diff --git a/common/framework/filters/filenamefilter.php b/common/framework/filters/filenamefilter.php index d9e0af299..6298b924a 100644 --- a/common/framework/filters/filenamefilter.php +++ b/common/framework/filters/filenamefilter.php @@ -85,4 +85,22 @@ class FilenameFilter // Trim trailing slashes. return rtrim($path, '/'); } + + /** + * Check if a file has an extension that would allow direct download. + * + * @param string $filename + * @return bool + */ + public static function isDirectDownload($filename) + { + if (preg_match('/\.(as[fx]|avi|flac|flv|gif|jpe?g|m4[av]|midi?|mkv|moov|mov|mp[1234]|mpe?g|ogg|png|qt|ram?|rmm?|swf|wav|web[mp]|wm[av])$/i', $filename)) + { + return true; + } + else + { + return false; + } + } } diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php index d2968b438..6f2ddf9c1 100644 --- a/modules/file/file.controller.php +++ b/modules/file/file.controller.php @@ -1055,7 +1055,7 @@ class fileController extends file $file_info = $file_list[$i]; $old_file = $file_info->uploaded_filename; // Determine the file path by checking if the file is an image or other kinds - if(preg_match("/\.(jpg|jpeg|gif|png|wmv|wma|mpg|mpeg|avi|swf|flv|mp1|mp2|mp3|mp4|asf|wav|asx|mid|midi|asf|mov|moov|qt|rm|ram|ra|rmm|m4v)$/i", $file_info->source_filename)) + if (Rhymix\Framework\Filters\FilenameFilter::isDirectDownload($file_info->source_filename)) { $path = sprintf("./files/attach/images/%s/%s", $target_module_srl, getNumberingPath($target_srl, 3)); $new_file = $path . $file_info->source_filename; diff --git a/modules/importer/ttimport.class.php b/modules/importer/ttimport.class.php index bb8bd8979..180b2939a 100644 --- a/modules/importer/ttimport.class.php +++ b/modules/importer/ttimport.class.php @@ -486,7 +486,7 @@ class ttimport $file_obj->download_count = $xmlDoc->attachment->downloads->body; $name = $xmlDoc->attachment->name->body; // Set upload path by checking if the attachement is an image or other kind of file - if(preg_match("/\.(jpg|jpeg|gif|png|wmv|wma|mpg|mpeg|avi|swf|flv|mp1|mp2|mp3|mp4|asf|wav|asx|mid|midi|asf|mov|moov|qt|rm|ram|ra|rmm|m4v)$/i", $file_obj->source_filename)) + if (Rhymix\Framework\Filters\FilenameFilter::isDirectDownload($file_obj->source_filename)) { $path = sprintf("./files/attach/images/%s/%s", $module_srl,getNumberingPath($upload_target_srl,3)); $filename = $path.$file_obj->source_filename; diff --git a/tests/unit/framework/filters/FilenameFilterTest.php b/tests/unit/framework/filters/FilenameFilterTest.php index 2b2bb8218..2164475ab 100644 --- a/tests/unit/framework/filters/FilenameFilterTest.php +++ b/tests/unit/framework/filters/FilenameFilterTest.php @@ -71,4 +71,25 @@ class FilenameFilterTest extends \Codeception\TestCase\Test $this->assertEquals(\RX_BASEDIR . 'index.php', FilenameFilter::cleanPath('index.php?foo=bar')); $this->assertEquals(\RX_BASEDIR . 'index.php', FilenameFilter::cleanPath('index.php#baz')); } + + public function testFilenameFilterIsDirectDownload() + { + $this->assertTrue(FilenameFilter::isDirectDownload('foobar.GIF')); + $this->assertTrue(FilenameFilter::isDirectDownload('foobar.jpg')); + $this->assertTrue(FilenameFilter::isDirectDownload('foo.bar.jpeg')); + $this->assertTrue(FilenameFilter::isDirectDownload('/foo/bar/baz.png')); + $this->assertTrue(FilenameFilter::isDirectDownload('picture.webm')); + $this->assertTrue(FilenameFilter::isDirectDownload('/audio.MP3')); + $this->assertTrue(FilenameFilter::isDirectDownload('/audio.FLac')); + $this->assertTrue(FilenameFilter::isDirectDownload('//foo.bar/video.mp4')); + + $this->assertFalse(FilenameFilter::isDirectDownload('rhymix.docx')); + $this->assertFalse(FilenameFilter::isDirectDownload('rhymix.HWP')); + $this->assertFalse(FilenameFilter::isDirectDownload('rhymix.jpg.exe')); + $this->assertFalse(FilenameFilter::isDirectDownload('/foo/bar/rhymix.gif.php')); + $this->assertFalse(FilenameFilter::isDirectDownload('rhymix.php?filename=test.vbs')); + $this->assertFalse(FilenameFilter::isDirectDownload('')); + $this->assertFalse(FilenameFilter::isDirectDownload('http://www.google.com')); + $this->assertFalse(FilenameFilter::isDirectDownload('/')); + } }