From 6706d644478853fc18d2173c77485b1e42bfc1c3 Mon Sep 17 00:00:00 2001 From: Stefan Kamphuis Date: Mon, 17 Oct 2022 20:40:57 +0200 Subject: [PATCH] 5339 Handle upload for image smaller than configured resize dimensions --- .../DNNConnect.CKE/Browser/Browser.aspx.cs | 5 + .../Browser/FileUploader.ashx.cs | 545 +++++++++--------- 2 files changed, 280 insertions(+), 270 deletions(-) diff --git a/DNN Platform/Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/Browser.aspx.cs b/DNN Platform/Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/Browser.aspx.cs index 8e623d16c61..5c2730041df 100644 --- a/DNN Platform/Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/Browser.aspx.cs +++ b/DNN Platform/Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/Browser.aspx.cs @@ -2494,6 +2494,11 @@ private void UploadFile(HttpPostedFile file, string command) } } } + else + { + // fits within configured maximum dimensions + FileManager.Instance.AddFile(currentFolderInfo, fileName, file.InputStream); + } } } } diff --git a/DNN Platform/Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/FileUploader.ashx.cs b/DNN Platform/Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/FileUploader.ashx.cs index 5d31e6de79f..cfa562ca58f 100644 --- a/DNN Platform/Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/FileUploader.ashx.cs +++ b/DNN Platform/Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/FileUploader.ashx.cs @@ -1,187 +1,187 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information -namespace DNNConnect.CKEditorProvider.Browser -{ - using System; - using System.Collections.Generic; - using System.Drawing; - using System.Drawing.Drawing2D; - using System.Drawing.Imaging; - using System.IO; - using System.Linq; - using System.Text.RegularExpressions; - using System.Web; - using System.Web.Script.Serialization; - - using DNNConnect.CKEditorProvider.Constants; - using DNNConnect.CKEditorProvider.Objects; - using DNNConnect.CKEditorProvider.Utilities; - using DotNetNuke.Entities.Portals; - using DotNetNuke.Entities.Users; - using DotNetNuke.Framework.Providers; - using DotNetNuke.Security.Roles; - using DotNetNuke.Services.FileSystem; - - /// - /// The File Upload Handler. - /// - public class FileUploader : IHttpHandler - { - /// - /// The JavaScript Serializer. - /// - private readonly JavaScriptSerializer js = new JavaScriptSerializer(); - - /// - /// Gets a value indicating whether another request can use the instance. - /// - public bool IsReusable - { - get - { - return false; - } - } - - /// - /// Gets a value indicating whether [override files]. - /// - /// - /// true if [override files]; otherwise, false. - /// - private bool OverrideFiles - { - get - { - return HttpContext.Current.Request["overrideFiles"].Equals("1") - || HttpContext.Current.Request["overrideFiles"].Equals( - "true", - StringComparison.InvariantCultureIgnoreCase); - } - } - - /// - /// Gets the storage folder. - /// - /// - /// The storage folder. - /// - private IFolderInfo StorageFolder - { - get - { - return FolderManager.Instance.GetFolder(Convert.ToInt32(HttpContext.Current.Request["storageFolderID"])); - } +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information +namespace DNNConnect.CKEditorProvider.Browser +{ + using System; + using System.Collections.Generic; + using System.Drawing; + using System.Drawing.Drawing2D; + using System.Drawing.Imaging; + using System.IO; + using System.Linq; + using System.Text.RegularExpressions; + using System.Web; + using System.Web.Script.Serialization; + + using DNNConnect.CKEditorProvider.Constants; + using DNNConnect.CKEditorProvider.Objects; + using DNNConnect.CKEditorProvider.Utilities; + using DotNetNuke.Entities.Portals; + using DotNetNuke.Entities.Users; + using DotNetNuke.Framework.Providers; + using DotNetNuke.Security.Roles; + using DotNetNuke.Services.FileSystem; + + /// + /// The File Upload Handler. + /// + public class FileUploader : IHttpHandler + { + /// + /// The JavaScript Serializer. + /// + private readonly JavaScriptSerializer js = new JavaScriptSerializer(); + + /// + /// Gets a value indicating whether another request can use the instance. + /// + public bool IsReusable + { + get + { + return false; + } + } + + /// + /// Gets a value indicating whether [override files]. + /// + /// + /// true if [override files]; otherwise, false. + /// + private bool OverrideFiles + { + get + { + return HttpContext.Current.Request["overrideFiles"].Equals("1") + || HttpContext.Current.Request["overrideFiles"].Equals( + "true", + StringComparison.InvariantCultureIgnoreCase); + } } - /* - /// - /// Gets the storage folder. - /// - /// - /// The storage folder. - /// - private PortalSettings PortalSettings - { - get - { - return new PortalSettings(Convert.ToInt32(HttpContext.Current.Request["portalID"])); - } + /// + /// Gets