Upload image server side validation

JoomShaper · Apr 18, 2016 · 26e47dd · 26e47dd
1 parent afec1af
commit 26e47dd
Show file tree

Hide file tree

Showing 11 changed files with 86 additions and 70 deletions.
diff --git a/admin/assets/js/media.js b/admin/assets/js/media.js
@@ -201,6 +201,10 @@
             }
 
             $('#sppb-media-modal .btn-upload-media').removeAttr('disabled')
+          } else {
+            $('#sppb-media-modal .sppb-media').find('.sppb-media-image-loader').remove()
+            $('#sppb-media-modal .btn-upload-media').removeAttr('disabled')
+            alert(data.output);
           }
         } catch (e) {
           $('#sppb-media-modal .sppb-media-modal-body-inner').html(response)

diff --git a/admin/controllers/media.php b/admin/controllers/media.php
@@ -28,83 +28,95 @@ public function upload_media() {
 
         if(count($image)) {
             if ($image['error'] == UPLOAD_ERR_OK) {
-                $error = false;
-                $params = JComponentHelper::getParams('com_media');
-                $contentLength = (int) $_SERVER['CONTENT_LENGTH'];
-                $mediaHelper = new JHelperMedia;
-                $postMaxSize = $mediaHelper->toBytes(ini_get('post_max_size'));
-                $memoryLimit = $mediaHelper->toBytes(ini_get('memory_limit'));
-                // Check for the total size of post back data.
-                if (($postMaxSize > 0 && $contentLength > $postMaxSize) || ($memoryLimit != -1 && $contentLength > $memoryLimit)) {
-                    $report['status'] = false;
-                    $report['output'] = JText::_('COM_SPPAGEBUILDER_MEDIA_MANAGER_MEDIA_TOTAL_SIZE_EXCEEDS');
-                    $error = true;
-                    echo json_encode($report);
-                    die;
-                }
-                $uploadMaxSize = $params->get('upload_maxsize', 0) * 1024 * 1024;
-                $uploadMaxFileSize = $mediaHelper->toBytes(ini_get('upload_max_filesize'));
-                if (($image['error'] == 1) || ($uploadMaxSize > 0 && $image['size'] > $uploadMaxSize) || ($uploadMaxFileSize > 0 && $image['size'] > $uploadMaxFileSize)) {
-                    $report['status'] = false;
-                    $report['output'] = JText::_('COM_SPPAGEBUILDER_MEDIA_MANAGER_MEDIA_LARGE');
-                    $error = true;
-                }
-
-                // Upload if no error found
-                if(!$error) {
-                    $date = JFactory::getDate();
-                    $folder = 'images/' . JHtml::_('date', $date, 'Y') . '/' . JHtml::_('date', $date, 'm') . '/' . JHtml::_('date', $date, 'd');
-
-                    if($dir != '') {
-                        $folder = ltrim($dir, '/');
-                    }
 
