|
443
by dcoles
Added Forum application along with unmodifed version of phpBB3 "Olympus" 3.0.0 |
1 |
<?php
|
2 |
/**
|
|
3 |
*
|
|
4 |
* @package phpBB3
|
|
5 |
* @version $Id: functions_upload.php,v 1.40 2007/10/05 14:30:11 acydburn Exp $
|
|
6 |
* @copyright (c) 2005 phpBB Group
|
|
7 |
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
|
8 |
*
|
|
9 |
*/
|
|
10 |
||
11 |
/**
|
|
12 |
* @ignore
|
|
13 |
*/
|
|
14 |
if (!defined('IN_PHPBB')) |
|
15 |
{
|
|
16 |
exit; |
|
17 |
}
|
|
18 |
||
19 |
/**
|
|
20 |
* Responsible for holding all file relevant information, as well as doing file-specific operations.
|
|
21 |
* The {@link fileupload fileupload class} can be used to upload several files, each of them being this object to operate further on.
|
|
22 |
* @package phpBB3
|
|
23 |
*/
|
|
24 |
class filespec |
|
25 |
{
|
|
26 |
var $filename = ''; |
|
27 |
var $realname = ''; |
|
28 |
var $uploadname = ''; |
|
29 |
var $mimetype = ''; |
|
30 |
var $extension = ''; |
|
31 |
var $filesize = 0; |
|
32 |
var $width = 0; |
|
33 |
var $height = 0; |
|
34 |
var $image_info = array(); |
|
35 |
||
36 |
var $destination_file = ''; |
|
37 |
var $destination_path = ''; |
|
38 |
||
39 |
var $file_moved = false; |
|
40 |
var $init_error = false; |
|
41 |
var $local = false; |
|
42 |
||
43 |
var $error = array(); |
|
44 |
||
45 |
var $upload = ''; |
|
46 |
||
47 |
/**
|
|
48 |
* File Class
|
|
49 |
* @access private
|
|
50 |
*/
|
|
51 |
function filespec($upload_ary, $upload_namespace) |
|
52 |
{
|
|
53 |
if (!isset($upload_ary)) |
|
54 |
{
|
|
55 |
$this->init_error = true; |
|
56 |
return; |
|
57 |
}
|
|
58 |
||
59 |
$this->filename = $upload_ary['tmp_name']; |
|
60 |
$this->filesize = $upload_ary['size']; |
|
61 |
$name = trim(htmlspecialchars(basename($upload_ary['name']))); |
|
62 |
$this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name; |
|
63 |
$this->mimetype = $upload_ary['type']; |
|
64 |
||
65 |
// Opera adds the name to the mime type
|
|
66 |
$this->mimetype = (strpos($this->mimetype, '; name') !== false) ? str_replace(strstr($this->mimetype, '; name'), '', $this->mimetype) : $this->mimetype; |
|
67 |
||
68 |
if (!$this->mimetype) |
|
69 |
{
|
|
70 |
$this->mimetype = 'application/octetstream'; |
|
71 |
}
|
|
72 |
||
73 |
$this->extension = strtolower($this->get_extension($this->realname)); |
|
74 |
||
75 |
// Try to get real filesize from temporary folder (not always working) ;)
|
|
76 |
$this->filesize = (@filesize($this->filename)) ? @filesize($this->filename) : $this->filesize; |
|
77 |
||
78 |
$this->width = $this->height = 0; |
|
79 |
$this->file_moved = false; |
|
80 |
||
81 |
$this->local = (isset($upload_ary['local_mode'])) ? true : false; |
|
82 |
$this->upload = $upload_namespace; |
|
83 |
}
|
|
84 |
||
85 |
/**
|
|
86 |
* Cleans destination filename
|
|
87 |
*
|
|
88 |
* @param real|unique|unique_ext $mode real creates a realname, filtering some characters, lowering every character. Unique creates an unique filename
|
|
89 |
* @param string $prefix Prefix applied to filename
|
|
90 |
* @access public
|
|
91 |
*/
|
|
92 |
