On file upload fail display error message based on error code for media, plugins and themes

Author: givanz

admin/controller/media/media.php

@@ -24,8 +24,8 @@
 
 use function Vvveb\__;
 use Vvveb\Controller\Base;
+use function Vvveb\fileUploadErrMessage;
 use function Vvveb\sanitizeFileName;
-use Vvveb\System\Core\View;
 
 class Media extends Base {
 	protected $uploadDenyExtensions = ['php', 'svg', 'js'];
@@ -70,55 +70,27 @@ function upload() {
 		$path      = sanitizeFileName($this->request->post['mediaPath']);
 		$file      = $this->request->files['file'] ?? [];
 		$fileName  = sanitizeFileName($file['name']);
-		$path      = preg_replace('@^/public/media|^/media|^/public@', '', $path);
+		$path      = preg_replace('@^[\\\/]public[\\\/]media|^[\\\/]media|^[\\\/]public@', '', $path);
 		$extension = strtolower(substr($fileName, strrpos($fileName, '.') + 1));
-		$success = false;
-		$return = '';
-		$message = '';
-		
+		$success   = false;
+		$return    = '';
+		$message   = '';
+
 		if ($file) {
-			switch ($file['error']) {
-				case UPLOAD_ERR_OK:
-					$success = true;
-					break;
-
-				case UPLOAD_ERR_NO_FILE:
-					$message = __('No file sent');
-					break;
-					
-				case UPLOAD_ERR_PARTIAL:
-					$message = __('The uploaded file was only partially uploaded');
-					break;
-					
-				case UPLOAD_ERR_NO_TMP_DIR:
-					$message = __('Missing a temporary folder');
-					break;
-					
-				case UPLOAD_ERR_CANT_WRITE:
-					$message = __('Failed to write file to disk');
-					break;
-					
-				case UPLOAD_ERR_EXTENSION:
-					$message = __('A PHP extension stopped the file upload');
-					break;
-					
-				case UPLOAD_ERR_INI_SIZE:
-				case UPLOAD_ERR_FORM_SIZE:
-					$message = __('Exceeded filesize limit');
-					break;
-					
-				default:
-					$message = __('Unknown errors');
+			if ($file['error'] == UPLOAD_ERR_OK) {
+				$success = true;
+			} else {
+				$message = fileUploadErrMessage($file['error']);
 			}
-			
+
 			if (in_array($extension, $this->uploadDenyExtensions)) {
 				$message = __('File type not allowed!');
 				$success = false;
 			}
 
 			$origFilename = $fileName;
 			$i            = 1;
-		
+
 			if ($success) {
 				while (file_exists($destination = DIR_MEDIA . $path . DS . $fileName) && ($i++ < 5)) {
 					$fileName = rand(0, 10000) . '-' . $origFilename;
@@ -133,9 +105,9 @@ function upload() {
 					$message = __('File uploaded successfully!');
 				} else {
 					$destination = DIR_MEDIA . $path . DS;
-					$success = false;
-					
-					if (!is_writable($destination)) {
+					$success     = false;
+
+					if (! is_writable($destination)) {
 						$message = sprintf(__('%s not writable!'), $destination);
 					} else {
 						$message = __('Error moving uploaded file!');
@@ -145,9 +117,9 @@ function upload() {
 		} else {
 			$message = __('Invalid upload!');
 		}
-			
-		$message = ['success' => true, 'message' => $message, 'file' => $return];
-		
+
+		$message = ['success' => $success, 'message' => $message, 'file' => $return];
+
 		$this->response->setType('json');
 		$this->response->output($message);
 	}
@@ -192,7 +164,6 @@ function rename() {
 			}
 		}
 
-
 		$this->response->setType('json');
 		$this->response->output($message);
 	}

admin/controller/plugin/plugins.php

@@ -24,13 +24,14 @@
 
 use function Vvveb\__;
 use Vvveb\Controller\Base;
+use function Vvveb\fileUploadErrMessage;
 use function Vvveb\rrmdir;
+use Vvveb\System\CacheManager;
 use function Vvveb\System\Core\exceptionToArray;
 use Vvveb\System\Core\FrontController;
 use Vvveb\System\Core\View;
 use Vvveb\System\Extensions\Plugins as PluginsList;
 use Vvveb\System\User\Admin;
-use Vvveb\System\CacheManager;
 
 class Plugins extends Base {
 	function init() {
@@ -99,14 +100,18 @@ function upload() {
 		$error = false;
 
