ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor Class Reference

Class InsecureFilenameSanitizerPreProcessor. More...

Inheritance diagram for ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor:

Collaboration diagram for ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor:

Public Member Functions
	process (FileStream $stream, Metadata $metadata)
	This method gets invoked by the file upload service to process the file with the help of the processor. More...
	process (FileStream $stream, Metadata $metadata)
	This method gets invoked by the file upload service to process the file with the help of the processor. More...

Protected Member Functions
	checkPath (string $path)
	getRejectionMessage ()
	getOKMessage ()

Private Member Functions
	isFileAZip (Metadata $metadata)

Detailed Description

Class InsecureFilenameSanitizerPreProcessor.

PreProcessor which checks for file with potentially dangerous names

Author

Fabian Schmid fabia.nosp@m.n@sr.nosp@m..solu.nosp@m.tion.nosp@m.s

Definition at line 32 of file AbstractRecursiveZipPreProcessor.php.

Member Function Documentation

checkPath()

ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor::checkPath ( string  $path )

abstractprotected

Parameters

string

$path

to a file

Returns

bool false leads to rejection, true to accept

Reimplemented in ILIAS\FileUpload\Processor\BlacklistExtensionPreProcessor, and ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor.

Referenced by ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor\process().

Here is the caller graph for this function:

getOKMessage()

ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor::getOKMessage ( )

abstractprotected

Reimplemented in ILIAS\FileUpload\Processor\BlacklistExtensionPreProcessor, and ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor.

Referenced by ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor\process().

Here is the caller graph for this function:

getRejectionMessage()

ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor::getRejectionMessage ( )

abstractprotected

Reimplemented in ILIAS\FileUpload\Processor\BlacklistExtensionPreProcessor, and ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor.

Referenced by ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor\process().

Here is the caller graph for this function:

isFileAZip()

ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor::isFileAZip ( Metadata  $metadata )

private

Definition at line 72 of file AbstractRecursiveZipPreProcessor.php.

                                                   : bool
    {
        return $this->isMimeTypeOrExtension(
            $metadata,
            'zip',
            ['application/zip', 'application/x-zip-compressed']
        );
    }

Referenced by ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor\process().

Here is the caller graph for this function:

process()

ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor::process	(	FileStream	$stream,
		Metadata	$metadata
	)

This method gets invoked by the file upload service to process the file with the help of the processor.

If the return value is REJECTED, no further invocations of processors are done for the rejected file.

If the processor fails or returns an unexpected value, the file gets automatically rejected because the file could be dangerous to ILIAS.

Parameters

FileStream	$stream	The stream of the file.
Metadata	$metadata	The meta data of the uploaded file.

Returns

ProcessingStatus The new status of the file.

Implements ILIAS\FileUpload\Processor\PreProcessor.

Reimplemented in ilFileServicesPreProcessor.

Definition at line 45 of file AbstractRecursiveZipPreProcessor.php.

                                                                   : ProcessingStatus
    {
        if ($this->isFileAZip($metadata)) {
            try {
                $zip_file_path = $stream->getMetadata('uri');
                $zip = new \ZipArchive();
                $zip->open($zip_file_path);
 
                for ($i = 0; $i < $zip->numFiles; $i++) {
                    $original_path = $zip->getNameIndex($i);
                    if (!$this->checkPath($original_path)) {
                        return new ProcessingStatus(ProcessingStatus::REJECTED, $this->getRejectionMessage());
                    }
                }
                $zip->close();
            } catch (\Throwable) {
                return new ProcessingStatus(ProcessingStatus::PENDING, '');
            }
        }
 
        if (!$this->checkPath($metadata->getFilename())) {
            return new ProcessingStatus(ProcessingStatus::REJECTED, $this->getRejectionMessage());
        }
 
        return new ProcessingStatus(ProcessingStatus::OK, $this->getOKMessage());
    }

References ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor\checkPath(), ILIAS\FileUpload\DTO\Metadata\getFilename(), ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor\getOKMessage(), ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor\getRejectionMessage(), ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor\isFileAZip(), ILIAS\FileUpload\DTO\ProcessingStatus\OK, ILIAS\FileUpload\DTO\ProcessingStatus\PENDING, and ILIAS\FileUpload\DTO\ProcessingStatus\REJECTED.

Here is the call graph for this function:

---

The documentation for this class was generated from the following file:

• components/ILIAS/FileUpload/src/Processor/AbstractRecursiveZipPreProcessor.php