Fixed file upload bugs

Author: Stardog

class/Controller/Admin/Slide.php

@@ -46,7 +46,7 @@ protected function listHtml(Request $request)
         $carouselId = $request->pullGetInteger('carouselId');
         $carouselFactory = new \carousel\Factory\CarouselFactory;
         $carousel = $carouselFactory->load($carouselId);
-        return $this->view->scriptView('Slide', true,
+        return $this->view->scriptView('Slide',
                         ['carouselId' => $carouselId, 'carouselTitle' => $carousel->title]);
     }
 
@@ -56,18 +56,21 @@ protected function listJson(Request $request)
         $search = $request->pullGetString('search', true);
         $sort = $request->pullGetString('sortBy', true);
         $sortDir = $request->pullGetString('sortByDir', true);
-        $listing = $this->factory->listing(['carouselId'=>$carouselId, 'search'=>$search, 'sort'=>$sort, 'sortDir'=>$sortDir]);
+        $listing = $this->factory->listing(['carouselId' => $carouselId, 'search' => $search, 'sort' => $sort, 'sortDir' => $sortDir]);
         return ['listing' => $listing];
     }
 
     protected function mediaPost(Request $request)
     {
         try {
-            $slide = $this->factory->postMedia($request);
+            $slide = $this->factory->load($request->pullPostInteger('slideId'));
+            $this->factory->postMedia($slide, $request);
             $this->factory->save($slide);
             return ['success' => true];
         } catch (\Exception $e) {
-            $this->factory->delete($slide);
+            if (isset($slide) && empty($slide->filepath)) {
+                $this->factory->delete($slide);
+            }
             throw $e;
         }
     }
@@ -99,11 +102,11 @@ protected function delete(Request $request)
         $slide = $this->factory->load($this->id);
         $this->factory->delete($slide);
     }
-    
+
     protected function sortPatch(Request $request)
     {
         $this->factory->resort($this->id, $request->pullPatchInteger('position'));
-        return ['success'=>true];
+        return ['success' => true];
     }
 
 }

class/Factory/SlideFactory.php

@@ -17,7 +17,7 @@
 use carousel\Resource\SlideResource;
 use carousel\UploadHandler;
 
-define('CAROUSEL_MEDIA_DIRECTORY', './images/carousel/');
+define('CAROUSEL_MEDIA_DIRECTORY', 'images/carousel/');
 
 class SlideFactory extends BaseFactory
 {
@@ -135,9 +135,8 @@ public function lastSlide(int $carouselId)
         return $db->selectColumn();
     }
 
-    public function postMedia(Request $request)
+    public function postMedia(SlideResource $slide, Request $request)
     {
-        $slide = $this->load($request->pullPostInteger('slideId'));
         $result = $this->upload($slide->carouselId);
 
         $slide->filepath = $result['filepath'];
@@ -151,7 +150,6 @@ public function postMedia(Request $request)
             $slide->width = $dim[0];
             $slide->height = $dim[1];
         }
-        return $slide;
     }
 
     public function put($slideId, Request $request)
@@ -188,7 +186,7 @@ public function upload(int $carouselId)
             throw new \Exception('Upload missing image/media file.');
         }
         $file = $_FILES['file'];
-
+        $file['name'] = preg_replace('/[|;,!@#$()<>\"\'`~{}\[\]=+&\^\s\t]/', '_', $file['name']);
         if (in_array($file['type'], $imageTypes)) {
             $result = $this->saveImage($file, $carouselId);
             $result['type'] = 0;
@@ -253,6 +251,7 @@ private function getImageOptions($pic, $imageDirectory, int $carouselId)
         $imageDirectory = CAROUSEL_MEDIA_DIRECTORY . $carouselId . '/';
         $imagePath = PHPWS_HOME_DIR . $imageDirectory;
         $options = array(
+            'name' => $pic['name'],
             'max_width' => CAROUSEL_SYSTEM_SETTINGS['maxWidth'],
             'max_height' => CAROUSEL_SYSTEM_SETTINGS['maxHeight'],
             'param_name' => 'file',

class/UploadHandler.php

@@ -1367,7 +1367,7 @@ public function post($print_response = true)
             foreach ($upload['tmp_name'] as $index => $value) {
                 $files[] = $this->handle_file_upload(
                         $upload['tmp_name'][$index],
-                        $file_name ? $file_name : $upload['name'][$index],
+                        $file_name ? $file_name : !empty($this->options['name']) ? $this->options['name'] : $upload['name'][$index],
                         $size ? $size : $upload['size'][$index],
                         $upload['type'][$index], $upload['error'][$index],
                         $index, $content_range
@@ -1378,7 +1378,7 @@ public function post($print_response = true)
             // $_FILES is a one-dimensional array:
             $files[] = $this->handle_file_upload(
                     isset($upload['tmp_name']) ? $upload['tmp_name'] : null,
-                    $file_name ? $file_name : (isset($upload['name']) ?
+                    $file_name ? $file_name : !empty($this->options['name']) ? $this->options['name'] : (isset($upload['name']) ?
                     $upload['name'] : null),
                     $size ? $size : (isset($upload['size']) ?
                     $upload['size'] : $this->get_server_var('CONTENT_LENGTH')),

class/View/AbstractView.php

@@ -17,20 +17,22 @@
 
 abstract class AbstractView
 {
+
     const directory = PHPWS_SOURCE_DIR . 'mod/carousel/';
     const http = PHPWS_SOURCE_HTTP . 'mod/carousel/';
-    
+
     protected $factory;
 
-    
-    protected function getDirectory() {
+    protected function getDirectory()
+    {
         return self::directory;
     }
-    
-    protected function getHttp() {
+
+    protected function getHttp()
+    {
         return self::http;
     }
-    
+
     private function addScriptVars($vars)
     {
         if (empty($vars)) {
@@ -79,24 +81,23 @@ protected function getAssetPath($scriptName)
      * @param array $vars
      * @return string
      */
-    public function scriptView($view_name, $add_anchor = true, $vars = null, $skip_vendor = false)
+    public function scriptView($view_name, $vars = null, $skip_vendor = false)
     {
         static $vendor_included = false;
         if (!$vendor_included && !$skip_vendor) {
             $script[] = $this->getScript('vendor');
             $vendor_included = true;
         }
-        if (!empty($vars)) {
+        if (!empty($vars) && is_array($vars)) {
             $script[] = $this->addScriptVars($vars);
         }
         $script[] = $this->getScript($view_name);
         $react = implode("\n", $script);
         \Layout::addJSHeader($react);
-        if ($add_anchor) {
-            $content = <<<EOF
+        $content = <<<EOF
 <div id="$view_name"></div>
 EOF;
-            return $content;
-        }
+        return $content;
     }
+
 }

class/View/CarouselView.php

@@ -36,7 +36,7 @@ public function view(CarouselResource $carousel)
         }
         $options['intervalTime'] = $carousel->intervalTime * 1000;
         $options['iterations'] = $carousel->iterations * count($slides);
-        $this->scriptView('View', false, $options, true);
+        $this->scriptView('View', $options, true);
         \Layout::addStyle('carousel');
         return $this->viewSlides($carousel, $slides);
     }
@@ -111,7 +111,7 @@ private function viewSlides(CarouselResource $carousel, array $slides)
 
     public function miniAdmin(int $keyId)
     {
-        $this->scriptView('MiniAdmin', false, ['keyId' => $keyId], true);
+        $this->scriptView('MiniAdmin', ['keyId' => $keyId], true);
 
         $options['titleOnly'] = true;
         $pinnedCarousel = $this->factory->getPinned($keyId);