ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilQtiMatImageSecurity.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2013 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 require_once 'Modules/TestQuestionPool/classes/class.assQuestion.php';
5 require_once 'Services/Utilities/classes/class.ilFileUtils.php';
6 require_once 'Services/QTI/exceptions/class.ilQtiException.php';
7 
15 {
19  protected $imageMaterial;
20 
24  protected $detectedMimeType;
25 
27  {
28  $this->setImageMaterial($imageMaterial);
29 
30  if( !strlen($this->getImageMaterial()->getRawContent()) )
31  {
32  throw new ilQtiException('cannot import image without content');
33  }
34 
35  $this->setDetectedMimeType(
36  $this->determineMimeType($this->getImageMaterial()->getRawContent())
37  );
38  }
39 
43  public function getImageMaterial()
44  {
45  return $this->imageMaterial;
46  }
47 
52  {
53  $this->imageMaterial = $imageMaterial;
54  }
55 
59  protected function getDetectedMimeType()
60  {
62  }
63 
68  {
69  $this->detectedMimeType = $detectedMimeType;
70  }
71 
72  public function validate()
73  {
74  if( !$this->validateLabel() )
75  {
76  return false;
77  }
78 
79  if( !$this->validateContent() )
80  {
81  return false;
82  }
83 
84  return true;
85  }
86 
87  protected function validateContent()
88  {
89  if($this->getImageMaterial()->getImagetype() && !assQuestion::isAllowedImageMimeType($this->getImageMaterial()->getImagetype()) )
90  {
91  return false;
92  }
93 
95  {
96  return false;
97  }
98 
99  if ($this->getImageMaterial()->getImagetype())
100  {
101  $declaredMimeType = assQuestion::fetchMimeTypeIdentifier($this->getImageMaterial()->getImagetype());
103 
104  if( $declaredMimeType != $detectedMimeType )
105  {
106  // since ilias exports jpeg declared pngs itself, we skip this validation ^^
107  // return false;
108 
109  /* @var ilComponentLogger $log */
110  $log = $GLOBALS['DIC'] ? $GLOBALS['DIC']['ilLog'] : $GLOBALS['ilLog'];
111  $log->log(
112  'QPL: imported image with declared mime ('.$declaredMimeType.') '
113  .'and detected mime ('.$detectedMimeType.')'
114  );
115  }
116  }
117 
118  return true;
119  }
120 
121  protected function validateLabel()
122  {
123  if ($this->getImageMaterial()->getUri())
124  {
125  $extension = $this->determineFileExtension($this->getImageMaterial()->getUri());
126  }
127  else
128  {
129  $extension = $this->determineFileExtension($this->getImageMaterial()->getLabel());
130  }
131 
133  }
134 
135  public function sanitizeLabel()
136  {
137  $label = $this->getImageMaterial()->getLabel();
138 
139  $label = basename($label);
140  $label = ilUtil::stripSlashes($label);
141  $label = ilUtil::getASCIIFilename($label);
142 
143  $this->getImageMaterial()->setLabel($label);
144  }
145 
146  protected function determineMimeType($content)
147  {
148  return ilFileUtils::lookupContentMimeType($content);
149  }
150 
151  protected function determineFileExtension($label)
152  {
153  list($dirname, $basename, $extension, $filename) = array_values( pathinfo($label) );
154  return $extension;
155  }
156 }
static getASCIIFilename($a_filename)
convert utf8 to ascii filename
static isAllowedImageMimeType($mimeType)
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
$filename
Definition: buildRTE.php:89
static isAllowedImageFileExtension($mimeType, $fileExtension)
__construct(ilQTIMatimage $imageMaterial)
static lookupContentMimeType($content)
static fetchMimeTypeIdentifier($contentTypeString)
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
setDetectedMimeType($detectedMimeType)