src/Eccube/Controller/Admin/Content/FileController.php line 57

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Eccube\Controller\Admin\Content;
  16. use Eccube\Controller\AbstractController;
  17. use Eccube\Util\FilesystemUtil;
  18. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
  19. use Symfony\Component\Filesystem\Exception\IOException;
  20. use Symfony\Component\Filesystem\Filesystem;
  21. use Symfony\Component\Finder\Finder;
  22. use Symfony\Component\Form\Extension\Core\Type\FileType;
  23. use Symfony\Component\Form\Extension\Core\Type\FormType;
  24. use Symfony\Component\Form\Extension\Core\Type\TextType;
  25. use Symfony\Component\HttpFoundation\BinaryFileResponse;
  26. use Symfony\Component\HttpFoundation\File\Exception\FileException;
  27. use Symfony\Component\HttpFoundation\File\UploadedFile;
  28. use Symfony\Component\HttpFoundation\Request;
  29. use Symfony\Component\HttpFoundation\ResponseHeaderBag;
  30. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  31. use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
  32. use Symfony\Component\Routing\Annotation\Route;
  33. use Symfony\Component\Validator\Constraints as Assert;
  35. class FileController extends AbstractController
  36. {
  37.     public const SJIS 'sjis-win';
  38.     public const UTF 'UTF-8';
  39.     private $errors = [];
  40.     private $encode;
  42.     /**
  43.      * FileController constructor.
  44.      */
  45.     public function __construct()
  46.     {
  47.         $this->encode self::UTF;
  48.         if ('\\' === DIRECTORY_SEPARATOR) {
  49.             $this->encode self::SJIS;
  50.         }
  51.     }
  53.     /**
  54.      * @Route("/%eccube_admin_route%/content/file_manager", name="admin_content_file", methods={"GET", "POST"})
  55.      * @Template("@admin/Content/file.twig")
  56.      */
  57.     public function index(Request $request)
  58.     {
  59.         $this->addInfoOnce('admin.common.restrict_file_upload_info''admin');
  61.         $form $this->formFactory->createBuilder(FormType::class)
  62.             ->add('file'FileType::class, [
  63.                 'multiple' => true,
  64.                 'attr' => [
  65.                     'multiple' => 'multiple',
  66.                 ],
  67.             ])
  68.             ->add('create_file'TextType::class)
  69.             ->getForm();
  71.         // user_data_dir
  72.         $userDataDir $this->getUserDataDir();
  73.         $topDir $this->normalizePath($userDataDir);
  74.         //        $topDir = '/';
  75.         // user_data_dirの親ディレクトリ
  76.         $htmlDir $this->normalizePath($this->getUserDataDir().'/../');
  78.         // カレントディレクトリ
  79.         $nowDir $this->checkDir($this->getUserDataDir($request->get('tree_select_file')), $this->getUserDataDir())
  80.             ? $this->normalizePath($this->getUserDataDir($request->get('tree_select_file')))
  81.             : $topDir;
  83.         // パンくず表示用データ
  84.         $nowDirList json_encode(explode('/'trim(str_replace($htmlDir''$nowDir), '/')));
  85.         $jailNowDir $this->getJailDir($nowDir);
  86.         $isTopDir = ($topDir === $jailNowDir);
  87.         $parentDir substr($nowDir0strrpos($nowDir'/'));
  89.         if ('POST' === $request->getMethod()) {
  90.             switch ($request->get('mode')) {
  91.                 case 'create':
  92.                     $this->create($request);
  93.                     break;
  94.                 case 'upload':
  95.                     $this->upload($request);
  96.                     break;
  97.                 default:
  98.                     break;
  99.             }
  100.         }
  101.         $tree $this->getTree($this->getUserDataDir(), $request);
  102.         $arrFileList $this->getFileList($nowDir);
  103.         $paths $this->getPathsToArray($tree);
  104.         $tree $this->getTreeToArray($tree);
  106.         return [
  107.             'form' => $form->createView(),
  108.             'tpl_javascript' => json_encode($tree),
  109.             'top_dir' => $this->getJailDir($topDir),
  110.             'tpl_is_top_dir' => $isTopDir,