the storage folder. + /// + /// + /// The storage folder. + /// + private IFolderInfo StorageFolder + { + get + { + return FolderManager.Instance.GetFolder(Convert.ToInt32(HttpContext.Current.Request["storageFolderID"])); + } + } + + /* + /// + /// Gets the storage folder. + /// + /// + /// The storage folder. + /// + private PortalSettings PortalSettings + { + get + { + return new PortalSettings(Convert.ToInt32(HttpContext.Current.Request["portalID"])); + } }*/ - /// - /// Enables processing of HTTP Web requests by a custom HttpHandler that implements the interface. - /// - /// An object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests. - public void ProcessRequest(HttpContext context) - { - context.Response.AddHeader("Pragma", "no-cache"); - context.Response.AddHeader("Cache-Control", "private, no-cache"); - - this.HandleMethod(context); - } - - /// - /// Returns the options. - /// - /// The context. - private static void ReturnOptions(HttpContext context) - { - context.Response.AddHeader("Allow", "DELETE,GET,HEAD,POST,PUT,OPTIONS"); - context.Response.StatusCode = 200; + /// + /// Enables processing of HTTP Web requests by a custom HttpHandler that implements the interface. + /// + /// An object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests. + public void ProcessRequest(HttpContext context) + { + context.Response.AddHeader("Pragma", "no-cache"); + context.Response.AddHeader("Cache-Control", "private, no-cache"); + + this.HandleMethod(context); + } + + /// + /// Returns the options. + /// + /// The context. + private static void ReturnOptions(HttpContext context) + { + context.Response.AddHeader("Allow", "DELETE,GET,HEAD,POST,PUT,OPTIONS"); + context.Response.StatusCode = 200; } - /// - /// Handle request based on method. - /// - /// The context. - private void HandleMethod(HttpContext context) - { - switch (context.Request.HttpMethod) - { - case "HEAD": - case "GET": - /*if (GivenFilename(context)) - { - this.DeliverFile(context); - } - else - { - ListCurrentFiles(context); - }*/ - - break; - - case "POST": - case "PUT": - this.UploadFile(context); - break; - - case "OPTIONS": - ReturnOptions(context); - break; - - default: - context.Response.ClearHeaders(); - context.Response.StatusCode = 405; - break; - } + /// + /// Handle request based on method. + /// + /// The context. + private void HandleMethod(HttpContext context) + { + switch (context.Request.HttpMethod) + { + case "HEAD": + case "GET": + /*if (GivenFilename(context)) + { + this.DeliverFile(context); + } + else + { + ListCurrentFiles(context); + }*/ + + break; + + case "POST": + case "PUT": + this.UploadFile(context); + break; + + case "OPTIONS": + ReturnOptions(context); + break; + + default: + context.Response.ClearHeaders(); + context.Response.StatusCode = 405; + break; + } + } + + /// + /// Uploads the file. + /// + /// The context. + private void UploadFile(HttpContext context) + { + var statuses = new List(); + + this.UploadWholeFile(context, statuses); + + this.WriteJsonIframeSafe(context, statuses); + } + + /// + /// The get encoder. + /// + /// + /// The format. + /// + /// + /// The Encoder. + /// + private static ImageCodecInfo GetEncoder(ImageFormat format) + { + ImageCodecInfo[] codecs = ImageCodecInfo.GetImageDecoders(); + + return codecs.FirstOrDefault(codec => codec.FormatID == format.Guid); } - /// - /// Uploads the file. - /// - /// The context. - private void UploadFile(HttpContext context) - { - var statuses = new List(); - - this.UploadWholeFile(context, statuses); - - this.WriteJsonIframeSafe(context, statuses); - } - - /// - /// The get encoder. - /// - /// - /// The format. - /// - /// - /// The Encoder. - /// - private static ImageCodecInfo GetEncoder(ImageFormat format) - { - ImageCodecInfo[] codecs = ImageCodecInfo.GetImageDecoders(); - - return codecs.FirstOrDefault(codec => codec.FormatID == format.Guid); - } - private PortalSettings portalSettings = null; - private EditorProviderSettings GetCurrentSettings(HttpContext context) - { + private EditorProviderSettings GetCurrentSettings(HttpContext context) + { var currentSettings = new EditorProviderSettings(); var request = context.Request; int portalId; @@ -243,75 +243,75 @@ private EditorProviderSettings GetCurrentSettings(HttpContext context) break; } - return currentSettings; + return currentSettings; } - /// - /// Uploads the whole file. - /// - /// The context. - /// The statuses. - private void UploadWholeFile(HttpContext context, List statuses) - { - for (int i = 0; i < context.Request.Files.Count; i++) - { - var file = context.Request.Files[i]; - - var fileName = Path.GetFileName(file.FileName); - - if (!string.IsNullOrEmpty(fileName)) - { - // Replace dots in the name with underscores (only one dot can be there... security issue). - fileName = Regex.Replace(fileName, @"\.