Jingga/oms-Media
1
0
Fork 0
mirror of https://github.com/Karaka-Management/oms-Media.git synced 2026-02-16 17:28:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improve performance

Browse Source
This commit is contained in:
Dennis Eichhorn 2023-05-25 12:19:55 +00:00
parent 08ce435c7c
commit 1af1af6f86
2 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Controller/ApiController.php
View File

@ -367,7 +367,7 @@ final class ApiController extends Controller
*/ */
public static function createMediaPath(string $basePath = '/Modules/Media/Files') : string public static function createMediaPath(string $basePath = '/Modules/Media/Files') : string
{ {
$rndPath = \str_pad(\dechex(\mt_rand(0, 4294967295)), 8, '0', \STR_PAD_LEFT); $rndPath = \bin2hex(\random_bytes(4));
return $basePath . '/_' . $rndPath[0] . $rndPath[1] . $rndPath[2] . $rndPath[3] . '/_' . $rndPath[4] . $rndPath[5] . $rndPath[6] . $rndPath[7]; return $basePath . '/_' . $rndPath[0] . $rndPath[1] . $rndPath[2] . $rndPath[3] . '/_' . $rndPath[4] . $rndPath[5] . $rndPath[6] . $rndPath[7];
} }

25
Models/UploadFile.php
View File

@ -245,9 +245,8 @@ class UploadFile
*/ */
private function createFileName(string $path, string $tempName, string $extension) : string private function createFileName(string $path, string $tempName, string $extension) : string
{ {
$rnd = ''; $rnd = '';
$limit = -1; $limit = -1;
$fileName = '';
$nameWithoutExtension = empty($tempName) $nameWithoutExtension = empty($tempName)
? '' ? ''
@ -256,19 +255,23 @@ class UploadFile
: \substr($tempName, 0, -\strlen($extension) - 1) : \substr($tempName, 0, -\strlen($extension) - 1)
); );
do { $fileName = $tempName;
while (\is_file($path . '/' . $fileName)) {
if ($limit >= self::PATH_GENERATION_LIMIT) {
throw new \Exception('No file path could be found. Potential attack!');
}
++$limit; ++$limit;
$tempName = empty($nameWithoutExtension) $tempName = empty($nameWithoutExtension)
? \sha1($tempName . $rnd) ? \sha1($tempName . $rnd)
: $nameWithoutExtension . (empty($rnd) ? '' : '_' . $rnd); : $nameWithoutExtension . ($limit === 1 ? '' : '_' . $rnd);
$tempName .= !empty($extension) ? '.' . $extension : ''; $fileName = empty($extension)
$fileName = $tempName; ? $tempName
$rnd = (string) \mt_rand(); : $tempName . '.' . $extension;
} while (\is_file($path . '/' . $fileName) && $limit < self::PATH_GENERATION_LIMIT);
if ($limit >= self::PATH_GENERATION_LIMIT) { $rnd = \bin2hex(\random_bytes(3));
throw new \Exception('No file path could be found. Potential attack!');
} }
return $fileName; return $fileName;