Implement valid_image_mimetypes and valid_file_mimetypes #32 / Support pdf/docs upload #29

youchenlee · youchenlee · commit c9f8c62a11a0 · 2016-03-06T03:34:43.000+08:00
Also remove Session, I don't see why filemanager need session.
diff --git a/README.md b/README.md
@@ -165,6 +165,26 @@ In `config/lfm.php` :
     'files_dir'          => 'public/files/',
     'files_url'          => '/files/',
     // path and url of files
+
+
+    // valid image mimetypes
+    'valid_image_mimetypes' => [
+        'image/jpeg',
+        'image/pjpeg',
+        'image/png',
+        'image/gif'
+    ],
+
+
+    // valid file mimetypes (only when '/laravel-filemanager?type=Files')
+    'valid_file_mimetypes' => [
+        'image/jpeg',
+        'image/pjpeg',
+        'image/png',
+        'image/gif',
+        'application/pdf',
+        'text/plain'
+    ],
 ```
 
 ## Customization
diff --git a/src/config/lfm.php b/src/config/lfm.php
@@ -20,6 +20,25 @@
     'files_dir'          => 'public/files/',
     'files_url'          => '/files/',
 
+    // available since v1.3.0
+    'valid_image_mimetypes' => [
+        'image/jpeg',
+        'image/pjpeg',
+        'image/png',
+        'image/gif'
+    ],
+
+    // available since v1.3.0
+    // only when '/laravel-filemanager?type=Files'
+    'valid_file_mimetypes' => [
+        'image/jpeg',
+        'image/pjpeg',
+        'image/png',
+        'image/gif',
+        'application/pdf',
+        'text/plain',
+    ],
+
     'file_type_array'         => [
         'pdf'  => 'Adobe Acrobat',
         'docx' => 'Microsoft Word',
diff --git a/src/controllers/DeleteController.php b/src/controllers/DeleteController.php
@@ -4,7 +4,6 @@
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\File;
 use Illuminate\Support\Facades\Input;
-use Illuminate\Support\Facades\Session;
 use Lang;
 
 /**
@@ -43,7 +42,7 @@ public function getDelete()
 
         File::delete($file_to_delete);
 
-        if (Session::get('lfm_type') == 'Images') {
+        if ('Images' === $this->file_type) {
             File::delete($thumb_to_delete);
         }
 
diff --git a/src/controllers/DownloadController.php b/src/controllers/DownloadController.php
@@ -4,7 +4,6 @@
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Response;
-use Illuminate\Support\Facades\Session;
 
 /**
  * Class DownloadController
diff --git a/src/controllers/FolderController.php b/src/controllers/FolderController.php
@@ -4,7 +4,6 @@
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\File;
 use Illuminate\Support\Facades\Input;
-use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\View;
 use Illuminate\Support\Str;
 use Lang;
diff --git a/src/controllers/ItemsController.php b/src/controllers/ItemsController.php
@@ -6,7 +6,6 @@
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Str;
-use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\View;
 use Intervention\Image\Facades\Image;
 
diff --git a/src/controllers/LfmController.php b/src/controllers/LfmController.php
@@ -4,7 +4,7 @@
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\File;
 use Illuminate\Support\Facades\Input;
-use Illuminate\Support\Facades\Session;
+use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\View;
 use Intervention\Image\Facades\Image;
 
@@ -17,16 +17,27 @@ class LfmController extends Controller {
     /**
      * @var
      */
-    public $file_location;
-    public $dir_location;
+    public $file_location = null;
+    public $dir_location = null;
+    public $file_type = null;
 
 
     /**
      * Constructor
      */
     public function __construct()
     {
-        $this->setPathAndType();
+        $this->file_type = Input::get('type', 'Images'); // default set to Images.