function clean_filename($mode = 'unique', $prefix = '', $user_id = '') |
|
93 |
{
|
|
94 |
if ($this->init_error) |
|
95 |
{
|
|
96 |
return; |
|
97 |
}
|
|
98 |
||
99 |
switch ($mode) |
|
100 |
{
|
|
101 |
case 'real': |
|
102 |
// Remove every extension from filename (to not let the mime bug being exposed)
|
|
103 |
if (strpos($this->realname, '.') !== false) |
|
104 |
{
|
|
105 |
$this->realname = substr($this->realname, 0, strpos($this->realname, '.')); |
|
106 |
}
|
|
107 |
||
108 |
// Replace any chars which may cause us problems with _
|
|
109 |
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); |
|
110 |
||
111 |
$this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname))); |
|
112 |
$this->realname = preg_replace("/%(\w{2})/", '_', $this->realname); |
|
113 |
||
114 |
$this->realname = $prefix . $this->realname . '.' . $this->extension; |
|
115 |
break; |
|
116 |
||
117 |
case 'unique': |
|
118 |
$this->realname = $prefix . md5(unique_id()); |
|
119 |
break; |
|
120 |
||
121 |
case 'avatar': |
|
122 |
$this->extension = strtolower($this->extension); |
|
123 |
$this->realname = $prefix . $user_id . '.' . $this->extension; |
|
124 |
||
125 |
break; |
|
126 |
||
127 |
case 'unique_ext': |
|
128 |
default: |
|
129 |
$this->realname = $prefix . md5(unique_id()) . '.' . $this->extension; |
|
130 |
break; |
|
131 |
}
|
|
132 |
}
|
|
133 |
||
134 |
/**
|
|
135 |
* Get property from file object
|
|
136 |
*/
|
|
137 |
function get($property) |
|
138 |
{
|
|
139 |
if ($this->init_error || !isset($this->$property)) |
|
140 |
{
|
|
141 |
return false; |
|
142 |
}
|
|
143 |
||
144 |
return $this->$property; |
|
145 |
}
|
|
146 |
||
147 |
/**
|
|
148 |
* Check if file is an image (mimetype)
|
|
149 |
*
|
|
150 |
* @return true if it is an image, false if not
|
|
151 |
*/
|
|
152 |
function is_image() |
|
153 |
{
|
|
154 |
return (strpos($this->mimetype, 'image/') !== false) ? true : false; |
|
155 |
}
|
|
156 |
||
157 |
/**
|
|
158 |
* Check if the file got correctly uploaded
|
|
159 |
*
|
|
160 |
* @return true if it is a valid upload, false if not
|
|
161 |
*/
|
|
162 |
function is_uploaded() |
|
163 |
{
|
|
164 |
if (!$this->local && !is_uploaded_file($this->filename)) |
|
165 |
{
|
|
166 |
return false; |
|
167 |
}
|
|
168 |
||
169 |
if ($this->local && !file_exists($this->filename)) |
|
170 |
{
|
|
171 |
return false; |
|
172 |
}
|
|
173 |
||
174 |
return true; |
|
175 |
}
|
|
176 |
||
177 |
/**
|
|
178 |
* Remove file
|
|
179 |
*/
|
|
180 |
function remove() |
|
181 |
{
|
|
182 |
if ($this->file_moved) |
|
183 |
{
|
|
184 |
@unlink($this->destination_file); |
|
185 |
}
|
|
186 |
}
|
|
187 |
||
188 |
/**
|
|
189 |
* Get file extension
|
|
190 |
*/
|
|
191 |
function get_extension($filename) |
|
192 |
{
|
|
193 |
if (strpos($filename, '.') === false) |
|
194 |
{
|
|
195 |
return ''; |
|
196 |
}
|
|
197 |
||
198 |
$filename = explode('.', $filename); |
|
199 |
return array_pop($filename); |
|
200 |
}
|
|
201 |
||
202 |
/**
|
|
203 |
* Get mimetype. Utilize mime_content_type if the function exist.
|
|
204 |
* Not used at the moment...