  111.             'tpl_now_dir' => $jailNowDir,
  112.             'html_dir' => $this->getJailDir($htmlDir),
  113.             'now_dir_list' => $nowDirList,
  114.             'tpl_parent_dir' => $this->getJailDir($parentDir),
  115.             'arrFileList' => $arrFileList,
  116.             'errors' => $this->errors,
  117.             'paths' => json_encode($paths),
  118.         ];
  119.     }
  121.     /**
  122.      * @Route("/%eccube_admin_route%/content/file_view", name="admin_content_file_view", methods={"GET"})
  123.      */
  124.     public function view(Request $request)
  125.     {
  126.         $file $this->convertStrToServer($this->getUserDataDir($request->get('file')));
  127.         if ($this->checkDir($file$this->getUserDataDir())) {
  128.             setlocale(LC_ALL'ja_JP.UTF-8');
  130.             return new BinaryFileResponse($file);
  131.         }
  133.         throw new NotFoundHttpException();
  134.     }
  136.     /**
  137.      * Create directory
  138.      *
  139.      * @param Request $request
  140.      */
  141.     public function create(Request $request)
  142.     {
  143.         $form $this->formFactory->createBuilder(FormType::class)
  144.             ->add('file'FileType::class, [
  145.                 'multiple' => true,
  146.                 'attr' => [
  147.                     'multiple' => 'multiple',
  148.                 ],
  149.             ])
  150.             ->add('create_file'TextType::class, [
  151.                 'constraints' => [
  152.                     new Assert\NotBlank(),
  153.                     new Assert\Regex([
  154.                         'pattern' => '/[^[:alnum:]_.\\-]/',
  155.                         'match' => false,
  156.                         'message' => 'admin.content.file.folder_name_symbol_error',
  157.                     ]),
  158.                     new Assert\Regex([
  159.                         'pattern' => "/^\.(.*)$/",
  160.                         'match' => false,
  161.                         'message' => 'admin.content.file.folder_name_period_error',
  162.                     ]),
  163.                 ],
  164.             ])
  165.             ->getForm();
  167.         $form->handleRequest($request);
  168.         if (!$form->isValid()) {
  169.             foreach ($form->getErrors(true) as $error) {
  170.                 $this->errors[] = ['message' => $error->getMessage()];
  171.             }
  173.             return;
  174.         }
  176.         $fs = new Filesystem();
  177.         $filename $form->get('create_file')->getData();
  179.         try {
  180.             $topDir $this->getUserDataDir();
  181.             $nowDir $this->getUserDataDir($request->get('now_dir'));
  182.             $nowDir $this->checkDir($nowDir$topDir)
  183.                 ? $this->normalizePath($nowDir)
  184.                 : $topDir;
  185.             $newFilePath $nowDir.'/'.$filename;
  186.             if (file_exists($newFilePath)) {
  187.                 throw new IOException(trans('admin.content.file.dir_exists', ['%file_name%' => $filename]));
  188.             }
  189.         } catch (IOException $e) {
  190.             $this->errors[] = ['message' => $e->getMessage()];
  191.             return;
  192.         }
  193.         try {
  194.             $fs->mkdir($newFilePath);
  195.             $this->addSuccess('admin.common.create_complete''admin');
  196.         } catch (IOException $e) {
  197.             log_error($e->getMessage());
  198.             $this->errors[] = ['message' => trans('admin.content.file.upload_error', [
  199.                 '%file_name%' => $filename,
  200.             ])];
  201.         }
  202.     }
  204.     /**
  205.      * @Route("/%eccube_admin_route%/content/file_delete", name="admin_content_file_delete", methods={"DELETE"})
  206.      */
  207.     public function delete(Request $request)
  208.     {
  209.         $this->isTokenValid();
  211.         $selectFile $request->get('select_file');
  212.         if ($selectFile === '' || $selectFile === null || $selectFile == '/') {
