API CHANGErefactored upload functionality from File into newly created Upload class

API CHANGE deprecated some File functions and attributes
API CHANGE moved management function from File to Filesystem and added permission checks: sync(), loadContent(), fixfiles(), moverootfilesto()
API CHANGE deprecated use of File->loadUploaded()
ENHANCEMENT added filesize and extension validation to AssetAdmin and FileField
FEATURE added tests for Upload class

Merged revisions 47617 via svnmerge from 
svn://svn.silverstripe.com/silverstripe/modules/cms/branches/2.2.0-mesq

........
  r47617 | ischommer | 2008-01-04 19:20:29 +1300 (Fri, 04 Jan 2008) | 5 lines

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@52205 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2008-04-06 08:20:13 +00:00
parent ea1b6cd66e
commit 533aec3815

View File

@ -1,18 +1,26 @@
<?php <?php
/**
* @package cms
* @subpackage assets
*/
/** /**
* AssetAdmin is the 'file store' section of the CMS. * AssetAdmin is the 'file store' section of the CMS.
* It provides an interface for maniupating the File and Folder objects in the system. * It provides an interface for maniupating the File and Folder objects in the system.
*
* @package cms * @package cms
* @subpackage assets * @subpackage assets
*/ */
class AssetAdmin extends LeftAndMain { class AssetAdmin extends LeftAndMain {
static $tree_class = "File";
public static $tree_class = "File";
/**
* @see {Upload->allowedMaxFileSize}
* @var int
*/
public static $allowed_max_file_size;
/**
* @see {Upload->allowedExtensions}
* @var array
*/
public static $allowed_extensions = array();
static $allowed_actions = array( static $allowed_actions = array(
'addfolder', 'addfolder',
@ -29,7 +37,7 @@ class AssetAdmin extends LeftAndMain {
'uploadiframe', 'uploadiframe',
); );
public function Link($action=null) { public function Link($action = null) {
if(!$action) $action = "index"; if(!$action) $action = "index";
return "admin/assets/$action/" . $this->currentPageID(); return "admin/assets/$action/" . $this->currentPageID();
} }
@ -88,7 +96,7 @@ class AssetAdmin extends LeftAndMain {
function index() { function index() {
File::sync(); Filesystem::sync();
return array(); return array();
} }
@ -165,50 +173,42 @@ class AssetAdmin extends LeftAndMain {
$fileSizeWarnings = ''; $fileSizeWarnings = '';
$uploadErrors = ''; $uploadErrors = '';
foreach($processedFiles as $file) { foreach($processedFiles as $tmpFile) {
if($file['error'] == UPLOAD_ERR_NO_TMP_DIR) { if($tmpFile['error'] == UPLOAD_ERR_NO_TMP_DIR) {
$status = 'bad'; $status = 'bad';
$statusMessage = _t('AssetAdmin.NOTEMP', 'There is no temporary folder for uploads. Please set upload_tmp_dir in php.ini.'); $statusMessage = _t('AssetAdmin.NOTEMP', 'There is no temporary folder for uploads. Please set upload_tmp_dir in php.ini.');
break; break;
} }
if($file['tmp_name']) { if($tmpFile['tmp_name']) {
// Workaround open_basedir problems // Workaround open_basedir problems
if(ini_get("open_basedir")) { if(ini_get("open_basedir")) {
$newtmp = TEMP_FOLDER . '/' . $file['name']; $newtmp = TEMP_FOLDER . '/' . $tmpFile['name'];
move_uploaded_file($file['tmp_name'], $newtmp); move_uploaded_file($tmpFile['tmp_name'], $newtmp);
$file['tmp_name'] = $newtmp; $tmpFile['tmp_name'] = $newtmp;
} }
// check that the file can be uploaded and isn't too large // validate files (only if not logged in as admin)
if(Permission::check('ADMIN')) {
$extensionIndex = strripos( $file['name'], '.' ); $valid = true;
$extension = strtolower( substr( $file['name'], $extensionIndex + 1 ) );
if( $extensionIndex !== FALSE )
list( $maxSize, $warnSize ) = File::getMaxFileSize( $extension );
else
list( $maxSize, $warnSize ) = File::getMaxFileSize();
// check that the file is not too large or that the current user is an administrator
if( $this->can('AdminCMS') || ( File::allowedFileType( $extension ) && (!isset($maxsize) || $file['size'] < $maxSize)))
$newFiles[] = $folder->addUploadToFolder($file);
elseif( !File::allowedFileType( $extension ) ) {
$fileSizeWarnings .= "alert( '". sprintf(_t('AssetAdmin.ONLYADMINS','Only administrators can upload %s files.'),$extension)."' );";
} else { } else {
if( $file['size'] > 1048576 ) $upload = new Upload();
$fileSize = "" . ceil( $file['size'] / 1048576 ) . "MB"; $upload->setAllowedExtensions(self::$allowed_extensions);
elseif( $file['size'] > 1024 ) $upload->setAllowedMaxFileSize(self::$allowed_max_file_size);
$fileSize = "" . ceil( $file['size'] / 1024 ) . "KB"; $valid = $upload->validate($tmpFile);
else if(!$valid) {
$fileSize = "" . ceil( $file['size'] ) . "B"; $errors = $upload->getErrors();
if($errors) foreach($errors as $error) {
$jsErrors .= "alert('" . Convert::raw2js($error) . "');";
$fileSizeWarnings .= "alert( '". sprintf(_t('AssetAdmin.TOOLARGE', "%s is too large (%s). Files of this type cannot be larger than %s"),"\\'" . $file['name'] . "\\'", $fileSize, $warnSize ) ."' );";
} }
} }
} }
// move file to given folder
if($valid) $newFiles[] = $folder->addUploadToFolder($tmpFile);
}
}
if($newFiles) { if($newFiles) {
$numFiles = sizeof($newFiles); $numFiles = sizeof($newFiles);
$statusMessage = sprintf(_t('AssetAdmin.UPLOADEDX',"Uploaded %s files"),$numFiles) ; $statusMessage = sprintf(_t('AssetAdmin.UPLOADEDX',"Uploaded %s files"),$numFiles) ;
@ -238,7 +238,7 @@ class AssetAdmin extends LeftAndMain {
var form = parent.document.getElementById('Form_EditForm'); var form = parent.document.getElementById('Form_EditForm');
form.getPageFromServer(form.elements.ID.value); form.getPageFromServer(form.elements.ID.value);
parent.statusMessage("{$statusMessage}","{$status}"); parent.statusMessage("{$statusMessage}","{$status}");
$fileSizeWarnings $jsErrors
parent.document.getElementById('sitetree').getTreeNodeByIdx( "{$folder->ID}" ).getElementsByTagName('a')[0].className += ' contents'; parent.document.getElementById('sitetree').getTreeNodeByIdx( "{$folder->ID}" ).getElementsByTagName('a')[0].className += ' contents';
</script> </script>
HTML; HTML;