| blob | 1e46bf0e204a856bc1211eabeba5cdc0d30b9ab1 |
1 <?php
3 /**
4 * uploadlib.php - This class handles all aspects of fileuploading
5 *
6 * @author Penny Leach
7 * @version 1.5
8 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
9 * @package moodlecore
10 */
13 /**
14 * This class handles all aspects of fileuploading
15 */
18 /**
19 * Array to hold local copies of stuff in $_FILES
20 * @var array $files
21 */
23 /**
24 * Holds all configuration stuff
25 * @var array $config
26 */
28 /**
29 * Keep track of if we're ok
30 * (errors for each file are kept in $files['whatever']['uploadlog']
31 * @var boolean $status
32 */
34 /**
35 * If we're only getting one file.
36 * (for logging and virus notifications)
37 * @var string $inputname
38 */
40 /**
41 * If we're given silent=true in the constructor, this gets built
42 * up to hold info about the process.
43 * @var string $notify
44 */
47 /**
48 * Constructor, sets up configuration stuff so we know how to act.
49 *
50 * Note: destination not taken as parameter as some modules want to use the insertid in the path and we need to check the other stuff first.
51 *
52 * @uses $CFG
53 * @param string $inputname If this is given the upload manager will only process the file in $_FILES with this name.
54 * @param boolean $deleteothers Whether to delete other files in the destination directory (optional, defaults to false)
55 * @param boolean $handlecollisions Whether to use {@link handle_filename_collision()} or not. (optional, defaults to false)
56 * @param boolean $recoverifmultiple If we come across a virus, or if a file doesn't validate or whatever, do we continue? optional, defaults to true.
57 * @param int $maxbytes max bytes for this file {@link get_max_upload_file_size()}.
58 * @param boolean $silent Whether to notify errors or not.
59 * @param boolean $allownull Whether we care if there's no file when we've set the input name.
60 * @param boolean $allownullmultiple Whether we care if there's no files AT ALL when we've got multiples. This won't complain if we have file 1 and file 3 but not file 2, only for NO FILES AT ALL.
61 */
62 function upload_manager($inputname='', $deleteothers=false, $handlecollisions=false, $recoverifmultiple=false, $maxbytes=0, $silent=false, $allownull=false, $allownullmultiple=true) {
77 }
78 }
80 /**
81 * Gets all entries out of $_FILES and stores them locally in $files and then
82 * checks each one against {@link get_max_upload_file_size()} and calls {@link cleanfilename()}
83 * and scans them for viruses etc.
84 * @uses $CFG
85 * @uses $_FILES
86 * @return boolean
87 */
92 $this->status = true; // only set it to true here so that we can check if this function has been called.
93 if (empty($this->inputname) || $name == $this->inputname) { // if we have input name, only process if it matches.
97 $this->status = $this->validate_file($this->files[$name]); // default to only allowing empty on multiple uploads.
98 if (!$this->status && ($this->files[$name]['error'] == 0 || $this->files[$name]['error'] == 4) && ($this->config->allownull || empty($this->inputname))) {
99 // this shouldn't cause everything to stop.. modules should be responsible for knowing which if any are compulsory.
101 }
104 }
109 $msg = sprintf(__gettext('Your file upload has failed because there was a problem with one of the files, %s.<br /> Here is a log of the problems:<br />%s<br />Not recovering.'), $a->name, $a->problem);
112 }
115 }
125 }
128 }
129 }
135 $this->files[$name]['uploadlog'] .= sprintf(__gettext('File was renamed from %s to %s because of invalid characters.'), $a->oldname, $a->newname);
136 }
139 }
140 }
141 }
144 }
146 return true; // if we've got this far it means that we're recovering so we want status to be ok.
147 }
149 /**
150 * Validates a single file entry from _FILES
151 *
152 * @param object $file The entry from _FILES to validate
153 * @return boolean True if ok.
154 */
158 }
162 }
164 $file['uploadlog'] .= "\n". sprintf(__gettext('Sorry, but that file is too big (limit is %s)'), display_size($this->config->maxbytes));
166 }
168 }
170 /**
171 * Moves all the files to the destination directory.
