERSION < '4.1.0' ) break;
+ if (!array_key_exists($key, $_FILES)) return false;
+ if ((PHP_VERSION >= '4.2.0') && ($_FILES[$key]['error'] !== 0)) return false;
+ if (!array_key_exists('tmp_name', $_FILES[$key]) || !is_uploaded_file($_FILES[$key]['tmp_name'])) return false;
+ if (!empty($this->_acceptable_upload_mime_types)) {
+ if( !array_key_exists( 'type', $_FILES[$key]) || !in_array($_FILES[$key]['type'], $this->_acceptable_upload_mime_types)) return false;
+ }
+ break;
@@ -59,6 +59,13 @@ class form_handler {
*/
var $_default_sanitiser = 'strip_tags';
/**
+ * array of acceptable mime types used by file upload checking
+ *
+ * @var array - mime types e.g. array( 'image/jpeg', ' image/png', ' image/gif');
+ * @access protected - internal method would be protected in PHP5
+ */
+ var $_acceptable_upload_mime_types = array();
+ /**
* Constructor
*
* @param string $superglobal_type
@@ -130,6 +137,15 @@ function limitCsrfCheckOnly($csrf_only = false) {
return $this;
}
/**
+ * Add an array of acceptable mime types to be used checking upload validity
+ *
+ * @param array $args - e.g. array( 'image/jpeg', 'image/png', 'image/gif' )
+ */
+ function addAcceptableUploadMimeTypes( array $args = array() ) {
+ $this->_acceptable_upload_mime_types = $args;
+ return $this;
+ }
+ /**
* Reset used in instances where form validation is chained
*
* @example if ( form_validates ) elseif ( different form validates[reset here] )
@@ -238,6 +254,16 @@ function handleValues() {
case 'strip_tags':
$this->_extracted[$key] = tep_db_prepare_input(strip_tags((string)$this->_extracted[$key]));
break;
+ case 'file':
+ case 'uploaded_file':
+ if ( PHP_VERSION < '4.1.0' ) break;
+ if (!array_key_exists($key, $_FILES)) return false;
+ if ((PHP_VERSION >= '4.2.0') && ($_FILES[$key]['error'] !== 0)) return false;
+ if (!array_key_exists('tmp_name', $_FILES[$key]) || !is_uploaded_file($_FILES[$key]['tmp_name'])) return false;
+ if (!empty($this->_acceptable_upload_mime_types)) {
+ if( !array_key_exists( 'type', $_FILES[$key]) || !in_array($_FILES[$key]['type'], $this->_acceptable_upload_mime_types)) return false;
+ }
+ break;
case 'int':
$this->_extracted[$key] = (int)$this->_extracted[$key];
break;

0 comments on commit 85a2024

Please sign in to comment.