Search in sources :

Example 1 with BadExtensionException

use of net.jforum.exceptions.BadExtensionException in project jforum2 by rafaelsteil.

the class AttachmentCommon method preProcess.

public void preProcess() {
    if (!this.canProceed) {
        return;
    }
    String t = this.request.getParameter("total_files");
    if (t == null || "".equals(t)) {
        return;
    }
    int total = Integer.parseInt(t);
    if (total < 1) {
        return;
    }
    if (total > SystemGlobals.getIntValue(ConfigKeys.ATTACHMENTS_MAX_POST)) {
        total = SystemGlobals.getIntValue(ConfigKeys.ATTACHMENTS_MAX_POST);
    }
    long totalSize = 0;
    int userId = SessionFacade.getUserSession().getUserId();
    Map extensions = this.am.extensionsForSecurity();
    for (int i = 0; i < total; i++) {
        FileItem item = (FileItem) this.request.getObjectParameter("file_" + i);
        if (item == null) {
            continue;
        }
        if (item.getName().indexOf('\000') > -1) {
            logger.warn("Possible bad attachment (null char): " + item.getName() + " - user_id: " + SessionFacade.getUserSession().getUserId());
            continue;
        }
        UploadUtils uploadUtils = new UploadUtils(item);
        // Check if the extension is allowed
        boolean containsExtension = extensions.containsKey(uploadUtils.getExtension());
        boolean denyAll = extensions.containsKey(DENY_ALL);
        boolean isAllowed = (!denyAll && !containsExtension) || (containsExtension && extensions.get(uploadUtils.getExtension()).equals(Boolean.TRUE));
        if (!isAllowed) {
            throw new BadExtensionException(I18n.getMessage("Attachments.badExtension", new String[] { uploadUtils.getExtension() }));
        }
        // Check comment length:
        String comment = this.request.getParameter("comment_" + i);
        if (comment.length() > 254) {
            throw new AttachmentException("Comment too long.");
        }
        Attachment a = new Attachment();
        a.setUserId(userId);
        AttachmentInfo info = new AttachmentInfo();
        info.setFilesize(item.getSize());
        info.setComment(comment);
        info.setMimetype(item.getContentType());
        // Get only the filename, without the path (IE does that)
        String realName = this.stripPath(item.getName());
        info.setRealFilename(realName);
        info.setUploadTimeInMillis(System.currentTimeMillis());
        AttachmentExtension ext = this.am.selectExtension(uploadUtils.getExtension().toLowerCase());
        if (ext.isUnknown()) {
            ext.setExtension(uploadUtils.getExtension());
        }
        info.setExtension(ext);
        String savePath = this.makeStoreFilename(info);
        info.setPhysicalFilename(savePath);
        a.setInfo(info);
        filesToSave.put(uploadUtils, a);
        totalSize += item.getSize();
    }
    // Check upload limits
    QuotaLimit ql = this.getQuotaLimit(userId);
    if (ql != null) {
        if (ql.exceedsQuota(totalSize)) {
            throw new AttachmentSizeTooBigException(I18n.getMessage("Attachments.tooBig", new Integer[] { new Integer(ql.getSizeInBytes() / 1024), new Integer((int) totalSize / 1024) }));
        }
    }
}
Also used : AttachmentInfo(net.jforum.entities.AttachmentInfo) Attachment(net.jforum.entities.Attachment) AttachmentException(net.jforum.exceptions.AttachmentException) FileItem(net.jforum.util.legacy.commons.fileupload.FileItem) AttachmentExtension(net.jforum.entities.AttachmentExtension) AttachmentSizeTooBigException(net.jforum.exceptions.AttachmentSizeTooBigException) QuotaLimit(net.jforum.entities.QuotaLimit) HashMap(java.util.HashMap) Map(java.util.Map) BadExtensionException(net.jforum.exceptions.BadExtensionException)

Aggregations

HashMap (java.util.HashMap)1 Map (java.util.Map)1 Attachment (net.jforum.entities.Attachment)1 AttachmentExtension (net.jforum.entities.AttachmentExtension)1 AttachmentInfo (net.jforum.entities.AttachmentInfo)1 QuotaLimit (net.jforum.entities.QuotaLimit)1 AttachmentException (net.jforum.exceptions.AttachmentException)1 AttachmentSizeTooBigException (net.jforum.exceptions.AttachmentSizeTooBigException)1 BadExtensionException (net.jforum.exceptions.BadExtensionException)1 FileItem (net.jforum.util.legacy.commons.fileupload.FileItem)1