-                    if(!JFolder::exists( JPATH_ROOT . '/' . $folder )) {
-                        JFolder::create(JPATH_ROOT . '/' . $folder, 0755);
+                // Check file format
+                $image_info = pathinfo($image['name']);
+                if((strtolower($image_info['extension']) == 'png') || (strtolower($image_info['extension']) == 'jpg') || (strtolower($image_info['extension']) == 'jpeg') || (strtolower($image_info['extension']) == 'gif') || (strtolower($image_info['extension']) == 'svg')) {
+
+                    $error = false;
+                    $params = JComponentHelper::getParams('com_media');
+                    $contentLength = (int) $_SERVER['CONTENT_LENGTH'];
+                    $mediaHelper = new JHelperMedia;
+                    $postMaxSize = $mediaHelper->toBytes(ini_get('post_max_size'));
+                    $memoryLimit = $mediaHelper->toBytes(ini_get('memory_limit'));
+                    // Check for the total size of post back data.
+                    if (($postMaxSize > 0 && $contentLength > $postMaxSize) || ($memoryLimit != -1 && $contentLength > $memoryLimit)) {
+                        $report['status'] = false;
+                        $report['output'] = JText::_('COM_SPPAGEBUILDER_MEDIA_MANAGER_MEDIA_TOTAL_SIZE_EXCEEDS');
+                        $error = true;
+                        echo json_encode($report);
+                        die;
                     }
-
-                    if(!JFolder::exists( JPATH_ROOT . '/' . $folder . '/_spmedia_thumbs' )) {
-                        JFolder::create(JPATH_ROOT . '/' . $folder . '/_spmedia_thumbs', 0755);
+                    $uploadMaxSize = $params->get('upload_maxsize', 0) * 1024 * 1024;
+                    $uploadMaxFileSize = $mediaHelper->toBytes(ini_get('upload_max_filesize'));
+                    if (($image['error'] == 1) || ($uploadMaxSize > 0 && $image['size'] > $uploadMaxSize) || ($uploadMaxFileSize > 0 && $image['size'] > $uploadMaxFileSize)) {
+                        $report['status'] = false;
+                        $report['output'] = JText::_('COM_SPPAGEBUILDER_MEDIA_MANAGER_MEDIA_LARGE');
+                        $error = true;
                     }
 
-                    $name = $image['name'];
-                    $path = $image['tmp_name'];
-                    // Do no override existing file
-
-                    $file = preg_replace('#\s+#', "-", JFile::makeSafe(basename($name)));
-                    $i = 0;
-                    do {
-                        $base_name  = JFile::stripExt($file) . ($i ? "$i" : "");
-                        $ext        = JFile::getExt($file);
-                        $image_name = $base_name . '.' . $ext;
-                        $i++;
-                        $dest       = JPATH_ROOT . '/' . $folder . '/' . $image_name;
-                        $src        = $folder . '/'  . $image_name;
-                    } while(file_exists($dest));
-                    // End Do not override
-
-                    if(JFile::upload($path, $dest)) {
-                        $thumb = '';
-
-                        if(strtolower($ext) == 'svg') {
-                            $report['src'] = JURI::root(true) . '/' . $src;
-                        } else {
-                            $image = new SppagebuilderHelperImage($dest);
-                            if( ($image->getWidth() >300) || ($image->getWidth() >225) ) {
-                                $image->createThumbs(array('spmedia_thumb'=>'300x225'), 5, '_spmedia_thumbs');
-                                $report['src'] = JURI::root(true) . '/' . $folder . '/_spmedia_thumbs/' . $base_name . '.' . $ext;
-                                $thumb      = $folder . '/_spmedia_thumbs/'  . $base_name . '.' . $ext;
-                            } else {
+                    // Upload if no error found
+                    if(!$error) {
+                        $date = JFactory::getDate();
+                        $folder = 'images/' . JHtml::_('date', $date, 'Y') . '/' . JHtml::_('date', $date, 'm') . '/' . JHtml::_('date', $date, 'd');
+
+                        if($dir != '') {
+                            $folder = ltrim($dir, '/');
+                        }
+
+                        if(!JFolder::exists( JPATH_ROOT . '/' . $folder )) {
+                            JFolder::create(JPATH_ROOT . '/' . $folder, 0755);
+                        }
+
+                        if(!JFolder::exists( JPATH_ROOT . '/' . $folder . '/_spmedia_thumbs' )) {
+                            JFolder::create(JPATH_ROOT . '/' . $folder . '/_spmedia_thumbs', 0755);
+                        }
+
+                        $name = $image['name'];
+                        $path = $image['tmp_name'];
+                        // Do no override existing file
+
+                        $file = preg_replace('#\s+#', "-", JFile::makeSafe(basename($name)));
+                        $i = 0;
+                        do {
+                            $base_name  = JFile::stripExt($file) . ($i ? "$i" : "");
+                            $ext        = JFile::getExt($file);
+                            $image_name = $base_name . '.' . $ext;
+                            $i++;
+                            $dest       = JPATH_ROOT . '/' . $folder . '/' . $image_name;
+                            $src        = $folder . '/'  . $image_name;
+                        } while(file_exists($dest));
+                        // End Do not override
+
+                        if(JFile::upload($path, $dest)) {
+                            $thumb = '';
+
+                            if(strtolower($ext) == 'svg') {
                                 $report['src'] = JURI::root(true) . '/' . $src;
+                            } else {
+                                $image = new SppagebuilderHelperImage($dest);
+                                if( ($image->getWidth() >300) || ($image->getWidth() >225) ) {
+                                    $image->createThumbs(array('spmedia_thumb'=>'300x225'), 5, '_spmedia_thumbs');
+                                    $report['src'] = JURI::root(true) . '/' . $folder . '/_spmedia_thumbs/' . $base_name . '.' . $ext;
+                                    $thumb      = $folder . '/_spmedia_thumbs/'  . $base_name . '.' . $ext;
+                                } else {
+                                    $report['src'] = JURI::root(true) . '/' . $src;
+                                }
                             }
-                        }
 