172 *
173 * @uses $CFG
174 * @uses $USER
175 * @param string $destination The destination directory.
176 * @return boolean status;
177 */
184 }
187 // take it out for giving to make_upload_directory
189 }
191 if ($destination{$textlib->strlen($destination)-1} == '/') { // strip off a trailing / if we have one
193 }
195 if (!make_upload_directory($destination, true)) { //TODO maybe put this function here instead of moodlelib.php now.
198 }
207 // not ok to save
209 }
213 }
214 if (move_uploaded_file($this->files[$i]['tmp_name'], $destination.'/'.$this->files[$i]['name'])) {
220 // now add it to the log (this is important so we know who to notify if a virus is found later on)
223 }
224 }
227 }
228 }
231 if ((empty($this->config->allownull) && !empty($this->inputname)) || (empty($this->inputname) && empty($this->config->allownullmultiple))) {
233 }
235 }
237 }
239 /**
240 * Wrapper function that calls {@link preprocess_files()} and {@link viruscheck_files()} and then {@link save_files()}
241 * Modules that require the insert id in the filepath should not use this and call these functions seperately in the required order.
242 * @parameter string $destination Where to save the uploaded files to.
243 * @return boolean
244 */
248 }
250 }
252 /**
253 * Deletes all the files in a given directory except for the files in $exceptions (full paths)
254 *
255 * @param string $destination The directory to clean up.
256 * @param array $exceptions Full paths of files to KEEP.
257 */
264 }
265 }
266 }
271 }
274 }
275 }
276 }
278 /**
279 * Handles filename collisions - if the desired filename exists it will rename it according to the pattern in $format
280 * @param string $destination Destination directory (to check existing files against)
281 * @param object $file Passed in by reference. The current file from $files we're processing.
282 * @param string $format The printf style format to rename the file to (defaults to filename_number.extn)
283 * @return string The new filename.
284 * @todo verify return type - this function does not appear to return anything since $file is passed in by reference
285 */
288 // check for collisions and append a nice numberydoo.
296 }
297 }
299 $file['uploadlog'] .= "\n". sprintf(__gettext('File was renamed from %s to %s because there was a filename conflict.'), $a->oldname, $a->newname);
300 }
301 }
303 /**
304 * This function checks a potential filename against what's on the filesystem already and what's been saved already.
305 * @param string $destination Destination directory (to check existing files against)
306 * @param string $nametocheck The filename to be compared.
307 * @param object $file The current file from $files we're processing.
308 * return boolean
309 */
313 }
316 // if we're deleting files anyway, it's not THIS file and we care about it and it has the same name and has already been saved..
317 if ($file['tmp_name'] != $tocheck['tmp_name'] && $tocheck['clear'] && $nametocheck == $tocheck['name'] && $tocheck['saved']) {
319 }
320 }
323 }
324 }
326 }
328 /**
329 * ?
330 *
331 * @param object $file Passed in by reference. The current file from $files we're processing.
332 * @return string
333 * @todo Finish documenting this function
334 */
340 $errmessage = sprintf(__gettext('An unknown problem occurred while uploading the file \'%s\' (perhaps it was too large?)'), $file['name']);
342 $errmessage = __gettext('No file was found - are you sure you selected one to upload?'); /// probably a dud file name
343 }
363 $errmessage = sprintf(__gettext('An unknown problem occurred while uploading the file \'%s\' (perhaps it was too large?)'), $file['name']);
364 }
366 }
368 /**
369 * prints a log of everything that happened (of interest) to each file in _FILES
370 * @param $return - optional, defaults to false (log is echoed)
371 */
374 if (count($this->files) > 1 && !empty($skipemptyifmultiple) && $this->files[$key]['error'] == 4) {
376 }
378 .((!empty($this->files[$key]['originalname'])) ? '('.$this->files[$key]['originalname'].')' : '')
380 }
383 }
385 }
387 /**
388 * If we're only handling one file (if inputname was given in the constructor) this will return the (possibly changed) filename of the file.
389 @return boolean
390 */
394 }
396 }
398 /**
399 * If we're only handling one file (if input name was given in the constructor) this will return the full path to the saved file.
