ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
class.ilQtiMatImageSecurity.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
28 class ilQtiMatImageSecurity
29 {
30  private \ILIAS\TestQuestionPool\QuestionFilesService $questionFilesService;
31  protected ilQTIMatimage $imageMaterial;
32  protected string $detectedMimeType = "";
33 
34  public function __construct(ilQTIMatimage $imageMaterial, \ILIAS\TestQuestionPool\QuestionFilesService $questionFilesService)
35  {
36  $this->questionFilesService = $questionFilesService;
37 
38  $this->setImageMaterial($imageMaterial);
39 
40  if (!strlen($this->getImageMaterial()->getRawContent())) {
41  throw new ilQtiException('cannot import image without content');
42  }
43 
44  $this->setDetectedMimeType(
45  $this->determineMimeType($this->getImageMaterial()->getRawContent())
46  );
47  }
48 
49  public function getImageMaterial(): ilQTIMatimage
50  {
51  return $this->imageMaterial;
52  }
53 
54  public function setImageMaterial(ilQTIMatimage $imageMaterial): void
55  {
56  $this->imageMaterial = $imageMaterial;
57  }
58 
59  protected function getDetectedMimeType(): string
60  {
61  return $this->detectedMimeType;
62  }
63 
64  protected function setDetectedMimeType(string $detectedMimeType): void
65  {
66  $this->detectedMimeType = $detectedMimeType;
67  }
68 
69  public function validate(): bool
70  {
71  if (!$this->validateLabel()) {
72  return false;
73  }
74 
75  if (!$this->validateContent()) {
76  return false;
77  }
78 
79  return true;
80  }
81 
82  protected function validateContent(): bool
83  {
84  if ($this->getImageMaterial()->getImagetype() && !$this->questionFilesService->isAllowedImageMimeType($this->getImageMaterial()->getImagetype())) {
85  return false;
86  }
87 
88  if (!$this->questionFilesService->isAllowedImageMimeType($this->getDetectedMimeType())) {
89  return false;
90  }
91 
92  if ($this->getImageMaterial()->getImagetype()) {
93  $declaredMimeType = current(explode(';', $this->getImageMaterial()->getImagetype()));
94  $detectedMimeType = current(explode(';', $this->getDetectedMimeType()));
95 
96  if ($declaredMimeType != $detectedMimeType) {
97  // since ilias exports jpeg declared pngs itself, we skip this validation ^^
98  // return false;
99 
100  /* @var ilComponentLogger $log */
101  $log = $GLOBALS['DIC'] ? $GLOBALS['DIC']['ilLog'] : $GLOBALS['ilLog'];
102  $log->log(
103  'QPL: imported image with declared mime (' . $declaredMimeType . ') '
104  . 'and detected mime (' . $detectedMimeType . ')'
105  );
106  }
107  }
108 
109  return true;
110  }
111 
112  protected function validateLabel(): bool
113  {
114  if ($this->getImageMaterial()->getUri()) {
115  if (!$this->hasFileExtension($this->getImageMaterial()->getUri())) {
116  return true;
117  }
118 
119  $extension = $this->determineFileExtension($this->getImageMaterial()->getUri());
120  } else {
121  $extension = $this->determineFileExtension($this->getImageMaterial()->getLabel());
122  }
123 
124  return $this->questionFilesService->isAllowedImageFileExtension($this->getDetectedMimeType(), $extension);
125  }
126 
127  public function sanitizeLabel(): void
128  {
129  $label = $this->getImageMaterial()->getLabel();
130 
131  $label = basename($label);
132  $label = ilUtil::stripSlashes($label);
133  $label = ilFileUtils::getASCIIFilename($label);
134 
135  $this->getImageMaterial()->setLabel($label);
136  }
137 
138  protected function determineMimeType(?string $content): string
139  {
140  $finfo = new finfo(FILEINFO_MIME);
141 
142  return $finfo->buffer($content);
143  }
144 
145  protected function determineFileExtension(string $label): ?string
146  {
147  $pathInfo = pathinfo($label);
148 
149  if (isset($pathInfo['extension'])) {
150  return $pathInfo['extension'];
151  }
152 
153  return null;
154  }
155 
156  protected function hasFileExtension(string $label): bool
157  {
158  $pathInfo = pathinfo($label);
159 
160  return array_key_exists('extension', $pathInfo);
161  }
162 }
ILIAS
Class ChatMainBarProvider .
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:396
ilQtiMatImageSecurity\$questionFilesService
ILIAS TestQuestionPool QuestionFilesService $questionFilesService
Definition: class.ilQtiMatImageSecurity.php:30
ilQtiMatImageSecurity\setImageMaterial
setImageMaterial(ilQTIMatimage $imageMaterial)
Definition: class.ilQtiMatImageSecurity.php:54
ilFileUtils\getASCIIFilename
static getASCIIFilename(string $a_filename)
Definition: class.ilFileUtils.php:655
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:31
$log
$log
Definition: result.php:33
ilQtiMatImageSecurity\setDetectedMimeType
setDetectedMimeType(string $detectedMimeType)
Definition: class.ilQtiMatImageSecurity.php:64
ilQtiMatImageSecurity\__construct
__construct(ilQTIMatimage $imageMaterial, \ILIAS\TestQuestionPool\QuestionFilesService $questionFilesService)
Definition: class.ilQtiMatImageSecurity.php:34