Skip to content

Commit 5f9d4aa

Browse files
MaikuolanMaikuolan
committed
Sync API changes.
Syncs phpMussel/Web to the API changes at phpMussel/Core pushed today.
1 parent acd9070 commit 5f9d4aa

File tree

1 file changed

+44
-63
lines changed

1 file changed

+44
-63
lines changed

src/Web.php

Lines changed: 44 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
* License: GNU/GPLv2
99
* @see LICENSE.txt
1010
*
11-
* This file: Upload handler (last modified: 2020.07.07).
11+
* This file: Upload handler (last modified: 2020.07.11).
1212
*/
1313

1414
namespace phpMussel\Web;
@@ -99,7 +99,7 @@ public function __construct(\phpMussel\Core\Loader &$Loader, \phpMussel\Core\Sca
9999
$this->Loader->Events->addHandler('writeToUploadsLog', function (string $Data): bool {
100100
/** Guard. */
101101
if (
102-
empty($this->Loader->HashReference) ||
102+
strlen($this->Loader->HashReference) === 0 ||
103103
!($File = $this->Loader->buildPath($this->Loader->Configuration['web']['uploads_log']))
104104
) {
105105
return false;
@@ -136,18 +136,17 @@ public function scan()
136136
return;
137137
}
138138

139-
/** File upload scan start time. */
140-
$this->Loader->InstanceCache['StartTime'] = time() + ($this->Loader->Configuration['core']['time_offset'] * 60);
141-
142139
/** Create empty handle array. */
143140
$Handle = [];
144141

145142
/** Create an array for normalising the $_FILES data. */
146143
$FilesData = [];
147144

145+
/** Create an array to designate the scan targets. */
146+
$FilesToScan = [];
147+
148148
/** Iterate through $_FILES array and scan as necessary. */
149149
foreach ($_FILES as $FileKey => $FileData) {
150-
151150
/** Guard. */
152151
if (!isset($FileData['error'])) {
153152
continue;
@@ -167,7 +166,8 @@ public function scan()
167166
}
168167
$FilesCount = count($FilesData['FileSet']['error']);
169168

170-
for ($Iterator = 0, $this->Loader->InstanceCache['SkipSerial'] = true; $Iterator < $FilesCount; $Iterator++) {
169+
/** Iterate through fileset. */
170+
for ($Iterator = 0; $Iterator < $FilesCount; $Iterator++) {
171171
if (!isset($FilesData['FileSet']['name'][$Iterator])) {
172172
$FilesData['FileSet']['name'][$Iterator] = '';
173173
}
@@ -189,22 +189,13 @@ public function scan()
189189

190190
/** Handle upload errors. */
191191
if ($ThisError > 0) {
192-
if (
193-
$this->Loader->Configuration['compatibility']['ignore_upload_errors'] ||
194-
$ThisError > 8 ||
195-
$ThisError === 5
196-
) {
192+
if ($this->Loader->Configuration['compatibility']['ignore_upload_errors'] || $ThisError > 8 || $ThisError === 5) {
197193
continue;
198194
}
199-
$this->Loader->HashReference .= sprintf(
200-
"---------UPLOAD-ERROR-%d---------:%d:%s\n",
201-
$ThisError,
202-
$FilesData['FileSet']['size'][$Iterator],
203-
$FilesData['FileSet']['name'][$Iterator]
204-
);
205-
$this->Loader->WhyFlagged .= $this->Loader->L10N->getString((
206-
$ThisError === 3 || $ThisError === 4
207-
) ? 'upload_error_34' : 'upload_error_' . $ThisError);
195+
$this->Loader->atHit('', -1, '', sprintf(
196+
$this->Loader->L10N->getString('grammar_exclamation_mark'),
197+
$this->Loader->L10N->getString('upload_error_' . (($ThisError === 3 || $ThisError === 4) ? '34' : $ThisError))
198+
), -5, -1);
208199
if (
209200
($ThisError === 1 || $ThisError === 2) &&
210201
$this->Loader->Configuration['core']['delete_on_sight'] &&
@@ -221,23 +212,23 @@ public function scan()
221212
!$FilesData['FileSet']['name'][$Iterator] ||
222213
!$FilesData['FileSet']['tmp_name'][$Iterator]
223214
) {
224-
$this->Loader->HashReference .= "-UNAUTHORISED-UPLOAD-MISCONFIG-:?:?\n";
225-
$this->Loader->WhyFlagged .= $this->Loader->L10N->getString('scan_unauthorised_upload_or_misconfig');
215+
$this->Loader->atHit('', -1, '', sprintf(
216+
$this->Loader->L10N->getString('grammar_exclamation_mark'),
217+
$this->Loader->L10N->getString('scan_unauthorised_upload_or_misconfig')
218+
), -5, -1);
226219
continue;
227220
}
228221