400 * @return boolean
401 */
405 }
407 }
409 /**
410 * If we're only handling one file (if inputname was given in the constructor) this will return the ORIGINAL filename of the file.
411 * @return boolean
412 */
416 }
418 }
420 /**
421 * If we're only handling on file (if inputname was given in the constructor) this will return the size of the file.
422 */
426 }
427 }
430 /**
431 * This function returns any errors wrapped up in red.
432 * @return string
433 */
436 }
437 }
439 /**************************************************************************************
440 THESE FUNCTIONS ARE OUTSIDE THE CLASS BECAUSE THEY NEED TO BE CALLED FROM OTHER PLACES.
441 FOR EXAMPLE CLAM_HANDLE_INFECTED_FILE AND CLAM_REPLACE_INFECTED_FILE USED FROM CRON
442 UPLOAD_PRINT_FORM_FRAGMENT DOESN'T REALLY BELONG IN THE CLASS BUT CERTAINLY IN THIS FILE
443 ***************************************************************************************/
446 /**
447 * This function prints out a number of upload form elements.
448 *
449 * @param int $numfiles The number of elements required (optional, defaults to 1)
450 * @param array $names Array of element names to use (optional, defaults to FILE_n)
451 * @param array $descriptions Array of strings to be printed out before each file bit.
452 * @param boolean $uselabels -Whether to output text fields for file descriptions or not (optional, defaults to false)
453 * @param array $labelnames Array of element names to use for labels (optional, defaults to LABEL_n)
454 * @param int $maxbytes used to calculate upload max size ( using {@link get_max_upload_file_size})
455 * @param boolean $return -Whether to return the string (defaults to false - string is echoed)
456 * @return string Form returned as string if $return is true
457 */
458 function upload_print_form_fragment($numfiles=1, $names=null, $descriptions=null, $uselabels=false, $labelnames=null, $maxbytes=0, $return=false) {
465 }
472 }
473 }
476 }
479 }
480 }
483 /**
484 * Deals with an infected file - either moves it to a quarantinedir
485 * (specified in CFG->quarantinedir) or deletes it.
486 *
487 * If moving it fails, it deletes it.
488 *
489 *@uses $CFG
490 * @uses $USER
491 * @param string $file Full path to the file
492 * @param int $userid If not used, defaults to $USER->id (there in case called from cron)
493 * @param boolean $basiconly Admin level reporting or user level reporting.
494 * @return string Details of what the function did.
495 */
501 }
503 if (file_exists($CFG->quarantinedir) && is_dir($CFG->quarantinedir) && is_writable($CFG->quarantinedir)) {
507 clam_log_infected($file, $CFG->quarantinedir.'/'. $now .'-user-'. $userid .'-infected', $userid);
510 }
512 $notice .= "\n". sprintf(__gettext('The file has been moved to your specified quarantine directory, the new location is %s'), $CFG->quarantinedir.'/'. $now .'-user-'. $userid .'-infected');
513 }
514 }
518 }
520 $notice .= "\n". sprintf(__gettext('Could not move the file into your specified quarantine directory, %s. You need to fix this as files are being deleted if they\'re found to be infected.'), $CFG->quarantinedir);
521 }
522 }
523 }
527 }
529 $notice .= "\n". sprintf(__gettext('Could not move the file into your specified quarantine directory, %s. You need to fix this as files are being deleted if they\'re found to be infected.'), $CFG->quarantinedir);
530 }
531 }
536 }
539 // still tell the user the file has been deleted. this is only for admins.
541 }
544 }
545 }
546 }
548 }
550 /**
551 * Replaces the given file with a string.
552 *
553 * The replacement string is used to notify that the original file had a virus
554 * This is to avoid missing files but could result in the wrong content-type.
555 * @param string $file Full path to the file.
556 * @return boolean
557 */
559 $newcontents = __gettext('This file that has been uploaded was found to contain a virus and has been moved or delted and the user notified.');
562 }
565 }
567 }
570 /**
571 * If $CFG->runclamonupload is set, we scan a given file. (called from {@link preprocess_files()})
572 *
573 * This function will add on a uploadlog index in $file.
574 * @param mixed $file The file to scan from $files. or an absolute path to a file.
