michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: consolidate documentation into organized structure

Browse Source 
- Move 12 markdown files from root to docs/ subdirectories
- Organize documentation by category:
  • docs/troubleshooting/ (1 file)  - Technical troubleshooting guides
  • docs/deployment/      (4 files) - Deployment and security documentation
  • docs/guides/          (3 files) - Feature-specific guides
  • docs/planning/        (4 files) - Planning and improvement proposals

Root directory cleanup:
- Reduced from 16 to 4 markdown files in root
- Only essential project files remain:
  • CLAUDE.md (AI instructions)
  • README.md (Main project readme)
  • CLEANUP_PLAN.md (Current cleanup plan)
  • SRC_STRUCTURE_IMPROVEMENTS.md (Structure improvements)

This improves:
 Documentation discoverability
 Logical organization by purpose
 Clean root directory
 Better maintainability
This commit is contained in:
Michael Schiemer
2025-10-05 11:05:04 +02:00
parent 887847dde6
commit 5050c7d73a
36686 changed files with 196456 additions and 12398919 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/Application/Security/Services/FileUploadSecurityService.php
View File

@@ -6,6 +6,7 @@ namespace App\Application\Security\Services;
use App\Application\Security\Events\File\SuspiciousFileUploadEvent;
use App\Framework\Core\Events\EventDispatcher;
use App\Framework\Http\UploadedFile;
final class FileUploadSecurityService
{
@@ -32,54 +33,50 @@ final class FileUploadSecurityService
) {
}
public function validateUpload(array $file): bool
public function validateUpload(UploadedFile $file): bool
{
$userEmail = $_SESSION['user_email'] ?? null;
$filename = $file['name'] ?? '';
$tmpName = $file['tmp_name'] ?? '';
$size = $file['size'] ?? 0;
$error = $file['error'] ?? UPLOAD_ERR_NO_FILE;
// Upload-Fehler prüfen
if ($error !== UPLOAD_ERR_OK) {
$this->dispatchSuspiciousUpload($filename, 'unknown', $size, 'upload_error', $userEmail);
if ($file->error !== \App\Framework\Http\UploadError::OK) {
$this->dispatchSuspiciousUpload($file->name, 'unknown', $file->size, 'upload_error', $userEmail);
return false;
}
// Dateigröße prüfen
if ($size > self::MAX_FILE_SIZE) {
$this->dispatchSuspiciousUpload($filename, 'unknown', $size, 'file_too_large', $userEmail);
if ($file->size > self::MAX_FILE_SIZE) {
$this->dispatchSuspiciousUpload($file->name, 'unknown', $file->size, 'file_too_large', $userEmail);
return false;
}
// Dateiendung prüfen
$extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
$extension = strtolower($file->getExtension() ?? '');
if (in_array($extension, self::DANGEROUS_EXTENSIONS)) {
$this->dispatchSuspiciousUpload($filename, 'unknown', $size, 'dangerous_extension', $userEmail);
$this->dispatchSuspiciousUpload($file->name, 'unknown', $file->size, 'dangerous_extension', $userEmail);
return false;
}
// MIME-Type prüfen
$mimeType = mime_content_type($tmpName);
$mimeType = $file->getMimeType();
if (! in_array($mimeType, self::ALLOWED_MIME_TYPES)) {
$this->dispatchSuspiciousUpload($filename, $mimeType, $size, 'forbidden_mime_type', $userEmail);
$this->dispatchSuspiciousUpload($file->name, $mimeType, $file->size, 'forbidden_mime_type', $userEmail);
return false;
}
// Dateiinhalt auf Malware-Signaturen prüfen
if ($this->containsMalwareSignatures($tmpName)) {
$this->dispatchSuspiciousUpload($filename, $mimeType, $size, 'malware_signatures_detected', $userEmail);
if ($this->containsMalwareSignatures($file->tmpName)) {
$this->dispatchSuspiciousUpload($file->name, $mimeType, $file->size, 'malware_signatures_detected', $userEmail);
return false;
}
// Double-Extension prüfen (z.B. file.jpg.php)
if ($this->hasDoubleExtension($filename)) {
$this->dispatchSuspiciousUpload($filename, $mimeType, $size, 'double_extension', $userEmail);
if ($this->hasDoubleExtension($file->name)) {
$this->dispatchSuspiciousUpload($file->name, $mimeType, $file->size, 'double_extension', $userEmail);
return false;
}