Skip to content

Commit 11552aa

Browse files
woutsewoutse
committed
Code polish
1 parent 468d4f5 commit 11552aa

1 file changed

Lines changed: 49 additions & 21 deletions

File tree

includes/classes/PPMFWC/Gateway/Abstract.php

Lines changed: 49 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -59,33 +59,43 @@ public function __construct()
5959
/**
6060
* @return string
6161
*/
62-
public function getIcon()
62+
public function getIcon(): string
6363
{
6464
if (!empty($this->get_option('external_logo')) && wc_is_valid_url($this->get_option('external_logo'))) {
6565
return $this->get_option('external_logo');
66-
}
66+
}
67+
68+
$paymentImage = $this->get_option('payment_image_cached');
69+
70+
if (empty($paymentImage)) {
71+
PPMFWC_Helper_Data::ppmfwc_payLogger('paymentImage empty: ' . print_r($paymentImage, true));
72+
return '';
73+
}
6774

68-
if ($this->saveLogo($this->get_option('payment_image_cached'))) {
69-
return PPMFWC_PLUGIN_URL . 'assets/cache' . $this->get_option('payment_image_cached');
70-
} else {
71-
return 'https://static.pay.nl' . $this->get_option('payment_image_cached');
75+
if ($this->saveLogo($paymentImage)) {
76+
return PPMFWC_PLUGIN_URL . 'assets/cache' . $paymentImage;
7277
}
78+
79+
return 'https://static.pay.nl' . $paymentImage;
7380
}
7481

7582
/**
7683
* Save logo
7784
*
78-
* @param $imagePath
85+
* @param string $imagePath
7986
* @return bool
8087
*/
81-
public function saveLogo($imagePath): bool
88+
public function saveLogo(string $imagePath): bool
8289
{
83-
$path = PPMFWC_PLUGIN_PATH . 'assets/cache';
84-
if (file_exists($path . $imagePath) && (time() - filemtime($path . $imagePath) < 86400)) {
90+
$imagePath = ltrim($imagePath, '/');
91+
$path = rtrim(PPMFWC_PLUGIN_PATH . 'assets/cache', '/');
92+
93+
if (file_exists($path . '/' . $imagePath) && (time() - filemtime($path . '/' . $imagePath) < 86400)) {
8594
return true;
86-
}
87-
$imageUrl = 'https://static.pay.nl/' . $imagePath;
88-
return $this->downloadImage($imageUrl, $path, $imagePath);
95+
}
96+
97+
$imageUrl = 'https://static.pay.nl/' . $imagePath;
98+
return $this->downloadImage($imageUrl, $path, $imagePath);
8999
}
90100

91101
/**
@@ -97,26 +107,44 @@ public function saveLogo($imagePath): bool
97107
* @return bool
98108
*/
99109
public function downloadImage(string $url, string $basePath, string $image): bool
100-
{
101-
$data = file_get_contents($url);
110+
{
111+
$image = ltrim($image, '/');
112+
113+
if (str_contains($image, '..')) {
114+
return false;
115+
}
116+
if (!preg_match('~^[a-zA-Z0-9/_\.\-]+$~', $image)) {
117+
return false;
118+
}
119+
120+
// Alleen bekende image-extensies toestaan
121+
if (!preg_match('~\.(svg|png|jpe?g|webp)$~i', $image)) {
122+
return false;
123+
}
124+
125+
// Download (404 e.d. geeft geen warning)
126+
$data = @file_get_contents($url);
102127
if ($data === false) {
103128
return false;
104129
}
105130

106-
$fullPath = rtrim($basePath, '/') . '/' . ltrim($image, '/');
131+
132+
$fullPath = rtrim($basePath, '/') . '/' . $image;
107133

108134
$dir = dirname($fullPath);
109135
if (!is_dir($dir) && !mkdir($dir, 0755, true) && !is_dir($dir)) {
110136
return false;
111-
}
137+
}
112138

113-
try {
114-
return file_put_contents($fullPath, $data) !== false;
115-
} catch (\Throwable $th) {
116-
return false;
139+
$writeResult = false;
140+
if (is_writable(dirname($fullPath))) {
141+
$writeResult = file_put_contents($fullPath, $data) !== false;
117142
}
143+
144+
return $writeResult;
118145
}
119146

147+
120148
/**
121149
* @param string $key
122150
* @param mixed $value

0 commit comments

Comments
 (0)