From a5a9e4e2f7180c6186a30b8b5335c75b8ecdb2fa Mon Sep 17 00:00:00 2001
From: Al-Nafuur <w.stubig@firmaplus.de>
Date: Wed, 19 Apr 2023 15:29:56 +0200
Subject: [PATCH] New file upload

- Fix upload $_FILES properties
- Check mime types not file extension
- Postfix "_path" can be changed
- Unlink previous file on edit (doesn't work on delete)
- Add info about additional data and db fields
---
 plugins/file-upload.php | 69 ++++++++++++++++++++++++++++-------------
 1 file changed, 47 insertions(+), 22 deletions(-)

diff --git a/plugins/file-upload.php b/plugins/file-upload.php
index af3526731..1f3513138 100644
--- a/plugins/file-upload.php
+++ b/plugins/file-upload.php
@@ -1,7 +1,5 @@
 <?php
-//! delete
-
-/** Edit fields ending with "_path" by <input type="file"> and link to the uploaded files from select
+/** Edit fields ending with postfix by <input type="file"> and link to the uploaded files from select
 * @link https://www.adminer.org/plugins/#use
 * @author Jakub Vrana, https://www.vrana.cz/
 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
@@ -9,44 +7,71 @@
 */
 class AdminerFileUpload {
 	/** @access protected */
-	var $uploadPath, $displayPath, $extensions;
+	var $uploadPath, $displayPath, $allowedMimeTypes, $fieldPostfix;
 
 	/**
 	* @param string prefix for uploading data (create writable subdirectory for each table containing uploadable fields)
 	* @param string prefix for displaying data, null stands for $uploadPath
-	* @param string regular expression with allowed file extensions
+	* @param array with allowed mime types (empty array means all mime types are allowed)
+	* @param string field postfix
 	*/
-	function __construct($uploadPath = "../static/data/", $displayPath = null, $extensions = "[a-zA-Z0-9]+") {
+	function __construct($uploadPath = "../static/data/", $displayPath = null, $allowedMimeTypes = [], $fieldPostfix = "_path" ) {
 		$this->uploadPath = $uploadPath;
 		$this->displayPath = ($displayPath !== null ? $displayPath : $uploadPath);
-		$this->extensions = $extensions;
+		$this->allowedMimeTypes = $allowedMimeTypes;
+		$this->fieldPostfix = $fieldPostfix;
 	}
 
 	function editInput($table, $field, $attrs, $value) {
-		if (preg_match('~(.*)_path$~', $field["field"])) {
-			return "<input type='file'$attrs>";
+		if (preg_match('~(.*)'.$this->fieldPostfix.'$~', $field["field"])) {
+			return '<input type="file"'.$attrs.'><br><input type="text" name="Previous['.$field["field"].']" value="'.$value.'" size="45" readonly>';
 		}
 	}
 
 	function processInput($field, $value, $function = "") {
-		if (preg_match('~(.*)_path$~', $field["field"], $regs)) {
-			$table = ($_GET["edit"] != "" ? $_GET["edit"] : $_GET["select"]);
-			$name = "fields-$field[field]";
-			if ($_FILES[$name]["error"] || !preg_match("~(\\.($this->extensions))?\$~", $_FILES[$name]["name"], $regs2)) {
-				return false;
-			}
-			//! unlink old
-			$filename = uniqid() . $regs2[0];
-			if (!move_uploaded_file($_FILES[$name]["tmp_name"], "$this->uploadPath$table/$regs[1]-$filename")) {
-				return false;
+		$fname = $field["field"];
+		if (preg_match('~(.*)'.$this->fieldPostfix.'$~', $fname, $regs)) {
+			$previous_file = $_POST["Previous"][$fname] != "" ? q($_POST["Previous"][$fname]) : false;
+			// check for file upload and $_FILES[$name], because search by this field does not have $_FILES
+			if (isset($_FILES["fields"]["name"][$fname]) && $_FILES["fields"]["error"][$fname] === UPLOAD_ERR_OK) {
+				$table = ($_GET["edit"] != "" ? $_GET["edit"] : $_GET["select"]);
+				$mime_type = mime_content_type($_FILES["fields"]["tmp_name"][$fname]);
+				if (count($this->allowedMimeTypes) && !in_array($mime_type, $this->allowedMimeTypes)) {
+					return $previous_file;
+				}
+				$file_extension = pathinfo($_FILES["fields"]["name"][$fname], PATHINFO_EXTENSION);
+				$title = pathinfo($_FILES["fields"]["name"][$fname], PATHINFO_FILENAME);
+				$filename = $regs[1]."-".uniqid().$title.".".$file_extension;
+
+				if (move_uploaded_file($_FILES["fields"]["tmp_name"][$fname], "$this->uploadPath$table/$filename")) {
+					/* Additional data and db fields can be filled/changed after succesfull upload.
+					$fileinfo = @getimagesize("$this->uploadPath$table/$filename");
+					if($fileinfo){
+						$_POST["fields"]["width"] = $fileinfo[0];
+						$_POST["fields"]["height"] = $fileinfo[1];
+					}
+					$_POST["fields"]["file_title"] = $title;
+					$_POST["fields"]["file_extension"] = $file_extension;
+					$_POST["fields"]["file_type"] = $mime_type;
+					$_POST["fields"]["file_checksum"] = md5_file("$this->uploadPath$table/$filename");
+					$_POST["fields"]["file_size"] = $_FILES["fields"]["size"][$fname];
+					$_POST["fields"]["file_name_original"] = $title.".".$file_extension;
+					$_POST["fields"]["file_uploaded_on"] = date("Y-m-d H:i:s");
+					*/
+					if($previous_file){
+						//! unlink old
+						unlink("$this->uploadPath$table/".trim($previous_file, "'"));
+					}
+					return q($filename);
+				}
 			}
-			return q($filename);
+			return $previous_file;
 		}
 	}
 
 	function selectVal($val, &$link, $field, $original) {
-		if ($val != "" && preg_match('~(.*)_path$~', $field["field"], $regs)) {
-			$link = "$this->displayPath$_GET[select]/$regs[1]-$val";
+		if ($val != "" && preg_match('~(.*)'.$this->fieldPostfix.'$~', $field["field"])) {
+			$link = "$this->displayPath$_GET[select]/$val";
 		}
 	}