Collaboration diagram for ilQtiMatImageSecurity:

Public Member Functions
	__construct (ilQTIMatimage $imageMaterial, \ILIAS\TestQuestionPool\QuestionFilesService $questionFilesService)

	getImageMaterial ()

	setImageMaterial (ilQTIMatimage $imageMaterial)

	validate ()

	sanitizeLabel ()

Protected Member Functions
	getDetectedMimeType ()

	setDetectedMimeType (string $detectedMimeType)

	validateContent ()

	validateLabel ()

	determineMimeType (?string $content)

	determineFileExtension (string $label)

	hasFileExtension (string $label)

Protected Attributes
ilQTIMatimage	$imageMaterial

string	$detectedMimeType = ""

Private Attributes
ILIAS TestQuestionPool QuestionFilesService	$questionFilesService

Detailed Description

Definition at line 28 of file class.ilQtiMatImageSecurity.php.

Constructor & Destructor Documentation

◆ __construct()

ilQtiMatImageSecurity::__construct	(	ilQTIMatimage	$imageMaterial,
		\ILIAS\TestQuestionPool\QuestionFilesService	$questionFilesService
	)

Definition at line 34 of file class.ilQtiMatImageSecurity.php.

References $questionFilesService, determineMimeType(), getImageMaterial(), setDetectedMimeType(), and setImageMaterial().

     {
         $this->questionFilesService = $questionFilesService;
 
         $this->setImageMaterial($imageMaterial);
 
         if (!strlen($this->getImageMaterial()->getRawContent())) {
             throw new ilQtiException('cannot import image without content');
         }
 
         $this->setDetectedMimeType(
             $this->determineMimeType($this->getImageMaterial()->getRawContent())
         );
     }

Here is the call graph for this function:

Member Function Documentation

◆ determineFileExtension()

ilQtiMatImageSecurity::determineFileExtension ( string $label )

protected

Definition at line 145 of file class.ilQtiMatImageSecurity.php.

Referenced by validateLabel().

                                                             : ?string
     {
         $pathInfo = pathinfo($label);
 
         if (isset($pathInfo['extension'])) {
             return $pathInfo['extension'];
         }
 
         return null;
     }

Here is the caller graph for this function:

◆ determineMimeType()

ilQtiMatImageSecurity::determineMimeType ( ?string $content )

protected

Definition at line 138 of file class.ilQtiMatImageSecurity.php.

Referenced by __construct().

                                                           : string
     {
         $finfo = new finfo(FILEINFO_MIME);
 
         return $finfo->buffer($content);
     }

Here is the caller graph for this function:

◆ getDetectedMimeType()

ilQtiMatImageSecurity::getDetectedMimeType ( )

protected

Definition at line 59 of file class.ilQtiMatImageSecurity.php.

References $detectedMimeType.

Referenced by validateContent(), and validateLabel().

                                             : string
     {
         return $this->detectedMimeType;
     }

Here is the caller graph for this function:

◆ getImageMaterial()

ilQtiMatImageSecurity::getImageMaterial ( )

Definition at line 49 of file class.ilQtiMatImageSecurity.php.

References $imageMaterial.

Referenced by __construct(), sanitizeLabel(), validateContent(), and validateLabel().

                                       : ilQTIMatimage
     {
         return $this->imageMaterial;
     }

Here is the caller graph for this function:

◆ hasFileExtension()

ilQtiMatImageSecurity::hasFileExtension ( string $label )

protected

Definition at line 156 of file class.ilQtiMatImageSecurity.php.

Referenced by validateLabel().

                                                       : bool
     {
         $pathInfo = pathinfo($label);
 
         return array_key_exists('extension', $pathInfo);
     }

Here is the caller graph for this function:

◆ sanitizeLabel()

ilQtiMatImageSecurity::sanitizeLabel ( )

Definition at line 127 of file class.ilQtiMatImageSecurity.php.

References ilFileUtils\getASCIIFilename(), getImageMaterial(), and ilUtil\stripSlashes().

                                    : void
     {
         $label = $this->getImageMaterial()->getLabel();
 
         $label = basename($label);
         $label = ilUtil::stripSlashes($label);
         $label = ilFileUtils::getASCIIFilename($label);
 
         $this->getImageMaterial()->setLabel($label);
     }

Here is the call graph for this function:

◆ setDetectedMimeType()

ilQtiMatImageSecurity::setDetectedMimeType ( string $detectedMimeType )

protected

Definition at line 64 of file class.ilQtiMatImageSecurity.php.

References $detectedMimeType.

Referenced by __construct().

                                                                     : void
     {
         $this->detectedMimeType = $detectedMimeType;
     }

Here is the caller graph for this function:

◆ setImageMaterial()

ilQtiMatImageSecurity::setImageMaterial ( ilQTIMatimage $imageMaterial )

Definition at line 54 of file class.ilQtiMatImageSecurity.php.

References $imageMaterial.

Referenced by __construct().

                                                                   : void
     {
         $this->imageMaterial = $imageMaterial;
     }

Here is the caller graph for this function:

◆ validate()

ilQtiMatImageSecurity::validate ( )

Definition at line 69 of file class.ilQtiMatImageSecurity.php.

References validateContent(), and validateLabel().

                               : bool
     {
         if (!$this->validateLabel()) {
             return false;
         }
 
         if (!$this->validateContent()) {
             return false;
         }
 
         return true;
     }

Here is the call graph for this function:

◆ validateContent()

ilQtiMatImageSecurity::validateContent ( )

protected

Definition at line 82 of file class.ilQtiMatImageSecurity.php.

References $GLOBALS, $log, getDetectedMimeType(), and getImageMaterial().

Referenced by validate().

                                         : bool
     {
         if ($this->getImageMaterial()->getImagetype() && !$this->questionFilesService->isAllowedImageMimeType($this->getImageMaterial()->getImagetype())) {
             return false;
         }
 
         if (!$this->questionFilesService->isAllowedImageMimeType($this->getDetectedMimeType())) {
             return false;
         }
 
         if ($this->getImageMaterial()->getImagetype()) {
             $declaredMimeType = current(explode(';', $this->getImageMaterial()->getImagetype()));
             $detectedMimeType = current(explode(';', $this->getDetectedMimeType()));
 
             if ($declaredMimeType != $detectedMimeType) {
                 // since ilias exports jpeg declared pngs itself, we skip this validation ^^
                 // return false;
 
                 /* @var ilComponentLogger $log */
                 $log = $GLOBALS['DIC'] ? $GLOBALS['DIC']['ilLog'] : $GLOBALS['ilLog'];
                 $log->log(
                     'QPL: imported image with declared mime (' . $declaredMimeType . ') '
                     . 'and detected mime (' . $detectedMimeType . ')'
                 );
             }
         }
 
         return true;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ validateLabel()

ilQtiMatImageSecurity::validateLabel ( )

protected

Definition at line 112 of file class.ilQtiMatImageSecurity.php.

References determineFileExtension(), getDetectedMimeType(), getImageMaterial(), and hasFileExtension().

Referenced by validate().

                                       : bool
     {
         if ($this->getImageMaterial()->getUri()) {
             if (!$this->hasFileExtension($this->getImageMaterial()->getUri())) {
                 return true;
             }
 
             $extension = $this->determineFileExtension($this->getImageMaterial()->getUri());
         } else {
             $extension = $this->determineFileExtension($this->getImageMaterial()->getLabel());
         }
 
         return $this->questionFilesService->isAllowedImageFileExtension($this->getDetectedMimeType(), $extension);
     }