ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Protected Member Functions | Protected Attributes
ilQtiMatImageSecurity Class Reference
+ Collaboration diagram for ilQtiMatImageSecurity:

Public Member Functions

 __construct (ilQTIMatimage $imageMaterial)
 
 getImageMaterial ()
 
 setImageMaterial ($imageMaterial)
 
 validate ()
 
 sanitizeLabel ()
 

Protected Member Functions

 getDetectedMimeType ()
 
 setDetectedMimeType ($detectedMimeType)
 
 validateContent ()
 
 validateLabel ()
 
 determineMimeType ($content)
 
 determineFileExtension ($label)
 Returns the determine file extension. More...
 
 hasFileExtension ($label)
 Returns whether or not the passed label contains a file extension. More...
 

Protected Attributes

 $imageMaterial
 
 $detectedMimeType
 

Detailed Description

Definition at line 14 of file class.ilQtiMatImageSecurity.php.

Constructor & Destructor Documentation

◆ __construct()

ilQtiMatImageSecurity::__construct ( ilQTIMatimage  $imageMaterial)

Definition at line 26 of file class.ilQtiMatImageSecurity.php.

References determineMimeType(), getImageMaterial(), setDetectedMimeType(), and setImageMaterial().

27  {
28  $this->setImageMaterial($imageMaterial);
29 
30  if( !strlen($this->getImageMaterial()->getRawContent()) )
31  {
32  throw new ilQtiException('cannot import image without content');
33  }
34 
35  $this->setDetectedMimeType(
36  $this->determineMimeType($this->getImageMaterial()->getRawContent())
37  );
38  }
ilQtiMatImageSecurity\setDetectedMimeType
setDetectedMimeType($detectedMimeType)
Definition: class.ilQtiMatImageSecurity.php:67
+ Here is the call graph for this function:

Member Function Documentation

◆ determineFileExtension()

ilQtiMatImageSecurity::determineFileExtension (   $label)
protected

Returns the determine file extension.

If no extension

Parameters
string$label
Returns
string|null

Definition at line 161 of file class.ilQtiMatImageSecurity.php.

Referenced by validateLabel().

162  {
163  $pathInfo = pathinfo($label);
164 
165  if(isset($pathInfo['extension']))
166  {
167  return $pathInfo['extension'];
168  }
169 
170  return null;
171  }
+ Here is the caller graph for this function:

◆ determineMimeType()

ilQtiMatImageSecurity::determineMimeType (   $content)
protected

Definition at line 151 of file class.ilQtiMatImageSecurity.php.

References ilFileUtils\lookupContentMimeType().

Referenced by __construct().

152  {
153  return ilFileUtils::lookupContentMimeType($content);
154  }
ilFileUtils\lookupContentMimeType
static lookupContentMimeType($content)
Definition: class.ilFileUtils.php:500
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getDetectedMimeType()

ilQtiMatImageSecurity::getDetectedMimeType ( )
protected
Returns
string

Definition at line 59 of file class.ilQtiMatImageSecurity.php.

References $detectedMimeType.

Referenced by validateContent(), and validateLabel().

60  {
61  return $this->detectedMimeType;
62  }
+ Here is the caller graph for this function:

◆ getImageMaterial()

ilQtiMatImageSecurity::getImageMaterial ( )
Returns
ilQTIMatimage

Definition at line 43 of file class.ilQtiMatImageSecurity.php.

References $imageMaterial.

Referenced by __construct(), sanitizeLabel(), validateContent(), and validateLabel().

44  {
45  return $this->imageMaterial;
46  }
+ Here is the caller graph for this function:

◆ hasFileExtension()

ilQtiMatImageSecurity::hasFileExtension (   $label)
protected

Returns whether or not the passed label contains a file extension.

Parameters
string$label
Returns
bool

Definition at line 178 of file class.ilQtiMatImageSecurity.php.

Referenced by validateLabel().

179  {
180  $pathInfo = pathinfo($label);
181 
182  return array_key_exists('extension', $pathInfo);
183  }
+ Here is the caller graph for this function:

◆ sanitizeLabel()

ilQtiMatImageSecurity::sanitizeLabel ( )

Definition at line 140 of file class.ilQtiMatImageSecurity.php.

References ilUtil\getASCIIFilename(), getImageMaterial(), and ilUtil\stripSlashes().

141  {
142  $label = $this->getImageMaterial()->getLabel();
143 
144  $label = basename($label);
145  $label = ilUtil::stripSlashes($label);
146  $label = ilUtil::getASCIIFilename($label);
147 
148  $this->getImageMaterial()->setLabel($label);
149  }
ilUtil\getASCIIFilename
static getASCIIFilename($a_filename)
convert utf8 to ascii filename
Definition: class.ilUtil.php:2282
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2639
+ Here is the call graph for this function:

◆ setDetectedMimeType()

ilQtiMatImageSecurity::setDetectedMimeType (   $detectedMimeType)
protected
Parameters
string$detectedMimeType

Definition at line 67 of file class.ilQtiMatImageSecurity.php.