-                        $insertid = $model->insertMedia($base_name, $src, $thumb, 'image');
-                        $report['status'] = true;
-                        $report['title'] = $base_name;
-                        $report['id'] = $insertid;
-                        $report['path'] = $src;
+                            $insertid = $model->insertMedia($base_name, $src, $thumb, 'image');
+                            $report['status'] = true;
+                            $report['title'] = $base_name;
+                            $report['id'] = $insertid;
+                            $report['path'] = $src;
+                        }
                     }
+
+                } else {
+                    $report['status'] = false;
+                    $report['output'] = JText::_('COM_SPPAGEBUILDER_MEDIA_MANAGER_UNSUPPORTED_FORMAT');
+                    echo json_encode($report);
+                    die;
                 }
             }
         } else {

diff --git a/sppagebuilder.xml b/sppagebuilder.xml
@@ -7,7 +7,7 @@
 	<authorUrl>http://www.joomshaper.com</authorUrl>
 	<copyright>Copyright @ 2010 - 2016 JoomShaper. All rights reserved.</copyright>
 	<license>GNU General Public License version 2 or later</license>
-	<version>1.0.8</version>
+	<version>1.0.9</version>
 	<description>Most powerful drag and drop page builder for Joomla 3.4 or later.</description>
 	<scriptfile>installer.script.php</scriptfile>
 

diff --git a/translations/fr-FR/language/admin/fr-FR/fr-FR.com_sppagebuilder.ini b/translations/fr-FR/language/admin/fr-FR/fr-FR.com_sppagebuilder.ini
diff --git a/translations/fr-FR/language/admin/fr-FR/fr-FR.com_sppagebuilder.sys.ini b/translations/fr-FR/language/admin/fr-FR/fr-FR.com_sppagebuilder.sys.ini
diff --git a/translations/fr-FR/language/admin/fr-FR/fr-FR.mod_sppagebuilder_admin_menu.ini b/translations/fr-FR/language/admin/fr-FR/fr-FR.mod_sppagebuilder_admin_menu.ini
diff --git a/translations/fr-FR/language/admin/fr-FR/fr-FR.mod_sppagebuilder_admin_menu.sys.ini b/translations/fr-FR/language/admin/fr-FR/fr-FR.mod_sppagebuilder_admin_menu.sys.ini
diff --git a/translations/fr-FR/language/admin/fr-FR/fr-FR.mod_sppagebuilder_icons.ini b/translations/fr-FR/language/admin/fr-FR/fr-FR.mod_sppagebuilder_icons.ini
diff --git a/translations/fr-FR/language/admin/fr-FR/fr-FR.mod_sppagebuilder_icons.sys.ini b/translations/fr-FR/language/admin/fr-FR/fr-FR.mod_sppagebuilder_icons.sys.ini
diff --git a/translations/fr-FR/language/site/fr-FR/fr-FR.com_sppagebuilder.ini b/translations/fr-FR/language/site/fr-FR/fr-FR.com_sppagebuilder.ini
diff --git a/translations/fr-FR/pkg_fr-FR.xml b/translations/fr-FR/pkg_fr-FR.xml