diff --git a/Controller.php b/Controller.php index da9a93f..d28cddf 100644 --- a/Controller.php +++ b/Controller.php @@ -213,18 +213,23 @@ class Controller extends ModuleAbstract implements WebInterface if (!empty($files)) { $upload = new UploadFile(); - $rndPath = str_pad(dechex(rand(0, 65535)), 4, '0', STR_PAD_LEFT); - $path = '/' . trim($basePath, '/\\.') . '/' . $rndPath[0] . $rndPath[1] . '/' . $rndPath[2] . $rndPath[3]; + $path = self::createMediaPath($basePath); $upload->setOutputDir($path); $upload->setFileName(false); $status = $upload->upload($files); - $mediaCreated = $this->createDbEntries($status, $account); + $mediaCreated = self::createDbEntries($status, $account); } return $mediaCreated; } + public static function createMediaPath(string $basePath = '/Modules/Media/Files') : string + { + $rndPath = str_pad(dechex(rand(0, 65535)), 4, '0', STR_PAD_LEFT); + return '/' . trim($basePath, '/\\.') . '/' . $rndPath[0] . $rndPath[1] . '/' . $rndPath[2] . $rndPath[3]; + } + /** * @param array $status Files * @param int $account Uploader @@ -234,7 +239,7 @@ class Controller extends ModuleAbstract implements WebInterface * @since 1.0.0 * @author Dennis Eichhorn */ - public function createDbEntries(array $status, int $account) : array + public static function createDbEntries(array $status, int $account) : array { $mediaCreated = []; diff --git a/Models/UploadFile.php b/Models/UploadFile.php index 270e7d6..fa9c6e1 100644 --- a/Models/UploadFile.php +++ b/Models/UploadFile.php @@ -138,9 +138,9 @@ class UploadFile if (!$this->fileName || empty($this->fileName) || file_exists($path . '/' . $this->fileName)) { $rnd = ''; + // todo: implement limit since this could get exploited do { $sha = sha1_file($f['tmp_name'] . $rnd); - $sha .= '.' . $extension; if ($sha === false) { $result[$key]['status'] = UploadStatus::FAILED_HASHING; @@ -148,6 +148,8 @@ class UploadFile return $result; } + $sha .= '.' . $extension; + $this->fileName = $sha; $rnd = mt_rand(); } while (file_exists($path . '/' . $this->fileName));