-
Notifications
You must be signed in to change notification settings - Fork 60
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/file-upload-plugins' into develop
- Loading branch information
Showing
35 changed files
with
1,090 additions
and
672 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Stop Apache doing directory indexing. | ||
Options -Indexes | ||
|
||
|
||
# Try and tell Apache not to serve out any files within this directory as PHP - | ||
# this helps close a potential security flaw - given people can upload almost anything into an LO. | ||
|
||
#RemoveHandler .php | ||
<FilesMatch "\.((php[0-9]?)|p?html?|pl|sh|java|cpp|c|h|js|rc)$"> | ||
SetHandler None | ||
</FilesMatch> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
deny from all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
<?php | ||
|
||
/** | ||
* Older versions of XOT allowed LO authors to upload .flv videos for embedding with the Learning Object. | ||
* Unfortunately, flv videos aren't compatible with HTML5 based templates and will not display on e.g. tablets as | ||
* Adobe Flash is not available. | ||
* This cron job, when run will look for all videos which do not have an '.mp4' extension, and attempt to transcode (i.e. reformat) them. | ||
* the original file is left as is - so if you start with : | ||
* | ||
* USER-FILES/2-Test-Nottingham/media/something.flv | ||
* | ||
* you'll end up with : | ||
* | ||
* USER-FILES/2-Test-Nottingham/media/something.flv | ||
* USER-FILES/2-Test-Nottingham/media/something.mp4 | ||
* | ||
* When the script runs it looks to see if a .mp4 variant of the file already exists, and if it does, it does nothing. | ||
* | ||
* Note, depending on your media files, running this may consume quite a lot of CPU / disk resource. | ||
* No 'intelligence' is included to cope with duplicated source media files - to reduce resource usage. | ||
* | ||
* | ||
* You'll need to have something like 'avconv' or 'ffmpeg' installed. See comments inline below. | ||
* It'll probably work best with ffmpeg. Perhaps. | ||
* | ||
*/ | ||
require_once dirname(__FILE__) . '/../config.php'; | ||
|
||
if(!is_file('/usr/bin/avconv') && !is_File('/usr/bin/ffmpeg')) { | ||
die("Cannot run; /usr/bin/avconv or /usr/bin/ffmpeg does not appear to be present"); | ||
} | ||
|
||
$finfo = new finfo(FILEINFO_MIME_TYPE); | ||
|
||
$files = glob($xerte_toolkits_site->users_file_area_full . '*/media/*'); | ||
|
||
foreach ($files as $filename) { | ||
|
||
$mimeType = $finfo->file($filename); | ||
$extension = pathinfo($filename, PATHINFO_EXTENSION); | ||
|
||
if ($extension !== 'mp4' && preg_match('!video!', $mimeType)) { | ||
// have a video that may need transcoding | ||
|
||
// has video already been transcoded? | ||
$mp4Filename = preg_replace('!' . preg_quote($extension, "!") . '$!', 'mp4', $filename, 1); // replace the extension with "mp4" | ||
if (file_exists($mp4Filename)) { | ||
// have a mp4 version. | ||
continue; | ||
} | ||
|
||
// need to transcode a mp4 version | ||
add_transcode_job($filename, $mp4Filename); | ||
} | ||
} | ||
|
||
|
||
function add_transcode_job($inputFilename, $outputFilename) | ||
{ | ||
// Ubuntu 14.04 - libav-tools, libavcodec-extra-54 | ||
|
||
if(is_file('/usr/bin/ffmpeg')) { | ||
$cmd = 'ffmpeg -i ' . escapeshellarg($inputFilename) . ' -sameq -ar 22050 -vcodec libx264 ' . escapeshellarg($outputFilename) . ' 2>&1' ; | ||
} | ||
else { | ||
$cmd = 'avconv ' | ||
. '-i ' . escapeshellarg($inputFilename) // input filename | ||
. ' -c:v h264 ' // video codec | ||
. '-b:v 2000k ' // video bitrate | ||
. '-c:a aac ' // audio codec | ||
. '-b:a 196k ' // audio bitrate | ||
. '-f mp4 ' // file format | ||
. '-strict experimental ' // enable aac codec | ||
. escapeshellarg($outputFilename) // output filename | ||
. ' 2>&1'; | ||
} | ||
|
||
_debug("Running: $cmd"); | ||
|
||
$output = array(); | ||
$return = null; | ||
|
||
exec($cmd, $output, $return); | ||
|
||
_debug("Returned: $return, Output: " . print_r($output, true)); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
<?php | ||
|
||
class Xerte_Validate_FileExtension | ||
{ | ||
|
||
protected $messages = array(); | ||
|
||
public static $BLACKLIST = 'php,php5,pl,cgi,exe,vbs,pif,application,gadget,msi,msp,com,scr,hta,htaccess,ini,cpl,msc,jar,bat,cmd,vb,vbe,jsp,jse,ws,wsf,wsc,wsh,ps1,ps1xml,ps2,ps2xml,psc1,psc2,msh,msh1,msh2,mshxml,msh1xml,msh2xml,scf,lnk,inf,reg,docm,dotm,xlsm,xltm,xlam,pptm,potm,ppam,ppsm,sldm'; | ||
|
||
|
||
|
||
public static function canRun() | ||
{ | ||
return function_exists('pathinfo'); | ||
} | ||
|
||
|
||
public function isValid($filename) | ||
{ | ||
$this->messages = array(); | ||
|
||
$blacklist = explode(',', strtolower(self::$BLACKLIST)); | ||
$extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); | ||
_debug($blacklist); | ||
_debug($extension); | ||
|
||
if (empty($extension)) { | ||
_debug("File extension not found for '$filename'."); | ||