|
|
205 |
*/
|
|
206 |
function get_mimetype($filename) |
|
207 |
{
|
|
208 |
$mimetype = ''; |
|
209 |
||
210 |
if (function_exists('mime_content_type')) |
|
211 |
{
|
|
212 |
$mimetype = mime_content_type($filename); |
|
213 |
}
|
|
214 |
||
215 |
// Some browsers choke on a mimetype of application/octet-stream
|
|
216 |
if (!$mimetype || $mimetype == 'application/octet-stream') |
|
217 |
{
|
|
218 |
$mimetype = 'application/octetstream'; |
|
219 |
}
|
|
220 |
||
221 |
return $mimetype; |
|
222 |
}
|
|
223 |
||
224 |
/**
|
|
225 |
* Get filesize
|
|
226 |
*/
|
|
227 |
function get_filesize($filename) |
|
228 |
{
|
|
229 |
return @filesize($filename); |
|
230 |
}
|
|
231 |
||
232 |
/**
|
|
233 |
* Move file to destination folder
|
|
234 |
* The phpbb_root_path variable will be applied to the destination path
|
|
235 |
*
|
|
236 |
* @param string $destination_path Destination path, for example $config['avatar_path']
|
|
237 |
* @param bool $overwrite If set to true, an already existing file will be overwritten
|
|
238 |
* @param octal $chmod Permission mask for chmodding the file after a successful move
|
|
239 |
* @access public
|
|
240 |
*/
|
|
241 |
function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = 0666) |
|
242 |
{
|
|
243 |
global $user, $phpbb_root_path; |
|
244 |
||
245 |
if (sizeof($this->error)) |
|
246 |
{
|
|
247 |
return false; |
|
248 |
}
|
|
249 |
||
250 |
// We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
|
|
251 |
$this->destination_path = $phpbb_root_path . $destination; |
|
252 |
||
253 |
// Check if the destination path exist...
|
|
254 |
if (!file_exists($this->destination_path)) |
|
255 |
{
|
|
256 |
@unlink($this->filename); |
|
257 |
return false; |
|
258 |
}
|
|
259 |
||
260 |
$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy'; |
|
261 |
$upload_mode = ($this->local) ? 'local' : $upload_mode; |
|
262 |
$this->destination_file = $this->destination_path . '/' . basename($this->realname); |
|
263 |
||
264 |
// Check if the file already exist, else there is something wrong...
|
|
265 |
if (file_exists($this->destination_file) && !$overwrite) |
|
266 |
{
|
|
267 |
@unlink($this->filename); |
|
268 |
}
|
|
269 |
else
|
|
270 |
{
|
|
271 |
if (file_exists($this->destination_file)) |
|
272 |
{
|
|
273 |
@unlink($this->destination_file); |
|
274 |
}
|
|
275 |
||
276 |
switch ($upload_mode) |
|
277 |
{
|
|
278 |
case 'copy': |
|
279 |
||
280 |
if (!@copy($this->filename, $this->destination_file)) |
|
281 |
{
|
|
282 |
if (!@move_uploaded_file($this->filename, $this->destination_file)) |
|
283 |
{
|
|
284 |
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file); |
|
285 |
return false; |
|
286 |
}
|
|
287 |
}
|
|
288 |
||
289 |
@unlink($this->filename); |
|
290 |
||
291 |
break; |
|
292 |
||
293 |
case 'move': |
|
294 |
||
295 |
if (!@move_uploaded_file($this->filename, $this->destination_file)) |
|
296 |
{
|
|
297 |
if (!@copy($this->filename, $this->destination_file)) |
|
298 |
{
|
|
299 |
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file); |
|
300 |
return false; |
|
301 |
}
|
|
302 |
}
|
|
303 |
||
304 |
@unlink($this->filename); |
|
305 |
||
306 |
break; |
|
307 |
||
308 |
case 'local': |
|
309 |
||
310 |
if (!@copy($this->filename, $this->destination_file)) |
|
311 |
{
|
|
312 |
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file); |
|
313 |
return false; |
|
314 |
}
|
|
315 |
@unlink($this->filename); |
|
316 |
||
317 |
break; |
|
318 |
}
|
|
319 |
||
320 |
@chmod($this->destination_file, $chmod); |
|
321 |
}
|
|
322 |
||
323 |
// Try to get real filesize from destination folder
|
|
324 |