  213.             return $this->redirectToRoute('admin_content_file');
  214.         }
  216.         $topDir $this->getUserDataDir();
  217.         $file $this->convertStrToServer($this->getUserDataDir($selectFile));
  218.         if ($this->checkDir($file$topDir)) {
  219.             $fs = new Filesystem();
  220.             if ($fs->exists($file)) {
  221.                 $fs->remove($file);
  222.                 $this->addSuccess('admin.common.delete_complete''admin');
  223.             }
  224.         }
  226.         // 削除実行時のカレントディレクトリを表示させる
  227.         return $this->redirectToRoute('admin_content_file', ['tree_select_file' => dirname($selectFile)]);
  228.     }
  230.     /**
  231.      * @Route("/%eccube_admin_route%/content/file_download", name="admin_content_file_download", methods={"GET"})
  232.      */
  233.     public function download(Request $request)
  234.     {
  235.         $topDir $this->getUserDataDir();
  236.         $file $this->convertStrToServer($this->getUserDataDir($request->get('select_file')));
  237.         if ($this->checkDir($file$topDir)) {
  238.             if (!is_dir($file)) {
  239.                 setlocale(LC_ALL'ja_JP.UTF-8');
  240.                 $pathParts pathinfo($file);
  242.                 $patterns = [
  243.                     '/[a-zA-Z0-9!"#$%&()=~^|@`:*;+{}]/',
  244.                     '/[- ,.<>?_[\]\/\\\\]/',
  245.                     "/['\r\n\t\v\f]/",
  246.                 ];
  248.                 $str preg_replace($patterns''$pathParts['basename']);
  249.                 if (strlen($str) === 0) {
  250.                     return (new BinaryFileResponse($file))->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT);
  251.                 } else {
  252.                     return new BinaryFileResponse($file200, [
  253.                         'Content-Type' => 'aplication/octet-stream;',
  254.                         'Content-Disposition' => "attachment; filename*=UTF-8\'\'".rawurlencode($this->convertStrFromServer($pathParts['basename'])),
  255.                     ]);
  256.                 }
  257.             }
  258.         }
  259.         throw new NotFoundHttpException();
  260.     }
  262.     public function upload(Request $request)
  263.     {
  264.         $form $this->formFactory->createBuilder(FormType::class)
  265.             ->add('file'FileType::class, [
  266.                 'multiple' => true,
  267.                 'constraints' => [
  268.                     new Assert\NotBlank([
  269.                         'message' => 'admin.common.file_select_empty',
  270.                     ]),
  271.                 ],
  272.             ])
  273.             ->add('create_file'TextType::class)
  274.             ->getForm();
  276.         $form->handleRequest($request);
  278.         if (!$form->isValid()) {
  279.             foreach ($form->getErrors(true) as $error) {
  280.                 $this->errors[] = ['message' => $error->getMessage()];
  281.             }
  283.             return;
  284.         }
  286.         $data $form->getData();
  287.         $topDir $this->getUserDataDir();
  288.         $nowDir $this->getUserDataDir($request->get('now_dir'));
  290.         if (!$this->checkDir($nowDir$topDir)) {
  291.             $this->errors[] = ['message' => 'file.text.error.invalid_upload_folder'];
  293.             return;
  294.         }
  296.         $uploadCount count($data['file']);
  297.         $successCount 0;
  299.         /** @var UploadedFile $file */
  300.         foreach ($data['file'] as $file) {
  301.             $filename $this->convertStrToServer($file->getClientOriginalName());
  302.             try {
  303.                 // フォルダの存在チェック
  304.                 if (is_dir(rtrim($nowDir'/\\').\DIRECTORY_SEPARATOR.$filename)) {
  305.                     throw new UnsupportedMediaTypeHttpException(trans('admin.content.file.same_name_folder_exists'));
  306.                 }
  307.                 // 英数字, 半角スペース, _-.() のみ許可
  308.                 if (!preg_match('/\A[a-zA-Z0-9_\-\.\(\) ]+\Z/'$filename)) {
