From 533aec38153dd95ecaac9894e3266f4090487e30 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Sun, 6 Apr 2008 08:20:13 +0000
Subject: [PATCH] API CHANGErefactored upload functionality from File into
 newly created Upload class API CHANGE deprecated some File functions and
 attributes API CHANGE moved management function from File to Filesystem and
 added permission checks: sync(), loadContent(), fixfiles(), moverootfilesto()
 API CHANGE deprecated use of File->loadUploaded() ENHANCEMENT added filesize
 and extension validation to AssetAdmin and FileField FEATURE added tests for
 Upload class

Merged revisions 47617 via svnmerge from
svn://svn.silverstripe.com/silverstripe/modules/cms/branches/2.2.0-mesq

........
  r47617 | ischommer | 2008-01-04 19:20:29 +1300 (Fri, 04 Jan 2008) | 5 lines

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@52205 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 code/AssetAdmin.php | 80 ++++++++++++++++++++++-----------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/code/AssetAdmin.php b/code/AssetAdmin.php
index 1ec4bada..25df3daf 100755
--- a/code/AssetAdmin.php
+++ b/code/AssetAdmin.php
@@ -1,18 +1,26 @@
 <?php
-
-/**
- * @package cms
- * @subpackage assets
- */
-
 /**
  * AssetAdmin is the 'file store' section of the CMS.
  * It provides an interface for maniupating the File and Folder objects in the system.
+ * 
  * @package cms
  * @subpackage assets
  */
 class AssetAdmin extends LeftAndMain {
-	static $tree_class = "File";
+
+	public static $tree_class = "File";
+	
+	/**
+	 * @see {Upload->allowedMaxFileSize}
+	 * @var int
+	 */
+	public static $allowed_max_file_size;
+	
+	/**
+	 * @see {Upload->allowedExtensions}
+	 * @var array
+	 */
+	public static $allowed_extensions = array();
 	
 	static $allowed_actions = array(
 		'addfolder',
@@ -29,7 +37,7 @@ class AssetAdmin extends LeftAndMain {
 		'uploadiframe',
 	);
 
-	public function Link($action=null) {
+	public function Link($action = null) {
 		if(!$action) $action = "index";
 		return "admin/assets/$action/" . $this->currentPageID();
 	}
@@ -88,7 +96,7 @@ class AssetAdmin extends LeftAndMain {
 	
 
 	function index() {
-		File::sync();
+		Filesystem::sync();
 		return array();		
 	}
 
@@ -165,47 +173,39 @@ class AssetAdmin extends LeftAndMain {
 		$fileSizeWarnings = '';
 		$uploadErrors = '';
 		
-		foreach($processedFiles as $file) {
-			if($file['error'] == UPLOAD_ERR_NO_TMP_DIR) {
+		foreach($processedFiles as $tmpFile) {
+			if($tmpFile['error'] == UPLOAD_ERR_NO_TMP_DIR) {
 				$status = 'bad';
 				$statusMessage = _t('AssetAdmin.NOTEMP', 'There is no temporary folder for uploads. Please set upload_tmp_dir in php.ini.');
 				break;
 			}
 		
-			if($file['tmp_name']) {
+			if($tmpFile['tmp_name']) {
 				// Workaround open_basedir problems
 				if(ini_get("open_basedir")) {
-					$newtmp = TEMP_FOLDER . '/' . $file['name'];
-					move_uploaded_file($file['tmp_name'], $newtmp);
-					$file['tmp_name'] = $newtmp;
+					$newtmp = TEMP_FOLDER . '/' . $tmpFile['name'];
+					move_uploaded_file($tmpFile['tmp_name'], $newtmp);
+					$tmpFile['tmp_name'] = $newtmp;
 				}
-			
-				// check that the file can be uploaded and isn't too large
 				
-				$extensionIndex = strripos( $file['name'], '.' );
-				$extension = strtolower( substr( $file['name'], $extensionIndex + 1 ) );
-				
-				if( $extensionIndex !== FALSE )
-					list( $maxSize, $warnSize ) = File::getMaxFileSize( $extension );
-				else
-					list( $maxSize, $warnSize ) = File::getMaxFileSize();
-				
-				// check that the file is not too large or that the current user is an administrator
-				if( $this->can('AdminCMS') || ( File::allowedFileType( $extension ) && (!isset($maxsize) || $file['size'] < $maxSize)))
-					$newFiles[] = $folder->addUploadToFolder($file);
-				elseif( !File::allowedFileType( $extension ) ) {
-					$fileSizeWarnings .= "alert( '". sprintf(_t('AssetAdmin.ONLYADMINS','Only administrators can upload %s files.'),$extension)."' );";
+				// validate files (only if not logged in as admin)
+				if(Permission::check('ADMIN')) {
+					$valid = true;
 				} else {
-					if( $file['size'] > 1048576 )
-						$fileSize = "" . ceil( $file['size'] / 1048576 ) . "MB";
-					elseif( $file['size'] > 1024 )
-						$fileSize = "" . ceil( $file['size'] / 1024 ) . "KB";
-					else
-						$fileSize = "" . ceil( $file['size'] ) . "B";
-											
-								
-					$fileSizeWarnings .= "alert( '". sprintf(_t('AssetAdmin.TOOLARGE', "%s is too large (%s). Files of this type cannot be larger than %s"),"\\'" . $file['name'] . "\\'", $fileSize, $warnSize ) ."' );";
+					$upload = new Upload();
+					$upload->setAllowedExtensions(self::$allowed_extensions);
+					$upload->setAllowedMaxFileSize(self::$allowed_max_file_size);
+					$valid = $upload->validate($tmpFile);
+					if(!$valid) {
+						$errors = $upload->getErrors();
+						if($errors) foreach($errors as $error) {
+							$jsErrors .= "alert('" . Convert::raw2js($error) . "');";
+						}
+					}
 				}
+				
+				// move file to given folder
+				if($valid) $newFiles[] = $folder->addUploadToFolder($tmpFile);
 			}
 		}
 		
@@ -238,7 +238,7 @@ class AssetAdmin extends LeftAndMain {
 			var form = parent.document.getElementById('Form_EditForm');
 			form.getPageFromServer(form.elements.ID.value);
 			parent.statusMessage("{$statusMessage}","{$status}");
-			$fileSizeWarnings
+			$jsErrors
 			parent.document.getElementById('sitetree').getTreeNodeByIdx( "{$folder->ID}" ).getElementsByTagName('a')[0].className += ' contents';
 			</script>
 HTML;