ENH: refs #0377. Upload validation for java uploader and the web api

zachmullen · zachmullen · commit 67e5aeda1d71 · 2012-01-11T13:08:29.000-05:00
Also make sure to unlink temporary files once they are processed.
diff --git a/core/controllers/UploadController.php b/core/controllers/UploadController.php
@@ -282,11 +282,27 @@ function processjavauploadAction()
       throw new Zend_Exception('You are attempting to upload into the incorrect parent folder');
       }
 
+    $testingMode = Zend_Registry::get('configGlobal')->environment == 'testing';
     $this->Component->Httpupload->setTmpDirectory($this->getTempDirectory());
-    $this->Component->Httpupload->setTestingMode(Zend_Registry::get('configGlobal')->environment == 'testing');
+    $this->Component->Httpupload->setTestingMode($testingMode);
     $this->Component->Httpupload->setTokenParamName('uploadUniqueIdentifier');
     $data = $this->Component->Httpupload->process($params);
 
+    $validations = Zend_Registry::get('notifier')->callback('CALLBACK_CORE_VALIDATE_UPLOAD',
+                                                            array('filename' => $data['filename'],
+                                                                  'size' => $data['size'],
+                                                                  'path' => $data['path'],
+                                                                  'folderId' => $parentId));
+    foreach($validations as $validation)
+      {
+      if(!$validation['status'])
+        {
+        unlink($data['path']);
+        echo '[ERROR]'.$validation['message'];
+        throw new Zend_Exception($validation['message']);
+        }
+      }
+
     if(!empty($data['path']) && file_exists($data['path']) && $data['size'] > 0)
       {
       if(!isset($params['testingmode']) && isset($this->userSession->JavaUpload->parent))
@@ -309,9 +325,17 @@ function processjavauploadAction()
       try
         {
         $item = $this->Component->Upload->createUploadedItem($this->userSession->Dao, $data['filename'], $data['path'], $parent, $license, $data['md5']);
+        if(!$testingMode)
+          {
+          unlink($data['path']);
+          }
         }
       catch(Exception $e)
         {
+        if(!$testingMode)
+          {
+          unlink($data['path']);
+          }
         echo "[ERROR] ".$e->getMessage();
         throw $e;
         }
@@ -426,7 +450,10 @@ public function saveuploadedAction()
             }
           }
         $item = $this->Component->Upload->createUploadedItem($this->userSession->Dao, $filename, $path, $parent, $license);
-        unlink($path);
+        if(!$this->isTestingEnv())
+          {
+          unlink($path);
+          }
         $this->userSession->uploaded[] = $item->getKey();
         }
 
diff --git a/modules/api/controllers/components/ApiComponent.php b/modules/api/controllers/components/ApiComponent.php
@@ -434,6 +434,22 @@ function uploadPerform($args)
       throw new Exception('Invalid upload mode', MIDAS_INVALID_PARAMETER);
       }
 
+    if(array_key_exists('folderid', $args))
+      {
+      $validations = Zend_Registry::get('notifier')->callback('CALLBACK_CORE_VALIDATE_UPLOAD',
+                                                              array('filename' => $filename,
+                                                                    'size' => $filesize,
+                                                                    'path' => $filepath,
+                                                                    'folderId' => $args['folderid']));
+      foreach($validations as $validation)
+        {
+        if(!$validation['status'])
+          {
+          unlink($filepath);
+          throw new Exception($validation['message'], MIDAS_INVALID_POLICY);
+          }
+        }
+      }
     $uploadComponent = $componentLoader->loadComponent('Upload');
     $license = null;
     if(isset($folder))