$this->filesize = (@filesize($this->destination_file)) ? @filesize($this->destination_file) : $this->filesize; |
|
325 |
||
326 |
if ($this->is_image() && !$skip_image_check) |
|
327 |
{
|
|
328 |
$this->width = $this->height = 0; |
|
329 |
||
330 |
if (($this->image_info = @getimagesize($this->destination_file)) !== false) |
|
331 |
{
|
|
332 |
$this->width = $this->image_info[0]; |
|
333 |
$this->height = $this->image_info[1]; |
|
334 |
||
335 |
if (!empty($this->image_info['mime'])) |
|
336 |
{
|
|
337 |
$this->mimetype = $this->image_info['mime']; |
|
338 |
}
|
|
339 |
||
340 |
// Check image type
|
|
341 |
$types = $this->upload->image_types(); |
|
342 |
||
343 |
if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]])) |
|
344 |
{
|
|
345 |
if (!isset($types[$this->image_info[2]])) |
|
346 |
{
|
|
347 |
$this->error[] = sprintf($user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype); |
|
348 |
}
|
|
349 |
else
|
|
350 |
{
|
|
351 |
$this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension); |
|
352 |
}
|
|
353 |
}
|
|
354 |
||
355 |
// Make sure the dimensions match a valid image
|
|
356 |
if (empty($this->width) || empty($this->height)) |
|
357 |
{
|
|
358 |
$this->error[] = $user->lang['ATTACHED_IMAGE_NOT_IMAGE']; |
|
359 |
}
|
|
360 |
}
|
|
361 |
else
|
|
362 |
{
|
|
363 |
$this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; |
|
364 |
}
|
|
365 |
}
|
|
366 |
||
367 |
$this->file_moved = true; |
|
368 |
$this->additional_checks(); |
|
369 |
unset($this->upload); |
|
370 |
||
371 |
return true; |
|
372 |
}
|
|
373 |
||
374 |
/**
|
|
375 |
* Performing additional checks
|
|
376 |
*/
|
|
377 |
function additional_checks() |
|
378 |
{
|
|
379 |
global $user; |
|
380 |
||
381 |
if (!$this->file_moved) |
|
382 |
{
|
|
383 |
return false; |
|
384 |
}
|
|
385 |
||
386 |
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
|
|
387 |
if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0)) |
|
388 |
{
|
|
389 |
$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); |
|
390 |
$max_filesize = ($this->upload->max_filesize >= 1048576) ? round($this->upload->max_filesize / 1048576 * 100) / 100 : (($this->upload->max_filesize >= 1024) ? round($this->upload->max_filesize / 1024 * 100) / 100 : $this->upload->max_filesize); |
|
391 |
||
392 |
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang); |
|
393 |
||
394 |
return false; |
|
395 |
}
|
|
396 |
||
397 |
if (!$this->upload->valid_dimensions($this)) |
|
398 |
{
|
|
399 |
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_SIZE'], $this->upload->min_width, $this->upload->min_height, $this->upload->max_width, $this->upload->max_height, $this->width, $this->height); |
|
400 |
||
401 |
return false; |
|
402 |
}
|
|
403 |
||
404 |
return true; |
|
405 |
}
|
|
406 |
}
|
|
407 |
||
408 |
/**
|
|
409 |
* Class for assigning error messages before a real filespec class can be assigned
|
|
410 |
*
|
|
411 |
* @package phpBB3
|
|
412 |
*/
|
|
413 |
class fileerror extends filespec |
|
414 |
{
|
|
415 |
function fileerror($error_msg) |
|
416 |
{
|
|
417 |
$this->error[] = $error_msg; |
|
418 |
}
|
|
419 |
}
|
|
420 |
||
421 |
/**
|
|
422 |
* File upload class
|
|
423 |
* Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads
|
|
424 |
*
|
|
425 |
* @package phpBB3
|
|
426 |
*/
|
|
427 |
class fileupload |
|
428 |
{
|
|
429 |
var $allowed_extensions = array(); |
|
430 |
var $max_filesize = 0; |
|
431 |
var $min_width = 0; |
|
432 |
var $min_height = 0; |
|
433 |
var $max_width = 0; |
|
434 |
var $max_height = 0; |
|
435 |
var $error_prefix = ''; |
|
436 |
||
437 |
/**
|
|
438 |
* Init file upload class.
