From 68832168b065f3a5660989e7592759cdc5bd92cf Mon Sep 17 00:00:00 2001
From: Marcel Werk <burntime@woltlab.com>
Date: Mon, 12 Mar 2012 23:32:27 +0100
Subject: [PATCH] Added upload validation (work in progress)

---
 .../lib/system/upload/UploadFile.class.php    | 34 ++++++++++++++++++-
 .../lib/system/upload/UploadHandler.class.php | 16 +++++----
 2 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/wcfsetup/install/files/lib/system/upload/UploadFile.class.php b/wcfsetup/install/files/lib/system/upload/UploadFile.class.php
index 6f949bd06f..76074b3ac8 100644
--- a/wcfsetup/install/files/lib/system/upload/UploadFile.class.php
+++ b/wcfsetup/install/files/lib/system/upload/UploadFile.class.php
@@ -1,5 +1,6 @@
 <?php
 namespace wcf\system\upload;
+use wcf\util\StringUtil;
 
 /**
  * Represents a file upload.
@@ -74,6 +75,19 @@ class UploadFile {
 		return $this->filename;
 	}
 	
+	/**
+	 * Returns the extension of the original file name.
+	 * 
+	 * @return string
+	 */
+	public function getFileExtension() {
+		if (($position = StringUtil::lastIndexOf($this->getFilename(), '.')) !== false) {
+			return StringUtil::substring($this->getFilename(), $position + 1);
+		}
+		
+		return '';
+	}
+	
 	/**
 	 * Returns the file location.
 	 * 
@@ -118,18 +132,36 @@ class UploadFile {
 	 * @return	boolean
 	 */
 	public function validateFile($maxFilesize, array $fileExtensions) {
+		if ($this->errorCode != 0) {
+			$this->validationErrorType = 'uploadFailed';
+			return false;
+		}
+		
+		if ($this->getFilesize() > $maxFilesize) {
+			$this->validationErrorType = 'tooLarge';
+			return false;
+		}
 		
+		if (!in_array($this->getFileExtension(), $fileExtensions)) {
+			$this->validationErrorType = 'invalidExtension';
+			return false;
+		}
 	}
 	
 	/**
 	 * Returns the validation error type.
 	 * 
-	 * @return string
+	 * @return	string
 	 */
 	public function getValidationErrorType() {
 		return $this->validationErrorType;
 	}
 	
+	/**
+	 * Gets image data.
+	 * 
+	 * @return	array
+	 */
 	public function getImageData() {
 		if (strpos($this->getMimeType(), 'image/') == 0) {
 			if (($imageData = @getImageSize($this->getLocation())) !== false) {
diff --git a/wcfsetup/install/files/lib/system/upload/UploadHandler.class.php b/wcfsetup/install/files/lib/system/upload/UploadHandler.class.php
index 73911764c5..d15d8cc253 100644
--- a/wcfsetup/install/files/lib/system/upload/UploadHandler.class.php
+++ b/wcfsetup/install/files/lib/system/upload/UploadHandler.class.php
@@ -23,7 +23,7 @@ class UploadHandler {
 	 * list of validation errors.
 	 * @var array
 	 */
-	protected $errors = array();
+	protected $erroneousFiles = array();
 	
 	/**
 	 * Creates a new UploadHandler object.
@@ -62,7 +62,7 @@ class UploadHandler {
 		$result = true;
 		foreach ($this->files as $file) {
 			if (!$file->validateFile($maxFilesize, $fileExtensions)) {
-				$this->errors[$file->getFilename()] = $file->getValidationErrorType();
+				$this->erroneousFiles[] = $file;
 				$result = false;
 			}
 		}
@@ -71,12 +71,12 @@ class UploadHandler {
 	}
 	
 	/**
-	 * Returns a list of validation errors.
+	 * Returns a list of erroneous files.
 	 * 
-	 * @return array
+	 * @return array<wcf\system\upload\UploadFile>
 	 */
-	public function getErrors() {
-		return $this->errors;
+	public function getErroneousFiles() {
+		return $this->erroneousFiles;
 	}
 	
 	/**
@@ -86,7 +86,9 @@ class UploadHandler {
 	 */
 	public function saveFiles(IUploadFileSaveStrategy $saveStrategy) {
 		foreach ($this->files as $file) {
-			$saveStrategy->save($file);
+			if (!$file->getValidationErrorType()) {
+				$saveStrategy->save($file);
+			}
 		}
 	}
 	
-- 
2.20.1