From 7c608ab4c0932a2b2a1d8f7a1cde8285b9374b76 Mon Sep 17 00:00:00 2001 From: Ethan Green Date: Tue, 24 Feb 2015 14:40:03 -0500 Subject: [PATCH 1/4] Added extractFiles() to handler --- .../Handler/ArduinoCommandHandler.php | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php b/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php index 7d3c11c..d08e21e 100644 --- a/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php +++ b/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php @@ -11,29 +11,37 @@ namespace Codebender\CompilerBundle\Handler; + +require_once("System.php"); use System; class ArduinoCommandHandler { - function main($request, $params) + function main($request) { + //Todo: Test Input Validiy - $reply = $request; - - //$eFile = extractFiles($request); + //Todo: Extract files from request + $eFile = $this->extractFiles($request); - //$reply = fopen($eFile); + //Return output in reply + $reply = $eFile; - return array("status" => "success", "returnfile" => $reply["test"]); + return array("status" => "success", "returnfile" => $reply); } - private function extractFiles($request, $params) + private function extractFiles() { // Extract the file from the array and save to /tmp // Return the file path + + //$temp_dir = sys_get_temp_dir(); + //$filename = "temp1"; + //$tempfile = tempnam($temp_dir, $filename); - + $tempfile = "Filename"; + return $tempfile; } } From 983fc1372445a7a280448730ac7e6a401abc410c Mon Sep 17 00:00:00 2001 From: Ethan Green Date: Thu, 26 Feb 2015 22:21:01 -0500 Subject: [PATCH 2/4] Basic tmp file creation with tempnam() --- .../Handler/ArduinoCommandHandler.php | 29 ++++++++++++------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php b/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php index d08e21e..f995606 100644 --- a/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php +++ b/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php @@ -23,25 +23,34 @@ function main($request) //Todo: Test Input Validiy //Todo: Extract files from request - $eFile = $this->extractFiles($request); + $tempfiles = $this->extractFiles($request); //Return output in reply - $reply = $eFile; - - return array("status" => "success", "returnfile" => $reply); + $reply = $tempfiles['files']; + $handle = fopen($tempfiles['files'],"r+"); + fclose($handle); + unlink($tempfiles['files']); + return array("success" => "false","step" =>"0", "message" => $reply); } - private function extractFiles() + private function extractFiles($request) { // Extract the file from the array and save to /tmp // Return the file path + + $filename = $request['files']; - //$temp_dir = sys_get_temp_dir(); - //$filename = "temp1"; - //$tempfile = tempnam($temp_dir, $filename); - $tempfile = "Filename"; - return $tempfile; + $tempfile = tempnam(sys_get_temp_dir(),$filename); + $tempfiles = array("files" => $tempfile); + return $tempfiles; } } + + + + + + + From 7d3e9ac7817ac09b7f9bc509eccfc3be962545b7 Mon Sep 17 00:00:00 2001 From: Ethan Green Date: Fri, 27 Feb 2015 00:27:49 -0500 Subject: [PATCH 3/4] Added file parsing to extractFiles() --- .../Handler/ArduinoCommandHandler.php | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php b/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php index f995606..7d44e85 100644 --- a/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php +++ b/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php @@ -25,11 +25,8 @@ function main($request) //Todo: Extract files from request $tempfiles = $this->extractFiles($request); - //Return output in reply - $reply = $tempfiles['files']; - $handle = fopen($tempfiles['files'],"r+"); - fclose($handle); - unlink($tempfiles['files']); + + $reply = $request; return array("success" => "false","step" =>"0", "message" => $reply); } @@ -39,11 +36,21 @@ private function extractFiles($request) // Extract the file from the array and save to /tmp // Return the file path - $filename = $request['files']; - + $tempfiles = array(); + + foreach ($request['files'] as $key => $val) { + + if ($key == 'filename') { + $filename = tempnam(sys_get_temp_dir(),$val); + array_push($tempfiles,$filename); + } elseif ($key == 'content') { - $tempfile = tempnam(sys_get_temp_dir(),$filename); - $tempfiles = array("files" => $tempfile); + $tempfile = end($files); + $handle = fopen($tempfile,"r+"); + fwrite($handle,$val); + fclose($handle); + } + } return $tempfiles; } } From 31c8f7aea20df8767b240ac033e26ee72dbd4daa Mon Sep 17 00:00:00 2001 From: Ethan Green Date: Fri, 27 Feb 2015 10:29:13 -0500 Subject: [PATCH 4/4] Added file structure parsing and deletion --- .../Handler/ArduinoCommandHandler.php | 47 ++++++++++++------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php b/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php index 7d44e85..f1addd5 100644 --- a/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php +++ b/Symfony/src/Codebender/CompilerBundle/Handler/ArduinoCommandHandler.php @@ -23,11 +23,13 @@ function main($request) //Todo: Test Input Validiy //Todo: Extract files from request - $tempfiles = $this->extractFiles($request); - - $reply = $request; - return array("success" => "false","step" =>"0", "message" => $reply); + //Todo: Escape output and harden security + + $tempfiles = $this->extractFiles($request); + + $this->deleteFiles($tempfiles); + return array("success" => "true","step" =>"0", "message" => $tempfiles); } @@ -38,21 +40,34 @@ private function extractFiles($request) $tempfiles = array(); - foreach ($request['files'] as $key => $val) { - - if ($key == 'filename') { - $filename = tempnam(sys_get_temp_dir(),$val); - array_push($tempfiles,$filename); - } elseif ($key == 'content') { - - $tempfile = end($files); - $handle = fopen($tempfile,"r+"); - fwrite($handle,$val); - fclose($handle); - } + foreach ($request['files'] as $file => $contents) { + foreach ($contents as $key => $val) { + + if ($key == 'filename') { + $extension = pathinfo($key,PATHINFO_EXTENSION); + $filename = tempnam(sys_get_temp_dir(),$val); + $extfilename = $filename . '.' . $extension; + if(!rename($filename,$extfilename)) { + return false; + } + array_push($tempfiles,$newfilename); + } elseif ($key == 'content') { + + $tempfile = end($files); + $handle = fopen($tempfile,"r+"); + fwrite($handle,$val); + fclose($handle); + } } return $tempfiles; } + + private function deleteFiles($fileList) { + foreach ($filelist as $file) { + unlink($file); + } + + } }