Polished and new translated files added.
[moodle.git] / lib / uploadlib.php
CommitLineData
18b8fbfa 1<?php
2error_reporting(E_ALL ^ E_NOTICE);
3/**
4 * This class handles all aspects of fileuploading
5 */
6class upload_manager {
7
8 var $files; // array to hold local copies of stuff in $_FILES
9 var $config; // holds all configuration stuff.
10 var $status; // keep track of if we're ok (errors for each file are kept in $files['whatever']['uploadlog']
11 var $course; // the course this file has been uploaded for (for logging and virus notifications)
12 var $inputname; // if we're only getting one file.
81d425b4 13 var $notify; // if we're given silent=true in the constructor, this gets built up to hold info about the process.
18b8fbfa 14
15 /**
16 * Constructor, sets up configuration stuff so we know how to act.
17 * Note: destination not taken as parameter as some modules want to use the insertid in the path and we need to check the other stuff first.
18 * @param $inputname - if this is given the upload manager will only process the file in $_FILES with this name.
19 * @param $deleteothers - whether to delete other files in the destination directory (optional,defaults to false)
20 * @param $handlecollisions - whether to use handle_filename_collision() or not. (optional, defaults to false)
21 * @param $course - the course the files are being uploaded for (for logging and virus notifications)
22 * @param $recoverifmultiple - if we come across a virus, or if a file doesn't validate or whatever, do we continue? optional, defaults to true.
81d425b4 23 * @param $modbytes - max bytes for this module - this and $course->maxbytes are used to get the maxbytes from get_max_upload_file_size().
24 * @param $silent - whether to notify errors or not.
18b8fbfa 25 */
81d425b4 26 function upload_manager($inputname='',$deleteothers=false,$handlecollisions=false,$course=null,$recoverifmultiple=false,$modbytes=0,$silent=false) {
18b8fbfa 27
28 global $CFG;
29
30 $this->config->deleteothers = $deleteothers;
31 $this->config->handlecollisions = $handlecollisions;
32 $this->config->recoverifmultiple = $recoverifmultiple;
33 $this->config->maxbytes = get_max_upload_file_size($CFG->maxbytes,$course->maxbytes,$modbytes);
81d425b4 34 $this->config->silent = $silent;
18b8fbfa 35 $this->files = array();
36 $this->status = false;
37 $this->course = $course;
38 $this->inputname = $inputname;
39 }
40
41 /**
42 * Gets all entries out of $_FILES and stores them locally in $files
43 * Checks each one against get_max_upload_file_size and calls cleanfilename and scans them for viruses etc.
44 */
45 function preprocess_files() {
46 global $CFG;
47 foreach ($_FILES as $name => $file) {
48 $this->status = true; // only set it to true here so that we can check if this function has been called.
49 if (empty($this->inputname) || $name == $this->inputname) { // if we have input name, only process if it matches.
50 $file['originalname'] = $file['name']; // do this first for the log.
51 $this->files[$name] = $file; // put it in first so we can get uploadlog out in print_upload_log.
52 $this->status = $this->validate_file($this->files[$name],empty($this->inputname)); // default to only allowing empty on multiple uploads.
53 if (!$this->status && $this->files[$name]['error'] = 0 || $this->files[$name]['error'] == 4 && empty($this->inputname)) {
54 // this shouldn't cause everything to stop.. modules should be responsible for knowing which if any are compulsory.
55 continue;
56 }
57 if ($this->status && $CFG->runclamonupload) {
58 $this->status = clam_scan_file($this->files[$name],$this->course);
59 }
60 if (!$this->status) {
61 if (!$this->config->recoverifmultiple && count($this->files) > 1) {
62 $a->name = $this->files[$name]['originalname'];
63 $a->problem = $this->files[$name]['uploadlog'];
81d425b4 64 if (!$this->config->silent) {
65 notify(get_string('uploadfailednotrecovering','moodle',$a));
66 }
67 else {
68 $this->notify .= "<br />".get_string('uploadfailednotrecovering','moodle',$a);
69 }
18b8fbfa 70 $this->status = false;
71 return false;
72 }
73 else if (count($this->files) == 1) {
81d425b4 74 if (!$this->config->silent) {
75 notify($this->files[$name]['uploadlog']);
76 }
77 else {
78 $this->notify .= "<br />".$this->files[$name]['uploadlog'];
79 }
18b8fbfa 80 $this->status = false;
81 return false;
82 }
83 }
84 else {
85 $newname = clean_filename($this->files[$name]['name']);
86 if ($newname != $this->files[$name]['name']) {
87 $a->oldname = $this->files[$name]['name'];
88 $a->newname = $newname;
89 $this->files[$name]['uploadlog'] .= get_string('uploadrenamedchars','moodle',$a);
90 }
91 $this->files[$name]['name'] = $newname;
92 $this->files[$name]['clear'] = true; // ok to save.
93 }
94 }
95 }
46c5446e 96 if (!is_array($_FILES) || count($_FILES) == 0) {
97 return false;
98 }
18b8fbfa 99 $this->status = true;
100 return true; // if we've got this far it means that we're recovering so we want status to be ok.
101 }
102
103 /**
104 * Validates a single file entry from _FILES
105 * @param $file - the entry from _FILES to validate
106 * @param $allowempty - this is to allow module owners to control which files are compulsory if this function is being called straight from the module.
107 * @return true if ok.
108 */
109 function validate_file(&$file,$allowempty=true) {
110 if (empty($file)) {
111 return $allowempty; // this shouldn't cause everything to stop.. modules should be responsible for knowing which if any are compulsory.
112 }
113 if (!is_uploaded_file($file['tmp_name']) || $file['size'] == 0) {
114 $file['uploadlog'] .= "\n".$this->get_file_upload_error($file);
115 if ($file['error'] == 0 || $file['error'] == 4) {
116 return $allowempty;
117 }
118 return false;
119 }
120 if ($file['size'] > $this->config->maxbytes) {
121 $file['uploadlog'] .= "\n".get_string("uploadedfiletoobig", "moodle", $this->config->maxbytes);
122 return false;
123 }
124 return true;
125 }
126
127 /**
128 * Moves all the files to the destination directory.
129 * @param $destination - the destination directory.
130 * @return status;
131 */
132 function save_files($destination) {
133 global $CFG,$USER;
134
135 if (!$this->status) { // preprocess_files hasn't been run
136 $this->preprocess_files();
137 }
138 if ($this->status) {
139 if (!(strpos($destination,$CFG->dataroot) === false)) {
140 // take it out for giving to make_upload_directory
141 $destination = substr($destination,strlen($CFG->dataroot)+1);
142 }
143
144 if ($destination{strlen($destination)-1} == "/") { // strip off a trailing / if we have one
145 $destination = substr($destination,0,-1);
146 }
147
148 if (!make_upload_directory($destination,true)) { //TODO maybe put this function here instead of moodlelib.php now.
149 $this->status = false;
150 return false;
151 }
152
153 $destination = $CFG->dataroot.'/'.$destination; // now add it back in so we have a full path
154
155 $exceptions = array(); //need this later if we're deleting other files.
156
157 foreach (array_keys($this->files) as $i) {
158
159 if (!$this->files[$i]['clear']) {
160 // not ok to save
161 continue;
162 }
163
164 if ($this->config->handlecollisions) {
165 $this->handle_filename_collision($destination,$this->files[$i]);
166 }
167 if (move_uploaded_file($this->files[$i]['tmp_name'], $destination.'/'.$this->files[$i]['name'])) {
168 chmod($destination.'/'.$this->files[$i]['name'], $CFG->directorypermissions);
169 $this->files[$i]['fullpath'] = $destination.'/'.$this->files[$i]['name'];
170 $this->files[$i]['uploadlog'] .= "\n".get_string('uploadedfile');
171 $this->files[$i]['saved'] = true;
172 $exceptions[] = $this->files[$i]['name'];
173 // now add it to the log (this is important so we know who to notify if a virus is found later on)
174 clam_log_upload($this->files[$i]['fullpath'],$this->course);
175 $savedsomething=true;
176 }
177 }
178 if ($savedsomething && $this->config->deleteothers) {
179 $this->delete_other_files($destination,$exceptions);
180 }
181 }
182 if (!$savedsomething) {
183 $this->status = false;
184 return false;
185 }
186 return $this->status;
187 }
188
189 /**
190 * Wrapper function that calls preprocess_files and viruscheck_files and then save_files
191 * Modules that require the insert id in the filepath should not use this and call these functions seperately in the required order.
192 * @parameter $destination - where to save the uploaded files to.
193 */
194 function process_file_uploads($destination) {
195 if ($this->preprocess_files()) {
196 return $this->save_files($destination);
197 }
198 return false;
199 }
200
201 /**
202 * Deletes all the files in a given directory except for the files in $exceptions (full paths)
203 * @param $destination - the directory to clean up.
204 * @param $exceptions - array of full paths of files to KEEP.
205 */
206 function delete_other_files($destination,$exceptions=null) {
207 if ($filestodel = get_directory_list($destination)) {
208 foreach ($filestodel as $file) {
209 if (!is_array($exceptions) || !in_array($file,$exceptions)) {
210 unlink("$destination/$file");
211 $deletedsomething = true;
212 }
213 }
214 }
215 if ($deletedsomething) {
81d425b4 216 if (!$this->config->silent) {
217 notify(get_string('uploadoldfilesdeleted'));
218 }
219 else {
220 $this->notify .= "<br />".get_string('uploadoldfilesdeleted');
221 }
18b8fbfa 222 }
223 }
224
225 /**
226 * Handles filename collisions - if the desired filename exists it will rename it according to the pattern in $format
227 * @param $destination - destination directory (to check existing files against)
228 * @param $file - the current file from $files we're processing.
229 * @param $format - the printf style format to rename the file to (defaults to filename_number.extn)
230 * @return new filename.
231 */
232 function handle_filename_collision($destination,&$file,$format='%s_%d.%s') {
233 $bits = explode('.',$file['name']);
234 // check for collisions and append a nice numberydoo.
235 if (file_exists($destination.'/'.$file['name'])) {
236 $a->oldname = $file['name'];
237 for ($i = 1; true; $i++) {
238 $try = sprintf($format,$bits[0],$i,$bits[1]);
239 if ($this->check_before_renaming($destination,$try,$file)) {
240 $file['name'] = $try;
241 break;
242 }
243 }
244 $a->newname = $file['name'];
245 $file['uploadlog'] .= "\n".get_string('uploadrenamedcollision','moodle',$a);
246 }
247 }
248
249 /**
250 * This function checks a potential filename against what's on the filesystem already and what's been saved already.
251 */
252 function check_before_renaming($destination,$nametocheck,$file) {
253 if (!file_exists($destination.'/'.$nametocheck)) {
254 return true;
255 }
256 if ($this->config->deleteothers) {
257 foreach ($this->files as $tocheck) {
258 // if we're deleting files anyway, it's not THIS file and we care about it and it has the same name and has already been saved..
259 if ($file['tmp_name'] != $tocheck['tmp_name'] && $tocheck['clear'] && $nametocheck == $tocheck['name'] && $tocheck['saved']) {
260 $collision = true;
261 }
262 }
263 if (!$collision) {
264 return true;
265 }
266 }
267 return false;
268 }
269
270
271 function get_file_upload_error(&$file) {
272
273 switch ($file['error']) {
274 case 0: // UPLOAD_ERR_OK
275 if ($file['size'] > 0) {
276 $errmessage = get_string('uploadproblem', $file['name']);
277 } else {
278 $errmessage = get_string('uploadnofilefound'); /// probably a dud file name
279 }
280 break;
281
282 case 1: // UPLOAD_ERR_INI_SIZE
283 $errmessage = get_string('uploadserverlimit');
284 break;
285
286 case 2: // UPLOAD_ERR_FORM_SIZE
287 $errmessage = get_string('uploadformlimit');
288 break;
289
290 case 3: // UPLOAD_ERR_PARTIAL
291 $errmessage = get_string('uploadpartialfile');
292 break;
293
294 case 4: // UPLOAD_ERR_NO_FILE
295 $errmessage = get_string('uploadnofilefound');
296 break;
297
298 default:
299 $errmessage = get_string('uploadproblem', $file['name']);
300 }
301 return $errmessage;
302 }
303
304 /**
305 * prints a log of everything that happened (of interest) to each file in _FILES
306 * @param $return - optional, defaults to false (log is echoed)
307 */
308 function print_upload_log($return=false) {
309 foreach (array_keys($this->files) as $i => $key) {
310 $str .= '<b>'.get_string('uploadfilelog','moodle',$i+1).' '
311 .((!empty($this->files[$key]['originalname'])) ? '('.$this->files[$key]['originalname'].')' : '')
312 .'</b> :'.nl2br($this->files[$key]['uploadlog']).'<br />';
313 }
314 if ($return) {
315 return $str;
316 }
317 echo $str;
318 }
319
320 /**
321 * If we're only handling one file (if inputname was given in the constructor) this will return the (possibly changed) filename of the file.
322 */
323 function get_new_filename() {
324 if (!empty($this->inputname) && count($this->files) == 1) {
325 return $this->files[$this->inputname]['name'];
326 }
327 return false;
328 }
329
81d425b4 330 /**
331 * If we're only handling one file (if input name was given in the constructor) this will return the full path to the saved file.
332 */
333 function get_new_filepath() {
334 if (!empty($this->inputname) && count($this->files) == 1) {
335 return $this->files[$this->inputname]['fullpath'];
336 }
337 return false;
338 }
339
18b8fbfa 340 /**
341 * If we're only handling one file (if inputname was given in the constructor) this will return the ORIGINAL filename of the file.
342 */
343 function get_original_filename() {
344 if (!empty($this->inputname) && count($this->files) == 1) {
345 return $this->files[$this->inputname]['originalname'];
346 }
347 return false;
348 }
349}
350
351/**************************************************************************************
352THESE FUNCTIONS ARE OUTSIDE THE CLASS BECAUSE THEY NEED TO BE CALLED FROM OTHER PLACES.
353FOR EXAMPLE CLAM_HANDLE_INFECTED_FILE AND CLAM_REPLACE_INFECTED_FILE USED FROM CRON
354UPLOAD_PRINT_FORM_FRAGMENT DOESN'T REALLY BELONG IN THE CLASS BUT CERTAINLY IN THIS FILE
355***************************************************************************************/
356
357
358/**
359 * This function prints out a number of upload form elements
360 * @param $numfiles - the number of elements required (optional, defaults to 1)
361 * @param $names - array of element names to use (optional, defaults to FILE_n)
362 * @param $descriptions - array of strings to be printed out before each file bit.
363 * @param $uselabels - whether to output text fields for file descriptions or not (optional, defaults to false)
364 * @param $labelnames - array of element names to use for labels (optional, defaults to LABEL_n)
365 * @param $coursebytes
366 * @param $modbytes - these last two are used to calculate upload max size ( using get_max_upload_file_size)
367 * @param $return - whether to return the string (defaults to false - string is echoed)
368 */
369function upload_print_form_fragment($numfiles=1,$names=null,$descriptions=null,$uselabels=false,$labelnames=null,$coursebytes=0,$modbytes=0,$return=false) {
370 global $CFG;
371 $maxbytes = get_max_upload_file_size($CFG->maxbytes,$coursebytes,$modbytes);
372 $str = '<input type="hidden" name="MAX_FILE_SIZE" value="'.$maxbytes.'" />'."\n";
373 for ($i = 0; $i < $numfiles; $i++) {
374 if (is_array($descriptions) && !empty($descriptions[$i])) {
375 $str .= '<b>'.$descriptions[$i].'</b><br />';
376 }
377 $str .= '<input type="file" size="50" name="'.((is_array($names) && !empty($names[$i])) ? $names[$i] : 'FILE_'.$i).'" /><br />'."\n";
378 if ($uselabels) {
379 $str .= get_string('uploadlabel').' <input type="text" size="50" name="'
380 .((is_array($labelnames) && !empty($labelnames[$i])) ? $labelnames[$i] : 'LABEL_'.$i)
381 .'" /><br /><br />'."\n";
382 }
383 }
384 if ($return) {
385 return $str;
386 }
387 else {
388 echo $str;
389 }
390}
391
392
393/**
394 * Deals with an infected file - either moves it to a quarantinedir
395 * (specified in CFG->quarantinedir) or deletes it.
396 * If moving it fails, it deletes it.
397 * @param file full path to the file
398 * @param userid - if not used, defaults to $USER->id (there in case called from cron)
399 * @param basiconly - admin level reporting or user level reporting.
400 * @return a string of what it did.
401 */
402function clam_handle_infected_file($file,$userid=0,$basiconly=false) {
403
404 global $CFG,$USER;
405 if ($USER && !$userid) {
406 $userid = $USER->id;
407 }
408 $delete = true;
409 if (file_exists($CFG->quarantinedir) && is_dir($CFG->quarantinedir) && is_writable($CFG->quarantinedir)) {
410 $now = date('YmdHis');
411 if (rename($file,$CFG->quarantinedir.'/'.$now.'-user-'.$userid.'-infected')) {
412 $delete = false;
413 if ($basiconly) {
414 $notice .= "\n".get_string('clammovedfilebasic');
415 }
416 else {
417 $notice .= "\n".get_string('clammovedfile','moodle',$CFG->quarantinedir.'/'.$now.'-user-'.$userid.'-infected');
418 }
419 }
420 else {
421 if ($basiconly) {
422 $notice .= "\n".get_string('clamdeletedfile');
423 }
424 else {
425 $notice .= "\n".get_string('clamquarantinedirfailed','moodle',$CFG->quarantinedir);
426 }
427 }
428 }
429 else {
430 if ($basiconly) {
431 $notice .= "\n".get_string('clamdeletedfile');
432 }
433 else {
434 $notice .= "\n".get_string('clamquarantinedirfailed','moodle',$CFG->quarantinedir);
435 }
436 }
437 if ($delete) {
438 if (unlink($file)) {
439 $notice .= "\n".get_string('clamdeletedfile');
440 }
441 else {
442 if ($basiconly) {
443 // still tell the user the file has been deleted. this is only for admins.
444 $notice .= "\n".get_string('clamdeletedfile');
445 }
446 else {
447 $notice .= "\n".get_string('clamdeletedfilefailed');
448 }
449 }
450 }
451 return $notice;
452}
453
454/**
455 * Replaces the given file with a string to notify that the original file had a virus.
456 * This is to avoid missing files but could result in the wrong content-type.
457 * @param file - full path to the file.
458 */
459function clam_replace_infected_file($file) {
460 $newcontents = get_string('virusplaceholder');
461 if (!$f = fopen($file,'w')) {
462 return false;
463 }
464 if (!fwrite($f,$newcontents)) {
465 return false;
466 }
467 return true;
468}
469
470
471/**
472 * If $CFG->runclamonupload is set, we scan a given file. (called from preprocess_files)
473 * This function will add on a uploadlog index in $file.
474 * @param $file - the file to scan from $files. or an absolute path to a file.
475 * @return 1 if good, 0 if something goes wrong (opposite from actual error code from clam)
476 */
477function clam_scan_file(&$file,$course) {
478 global $CFG,$USER;
479
480 if (is_array($file) && is_uploaded_file($file['tmp_name'])) { // it's from $_FILES
481 $appendlog = true;
482 $fullpath = $file['tmp_name'];
483 }
484 else if (file_exists($file)) { // it's a path to somewhere on the filesystem!
485 $fullpath = $file;
486 }
487 else {
488 return false; // erm, what is this supposed to be then, huh?
489 }
490
491 if (!$CFG->pathtoclam || !file_exists($CFG->pathtoclam) || !is_executable($CFG->pathtoclam)) {
492 $newreturn = 1;
493 $notice = get_string('clamlost','moodle',$CFG->pathtoclam);
494 if ($CFG->clamfailureonupload == 'actlikevirus') {
495 $notice .= "\n".get_string('clamlostandactinglikevirus');
496 $notice .= "\n".clam_handle_infected_file($fullpath);
497 $newreturn = false;
498 }
499 clam_mail_admins($notice);
500 return $newreturn; // return 1 if we're allowing clam failures
501 }
502
503 $cmd = $CFG->pathtoclam.' '.$fullpath." 2>&1";
504
505 // before we do anything we need to change perms so that clamscan can read the file (clamdscan won't work otherwise)
506 chmod($fullpath,0644);
507
508 exec($cmd,$output,$return);
509
510
511 switch ($return) {
512 case 0: // glee! we're ok.
513 return 1; // translate clam return code into reasonable return code consistent with everything else.
514 case 1: // bad wicked evil, we have a virus.
515 if (!empty($course)) {
516 $info->course = $course->fullname;
517 }
518 else {
519 $info->course = 'No course';
520 }
521 $info->user = $USER->firstname.' '.$USER->lastname;
522 $notice = get_string('virusfound','moodle',$info);
523 $notice .= "\n\n".implode("\n",$output);
524 $notice .= "\n\n".clam_handle_infected_file($fullpath);
525 clam_mail_admins($notice);
526 if ($appendlog) {
527 $info->filename = $file['originalname'];
528 $file['uploadlog'] .= "\n".get_string('virusfounduser','moodle',$info);
529 $file['virus'] = 1;
530 }
531 return false; // in this case, 0 means bad.
532 default:
533 // error - clam failed to run or something went wrong
534 $notice .= get_string('clamfailed','moodle',get_clam_error_code($return));
535 $notice .= "\n\n".implode("\n",$output);
536 $newreturn = true;
537 if ($CFG->clamfailureonupload == 'actlikevirus') {
538 $notice .= "\n".clam_handle_infected_file($fullpath);
539 $newreturn = false;
540 }
541 clam_mail_admins($notice);
542 if ($appendlog) {
543 $file['uploadlog'] .= "\n".get_string('clambroken');
544 $file['clam'] = 1;
545 }
546 return $newreturn; // return 1 if we're allowing failures.
547 }
548}
549
550/**
551 * emails admins about a clam outcome
552 * @param notice - the body of the email.
553 */
554function clam_mail_admins($notice) {
555
556 $site = get_site();
557
558 $subject = get_string('clamemailsubject','moodle',$site->fullname);
559 $admins = get_admins();
560 foreach ($admins as $admin) {
561 email_to_user($admin,get_admin(),$subject,$notice);
562 }
563}
564
565
566function get_clam_error_code($returncode) {
567 $returncodes = array();
568 $returncodes[0] = 'No virus found.';
569 $returncodes[1] = 'Virus(es) found.';
570 $returncodes[2] = ' An error occured'; // specific to clamdscan
571 // all after here are specific to clamscan
572 $returncodes[40] = 'Unknown option passed.';
573 $returncodes[50] = 'Database initialization error.';
574 $returncodes[52] = 'Not supported file type.';
575 $returncodes[53] = 'Can\'t open directory.';
576 $returncodes[54] = 'Can\'t open file. (ofm)';
577 $returncodes[55] = 'Error reading file. (ofm)';
578 $returncodes[56] = 'Can\'t stat input file / directory.';
579 $returncodes[57] = 'Can\'t get absolute path name of current working directory.';
580 $returncodes[58] = 'I/O error, please check your filesystem.';
581 $returncodes[59] = 'Can\'t get information about current user from /etc/passwd.';
582 $returncodes[60] = 'Can\'t get information about user \'clamav\' (default name) from /etc/passwd.';
583 $returncodes[61] = 'Can\'t fork.';
584 $returncodes[63] = 'Can\'t create temporary files/directories (check permissions).';
585 $returncodes[64] = 'Can\'t write to temporary directory (please specify another one).';
586 $returncodes[70] = 'Can\'t allocate and clear memory (calloc).';
587 $returncodes[71] = 'Can\'t allocate memory (malloc).';
588 if ($returncodes[$returncode])
589 return $returncodes[$returncode];
590 return get_string('clamunknownerror');
591
592}
593
594/**
595 * adds a file upload to the log table so that clam can resolve the filename to the user later if necessary
596 */
597function clam_log_upload($newfilepath,$course=null) {
598 global $CFG,$USER;
599 // get rid of any double // that might have appeared
600 $newfilepath = preg_replace('/\/\//','/',$newfilepath);
601 if (strpos($newfilepath,$CFG->dataroot) === false) {
602 $newfilepath = $CFG->dataroot.'/'.$newfilepath;
603 }
604 $CFG->debug=10;
605 $courseid = 0;
606 if ($course) {
607 $courseid = $course->id;
608 }
609 add_to_log($courseid,"upload","upload","",$newfilepath);
610}
611
612/**
613 * some of the modules allow moving attachments (glossary), in which case we need to hunt down an original log and change the path.
614 */
615function clam_change_log($oldpath,$newpath) {
616 global $CFG;
617 $sql = "UPDATE {$CFG->prefix}log SET info = '$newpath' WHERE module = 'upload' AND info = '$oldpath'";
618 execute_sql($sql);
619}
620?>