  309.                     throw new UnsupportedMediaTypeHttpException(trans('admin.content.file.folder_name_symbol_error'));
  310.                 }
  311.                 // dotファイルはアップロード不可
  312.                 if (strpos($filename'.') === 0) {
  313.                     throw new UnsupportedMediaTypeHttpException(trans('admin.content.file.dotfile_error'));
  314.                 }
  315.                 // 許可した拡張子以外アップロード不可
  316.                 if (!in_array(strtolower($file->getClientOriginalExtension()), $this->eccubeConfig['eccube_file_uploadable_extensions'], true)) {
  317.                     throw new UnsupportedMediaTypeHttpException(trans('admin.content.file.extension_error'));
  318.                 }
  319.             } catch (UnsupportedMediaTypeHttpException $e) {
  320.                 if (!in_array($e->getMessage(), array_column($this->errors'message'))) {
  321.                     $this->errors[] = ['message' => $e->getMessage()];
  322.                 }
  323.                 continue;
  324.             }
  325.             try {
  326.                 $file->move($nowDir$filename);
  327.                 $successCount++;
  328.             } catch (FileException $e) {
  329.                 log_error($e->getMessage());
  330.                 $this->errors[] = ['message' => trans('admin.content.file.upload_error', [
  331.                     '%file_name%' => $filename,
  332.                 ])];
  333.             }
  334.         }
  335.         if ($successCount 0) {
  336.             $this->addSuccess(trans('admin.content.file.upload_complete', [
  337.                 '%success%' => $successCount,
  338.                 '%count%' => $uploadCount,
  339.             ]), 'admin');
  340.         }
  341.     }
  343.     private function getTreeToArray($tree)
  344.     {
  345.         $arrTree = [];
  346.         foreach ($tree as $key => $val) {
  347.             $path $this->getJailDir($val['path']);
  348.             $arrTree[$key] = [
  349.                 $key,
  350.                 $val['type'],
  351.                 $path,
  352.                 $val['depth'],
  353.                 $val['open'] ? 'true' 'false',
  354.             ];
  355.         }
  357.         return $arrTree;
  358.     }
  360.     private function getPathsToArray($tree)
  361.     {
  362.         $paths = [];
  363.         foreach ($tree as $val) {
  364.             $paths[] = $this->getJailDir($val['path']);
  365.         }
  367.         return $paths;
  368.     }
  370.     /**
  371.      * @param string $topDir
  372.      * @param Request $request
  373.      */
  374.     private function getTree($topDir$request)
  375.     {
  376.         $finder Finder::create()->in($topDir)
  377.             ->directories()
  378.             ->sortByName();
  380.         $tree = [];
  381.         $tree[] = [
  382.             'path' => $topDir,
  383.             'type' => '_parent',
  384.             'depth' => 0,
  385.             'open' => true,
  386.         ];
  388.         $defaultDepth count(explode('/'$topDir));
  390.         $openDirs = [];
  391.         if ($request->get('tree_status')) {
  392.             $openDirs explode('|'$request->get('tree_status'));
  393.         }
  395.         foreach ($finder as $dirs) {
  396.             $path $this->normalizePath($dirs->getRealPath());
  397.             $type = (iterator_count(Finder::create()->in($path)->directories())) ? '_parent' '_child';
  398.             $depth count(explode('/'$path)) - $defaultDepth;
  399.             $tree[] = [
  400.                 'path' => $path,
  401.                 'type' => $type,
  402.                 'depth' => $depth,
  403.                 'open' => (in_array($path$openDirs)) ? true false,
  404.             ];
  405.         }
  407.         return $tree;
  408.     }
  410.     /**
  411.      * @param string $nowDir
  412.      */
  413.     private function getFileList($nowDir)
  414.     {
  415.         $topDir $this->getuserDataDir();
  416.         $filter = function (\SplFileInfo $file) use ($topDir) {
  417.             $acceptPath realpath($topDir);
