Security: BigUpload: Remove unused method to upload file

AngelFQC · AngelFQC · commit 3b487a55076f · 2023-09-05T13:40:34.000-05:00
diff --git a/main/inc/lib/javascript/bigupload/inc/bigUpload.php b/main/inc/lib/javascript/bigupload/inc/bigUpload.php
@@ -5,16 +5,6 @@
 
 class BigUploadResponse
 {
-    /**
-     * Temporary directory for uploading files.
-     */
-    const TEMP_DIRECTORY = '/tmp/';
-
-    /**
-     * Directory files will be moved to after the upload is completed.
-     */
-    const MAIN_DIRECTORY = '../files/';
-
     /**
      * Max allowed filesize. This is for unsupported browsers and
      * as an additional security check in case someone bypasses the js filesize check.
@@ -28,13 +18,6 @@ class BigUploadResponse
      */
     private $tempDirectory;
 
-    /**
-     * Directory for completed uploads.
-     *
-     * @var string
-     */
-    private $mainDirectory;
-
     /**
      * Name of the temporary file. Used as a reference to make sure chunks get written to the right file.
      *
@@ -49,7 +32,6 @@ public function __construct()
     {
         $tempDirectory = api_get_path(SYS_ARCHIVE_PATH);
         $this->setTempDirectory($tempDirectory);
-        $this->setMainDirectory(self::MAIN_DIRECTORY);
         $this->maxSize = getIniMaxFileSizeInBytes();
     }
 
@@ -105,26 +87,6 @@ public function getTempDirectory()
         return $this->tempDirectory;
     }
 
-    /**
-     * Set the name of the main directory.
-     *
-     * @param string $value Main directory
-     */
-    public function setMainDirectory($value)
-    {
-        $this->mainDirectory = $value;
-    }
-
-    /**
-     * Return the name of the main directory.
-     *
-     * @return string Main directory
-     */
-    public function getMainDirectory()
-    {
-        return $this->mainDirectory;
-    }
-
     /**
      * Function to upload the individual file chunks.
      *
@@ -288,30 +250,6 @@ public function finishUpload()
 
         return json_encode(['errorStatus' => 0]);
     }
-
-    /**
-     * Basic php file upload function, used for unsupported browsers.
-     * The output on success/failure is very basic, and it would be best to have these errors return the user to index.html
-     * with the errors printed on the form, but that is beyond the scope of this project as it is very application specific.
-     *
-     * @return string Success or failure of upload
-     */
-    public function postUnsupported()
-    {
-        $name = $_FILES['bigUploadFile']['name'];
-        $size = $_FILES['bigUploadFile']['size'];
-        $tempName = $_FILES['bigUploadFile']['tmp_name'];
-
-        if (filesize($tempName) > $this->maxSize) {
-            return get_lang('UplFileTooBig');
-        }
-
-        if (move_uploaded_file($tempName, $this->getMainDirectory().$name)) {
-            return get_lang('FileUploadSucces');
-        } else {
-            return get_lang('UplUnableToSaveFile');
-        }
-    }
 }
 
 $sessionBigUpload = ChamiloSession::read('bigupload', []);
@@ -358,7 +296,4 @@ public function postUnsupported()
             ChamiloSession::write('bigupload', $sessionBigUpload);
         }
         break;
-    case 'post-unsupported':
-        print $bigUpload->postUnsupported();
-        break;
 }
