From 57a35096a6bfe1b972369b21ab11f83381cec70b Mon Sep 17 00:00:00 2001 From: Christoph Haas Date: Wed, 30 Nov 2016 11:07:26 +0100 Subject: [PATCH] Fixed PHP warnings in upload.php --- .idea/workspace.xml | 222 ++++++++++++++------------------------------ php/helper.php | 63 +++++++++++++ php/upload.php | 54 ++++------- 3 files changed, 153 insertions(+), 186 deletions(-) create mode 100644 php/helper.php diff --git a/.idea/workspace.xml b/.idea/workspace.xml index f000ac4..e8fa7f4 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -2,30 +2,8 @@ - + - - - - - - - - - - - - - - - - - - - - - - @@ -47,22 +25,14 @@ - - + + - - - - - - - - - - - - - + + + + + @@ -70,51 +40,29 @@ - - + + - - - - + + - - - - - - - - - - - - + + - + - - - - - - - - - - @@ -136,7 +84,6 @@ @@ -248,42 +198,6 @@ \ No newline at end of file diff --git a/php/helper.php b/php/helper.php new file mode 100644 index 0000000..1ffae2f --- /dev/null +++ b/php/helper.php @@ -0,0 +1,63 @@ + + * Copyright (C) 2012-2016 Christoph Haas + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + */ + + +namespace calendarimporter; + + +class Helper +{ + /** + * Generates a random string with variable length. + * + * @param $length the lenght of the generated string, defaults to 6 + * @return string a random string + */ + public static function randomstring($length = 6) + { + // $chars - all allowed charakters + $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; + + srand((double)microtime() * 1000000); + $i = 0; + $pass = ""; + while ($i < $length) { + $num = rand() % strlen($chars); + $tmp = substr($chars, $num, 1); + $pass = $pass . $tmp; + $i++; + } + return $pass; + } + + /** + * respond/echo JSON + * + * @param $arr + * @return string JSON encoded string + */ + public static function respondJSON($arr) + { + echo json_encode($arr); + } +} \ No newline at end of file diff --git a/php/upload.php b/php/upload.php index bd5f928..b8b6b8f 100644 --- a/php/upload.php +++ b/php/upload.php @@ -21,53 +21,35 @@ * */ -require_once("../config.php"); +require_once(__DIR__ . "/../config.php"); +require_once(__DIR__ . "/helper.php"); + +require_once(__DIR__ . '/../../../init.php'); +require_once(__DIR__ . "/../../../server/includes/core/class.webappauthentication.php"); // for checking the session + +use calendarimporter\Helper; /* disable error printing - otherwise json communication might break... */ ini_set('display_errors', '0'); -/** - * respond/echo JSON - * @param $arr - */ -function respondJSON($arr) -{ - echo json_encode($arr); +// check session +// otherwise a DOS attack might be possible +if (!WebAppAuthentication::getUserName() || WebAppAuthentication::getUserName() == ""){ + Helper::respondJSON(array('success' => false, 'error' => dgettext("plugin_calendarimporter", "Not authenticated!"))); + die(); } -/** - * Generates a random string with variable length. - * @param $length the lenght of the generated string - * @return string a random string - */ -function randomstring($length = 6) -{ - // $chars - all allowed charakters - $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; +if (isset($_FILES['icsdata']['tmp_name']) && is_readable($_FILES['icsdata']['tmp_name'])) { + $destpath = PLUGIN_CALENDARIMPORTER_TMP_UPLOAD; + $destpath .= $_FILES['icsdata']['name'] . Helper::randomstring(); - srand((double)microtime() * 1000000); - $i = 0; - $pass = ""; - while ($i < $length) { - $num = rand() % strlen($chars); - $tmp = substr($chars, $num, 1); - $pass = $pass . $tmp; - $i++; - } - return $pass; -} - -$destpath = PLUGIN_CALENDARIMPORTER_TMP_UPLOAD; -$destpath .= $_FILES['icsdata']['name'] . randomstring(); - -if (is_readable($_FILES['icsdata']['tmp_name'])) { $result = move_uploaded_file($_FILES['icsdata']['tmp_name'], $destpath); if ($result) { - respondJSON(array('success' => true, 'ics_file' => $destpath)); + Helper::respondJSON(array('success' => true, 'ics_file' => $destpath)); } else { - respondJSON(array('success' => false, 'error' => dgettext("plugin_calendarimporter", "File could not be moved to TMP path! Check plugin config and folder permissions!"))); + Helper::respondJSON(array('success' => false, 'error' => dgettext("plugin_calendarimporter", "File could not be moved to TMP path! Check plugin config and folder permissions!"))); } } else { - respondJSON(array('success' => false, 'error' => dgettext("plugin_calendarimporter", "File could not be read by server, upload error!"))); + Helper::respondJSON(array('success' => false, 'error' => dgettext("plugin_calendarimporter", "File could not be read by server, upload error!"))); } \ No newline at end of file