(?![^.]*$)", "_", RegexOptions.None); - - // Check for Illegal Chars - if (Utility.ValidateFileName(fileName)) - { - fileName = Utility.CleanFileName(fileName); - } - - // Convert Unicode Chars - fileName = Utility.ConvertUnicodeChars(fileName); - } - else - { - throw new HttpRequestValidationException("File does not have a name"); - } - - if (fileName.Length > 220) - { - fileName = fileName.Substring(fileName.Length - 220); - } - - var fileNameNoExtenstion = Path.GetFileNameWithoutExtension(fileName); - - // Rename File if Exists - if (!this.OverrideFiles) - { - var counter = 0; - - while (File.Exists(Path.Combine(this.StorageFolder.PhysicalPath, fileName))) - { - counter++; - fileName = string.Format( - "{0}_{1}{2}", - fileNameNoExtenstion, - counter, - Path.GetExtension(file.FileName)); - } - } - - var contentType = FileContentTypeManager.Instance.GetContentType(Path.GetExtension(fileName)); - var userId = UserController.Instance.GetCurrentUserInfo().UserID; - - if (!contentType.StartsWith("image", StringComparison.InvariantCultureIgnoreCase)) - { - FileManager.Instance.AddFile(this.StorageFolder, fileName, file.InputStream, this.OverrideFiles, true, contentType, userId); - } - else - { - // it's an image, so we might need to resize - var currentSettings = this.GetCurrentSettings(context); + /// + /// Uploads the whole file. + /// + /// The context. + /// The statuses. + private void UploadWholeFile(HttpContext context, List statuses) + { + for (int i = 0; i < context.Request.Files.Count; i++) + { + var file = context.Request.Files[i]; + + var fileName = Path.GetFileName(file.FileName); + + if (!string.IsNullOrEmpty(fileName)) + { + // Replace dots in the name with underscores (only one dot can be there... security issue). + fileName = Regex.Replace(fileName, @"\.(?![^.]*$)", "_", RegexOptions.None); + + // Check for Illegal Chars + if (Utility.ValidateFileName(fileName)) + { + fileName = Utility.CleanFileName(fileName); + } + + // Convert Unicode Chars + fileName = Utility.ConvertUnicodeChars(fileName); + } + else + { + throw new HttpRequestValidationException("File does not have a name"); + } + + if (fileName.Length > 220) + { + fileName = fileName.Substring(fileName.Length - 220); + } + + var fileNameNoExtenstion = Path.GetFileNameWithoutExtension(fileName); + + // Rename File if Exists + if (!this.OverrideFiles) + { + var counter = 0; + + while (File.Exists(Path.Combine(this.StorageFolder.PhysicalPath, fileName))) + { + counter++; + fileName = string.Format( + "{0}_{1}{2}", + fileNameNoExtenstion, + counter, + Path.GetExtension(file.FileName)); + } + } + + var contentType = FileContentTypeManager.Instance.GetContentType(Path.GetExtension(fileName)); + var userId = UserController.Instance.GetCurrentUserInfo().UserID; + + if (!contentType.StartsWith("image", StringComparison.InvariantCultureIgnoreCase)) + { + FileManager.Instance.AddFile(this.StorageFolder, fileName, file.InputStream, this.OverrideFiles, true, contentType, userId); + } + else + { + // it's an image, so we might need to resize + var currentSettings = this.GetCurrentSettings(context); int maxWidth = currentSettings.ResizeWidthUpload; int maxHeight = currentSettings.ResizeHeightUpload; @@ -385,36 +385,41 @@ private void UploadWholeFile(HttpContext context, List status } } } + else + { + // fits within configured maximum dimensions + FileManager.Instance.AddFile(this.StorageFolder, fileName, file.InputStream); + } } } } - - var fullName = Path.GetFileName(fileName); - statuses.Add(new FilesUploadStatus(fullName, file.ContentLength)); - } - } - - /// - /// Writes the JSON iFrame safe. - /// - /// The context. - /// The statuses. - private void WriteJsonIframeSafe(HttpContext context, List statuses) - { - context.Response.AddHeader("Vary", "Accept"); - try - { - context.Response.ContentType = context.Request["HTTP_ACCEPT"].Contains("application/json") - ? "application/json" - : "text/plain"; - } - catch - { - context.Response.ContentType = "text/plain"; - } - - var jsonObj = this.js.Serialize(statuses.ToArray()); - context.Response.Write(jsonObj); - } - } + + var fullName = Path.GetFileName(fileName); + statuses.Add(new FilesUploadStatus(fullName, file.ContentLength)); + } + } + + /// + /// Writes the JSON iFrame safe. + /// + /// The context. + /// The statuses. + private void WriteJsonIframeSafe(HttpContext context, List statuses) + { + context.Response.AddHeader("Vary", "Accept"); + try + { + context.Response.ContentType = context.Request["HTTP_ACCEPT"].Contains("application/json") + ? "application/json" + : "text/plain"; + } + catch + { + context.Response.ContentType = "text/plain"; + } + + var jsonObj = this.js.Serialize(statuses.ToArray()); + context.Response.Write(jsonObj); + } + } }