diff --git a/module/Application/src/Application/Controller/PieceJointeController.php b/module/Application/src/Application/Controller/PieceJointeController.php
index 87931a153ac42f6caf464f1eca24e3cfc2241b5d..19a93e06496e433f134623b962ee282c9ddb4b9a 100755
--- a/module/Application/src/Application/Controller/PieceJointeController.php
+++ b/module/Application/src/Application/Controller/PieceJointeController.php
@@ -258,7 +258,10 @@ class PieceJointeController extends AbstractController
return $result;
}
if (is_array($result)) {
- $pj = $this->getServicePieceJointe()->ajouterFichiers($result['files'], $intervenant, $typePieceJointe);
+ $errors = $this->getServicePieceJointe()->ajouterFichiers($result['files'], $intervenant, $typePieceJointe);
+ if (!empty($errors)) {
+ return new JsonModel(['errors' => $errors]);
+ }
}
$this->updateTableauxBord($intervenant);
diff --git a/module/Application/src/Application/Service/FichierService.php b/module/Application/src/Application/Service/FichierService.php
index 67e6b649745838c072a1fc5b880f757387eb6bba..e3723f427e9f99b91044ba79cf4b93860940b5a7 100755
--- a/module/Application/src/Application/Service/FichierService.php
+++ b/module/Application/src/Application/Service/FichierService.php
@@ -67,10 +67,10 @@ class FichierService extends AbstractEntityService
$filename = $this->getFichierFilename($entity);
if (!file_exists(dirname($filename))) {
mkdir(dirname($filename));
- chmod (dirname($filename), 0777);
+ chmod(dirname($filename), 0777);
}
$r = file_put_contents($filename, $contenuBdd);
- if (!$r || !file_exists($filename)){
+ if (!$r || !file_exists($filename)) {
$entity->setContenu($contenuBdd);
parent::save($entity);
}
@@ -81,6 +81,74 @@ class FichierService extends AbstractEntityService
+ public function isValide(Fichier $fichier): bool
+ {
+ $exts = [
+ 'pdf', 'jpg', 'jpeg', 'png', 'bmp', 'gif', 'tif', 'tiff', 'rtf', 'txt', 'csv', 'html', 'htm', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx', 'odt', 'ods', 'odg', 'odp',
+ ];
+ $ext = strtolower($fichier->getNom());
+ $ext = substr($ext, strrpos($ext, '.') + 1);
+
+ if (in_array($ext, $exts)) return true;
+
+
+ $patterns = [
+ // PDF
+ '#application/pdf$#i',
+ '#^image/pdf$#i',
+ '#^application/rugpdf$#i',
+ '#^application/x-unknown-application-pdf$#i',
+ '#^application/x-pdf$#i',
+ '#^document/pdf$#i',
+ '#^pdf/pdf$#i',
+ '#^text/pdf$#i',
+ '#^pdf/application$#i',
+
+ // Images
+ '#^image/jpeg$#i',
+ '#^image/png$#i',
+ '#^application/png$#i',
+ '#^image/tiff$#i',
+ '#^image/gif$#i',
+ '#^image/bmp$#i',
+ '#^image/pjpeg$#i',
+ '#^image/heic$#i',
+
+ // Bureautique
+ '#^application/msword$#i',
+ '#^application/vnd.openxmlformats-officedocument#i',
+ '#^application/vnd.oasis.opendocument.#i',
+ '#^application/xls$#i',
+ '#^application/x-msword$#i',
+ '#^application/doc$#i',
+ '#^application/vnd.ms-xpsdocument#i',
+ '#^application/vnd.ms-word#i',
+ '#^application/vnd.ms-powerpoint#i',
+ '#^application/vnd.ms-excel#i',
+ '#^text/rtf$#i',
+ '#^application/docx$#i',
+ '#^application/rtf$#i',
+
+ // Texte
+ '#^text/plain$#i',
+ '#^application/csv$#i',
+ '#^text/html$#i',
+ '#^text/richtext$#i',
+
+ ];
+
+ $mime = str_replace('"', '', $fichier->getTypeMime());
+ $mime = str_replace("'", '', $mime);
+ $mime = str_replace("%22", '', $mime);
+ foreach ($patterns as $pattern) {
+ if (preg_match($pattern, $mime)) return true;
+ }
+
+ return false;
+ }
+
+
+
public function getConfigStockage(): string
{
$conf = \AppConfig::get('fichiers');
diff --git a/module/Application/src/Application/Service/PieceJointeService.php b/module/Application/src/Application/Service/PieceJointeService.php
index 51a38cc88d6fa03fecfcd97ee913673075dc4d53..467590a1952c8771f89b4ebead4f78ebabf1840f 100755
--- a/module/Application/src/Application/Service/PieceJointeService.php
+++ b/module/Application/src/Application/Service/PieceJointeService.php
@@ -280,9 +280,9 @@ class PieceJointeService extends AbstractEntityService
* 321215]
* @param boolean $deleteFiles Supprimer les fichiers après création de la PJ$
*
- * @return PieceJointe[]
+ * @return array
*/
- public function ajouterFichiers($files, Intervenant $intervenant, TypePieceJointe $type, $deleteFiles = true)
+ public function ajouterFichiers($files, Intervenant $intervenant, TypePieceJointe $type, $deleteFiles = true): array
{
if (!$files) {
throw new \LogicException("Aucune donnée sur les fichiers spécifiée.");
@@ -300,6 +300,7 @@ class PieceJointeService extends AbstractEntityService
$this->getEntityManager()->persist($pj);
}
+ $errors = [];
foreach ($files as $file) {
$path = $file['tmp_name'];
$nomFichier = str_replace([',', ';', ':'], '', $file['name']);
@@ -313,10 +314,13 @@ class PieceJointeService extends AbstractEntityService
->setContenu(file_get_contents($path))
->setValidation(null);
- $pj->addFichier($fichier);
-
- $this->getServiceFichier()->save($fichier);
+ if ($this->getServiceFichier()->isValide($fichier)) {
+ $pj->addFichier($fichier);
+ $this->getServiceFichier()->save($fichier);
+ } else {
+ $errors[] = 'Fichier ' . $fichier->getNom() . ' invalide : format "' . $fichier->getTypeMime() . '" non reconnu ou interdit.';
+ }
if ($deleteFiles) {
unlink($path);
@@ -325,7 +329,7 @@ class PieceJointeService extends AbstractEntityService
$this->getEntityManager()->flush();
- return $pj;
+ return $errors;
}