file_name = $mediaPure.'.'.$mediaExtension; if(function_exists('exif_imagetype')){ $type = exif_imagetype($media['tmp_name']); } else { $type = false; } if($type){ vmdebug('Recognised image'); if(!self::checkMediaType($type,$mediaExtension)){ vmError('Invalid media, image type does not fit to extension '.$media['name'].' '.$type.'!='.$mediaExtension); return false; } } else if(!vmAccess::manager('media.potdang')){ $m2ext = self::getMime2ExtArray(); $realMime = self::getMimeType($media['tmp_name']); vmdebug('Uploading file $realMime',$realMime,$m2ext); if(isset($m2ext[$realMime])){ //if($rExt = array_search($realMime,$m2ext)!==false){ $rExt = $m2ext[$realMime]; $hless = self::getSafeExt2MimeArray(); vmdebug('Recognised nonimage, not safe ext',$rExt,$hless); //$rExt = $hless[$realMime]; if(!isset($hless[$rExt])){ vmError('Invalid media type, you are not allowed to upload this file, file type does not fit to mime '.$media['name']); return false; } else { vmdebug('Uploading file ',$hless[$rExt]); } } else { return false; } } if($obj->file_is_forSale==0){ $uploadPath = VMPATH_ROOT.DS.$path_folder.$media['name']; } else { $uploadPath = $path_folder.$media['name']; } $uploaded = JFile::upload($media['tmp_name'], $uploadPath, false, vmAccess::manager('media.trusteduploader')); if(!$uploaded){ return false; } $obj->file_mimetype = $media['type']; $obj->media_published = 1; $app->enqueueMessage(vmText::sprintf('COM_VIRTUEMART_FILE_UPLOAD_OK',VMPATH_ROOT.DS.$path_folder.$media['name'])); return $media['name']; case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini $app->enqueueMessage(vmText::sprintf('COM_VIRTUEMART_PRODUCT_FILES_ERR_UPLOAD_MAX_FILESIZE',$media['name'],$media['tmp_name']), 'warning'); break; case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form $app->enqueueMessage(vmText::sprintf('COM_VIRTUEMART_PRODUCT_FILES_ERR_MAX_FILE_SIZE',$media['name'],$media['tmp_name']), 'warning'); break; case 3: //uploaded file was only partially uploaded $app->enqueueMessage(vmText::sprintf('COM_VIRTUEMART_PRODUCT_FILES_ERR_PARTIALLY',$media['name'],$media['tmp_name']), 'warning'); break; case 4: //no file was uploaded //$vmLogger->warning( "You have not selected a file/image for upload." ); break; default: //a default error, just in case! :) //$vmLogger->warning( "There was a problem with your upload." ); break; } return false; } static function checkMediaType($type,$ext){ if($type === IMAGETYPE_JPEG){ if($ext!='jpg' and $ext!='jpeg') return false; } else if($type){ if( '.'.$ext!=image_type_to_extension($type) ) return false; } return true; } static function getMimeType($p){ if (version_compare(PHP_VERSION, '5.3.0') < 0) return false; if (!function_exists('finfo_open')){ vmError('Please enable php_fileinfo.dll for more secure MIME-TYPE recognition, uploading file stopped','Could not recognise MIME, uploading stopped'); return false; } else { $finfo = new finfo(FILEINFO_MIME_TYPE); $mimeType = $finfo->file($p); return $mimeType; } } } if(!function_exists('mime_content_type')) { function mime_content_type($filename, &$errortxt='') { ######################################################### ## Please do not use any direct user input for $filename ######################################################### ## for use on windows systems please install first: ## http://gnuwin32.sourceforge.net/packages/file.htm $path = ''; if (isset($_SERVER['WINDIR'])) { //$path = "C:/Programme/GnuWin32/bin/"; } $filepath = realpath($filename); $_mime = array(); ## escape spaces in $filename due to their separating effect $filepath = str_replace(" ","\\ ",$filepath); exec ($path . "file -bi $filepath", $_mime, $error); if (($error) or (count($_mime) != 1)) return false; if (strpos($_mime[0], "can't stat") !== false) { $errortxt = "unknown type"; $mime = false; } elseif (strpos($_mime[0], "can't read") !== false) { $errortxt = "cannot read file"; $mime = false; } elseif (strpos($_mime[0], "can't ") !== false) { $errortxt = "unspecified error"; $mime = false; } else { $mime = trim($_mime[0]); } return $mime; } }