ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilQtiMatImageSecurity.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2013 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4require_once 'Modules/TestQuestionPool/classes/class.assQuestion.php';
5require_once 'Services/Utilities/classes/class.ilFileUtils.php';
6require_once 'Services/QTI/exceptions/class.ilQtiException.php';
7
15{
19 protected $imageMaterial;
20
25
27 {
28 $this->setImageMaterial($imageMaterial);
29
30 if( !strlen($this->getImageMaterial()->getRawContent()) )
31 {
32 throw new ilQtiException('cannot import image without content');
33 }
34
36 $this->determineMimeType($this->getImageMaterial()->getRawContent())
37 );
38 }
39
43 public function getImageMaterial()
44 {
46 }
47
52 {
53 $this->imageMaterial = $imageMaterial;
54 }
55
59 protected function getDetectedMimeType()
60 {
62 }
63
68 {
69 $this->detectedMimeType = $detectedMimeType;
70 }
71
72 public function validate()
73 {
74 if( !$this->validateLabel() )
75 {
76 return false;
77 }
78
79 if( !$this->validateContent() )
80 {
81 return false;
82 }
83
84 return true;
85 }
86
87 protected function validateContent()
88 {
89 if($this->getImageMaterial()->getImagetype() && !assQuestion::isAllowedImageMimeType($this->getImageMaterial()->getImagetype()) )
90 {
91 return false;
92 }
93
95 {
96 return false;
97 }
98
99 if ($this->getImageMaterial()->getImagetype())
100 {
101 $declaredMimeType = assQuestion::fetchMimeTypeIdentifier($this->getImageMaterial()->getImagetype());
103
104 if( $declaredMimeType != $detectedMimeType )
105 {
106 // since ilias exports jpeg declared pngs itself, we skip this validation ^^
107 // return false;
108
109 /* @var ilComponentLogger $log */
110 $log = $GLOBALS['DIC'] ? $GLOBALS['DIC']['ilLog'] : $GLOBALS['ilLog'];
111 $log->log(
112 'QPL: imported image with declared mime ('.$declaredMimeType.') '
113 .'and detected mime ('.$detectedMimeType.')'
114 );
115 }
116 }
117
118 return true;
119 }
120
121 protected function validateLabel()
122 {
123 if ($this->getImageMaterial()->getUri())
124 {
125 $extension = $this->determineFileExtension($this->getImageMaterial()->getUri());
126 }
127 else
128 {
129 $extension = $this->determineFileExtension($this->getImageMaterial()->getLabel());
130 }
131
133 }
134
135 public function sanitizeLabel()
136 {
137 $label = $this->getImageMaterial()->getLabel();
138
139 $label = basename($label);
140 $label = ilUtil::stripSlashes($label);
141 $label = ilUtil::getASCIIFilename($label);
142
143 $this->getImageMaterial()->setLabel($label);
144 }
145
146 protected function determineMimeType($content)
147 {
148 return ilFileUtils::lookupContentMimeType($content);
149 }
150
151 protected function determineFileExtension($label)
152 {
153 list($dirname, $basename, $extension, $filename) = array_values( pathinfo($label) );
154 return $extension;
155 }
156}
$filename
Definition: buildRTE.php:89
static isAllowedImageFileExtension($mimeType, $fileExtension)
static fetchMimeTypeIdentifier($contentTypeString)
static isAllowedImageMimeType($mimeType)
static lookupContentMimeType($content)
__construct(ilQTIMatimage $imageMaterial)
setDetectedMimeType($detectedMimeType)
static getASCIIFilename($a_filename)
convert utf8 to ascii filename
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276