galads/icehrm
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix issue with non UTF employee names and allow secure file downloads

Browse Source
This commit is contained in:
Thilina
2021-06-27 17:44:24 +02:00
parent b7b128f9a7
commit 6da42b4842
1 changed files with 69 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
core/src/Classes/FileService.php
View File

@@ -76,15 +76,20 @@ class FileService
if (file_exists("/tmp/".$file->filename."_orig")) { if (file_exists("/tmp/".$file->filename."_orig")) {
//Resize image to 100 //Resize image to 100
$img = new \Classes\SimpleImage("/tmp/".$file->filename."_orig"); try {
$img->fitToWidth(140); $img = new \Classes\SimpleImage("/tmp/" . $file->filename . "_orig");
$img->save("/tmp/".$file->filename); $img->fitToWidth(140);
$img->save("/tmp/" . $file->filename);
} catch (\Exception $e) {
LogManager::getInstance()->error($e->getTraceAsString());
return null;
}
$uploadFilesToS3Key = SettingsManager::getInstance()->getSetting( $uploadFilesToS3Key = SettingsManager::getInstance()->getSetting(
"Files: Amazon S3 Key for File Upload" "Files: Amazon S3 Key for File Upload"
); );
$uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting( $uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting(
"Files: Amazone S3 Secret for File Upload" "Files: Amazon S3 Secret for File Upload"
); );
$s3Bucket = SettingsManager::getInstance()->getSetting("Files: S3 Bucket"); $s3Bucket = SettingsManager::getInstance()->getSetting("Files: S3 Bucket");
@@ -132,11 +137,7 @@ class FileService
if (empty($file->id)) { if (empty($file->id)) {
LogManager::getInstance()->info("Small profile image ".$profileImage->name."_small not found"); LogManager::getInstance()->info("Small profile image ".$profileImage->name."_small not found");
$largeFileUrl = $this->getFileUrl($profileImage->name); if (file_exists(CLIENT_BASE_PATH.'data/'.$profileImage->filename)) {
file_put_contents("/tmp/".$profileImage->filename."_orig", file_get_contents($largeFileUrl));
if (file_exists("/tmp/".$profileImage->filename."_orig")) {
//Resize image to 100 //Resize image to 100
$file->name = $profileImage->name."_small"; $file->name = $profileImage->name."_small";
@@ -144,16 +145,19 @@ class FileService
$file->$signInMappingField = $profileImage->$signInMappingField; $file->$signInMappingField = $profileImage->$signInMappingField;
$file->filename = $file->name.str_replace($profileImage->name, "", $profileImage->filename); $file->filename = $file->name.str_replace($profileImage->name, "", $profileImage->filename);
$img = new \Classes\SimpleImage("/tmp/".$profileImage->filename."_orig"); try {
$img->fitToWidth(140); $img = new \Classes\SimpleImage(CLIENT_BASE_PATH . 'data/' . $profileImage->filename);
$img->fitToWidth(140);
$img->save(CLIENT_BASE_PATH.'data/'.$file->filename); $img->save(CLIENT_BASE_PATH . 'data/' . $file->filename);
$file->employee = $profileImage->employee; $file->employee = $profileImage->employee;
$file->file_group = 'profile_image_small'; $file->file_group = 'profile_image_small';
$file->size = filesize(CLIENT_BASE_PATH.'data/'.$file->filename); $file->size = filesize(CLIENT_BASE_PATH . 'data/' . $file->filename);
$file->size_text = $this->getReadableSize($file->size); $file->size_text = $this->getReadableSize($file->size);
$file->Save(); $file->Save();
unlink("/tmp/".$file->filename."_orig"); } catch (\Exception $e) {
LogManager::getInstance()->error($e->getTraceAsString());
return null;
}
return $file; return $file;
} }
@@ -182,7 +186,7 @@ class FileService
"Files: Amazon S3 Key for File Upload" "Files: Amazon S3 Key for File Upload"
); );
$uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting( $uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting(
"Files: Amazone S3 Secret for File Upload" "Files: Amazon S3 Secret for File Upload"
); );
$s3FileSys = new S3FileSystem($uploadFilesToS3Key, $uploadFilesToS3Secret); $s3FileSys = new S3FileSystem($uploadFilesToS3Key, $uploadFilesToS3Secret);
$s3WebUrl = SettingsManager::getInstance()->getSetting("Files: S3 Web Url"); $s3WebUrl = SettingsManager::getInstance()->getSetting("Files: S3 Web Url");
@@ -204,7 +208,7 @@ class FileService
$profile->image = $file->filename; $profile->image = $file->filename;
} else { } else {
$fileNew = $this->checkAddSmallProfileImage($file); $fileNew = $this->checkAddSmallProfileImage($file);
$profile->image = CLIENT_BASE_URL.'data/'.$fileNew->filename; $profile->image = $this->getFileUrl($fileNew->filename);
} }
} else { } else {
$profile->image = $this->generateProfileImage($profile->first_name, $profile->last_name); $profile->image = $this->generateProfileImage($profile->first_name, $profile->last_name);
@@ -225,7 +229,7 @@ class FileService
"Files: Amazon S3 Key for File Upload" "Files: Amazon S3 Key for File Upload"
); );
$uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting( $uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting(
"Files: Amazone S3 Secret for File Upload" "Files: Amazon S3 Secret for File Upload"
); );
$s3FileSys = new S3FileSystem($uploadFilesToS3Key, $uploadFilesToS3Secret); $s3FileSys = new S3FileSystem($uploadFilesToS3Key, $uploadFilesToS3Secret);
$s3WebUrl = SettingsManager::getInstance()->getSetting("Files: S3 Web Url"); $s3WebUrl = SettingsManager::getInstance()->getSetting("Files: S3 Web Url");
@@ -241,7 +245,7 @@ class FileService
} elseif (substr($file->filename, 0, 8) === 'https://') { } elseif (substr($file->filename, 0, 8) === 'https://') {
$profile->image = $file->filename; $profile->image = $file->filename;
} else { } else {
$profile->image = CLIENT_BASE_URL.'data/'.$file->filename; $profile->image = $this->getLocalSecureUrl($file->filename);
} }
} else { } else {
$profile->image = $this->generateProfileImage($profile->first_name, $profile->last_name); $profile->image = $this->generateProfileImage($profile->first_name, $profile->last_name);
@@ -255,6 +259,10 @@ class FileService
$file = new File(); $file = new File();
$file->Load('name = ?', array($fileName)); $file->Load('name = ?', array($fileName));
if ($fileName !== $file->name) {
$file->Load('filename = ?', array($fileName));
}
$uploadFilesToS3 = SettingsManager::getInstance()->getSetting("Files: Upload Files to S3"); $uploadFilesToS3 = SettingsManager::getInstance()->getSetting("Files: Upload Files to S3");
if ($uploadFilesToS3 == "1") { if ($uploadFilesToS3 == "1") {
@@ -262,7 +270,7 @@ class FileService
"Files: Amazon S3 Key for File Upload" "Files: Amazon S3 Key for File Upload"
); );
$uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting( $uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting(
"Files: Amazone S3 Secret for File Upload" "Files: Amazon S3 Secret for File Upload"
); );
$s3FileSys = new S3FileSystem($uploadFilesToS3Key, $uploadFilesToS3Secret); $s3FileSys = new S3FileSystem($uploadFilesToS3Key, $uploadFilesToS3Secret);
$s3WebUrl = SettingsManager::getInstance()->getSetting("Files: S3 Web Url"); $s3WebUrl = SettingsManager::getInstance()->getSetting("Files: S3 Web Url");
@@ -282,10 +290,22 @@ class FileService
return $expireUrl; return $expireUrl;
} else { } else {
return CLIENT_BASE_URL.'data/'.$file->filename; return CLIENT_BASE_URL.'service.php?a=download&file='.$file->filename;
} }
} }
public function getLocalSecureUrl($fileName)
{
$file = new File();
$file->Load('name = ?', array($fileName));
if ($fileName !== $file->name) {
$file->Load('filename = ?', array($fileName));
}
return CLIENT_BASE_URL.'service.php?a=download&file='.$file->filename;
}
public function deleteProfileImage($profileId) public function deleteProfileImage($profileId)
{ {
$file = new File(); $file = new File();
@@ -325,7 +345,7 @@ class FileService
"Files: Amazon S3 Key for File Upload" "Files: Amazon S3 Key for File Upload"
); );
$uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting( $uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting(
"Files: Amazone S3 Secret for File Upload" "Files: Amazon S3 Secret for File Upload"
); );
$s3Bucket = SettingsManager::getInstance()->getSetting("Files: S3 Bucket"); $s3Bucket = SettingsManager::getInstance()->getSetting("Files: S3 Bucket");
@@ -355,7 +375,7 @@ class FileService
"Files: Amazon S3 Key for File Upload" "Files: Amazon S3 Key for File Upload"
); );
$uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting( $uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting(
"Files: Amazone S3 Secret for File Upload" "Files: Amazon S3 Secret for File Upload"
); );
$s3Bucket = SettingsManager::getInstance()->getSetting("Files: S3 Bucket"); $s3Bucket = SettingsManager::getInstance()->getSetting("Files: S3 Bucket");
@@ -400,15 +420,34 @@ class FileService
{ {
$seed = substr($first, 0, 1); $seed = substr($first, 0, 1);
if (empty($last)) { if (empty($last)) {
$seed .= substr($first, -1); $seed .= utf8_encode(substr($first, -1));
} else { } else {
$seed .= substr($last, 0, 1); $seed .= utf8_encode(substr($last, 0, 1));
} }
md5($seed . $last); // TODO - remove code after chinese character issue is resolved
// if(strlen($seed) != mb_strlen($seed, 'utf-8')) {
// $char1 = substr($first, 0, 1);
// $char1 = chr($this->uniord($char1) % 26 + 65);
// if (empty($last)) {
// $char2 = substr($first, -1);
// } else {
// $char2 = substr($last, 0, 1);
// }
// $char2 = chr($this->uniord($char2) % 26 + 65);
// $seed = $char1.$char2;
// }
return sprintf( return sprintf(
'https://avatars.dicebear.com/api/initials/:%s.svg', 'https://avatars.dicebear.com/api/initials/:%s.svg',
$seed . substr(md5($first . $last), -5) $seed . substr(md5($first . $last), -5)
); );
} }
private function uniord($u)
{
$k = mb_convert_encoding($u, 'UCS-2LE', 'UTF-8');
$k1 = ord(substr($k, 0, 1));
$k2 = ord(substr($k, 1, 1));
return $k2 * 256 + $k1;
}
} }