$this->messages['NO_EXTENSION'] = "File extension not found."; | ||
return false; | ||
} | ||
|
||
if (in_array($extension, $blacklist)) { | ||
_debug("Invalid file type uploaded - '$extension' matches entry in blacklist"); | ||
$this->messages["INVALID_EXTENSION"] = "Invalid file format - $extension is blacklisted"; | ||
return false; | ||
} | ||
return true; | ||
} | ||
|
||
|
||
public function getMessages() | ||
{ | ||
return $this->messages; | ||
} | ||
|
||
|
||
public function getErrors() | ||
{ | ||
return array_keys($this->messages); | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
<?php | ||
|
||
/** | ||
* Use this to validate the mime type of a file. | ||
*/ | ||
class Xerte_Validate_FileMimeType { | ||
|
||
public static $allowableMimeTypeList = array(); | ||
|
||
protected $messages = array(); | ||
|
||
/** | ||
* we need to know if the PHP env supports this validator. | ||
*/ | ||
public static function canRun() { | ||
return function_exists('mime_content_type'); | ||
} | ||
|
||
/** | ||
* @return boolean true if ok. | ||
* @param string file name. e.g. /etc/passwd, /usr/bin/blah, c:/blah, /tmp/php_upload/blah | ||
*/ | ||
public function isValid($file_name) { | ||
$this->messages = array(); | ||
if(self::canRun()) { | ||
if(file_exists($file_name)) { | ||
$mime_type = mime_content_type($file_name); | ||
if(in_array($mime_type, self::$allowableMimeTypeList)) { | ||
return true; | ||
} | ||
$this->messages['INVALID_MIME_TYPE'] = "$mime_type is not in list of allowable types"; | ||
} | ||
$this->messages['FILE_NOT_FOUND'] = "File not found - $file_name"; | ||
} | ||
else { | ||
$this->messages['UNSUPPORTED'] = "Can't run - function: mime_content_type not found"; | ||
} | ||
return false; | ||
} | ||
|
||
/** | ||
* @return array of error messages (if any). | ||
*/ | ||
public function getMessages() { | ||
return $this->messages; | ||
} | ||
public function getErrors() { | ||
return array_keys($this->messages); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
<?php | ||
|
||
/** | ||
* @see modules/site/engine/upload.php | ||
*/ | ||
|
||
class Xerte_Validate_VirusScanClamAv { | ||
|
||
protected $messages = array(); | ||
// perhaps needs changing on other platforms. | ||
public static $BINARY = '/usr/bin/clamscan'; | ||
|
||
public static function canRun() { | ||
return file_exists(self::$BINARY); | ||
} | ||
|
||
public function isValid($filename) { | ||
$this->messages = array(); | ||
if(file_exists($filename)) { | ||
$command = self::$BINARY . " " . escapeshellarg($filename); | ||
$retval = -1; | ||
exec($command, $output, $retval); | ||
|
||
if($retval == 0) { | ||
return true; | ||
} | ||
else { | ||
error_log("Virus found in file upload? $filename --- From " . __FILE__ . " - ClamAV output: {$retval} / {$output}"); | ||
_debug("Virus found? {$retval} / {$output} (When scanning : $filename)"); | ||
$this->messages[$retval] = "Virus found? $output"; | ||
} | ||
} | ||
else { | ||
$this->messages['FILE_NOT_FOUND'] = "$filename doesn't exist. Cannot scan"; | ||
} | ||
return false; | ||
} | ||
|
||
public function getMessages() { | ||
return $this->messages; | ||
} | ||
|
||
public function getErrors() { | ||
return array_keys($this->messages); | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
<?php | ||
|
||
/** | ||
* Use it to validate xml. | ||
* <code> | ||
* | ||
* $validator = new Xerte_Validate_Xml(); | ||
* if($validator->isValid($string)) { | ||
* // $string is ok. | ||
* } | ||
* | ||
* </code> | ||
* | ||
*/ | ||
class Xerte_Validate_Xml /* implements Zend_Validate_Interface */ { // silent dependency at the moment as we don't have all of ZF1 | ||
|
||
protected $messages = array(); | ||
|
||
|
||
/** | ||
* @return boolean false if it's not valid. | ||
* @param string $string - presumably some XML. | ||
*/ | ||
public function isValid($string) { | ||
$return = false; | ||
$this->messages = array(); | ||
if (extension_loaded('libxml') && extension_loaded('simplexml')) { | ||
libxml_clear_errors(); | ||
$old_setting = libxml_use_internal_errors(true); | ||
$xml = simplexml_load_string($string); | ||
$errors = libxml_get_errors(); | ||
foreach ($errors as $error) { | ||
$this->messages[$error->line] = $error->message; | ||
_debug("XML Error on {$error->line} - {$error->level} - {$error->message}"); | ||
_debug($xml); | ||
} | ||
|
||
if($xml instanceof SimpleXMLElement) { | ||
$return = true; | ||
} | ||
|
||
libxml_use_internal_errors($old_setting); | ||
libxml_clear_errors(); | ||
} else { | ||
_debug("Warning: simplexml extension not found"); | ||
} | ||
|
||
return $return; | ||
} | ||
|
||
/** | ||
* @return array | ||
*/ | ||
public function getMessages() { | ||
return $this->messages; | ||
} | ||
|
||
|
||
/** | ||
* @return array of line numbers where there was a problem, or an empty array. | ||
*/ | ||
public function getErrors() { | ||
return array_keys($this->messages); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.