  418.             $targetPath $file->getRealPath();
  420.             return strpos($targetPath$acceptPath) === 0;
  421.         };
  423.         $finder Finder::create()
  424.             ->filter($filter)
  425.             ->in($nowDir)
  426.             ->ignoreDotFiles(false)
  427.             ->sortByName()
  428.             ->depth(0);
  429.         $dirFinder $finder->directories();
  430.         try {
  431.             $dirs $dirFinder->getIterator();
  432.         } catch (\Exception $e) {
  433.             $dirs = [];
  434.         }
  436.         $fileFinder $finder->files();
  437.         try {
  438.             $files $fileFinder->getIterator();
  439.         } catch (\Exception $e) {
  440.             $files = [];
  441.         }
  443.         $arrFileList = [];
  444.         foreach ($dirs as $dir) {
  445.             $dirPath $this->normalizePath($dir->getRealPath());
  446.             $childDir Finder::create()
  447.                 ->in($dirPath)
  448.                 ->ignoreDotFiles(false)
  449.                 ->directories()
  450.                 ->depth(0);
  451.             $childFile Finder::create()
  452.                 ->in($dirPath)
  453.                 ->ignoreDotFiles(false)
  454.                 ->files()
  455.                 ->depth(0);
  456.             $countNumber $childDir->count() + $childFile->count();
  457.             $arrFileList[] = [
  458.                 'file_name' => $this->convertStrFromServer($dir->getFilename()),
  459.                 'file_path' => $this->convertStrFromServer($this->getJailDir($dirPath)),
  460.                 'file_size' => FilesystemUtil::sizeToHumanReadable($dir->getSize()),
  461.                 'file_time' => $dir->getmTime(),
  462.                 'is_dir' => true,
  463.                 'is_empty' => $countNumber == true false,
  464.             ];
  465.         }
  466.         foreach ($files as $file) {
  467.             $arrFileList[] = [
  468.                 'file_name' => $this->convertStrFromServer($file->getFilename()),
  469.                 'file_path' => $this->convertStrFromServer($this->getJailDir($this->normalizePath($file->getRealPath()))),
  470.                 'file_size' => FilesystemUtil::sizeToHumanReadable($file->getSize()),
  471.                 'file_time' => $file->getmTime(),
  472.                 'is_dir' => false,
  473.                 'is_empty' => false,
  474.                 'extension' => $file->getExtension(),
  475.             ];
  476.         }
  478.         return $arrFileList;
  479.     }
  481.     protected function normalizePath($path)
  482.     {
  483.         return str_replace('\\''/'realpath($path));
  484.     }
  486.     /**
  487.      * @param string $topDir
  488.      */
  489.     protected function checkDir($targetDir$topDir)
  490.     {
  491.         if (strpos($targetDir'..') !== false) {
  492.             return false;
  493.         }
  494.         $targetDir realpath($targetDir);
  495.         $topDir realpath($topDir);
  497.         return strpos($targetDir$topDir) === 0;
  498.     }
  500.     /**
  501.      * @return string
  502.      */
  503.     private function convertStrFromServer($target)
  504.     {
  505.         if ($this->encode == self::SJIS) {
  506.             return mb_convert_encoding($targetself::UTFself::SJIS);
  507.         }
  509.         return $target;
  510.     }
  512.     private function convertStrToServer($target)
  513.     {
  514.         if ($this->encode == self::SJIS) {
  515.             return mb_convert_encoding($targetself::SJISself::UTF);
  516.         }
  518.         return $target;
  519.     }
  521.     private function getUserDataDir($nowDir null)
  522.     {
  523.         return rtrim($this->getParameter('kernel.project_dir').'/html/user_data'.$nowDir'/');
  524.     }
  526.     private function getJailDir($path)
  527.     {
  528.         $realpath realpath($path);
  529.         $jailPath str_replace(realpath($this->getUserDataDir()), ''$realpath);
  531.         return $jailPath $jailPath '/';
  532.     }
  533. }