References $detectedMimeType.

Referenced by __construct().

68  {
69  $this->detectedMimeType = $detectedMimeType;
70  }
+ Here is the caller graph for this function:

◆ setImageMaterial()

ilQtiMatImageSecurity::setImageMaterial (   $imageMaterial)
Parameters
ilQTIMatimage$imageMaterial

Definition at line 51 of file class.ilQtiMatImageSecurity.php.

References $imageMaterial.

Referenced by __construct().

52  {
53  $this->imageMaterial = $imageMaterial;
54  }
+ Here is the caller graph for this function:

◆ validate()

ilQtiMatImageSecurity::validate ( )

Definition at line 72 of file class.ilQtiMatImageSecurity.php.

References validateContent(), and validateLabel().

73  {
74  if( !$this->validateLabel() )
75  {
76  return false;
77  }
78 
79  if( !$this->validateContent() )
80  {
81  return false;
82  }
83 
84  return true;
85  }
+ Here is the call graph for this function:

◆ validateContent()

ilQtiMatImageSecurity::validateContent ( )
protected

Definition at line 87 of file class.ilQtiMatImageSecurity.php.

References $detectedMimeType, $GLOBALS, $log, assQuestion\fetchMimeTypeIdentifier(), getDetectedMimeType(), getImageMaterial(), and assQuestion\isAllowedImageMimeType().

Referenced by validate().

88  {
89  if($this->getImageMaterial()->getImagetype() && !assQuestion::isAllowedImageMimeType($this->getImageMaterial()->getImagetype()) )
90  {
91  return false;
92  }
93 
94  if( !assQuestion::isAllowedImageMimeType($this->getDetectedMimeType()) )
95  {
96  return false;
97  }
98 
99  if ($this->getImageMaterial()->getImagetype())
100  {
101  $declaredMimeType = assQuestion::fetchMimeTypeIdentifier($this->getImageMaterial()->getImagetype());
102  $detectedMimeType = assQuestion::fetchMimeTypeIdentifier($this->getDetectedMimeType());
103 
104  if( $declaredMimeType != $detectedMimeType )
105  {
106  // since ilias exports jpeg declared pngs itself, we skip this validation ^^
107  // return false;
108 
109  /* @var ilComponentLogger $log */
110  $log = $GLOBALS['DIC'] ? $GLOBALS['DIC']['ilLog'] : $GLOBALS['ilLog'];
111  $log->log(
112  'QPL: imported image with declared mime ('.$declaredMimeType.') '
113  .'and detected mime ('.$detectedMimeType.')'
114  );
115  }
116  }
117 
118  return true;
119  }
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
assQuestion\isAllowedImageMimeType
static isAllowedImageMimeType($mimeType)
Definition: class.assQuestion.php:345
assQuestion\fetchMimeTypeIdentifier
static fetchMimeTypeIdentifier($contentTypeString)
Definition: class.assQuestion.php:350
$log
$log
Definition: inc.setup_header.php:129
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ validateLabel()

ilQtiMatImageSecurity::validateLabel ( )
protected

Definition at line 121 of file class.ilQtiMatImageSecurity.php.

References determineFileExtension(), getDetectedMimeType(), getImageMaterial(), hasFileExtension(), and assQuestion\isAllowedImageFileExtension().

Referenced by validate().

122  {
123  if ($this->getImageMaterial()->getUri())
124  {
125  if( !$this->hasFileExtension($this->getImageMaterial()->getUri()) )
126  {
127  return true;
128  }
129 
130  $extension = $this->determineFileExtension($this->getImageMaterial()->getUri());
131  }
132  else
133  {
134  $extension = $this->determineFileExtension($this->getImageMaterial()->getLabel());
135  }
136 
137  return assQuestion::isAllowedImageFileExtension($this->getDetectedMimeType(), $extension);
138  }
ilQtiMatImageSecurity\determineFileExtension
determineFileExtension($label)
Returns the determine file extension.
Definition: class.ilQtiMatImageSecurity.php:161
ilQtiMatImageSecurity\hasFileExtension
hasFileExtension($label)
Returns whether or not the passed label contains a file extension.
Definition: class.ilQtiMatImageSecurity.php:178
assQuestion\isAllowedImageFileExtension
static isAllowedImageFileExtension($mimeType, $fileExtension)
Definition: class.assQuestion.php:375
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $detectedMimeType

ilQtiMatImageSecurity::$detectedMimeType
protected

Definition at line 24 of file class.ilQtiMatImageSecurity.php.

Referenced by getDetectedMimeType(), setDetectedMimeType(), and validateContent().

◆ $imageMaterial

ilQtiMatImageSecurity::$imageMaterial
protected

Definition at line 19 of file class.ilQtiMatImageSecurity.php.

Referenced by getImageMaterial(), and setImageMaterial().

The documentation for this class was generated from the following file: