fix #5, santize files from fe form fields

numero2 · Jul 27, 2021 · 76b3172 · 76b3172
1 parent e014798
commit 76b3172
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 3 deletions.
diff --git a/src/Resources/contao/classes/CheckFilenames.php b/src/Resources/contao/classes/CheckFilenames.php
@@ -21,6 +21,7 @@
 use Contao\DataContainer;
 use Contao\FilesModel;
 use Contao\Message;
+use Contao\StringUtil;
 use Contao\System;
 use numero2\ProperFilenames\DCAHelper\Files;
 
@@ -33,12 +34,14 @@ class CheckFilenames extends \Frontend {
      *
      * @param array $arrFiles
      *
-     * @return none
+     * @return array
      */
     public function renameFiles( $arrFiles ) {
 
+        $aRenamed = [];
+
         if( !Config::get('checkFilenames') ) {
-            return null;
+            return $aRenamed;
         }
 
         $this->import('Files');
@@ -56,6 +59,7 @@ public function renameFiles( $arrFiles ) {
                 if( $oldFileName !== $newFileName ) {
 
                     $newFile = $info['dirname'] . '/' . $newFileName;
+                    $aRenamed[$file] = $newFile;
 
                     // create a temp file because the \Files class can't handle proper renaming on windows
                     $this->Files->rename($file, $newFile.'.tmp');
@@ -67,7 +71,7 @@ public function renameFiles( $arrFiles ) {
                     $objFile->hash = md5_file(TL_ROOT . '/' . $newFile);
                     $objFile->name = $newFileName;
 
-                    if( $objFile->save() ) {
+                    if( $objFile->save() && TL_MODE === 'BE' ) {
 
                         Message::addInfo(sprintf(
                             $GLOBALS['TL_LANG']['MSC']['proper_filenames_renamed']
@@ -78,6 +82,41 @@ public function renameFiles( $arrFiles ) {
                 }
             }
         }
+
+        return $aRenamed;
+    }
+
+
+    /**
+     * Rename an uploaded file
+     *
+     * @param Contao\Widget $objWidget
+     * @param string $formId
+     * @param array $arrData
+     * @param Contao\Form $objForm
+     *
+     * @return Contao\Widget
+     */
+    public function renameFormUploads( $objWidget, $formId, $arrData, $objForm ) {
+
+        if( $objWidget->storeFile && !empty($_SESSION['FILES'][$objWidget->name]) ) {
+
+            $tempPath = StringUtil::stripRootDir($_SESSION['FILES'][$objWidget->name]['tmp_name']);
+
+            // rename file and change entry in dbafs
+            $aRenamed = $this->renameFiles([$tempPath]);
+
+            if( array_key_exists($tempPath, $aRenamed) ) {
+
+                $newPath = $aRenamed[$tempPath];
+
+                // change session
+                $_SESSION['FILES'][$objWidget->name]['name'] = basename($newPath);
+                $_SESSION['FILES'][$objWidget->name]['tmp_name'] = $newPath;
+            }
+        }
+
+        return $objWidget;
     }
 
 

diff --git a/src/Resources/contao/config/config.php b/src/Resources/contao/config/config.php
@@ -17,3 +17,4 @@
  * Hooks
  */
 $GLOBALS['TL_HOOKS']['postUpload'][] = ['\numero2\ProperFilenames\CheckFilenames', 'renameFiles'];
+$GLOBALS['TL_HOOKS']['validateFormField'][] = ['\numero2\ProperFilenames\CheckFilenames', 'renameFormUploads'];
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,3 +17,4 @@ @@
      * Hooks
      */
     $GLOBALS['TL_HOOKS']['postUpload'][] = ['\numero2\ProperFilenames\CheckFilenames', 'renameFiles'];
+    $GLOBALS['TL_HOOKS']['validateFormField'][] = ['\numero2\ProperFilenames\CheckFilenames', 'renameFormUploads'];