API CHANGErefactored upload functionality from File into newly created Upload class

API CHANGE deprecated some File functions and attributes
API CHANGE moved management function from File to Filesystem and added permission checks: sync(), loadContent(), fixfiles(), moverootfilesto()
API CHANGE deprecated use of File->loadUploaded()
ENHANCEMENT added filesize and extension validation to AssetAdmin and FileField
FEATURE added tests for Upload class

Merged revisions 47617 via svnmerge from 
svn://svn.silverstripe.com/silverstripe/modules/cms/branches/2.2.0-mesq

........
  r47617 | ischommer | 2008-01-04 19:20:29 +1300 (Fri, 04 Jan 2008) | 5 lines

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@52205 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2008-04-06 08:20:13 +00:00
parent ea1b6cd66e
commit 533aec3815

View File

@ -1,18 +1,26 @@
<?php
/**
* @package cms
* @subpackage assets
*/
/**
* AssetAdmin is the 'file store' section of the CMS.
* It provides an interface for maniupating the File and Folder objects in the system.
*
* @package cms
* @subpackage assets
*/
class AssetAdmin extends LeftAndMain {
static $tree_class = "File";
public static $tree_class = "File";
/**
* @see {Upload->allowedMaxFileSize}
* @var int
*/
public static $allowed_max_file_size;
/**
* @see {Upload->allowedExtensions}
* @var array
*/
public static $allowed_extensions = array();
static $allowed_actions = array(
'addfolder',
@ -88,7 +96,7 @@ class AssetAdmin extends LeftAndMain {
function index() {
File::sync();
Filesystem::sync();
return array();
}
@ -165,50 +173,42 @@ class AssetAdmin extends LeftAndMain {
$fileSizeWarnings = '';
$uploadErrors = '';
foreach($processedFiles as $file) {
if($file['error'] == UPLOAD_ERR_NO_TMP_DIR) {
foreach($processedFiles as $tmpFile) {
if($tmpFile['error'] == UPLOAD_ERR_NO_TMP_DIR) {
$status = 'bad';
$statusMessage = _t('AssetAdmin.NOTEMP', 'There is no temporary folder for uploads. Please set upload_tmp_dir in php.ini.');
break;
}
if($file['tmp_name']) {
if($tmpFile['tmp_name']) {
// Workaround open_basedir problems
if(ini_get("open_basedir")) {
$newtmp = TEMP_FOLDER . '/' . $file['name'];
move_uploaded_file($file['tmp_name'], $newtmp);
$file['tmp_name'] = $newtmp;
$newtmp = TEMP_FOLDER . '/' . $tmpFile['name'];
move_uploaded_file($tmpFile['tmp_name'], $newtmp);
$tmpFile['tmp_name'] = $newtmp;
}
// check that the file can be uploaded and isn't too large
$extensionIndex = strripos( $file['name'], '.' );
$extension = strtolower( substr( $file['name'], $extensionIndex + 1 ) );
if( $extensionIndex !== FALSE )
list( $maxSize, $warnSize ) = File::getMaxFileSize( $extension );
else
list( $maxSize, $warnSize ) = File::getMaxFileSize();
// check that the file is not too large or that the current user is an administrator
if( $this->can('AdminCMS') || ( File::allowedFileType( $extension ) && (!isset($maxsize) || $file['size'] < $maxSize)))
$newFiles[] = $folder->addUploadToFolder($file);
elseif( !File::allowedFileType( $extension ) ) {
$fileSizeWarnings .= "alert( '". sprintf(_t('AssetAdmin.ONLYADMINS','Only administrators can upload %s files.'),$extension)."' );";
// validate files (only if not logged in as admin)
if(Permission::check('ADMIN')) {
$valid = true;
} else {
if( $file['size'] > 1048576 )
$fileSize = "" . ceil( $file['size'] / 1048576 ) . "MB";
elseif( $file['size'] > 1024 )
$fileSize = "" . ceil( $file['size'] / 1024 ) . "KB";
else
$fileSize = "" . ceil( $file['size'] ) . "B";
$fileSizeWarnings .= "alert( '". sprintf(_t('AssetAdmin.TOOLARGE', "%s is too large (%s). Files of this type cannot be larger than %s"),"\\'" . $file['name'] . "\\'", $fileSize, $warnSize ) ."' );";
$upload = new Upload();
$upload->setAllowedExtensions(self::$allowed_extensions);
$upload->setAllowedMaxFileSize(self::$allowed_max_file_size);
$valid = $upload->validate($tmpFile);
if(!$valid) {
$errors = $upload->getErrors();
if($errors) foreach($errors as $error) {
$jsErrors .= "alert('" . Convert::raw2js($error) . "');";
}
}
}
// move file to given folder
if($valid) $newFiles[] = $folder->addUploadToFolder($tmpFile);
}
}
if($newFiles) {
$numFiles = sizeof($newFiles);
$statusMessage = sprintf(_t('AssetAdmin.UPLOADEDX',"Uploaded %s files"),$numFiles) ;
@ -238,7 +238,7 @@ class AssetAdmin extends LeftAndMain {
var form = parent.document.getElementById('Form_EditForm');
form.getPageFromServer(form.elements.ID.value);
parent.statusMessage("{$statusMessage}","{$status}");
$fileSizeWarnings
$jsErrors
parent.document.getElementById('sitetree').getTreeNodeByIdx( "{$folder->ID}" ).getElementsByTagName('a')[0].className += ' contents';
</script>
HTML;