575 * @return int 1 if good, 0 if something goes wrong (opposite from actual error code from clam)
576 */
583 }
586 }
589 }
595 $notice = sprintf(__gettext('Elgg is configured to run clam on file upload, but the path supplied to Clam AV, %s, is invalid.'), $CFG->pathtoclam);
597 $notice .= "\n". __gettext('In addition, Elgg is configured so that if clam fails to run, files are treated like viruses. This essentially means that no student can upload a file successfully until you fix this.');
600 }
603 $file['uploadlog'] .= "\n". __gettext('Your administrator has enabled virus checking for file uploads but has misconfigured something.<br />Your file upload was NOT successful. Your administrator has been emailed to notify them so they can fix it.<br />Maybe try uploading this file later.');
605 }
607 }
611 // before we do anything we need to change perms so that clamscan can read the file (clamdscan won't work otherwise)
618 return 1; // translate clam return code into reasonable return code consistent with everything else.
621 $notice = sprintf(__gettext('Attention administrator! Clam AV has found a virus in a file uploaded by %s. Here is the output of clamscan:'), $info->user);
627 $file['uploadlog'] .= "\n". sprintf(__gettext('The file you have uploaded, %s, has been scanned by a virus checker and found to be infected! Your file upload was NOT successful.'), $info->filename);
629 }
632 // error - clam failed to run or something went wrong
633 $notice .= sprintf(__gettext('Clam AV has failed to run. The return error message was %s. Here is the output from Clam:'), get_clam_error_code($return));
639 }
642 $file['uploadlog'] .= "\n". __gettext('Your administrator has enabled virus checking for file uploads but has misconfigured something.<br />Your file upload was NOT successful. Your administrator has been emailed to notify them so they can fix it.<br />Maybe try uploading this file later.');
644 }
646 }
647 }
649 /**
650 * Emails admins about a clam outcome
651 *
652 * @param string $notice The body of the email to be sent.
653 */
663 /*
664 $admins = get_admins();
665 foreach ($admins as $admin) {
666 email_to_user($admin, get_admin(), $subject, $notice);
667 }
668 */
669 }
672 /**
673 * Returns the string equivalent of a numeric clam error code
674 *
675 * @param int $returncode The numeric error code in question.
676 * return string The definition of the error code
677 */
683 // all after here are specific to clamscan
694 $returncodes[60] = 'Can\'t get information about user \'clamav\' (default name) from /etc/passwd.';
704 }
706 /**
707 * Adds a file upload to the log table so that clam can resolve the filename to the user later if necessary
708 *
709 * @uses $CFG
710 * @uses $USER
711 * @param string $newfilepath ?
712 * @param boolean $nourl ?
713 * @todo Finish documenting this function
714 */
717 // get rid of any double // that might have appeared
721 }
723 //TODO fixme no course (Penny)
724 // add_to_log($courseid, 'upload', 'upload', ((!$nourl) ? substr($_SERVER['HTTP_REFERER'], 0, 100) : ''), $newfilepath);
725 }
727 /**
728 * This function logs to error_log and to the log table that an infected file has been found and what's happened to it.
729 *
730 * @param string $oldfilepath Full path to the infected file before it was moved.
731 * @param string $newfilepath Full path to the infected file since it was moved to the quarantine directory (if the file was deleted, leave empty).
732 * @param int $userid The user id of the user who uploaded the file.
733 */
736 // add_to_log(0, 'upload', 'infected', $_SERVER['HTTP_REFERER'], $oldfilepath, 0, $userid);//TODO fixme (Penny)
744 . ((empty($newfilepath)) ? '. The file has been deleted ' : '. The file has been moved to a quarantine directory and the new path is '. $newfilepath);
747 }
750 /**
751 * Create a directory.
752 *
753 * @uses $CFG
754 * @param string $directory a string of directory names under $CFG->dataroot eg stuff/assignment/1
755 * param boolean $shownotices If true then notification messages will be printed out on error.
756 * @return string|false Returns full path to directory if successful, false if not
757 */
770 }
772 }
776 }
777 }
787 }
789 }
790 //@chmod($currdir, $CFG->directorypermissions); // Just in case mkdir didn't do it
791 }
792 }
795 }
799 ?>