|
|
439 |
*
|
|
440 |
* @param string $error_prefix Used error messages will get prefixed by this string
|
|
441 |
* @param array $allowed_extensions Array of allowed extensions, for example array('jpg', 'jpeg', 'gif', 'png')
|
|
442 |
* @param int $max_filesize Maximum filesize
|
|
443 |
* @param int $min_width Minimum image width (only checked for images)
|
|
444 |
* @param int $min_height Minimum image height (only checked for images)
|
|
445 |
* @param int $max_width Maximum image width (only checked for images)
|
|
446 |
* @param int $max_height Maximum image height (only checked for images)
|
|
447 |
*
|
|
448 |
*/
|
|
449 |
function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false) |
|
450 |
{
|
|
451 |
$this->set_allowed_extensions($allowed_extensions); |
|
452 |
$this->set_max_filesize($max_filesize); |
|
453 |
$this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height); |
|
454 |
$this->set_error_prefix($error_prefix); |
|
455 |
}
|
|
456 |
||
457 |
/**
|
|
458 |
* Reset vars
|
|
459 |
*/
|
|
460 |
function reset_vars() |
|
461 |
{
|
|
462 |
$this->max_filesize = 0; |
|
463 |
$this->min_width = $this->min_height = $this->max_width = $this->max_height = 0; |
|
464 |
$this->error_prefix = ''; |
|
465 |
$this->allowed_extensions = array(); |
|
466 |
}
|
|
467 |
||
468 |
/**
|
|
469 |
* Set allowed extensions
|
|
470 |
*/
|
|
471 |
function set_allowed_extensions($allowed_extensions) |
|
472 |
{
|
|
473 |
if ($allowed_extensions !== false && is_array($allowed_extensions)) |
|
474 |
{
|
|
475 |
$this->allowed_extensions = $allowed_extensions; |
|
476 |
}
|
|
477 |
}
|
|
478 |
||
479 |
/**
|
|
480 |
* Set allowed dimensions
|
|
481 |
*/
|
|
482 |
function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height) |
|
483 |
{
|
|
484 |
$this->min_width = (int) $min_width; |
|
485 |
$this->min_height = (int) $min_height; |
|
486 |
$this->max_width = (int) $max_width; |
|
487 |
$this->max_height = (int) $max_height; |
|
488 |
}
|
|
489 |
||
490 |
/**
|
|
491 |
* Set maximum allowed filesize
|
|
492 |
*/
|
|
493 |
function set_max_filesize($max_filesize) |
|
494 |
{
|
|
495 |
if ($max_filesize !== false && (int) $max_filesize) |
|
496 |
{
|
|
497 |
$this->max_filesize = (int) $max_filesize; |
|
498 |
}
|
|
499 |
}
|
|
500 |
||
501 |
/**
|
|
502 |
* Set error prefix
|
|
503 |
*/
|
|
504 |
function set_error_prefix($error_prefix) |
|
505 |
{
|
|
506 |
$this->error_prefix = $error_prefix; |
|
507 |
}
|
|
508 |
||
509 |
/**
|
|
510 |
* Form upload method
|
|
511 |
* Upload file from users harddisk
|
|
512 |
*
|
|
513 |
* @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified)
|
|
514 |
* @return object $file Object "filespec" is returned, all further operations can be done with this object
|
|
515 |
* @access public
|
|
516 |
*/
|
|
517 |
function form_upload($form_name) |
|
518 |
{
|
|
519 |
global $user; |
|
520 |
||
521 |
unset($_FILES[$form_name]['local_mode']); |
|
522 |
$file = new filespec($_FILES[$form_name], $this); |
|
523 |
||
524 |
if ($file->init_error) |
|
525 |
{
|
|
526 |
$file->error[] = ''; |
|
527 |
return $file; |
|
528 |
}
|
|
529 |
||
530 |
// Error array filled?
