| 17 | | if ( ! empty($_FILES) AND ! empty($_FILES[$name])) |
| 18 | | $_POST[$name] = $_FILES[$name]; |
| | 20 | if ( ! empty($_FILES[$name])) |
| | 21 | { |
| | 22 | if (empty($_FILES[$name]['tmp_name']) OR is_uploaded_file($_FILES[$name]['tmp_name'])) |
| | 23 | { |
| | 24 | // Cache the upload data in this object |
| | 25 | $this->upload = $_FILES[$name]; |
| | 26 | |
| | 27 | // Hack to allow file-only inputs, where no POST data is present |
| | 28 | $_POST[$name] = $this->upload['name']; |
| | 29 | } |
| | 30 | else |
| | 31 | { |
| | 32 | // Attempt to delete the invalid file |
| | 33 | is_writable($_FILES[$name]['tmp_name']) and unlink($_FILES[$name]['tmp_name']); |
| | 34 | |
| | 35 | // Invalid file upload, possible hacking attempt |
| | 36 | unset($_FILES[$name]); |
| | 37 | } |
| | 38 | } |
| | 39 | } |
| | 40 | |
| | 41 | public function directory($dir = NULL) |
| | 42 | { |
| | 43 | // Use the global upload directory by default |
| | 44 | empty($dir) and $dir = Config::item('upload.upload_directory'); |
| | 45 | |
| | 46 | // Make the path asbolute and normalize it |
| | 47 | $dir = str_replace('\\', '/', realpath($dir)).'/'; |
| | 48 | |
| | 49 | // Make sure the upload director is valid and writable |
| | 50 | if ($dir === '/' OR ! is_dir($dir) OR ! is_writable($dir)) |
| | 51 | throw new Kohana_Exception('forge.upload.unwritable', $dir); |
| | 52 | |
| | 53 | $this->directory = $dir; |
| | 54 | } |
| | 55 | |
| | 56 | public function validate() |
| | 57 | { |
| | 58 | // The upload directory must always be set |
| | 59 | empty($this->directory) and $this->directory(); |
| | 60 | |
| | 61 | if ($status = parent::validate()) |
| | 62 | { |
| | 63 | // No filename means an invalid upload |
| | 64 | $filename = ''; |
| | 65 | |
| | 66 | if ($this->upload['error'] === UPLOAD_ERR_OK) |
| | 67 | { |
| | 68 | // Set the filename to the original name |
| | 69 | $filename = $this->upload['name']; |
| | 70 | |
| | 71 | if (Config::item('upload.remove_spaces')) |
| | 72 | { |
| | 73 | // Remove spaces, due to global upload configuration |
| | 74 | $filename = preg_replace('/\s+/', '_', $this->data['value']); |
| | 75 | } |
| | 76 | |
| | 77 | // Move the uploaded file to the upload directory |
| | 78 | move_uploaded_file($this->upload['tmp_name'], $filename = $this->directory.$filename); |
| | 79 | } |
| | 80 | |
| | 81 | // Reset the POST value to the new filename |
| | 82 | $this->data['value'] = $_POST[$this->data['name']] = $filename; |
| | 83 | } |
| | 84 | |
| | 85 | return $status; |
| | 86 | } |
| | 87 | |
| | 88 | protected function rule_required() |
| | 89 | { |
| | 90 | if (empty($this->upload) OR $this->upload['error'] === UPLOAD_ERR_NO_FILE) |
| | 91 | { |
| | 92 | $this->errors['required'] = TRUE; |
| | 93 | } |
| 25 | | return TRUE; |
| | 101 | if (defined('FILEINFO_MIME')) |
| | 102 | { |
| | 103 | $info = new finfo(FILEINFO_MIME); |
| | 104 | |
| | 105 | // Get the mime type using Fileinfo |
| | 106 | $mime = $info->file($this->upload['tmp_name']); |
| | 107 | |
| | 108 | $info->close(); |
| | 109 | } |
| | 110 | elseif (ini_get('magic.mime') AND function_exists('mime_content_type')) |
| | 111 | { |
| | 112 | // Get the mime type using magic.mime |
| | 113 | $mime = mime_content_type($this->upload['tmp_name']); |
| | 114 | } |
| | 115 | else |
| | 116 | { |
| | 117 | // Trust the browser |
| | 118 | $mime = $this->upload['type']; |
| | 119 | } |
| | 120 | |
| | 121 | // Allow nothing by default |
| | 122 | $allow = FALSE; |
| | 123 | |
| | 124 | foreach (func_get_args() as $type) |
| | 125 | { |
| | 126 | if (in_array($mime, Config::item('mimes.'.$type))) |
| | 127 | { |
| | 128 | // Type is valid |
| | 129 | $allow = TRUE; |
| | 130 | break; |
| | 131 | } |
| | 132 | } |
| | 133 | |
| | 134 | if ($allow === FALSE) |
| | 135 | { |
| | 136 | $this->errors['allow'] = TRUE; |
| | 137 | } |