+
+        if ('Images' === $this->file_type) {
+            $this->dir_location = Config::get('lfm.images_url');
+            $this->file_location = Config::get('lfm.images_dir');
+        } elseif ('Files' === $this->file_type) {
+            $this->dir_location = Config::get('lfm.files_url');
+            $this->file_location = Config::get('lfm.files_dir');
+        } else {
+            throw new \Exception('unexpected type parameter');
+        }
 
         $this->checkMyFolderExists();
 
@@ -48,7 +59,8 @@ public function show()
         }
 
         return View::make('laravel-filemanager::index')
-            ->with('working_dir', $working_dir);
+            ->with('working_dir', $working_dir)
+            ->with('file_type', $this->file_type);
     }
 
 
@@ -57,22 +69,6 @@ public function show()
      *****************************/
 
 
-    private function setPathAndType()
-    {
-        // dd('type:'.Input::get('type'));
-
-        if (Input::has('type') && Input::get('type') === 'Files') {
-            Session::put('lfm_type', 'Files');
-            Session::put('lfm.file_location', Config::get('lfm.files_dir'));
-            Session::put('lfm.dir_location', Config::get('lfm.files_url'));
-        } else if (Input::has('type') && Input::get('type') === 'Images') {
-            Session::put('lfm_type', 'Images');
-            Session::put('lfm.file_location', Config::get('lfm.images_dir'));
-            Session::put('lfm.dir_location', Config::get('lfm.images_url'));
-        }
-    }
-
-
     private function checkMyFolderExists()
     {
         if (\Config::get('lfm.allow_multi_user') === true) {
@@ -122,7 +118,7 @@ private function formatLocation($location, $type = null)
 
     public function getPath($type = null)
     {
-        $path = base_path() . '/' . Session::get('lfm.file_location');
+        $path = base_path() . '/' . $this->file_location;
 
         $path = $this->formatLocation($path, $type);
 
@@ -132,7 +128,7 @@ public function getPath($type = null)
 
     public function getUrl($type = null)
     {
-        $url = Session::get('lfm.dir_location');
+        $url = $this->dir_location;
 
         $url = $this->formatLocation($url, $type);
 
diff --git a/src/controllers/RenameController.php b/src/controllers/RenameController.php
@@ -4,7 +4,6 @@
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\File;
 use Illuminate\Support\Facades\Input;
-use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Str;
 use Lang;
 
@@ -45,7 +44,7 @@ public function getRename()
 
         File::move($old_file, $new_file);
 
-        if (Session::get('lfm_type') == 'Images') {
+        if ('Images' === $this->file_type) {
             File::move($thumb_path . $old_name, $thumb_path . $new_name);
         }
 
diff --git a/src/controllers/UploadController.php b/src/controllers/UploadController.php
@@ -4,10 +4,10 @@
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\File;
 use Illuminate\Support\Facades\Input;
-use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Str;
 use Lang;
 use Intervention\Image\Facades\Image;
+use Symfony\Component\HttpFoundation\File\UploadedFile;
 
 /**
  * Class UploadController
@@ -23,6 +23,15 @@ class UploadController extends LfmController {
      */
     public function upload()
     {
+        try {
+            $res = $this->uploadValidator();
+            if (true !== $res) {
+                return "Invalid upload request";
+            }
+        } catch (\Exception $e) {
+            return $e->getMessage();
+        }
+
         if (!Input::hasFile('upload')) {
             return Lang::get('laravel-filemanager::lfm.error-file-empty');
         }
@@ -39,7 +48,7 @@ public function upload()
 
         $file->move($dest_path, $new_filename);
 
-        if (Session::get('lfm_type') == 'Images') {
+        if ('Images' === $this->file_type) {
             $this->makeThumb($dest_path, $new_filename);
         }
 
@@ -51,6 +60,63 @@ public function upload()
         return 'OK';
     }
 
+    private function uploadValidator()
+    {
+        // when uploading a file with the POST named "upload"
+
+        $file_array = Input::file();
+        $expected_file_type = $this->file_type;
+        $is_valid = false;
+
+        if (!is_array($file_array)) {
+            throw new \Exception('Incorrect file_array');
+        }
+
+        if (!array_key_exists('upload', $file_array)) {
+            throw new \Exception('name: "upload" not exists');
+        }
+
+        $file = $file_array['upload'];
+        if (!$file) {
+            throw new \Exception('Unexpected, nothing in "upload"');
+        }
+        if (!$file instanceof UploadedFile) {
+            throw new \Exception('The uploaded file should be an instance of UploadedFile');
+        }
+
+        $mimetype = $file->getMimeType();
+
+        // File MimeTypes Check
+        $valid_file_mimetypes = Config::get(
+            'lfm.valid_file_mimetypes',
+            ['application/pdf']
+        );
+        if (!is_array($valid_file_mimetypes)) {
+            throw new \Exception('valid_file_mimetypes is not set correctly');
+        }
+
+        if (in_array($mimetype, $valid_file_mimetypes) && $expected_file_type === 'Files') {
+            $is_valid = true;
+        }
+
+        // Image MimeTypes Check
+        $valid_image_mimetypes = Config::get(
+            'lfm.valid_image_mimetypes',
+            ['image/jpeg', 'image/png', 'image/gif']
+        );
+        if (!is_array($valid_image_mimetypes)) {
+            throw new \Exception('valid_image_mimetypes is not set correctly');
+        }
+        if (in_array($mimetype, $valid_image_mimetypes)) {
+            $is_valid = true;
+        }
+
+        if (false === $is_valid) {
+            throw new \Exception('Unexpected MimeType: ' . $mimetype);
+        }
+        return $is_valid;
+    }
+
     private function getNewName($file)
     {
         $new_filename = $file->getClientOriginalName();
diff --git a/src/views/index.blade.php b/src/views/index.blade.php
@@ -95,6 +95,7 @@
                     </div>
                     <input type='hidden' name='working_dir' id='working_dir' value='{{$working_dir}}'>
                     <input type='hidden' name='show_list' id='show_list' value='0'>
+                    <input type='hidden' name='type' value='{{$file_type}}'>
                     <input type='hidden' name='_token' value='{{csrf_token()}}'>
                 </form>
             </div>
@@ -239,7 +240,7 @@ function download(x) {
     function loadItems() {
         var type = 'Images';
 
-        @if ((Session::has('lfm_type')) && (Session::get('lfm_type') == 'Files'))
+        @if ('Files' === $file_type)
             type = 'Files';
         @endif
 
@@ -363,7 +364,7 @@ function useFile(file) {
 
         var item_url = image_url;
 
-        @if ((Session::has('lfm_type')) && (Session::get('lfm_type') != "Images"))
+        @if ("Images" !== $file_type)
         item_url = file_url;
         @endif
 
