Source for file template.php

Documentation is available at template.php

  1. <?php
  2. /**
  3.  * @package     Joomla.Administrator
  4.  * @subpackage  com_templates
  5.  *
  6.  * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
  7.  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  8.  */
  9.  
  10. defined('_JEXEC'or die;
  11.  
  12. /**
  13.  * Template Helper class.
  14.  *
  15.  * @package     Joomla.Administrator
  16.  * @subpackage  com_templates
  17.  * @since       3.2
  18.  */
  19. abstract class TemplateHelper
  20. {
  21.     /**
  22.      * Checks if the file is an image
  23.      *
  24.      * @param   string  $fileName  The filename
  25.      *
  26.      * @return  boolean 
  27.      *
  28.      * @since   3.2
  29.      */
  30.     public static function getTypeIcon($fileName)
  31.     {
  32.         // Get file extension
  33.         return strtolower(substr($fileNamestrrpos($fileName'.'1));
  34.     }
  35.  
  36.     /**
  37.      * Checks if the file can be uploaded
  38.      *
  39.      * @param   array   $file  File information
  40.      * @param   string  $err   An error message to be returned
  41.      *
  42.      * @return  boolean 
  43.      *
  44.      * @since   3.2
  45.      */
  46.     public static function canUpload($file$err '')
  47.     {
  48.         $params JComponentHelper::getParams('com_templates');
  49.  
  50.         if (empty($file['name']))
  51.         {
  52.             $app JFactory::getApplication();
  53.             $app->enqueueMessage(JText::_('COM_TEMPLATES_ERROR_UPLOAD_INPUT')'error');
  54.  
  55.             return false;
  56.         }
  57.  
  58.         // Media file names should never have executable extensions buried in them.
  59.         $executable array(
  60.             'exe''phtml','java''perl''py''asp','dll''go''jar',
  61.             'ade''adp''bat''chm''cmd''com''cpl''hta''ins''isp',
  62.             'jse''lib''mde''msc''msp''mst''pif''scr''sct''shb',
  63.             'sys''vb''vbe''vbs''vxd''wsc''wsf''wsh'
  64.         );
  65.         $explodedFileName explode('.'$file['name']);
  66.  
  67.         if (count($explodedFileName 2))
  68.         {
  69.             foreach ($executable as $extensionName)
  70.             {
  71.                 if (in_array($extensionName$explodedFileName))
  72.                 {
  73.                     $app JFactory::getApplication();
  74.                     $app->enqueueMessage(JText::_('COM_TEMPLATES_ERROR_EXECUTABLE')'error');
  75.  
  76.                     return false;
  77.                 }
  78.             }
  79.         }
  80.  
  81.         jimport('joomla.filesystem.file');
  82.  
  83.         if ($file['name'!== JFile::makeSafe($file['name']|| preg_match('/\s/'JFile::makeSafe($file['name'])))
  84.         {
  85.             $app JFactory::getApplication();
  86.             $app->enqueueMessage(JText::_('COM_TEMPLATES_ERROR_WARNFILENAME')'error');
  87.  
  88.             return false;
  89.         }
  90.  
  91.         $format strtolower(JFile::getExt($file['name']));
  92.  
  93.         $imageTypes        explode(','$params->get('image_formats'));
  94.         $sourceTypes    explode(','$params->get('source_formats'));
  95.         $fontTypes        explode(','$params->get('font_formats'));
  96.         $archiveTypes    explode(','$params->get('compressed_formats'));
  97.  
  98.         $allowable array_merge($imageTypes$sourceTypes$fontTypes$archiveTypes);
  99.  
  100.         if ($format == '' || $format == false || (!in_array($format$allowable)))
  101.         {
  102.             $app JFactory::getApplication();
  103.             $app->enqueueMessage(JText::_('COM_TEMPLATES_ERROR_WARNFILETYPE')'error');
  104.  
  105.             return false;
  106.         }
  107.  
  108.         if (in_array($format$archiveTypes))
  109.         {
  110.             $zip new ZipArchive;
  111.  
  112.             if ($zip->open($file['tmp_name']=== true)
  113.             {
  114.                 for ($i 0$i $zip->numFiles$i++)
  115.                 {
  116.                     $entry $zip->getNameIndex($i);
  117.                     $endString substr($entry-1);
  118.  
  119.                     if ($endString != DIRECTORY_SEPARATOR)
  120.                     {
  121.                         $explodeArray explode('.'$entry);
  122.                         $ext end($explodeArray);
  123.  
  124.                         if (!in_array($ext$allowable))
  125.                         {
  126.                             $app JFactory::getApplication();
  127.                             $app->enqueueMessage(JText::_('COM_TEMPLATES_FILE_UNSUPPORTED_ARCHIVE')'error');
  128.  
  129.                             return false;
  130.                         }
  131.                     }
  132.                 }
  133.             }
  134.             else
  135.             {
  136.                 $app JFactory::getApplication();
  137.                 $app->enqueueMessage(JText::_('COM_TEMPLATES_FILE_ARCHIVE_OPEN_FAIL')'error');
  138.  
  139.                 return false;
  140.             }
  141.         }
  142.  
  143.         // Max upload size set to 2 MB for Template Manager
  144.         $maxSize = (int) ($params->get('upload_limit'1024 1024);
  145.  
  146.         if ($maxSize && (int) $file['size'$maxSize)
  147.         {
  148.             $app JFactory::getApplication();
  149.             $app->enqueueMessage(JText::_('COM_TEMPLATES_ERROR_WARNFILETOOLARGE')'error');
  150.  
  151.             return false;
  152.         }
  153.  
  154.         $xss_check file_get_contents($file['tmp_name']falsenull-1256);
  155.         $html_tags array(
  156.             'abbr''acronym''address''applet''area''audioscope''base''basefont''bdo''bgsound''big''blackface''blink''blockquote',
  157.             'body''bq''br''button''caption''center''cite''code''col''colgroup''comment''custom''dd''del''dfn''dir''div',
  158.             'dl''dt''em''embed''fieldset''fn''font''form''frame''frameset''h1''h2''h3''h4''h5''h6''head''hr''html',
  159.             'iframe''ilayer''img''input''ins''isindex''keygen''kbd''label''layer''legend''li''limittext''link''listing',
  160.             'map''marquee''menu''meta''multicol''nobr''noembed''noframes''noscript''nosmartquotes''object''ol''optgroup''option',
  161.             'param''plaintext''pre''rt''ruby''s''samp''script''select''server''shadow''sidebar''small''spacer''span''strike',
  162.             'strong''style''sub''sup''table''tbody''td''textarea''tfoot''th''thead''title''tr''tt''ul''var''wbr''xml',
  163.             'xmp''!DOCTYPE''!--'
  164.         );
  165.  
  166.         foreach ($html_tags as $tag)
  167.         {
  168.             // A tag is '<tagname ', so we need to add < and a space or '<tagname>'
  169.             if (stristr($xss_check'<' $tag ' '|| stristr($xss_check'<' $tag '>'))
  170.             {
  171.                 $app JFactory::getApplication();
  172.                 $app->enqueueMessage(JText::_('COM_TEMPLATES_ERROR_WARNIEXSS')'error');
  173.  
  174.                 return false;
  175.             }
  176.         }
  177.  
  178.         return true;
  179.     }
  180. }

Documentation generated on Tue, 19 Nov 2013 15:15:36 +0100 by phpDocumentor 1.4.3