 		foreach ($files as $file) {
-			if ($file) {
+			if ($file && $file['error'] == UPLOAD_ERR_OK) {
 				try {
 					// use temorary file, php cleans temporary files on request finish.
 					$this->pluginSlug = PluginsList :: install($file['tmp_name'], str_replace('.zip', '', strtolower($file['name'])));
 				} catch (\Exception $e) {
 					$error                = $e->getMessage();
 					$this->view->errors[] = $error;
 				}
+			} else {
+				$error                 = true;
+				$this->view->errors[]  = sprintf(__('Error uploading %s!'), $file['name']);
+				$this->view->warning[] = sprintf(fileUploadErrMessage($file['error']));
 			}
 
 			if (! $error) {
@@ -116,10 +121,10 @@ function upload() {
 					$this->pluginActivateUrl = \Vvveb\url(['module' => 'plugin/plugins', 'action'=> 'activate', 'plugin' => $this->pluginSlug]);
 					$successMessage          = sprintf(__('Plugin %s was successfully installed!'), $this->pluginName, $this->pluginActivateUrl);
 					$successMessage .= "<p><a class='btn btn-primary btn-sm m-2'  href='{$this->pluginActivateUrl}'>" . __('Activate plugin') . '</a></p>';
-					$this->view->success[] = $successMessage;
+					$this->view->success[]   = $successMessage;
 				} else {
-					$errorMessage          = sprintf(__('Failed to install %s plugin!'), $this->pluginName);
-					$this->view->error[]   = $errorMessage;
+					$errorMessage            = sprintf(__('Failed to install %s plugin!'), $this->pluginName);
+					$this->view->error[]     = $errorMessage;
 				}
 			}
 		}
@@ -162,7 +167,7 @@ function checkPluginAndActivate() {
 
 			ignore_user_abort(1);
 			clearstatcache(true);
-			
+
 			CacheManager::clearCompiledFiles();
 
 			if (defined('CLI')) {

admin/controller/theme/themes.php

@@ -24,6 +24,7 @@
 
 use function Vvveb\__;
 use Vvveb\Controller\Base;
+use function Vvveb\fileUploadErrMessage;
 use function Vvveb\rcopy;
 use function Vvveb\rrmdir;
 use function Vvveb\sanitizeFileName;
@@ -95,14 +96,18 @@ function upload() {
 		foreach ($files as $file) {
 			$this->themeSlug = str_replace('.zip', '', strtolower($file['name']));
 
-			if ($file) {
+			if ($file && $file['error'] == UPLOAD_ERR_OK) {
 				try {
 					// use temorary file, php cleans temporary files on request finish.
 					$this->themeSlug = ThemesList :: install($file['tmp_name'], $this->themeSlug, false);
 				} catch (\Exception $e) {
 					$error                = $e->getMessage();
 					$this->view->errors[] = $error;
 				}
+			} else {
+				$error                 = true;
+				$this->view->errors[]  = sprintf(__('Error uploading %s!'), $this->themeSlug);
+				$this->view->warning[] = sprintf(fileUploadErrMessage($file['error']));
 			}
 
 			if (! $error && $this->themeSlug) {
@@ -111,7 +116,7 @@ function upload() {
 				$this->themeActivateUrl  = \Vvveb\url(['module' => 'theme/themes', 'action'=> 'activate', 'theme' => $this->themeSlug]);
 				$successMessage          = sprintf(__('Theme %s was successfully installed!'), $this->themeSlug);
 				$successMessage .= "<p><a href='{$this->themeActivateUrl}'>" . __('Activate theme') . '</a></p>';
-				$this->view->success[] = $successMessage;
+				$this->view->success[]   = $successMessage;
 			}
 		}
 

system/functions.php

@@ -1828,3 +1828,46 @@ function reconstructJson($array) {
 
 	return $helper;
 }
+
+function fileUploadErrMessage($errorCode) {
+	switch ($errorCode) {
+		case UPLOAD_ERR_OK:
+			return __('No file sent');
+
+			break;
+
+		case UPLOAD_ERR_NO_FILE:
+			return __('No file sent');
+
+			break;
+
+		case UPLOAD_ERR_PARTIAL:
+			return __('The uploaded file was only partially uploaded');
+
+			break;
+
+		case UPLOAD_ERR_NO_TMP_DIR:
+			return __('Missing a temporary folder');
+
+			break;
+
+		case UPLOAD_ERR_CANT_WRITE:
+			return __('Failed to write file to disk');
+
+			break;
+
+		case UPLOAD_ERR_EXTENSION:
+			return __('A PHP extension stopped the file upload');
+
+			break;
+
+		case UPLOAD_ERR_INI_SIZE:
+		case UPLOAD_ERR_FORM_SIZE:
+			return __('Exceeded filesize limit');
+
+			break;
+
+		default:
+			return __('Unknown errors');
+	}
+}