229222
/** Protection against upload spoofing (2/2). */
230223
if (!is_uploaded_file($FilesData['FileSet']['tmp_name'][$Iterator])) {
231-
$this->Loader->HashReference .= sprintf(
232-
"UNAUTHORISED-FILE-UPLOAD-NO-HASH:%d:%s\n",
233-
$FilesData['FileSet']['size'][$Iterator],
234-
$FilesData['FileSet']['name'][$Iterator]
235-
);
236-
$this->Loader->WhyFlagged .= sprintf($this->Loader->L10N->getString('_exclamation'), sprintf(
237-
'%s (%s)',
238-
$this->Loader->L10N->getString('scan_unauthorised_upload'),
239-
$FilesData['FileSet']['name'][$Iterator]
240-
));
224+
$this->Loader->atHit('', $FilesData['FileSet']['size'][$Iterator], $FilesData['FileSet']['name'][$Iterator], sprintf(
225+
$this->Loader->L10N->getString('grammar_exclamation_mark'),
226+
sprintf(
227+
$this->Loader->L10N->getString('grammar_brackets'),
228+
$this->Loader->L10N->getString('scan_unauthorised_upload'),
229+
$FilesData['FileSet']['name'][$Iterator]
230+
)
231+
), -5, -1);
241232
continue;
242233
}
243234

@@ -246,14 +237,14 @@ public function scan()
246237
$this->Loader->Configuration['web']['max_uploads'] >= 1 &&
247238
$this->Uploads > $this->Loader->Configuration['web']['max_uploads']
248239
) {
249-
$this->Loader->HashReference .=
250-
str_repeat('-', 64) . ':' .
251-
$FilesData['FileSet']['size'][$Iterator] . ':' .
252-
$FilesData['FileSet']['name'][$Iterator] . "\n";
253-
$this->Loader->WhyFlagged .= sprintf($this->Loader->L10N->getString('_exclamation'),
254-
$this->Loader->L10N->getString('upload_limit_exceeded') .
255-
' (' . $FilesData['FileSet']['name'][$Iterator] . ')'
256-
);
240+
$this->Loader->atHit('', $FilesData['FileSet']['size'][$Iterator], $FilesData['FileSet']['name'][$Iterator], sprintf(
241+
$this->Loader->L10N->getString('grammar_exclamation_mark'),
242+
sprintf(
243+
$this->Loader->L10N->getString('grammar_brackets'),
244+
$this->Loader->L10N->getString('upload_limit_exceeded'),
245+
$FilesData['FileSet']['name'][$Iterator]
246+
)
247+
), -5, -1);
257248
if (
258249
$this->Loader->Configuration['core']['delete_on_sight'] &&
259250
is_uploaded_file($FilesData['FileSet']['tmp_name'][$Iterator]) &&
@@ -264,30 +255,20 @@ public function scan()
264255
continue;
265256
}
266257

267-
/** Used for serialised logging. */
268-
if ($Iterator === ($FilesCount - 1)) {
269-
unset($this->Loader->InstanceCache['SkipSerial']);
270-
}
271-
272-
/** Execute the scan! */
273-
$this->Scanner->scan(
274-
$FilesData['FileSet']['tmp_name'][$Iterator],
275-
true,
276-
true,
277-
0,
278-
$FilesData['FileSet']['name'][$Iterator]
279-
);
258+
/** Designate as scan target. */
259+
$FilesToScan[$FilesData['FileSet']['name'][$Iterator]] = $FilesData['FileSet']['tmp_name'][$Iterator];
280260
}
281261
}
282262

283-
/** File upload scan finish time. */
284-
$this->Loader->InstanceCache['EndTime'] = time() + ($this->Loader->Configuration['core']['time_offset'] * 60);
285-
286-
/** Trim trailing whitespace. */
287-
$this->Loader->WhyFlagged = trim($this->Loader->WhyFlagged);
263+
/** Check these first, because they'll reset otherwise, then execute the scan. */
264+
if (!count($this->Loader->ScanResultsText) && count($FilesToScan)) {
265+
$this->Scanner->scan($FilesToScan, 4);
266+
}
288267

289268
/** Begin processing file upload detections. */
290-
if ($this->Loader->WhyFlagged) {
269+
if (count($this->Loader->ScanResultsText)) {
270+
/** Build detections. */
271+
$Detections = implode($this->Loader->L10N->getString('grammar_spacer'), $this->Loader->ScanResultsText);
291272

292273
/** A fix for correctly displaying LTR/RTL text. */
293274
if ($this->Loader->L10N->getString('Text Direction') !== 'rtl') {
@@ -298,7 +279,7 @@ public function scan()
298279
$TemplateData = [
299280
'magnification' => $this->Loader->Configuration['web']['magnification'],
300281
'Attache' => $this->Attache,
301-
'detected' => $this->Loader->WhyFlagged,
282+
'detected' => $Detections,
302283
'phpmusselversion' => $this->Loader->ScriptIdent,
303284
'favicon' => base64_encode($this->Loader->getFavicon()),
304285
'xmlLang' => $this->Loader->Configuration['core']['lang']
@@ -324,7 +305,7 @@ public function scan()
324305
}
325306

326307
/** Log "uploads_log" data. */
327-
if (!empty($this->Loader->HashReference)) {
308+
if (strlen($this->Loader->HashReference) !== 0) {
328309
$Handle['Data'] = sprintf(
329310
"%s: %s\n%s: %s\n== %s ==\n%s\n== %s ==\n%s",
330311
$this->Loader->L10N->getString('field_date'),
@@ -334,7 +315,7 @@ public function scan()
334315
$_SERVER[$this->Loader->Configuration['core']['ipaddr']]
335316
) : $_SERVER[$this->Loader->Configuration['core']['ipaddr']]),
336317
$this->Loader->L10N->getString('field_header_scan_results_why_flagged'),
337-
$this->Loader->WhyFlagged,
318+
$Detections,
338319
$this->Loader->L10N->getString('field_header_hash_reconstruction'),
339320
$this->Loader->HashReference
340321
);

0 commit comments

Comments
 (0)