|
|
531 |
if (isset($_FILES[$form_name]['error'])) |
|
532 |
{
|
|
533 |
$error = $this->assign_internal_error($_FILES[$form_name]['error']); |
|
534 |
||
535 |
if ($error !== false) |
|
536 |
{
|
|
537 |
$file->error[] = $error; |
|
538 |
return $file; |
|
539 |
}
|
|
540 |
}
|
|
541 |
||
542 |
// Check if empty file got uploaded (not catched by is_uploaded_file)
|
|
543 |
if (isset($_FILES[$form_name]['size']) && $_FILES[$form_name]['size'] == 0) |
|
544 |
{
|
|
545 |
$file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD']; |
|
546 |
return $file; |
|
547 |
}
|
|
548 |
||
549 |
// PHP Upload filesize exceeded
|
|
550 |
if ($file->get('filename') == 'none') |
|
551 |
{
|
|
552 |
$file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize')); |
|
553 |
return $file; |
|
554 |
}
|
|
555 |
||
556 |
// Not correctly uploaded
|
|
557 |
if (!$file->is_uploaded()) |
|
558 |
{
|
|
559 |
$file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; |
|
560 |
return $file; |
|
561 |
}
|
|
562 |
||
563 |
$this->common_checks($file); |
|
564 |
||
565 |
return $file; |
|
566 |
}
|
|
567 |
||
568 |
/**
|
|
569 |
* Move file from another location to phpBB
|
|
570 |
*/
|
|
571 |
function local_upload($source_file, $filedata = false) |
|
572 |
{
|
|
573 |
global $user; |
|
574 |
||
575 |
$form_name = 'local'; |
|
576 |
||
577 |
$_FILES[$form_name]['local_mode'] = true; |
|
578 |
$_FILES[$form_name]['tmp_name'] = $source_file; |
|
579 |
||
580 |
if ($filedata === false) |
|
581 |
{
|
|
582 |
$_FILES[$form_name]['name'] = basename($source_file); |
|
583 |
$_FILES[$form_name]['size'] = 0; |
|
584 |
$mimetype = ''; |
|
585 |
||
586 |
if (function_exists('mime_content_type')) |
|
587 |
{
|
|
588 |
$mimetype = mime_content_type($source_file); |
|
589 |
}
|
|
590 |
||
591 |
// Some browsers choke on a mimetype of application/octet-stream
|
|
592 |
if (!$mimetype || $mimetype == 'application/octet-stream') |
|
593 |
{
|
|
594 |
$mimetype = 'application/octetstream'; |
|
595 |
}
|
|
596 |
||
597 |
$_FILES[$form_name]['type'] = $mimetype; |
|
598 |
}
|
|
599 |
else
|
|
600 |
{
|
|
601 |
$_FILES[$form_name]['name'] = $filedata['realname']; |
|
602 |
$_FILES[$form_name]['size'] = $filedata['size']; |
|
603 |
$_FILES[$form_name]['type'] = $filedata['type']; |
|
604 |
}
|
|
605 |
||
606 |
$file = new filespec($_FILES[$form_name], $this); |
|
607 |
||
608 |
if ($file->init_error) |
|
609 |
{
|
|
610 |
$file->error[] = ''; |
|
611 |
return $file; |
|
612 |
}
|
|
613 |
||
614 |
if (isset($_FILES[$form_name]['error'])) |
|
615 |
{
|
|
616 |
$error = $this->assign_internal_error($_FILES[$form_name]['error']); |
|
617 |
||
618 |
if ($error !== false) |
|
619 |
{
|
|
620 |
$file->error[] = $error; |
|
621 |
return $file; |
|
622 |
}
|
|
623 |
}
|
|
624 |
||
625 |
// PHP Upload filesize exceeded
|
|
626 |
if ($file->get('filename') == 'none') |
|
627 |
{
|
|
628 |
$file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize')); |
|
629 |
return $file; |
|
630 |
}
|
|
631 |
||
632 |
// Not correctly uploaded
|
|
633 |
if (!$file->is_uploaded()) |
|
634 |
{
|
|
635 |
$file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; |
|
636 |
return $file; |
|
637 |
}
|
|
638 |
||
639 |
$this->common_checks($file); |
|
640 |
||
641 |
return $file; |
|
642 |
}
|
|
643 |
||
644 |
/**
|
|
645 |
* Remote upload method
|
|
646 |
* Uploads file from given url
|
|
647 |
*
|
|
648 |
* @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif
|
|
649 |
* @return object $file Object "filespec" is returned, all further operations can be done with this object
|
|
650 |
* @access public
|
|
651 |
*/
|
|
652 |
function remote_upload($upload_url) |
|
653 |
{
|
|
654 |
global $user, $phpbb_root_path; |
|
655 |
||
656 |
$upload_ary = array(); |
|
657 |
$upload_ary['local_mode'] = true; |
|
658 |
||
659 |
if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match)) |
|
660 |
{
|
|
661 |
$file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']); |
|
662 |
return $file; |
|
663 |
}
|
|
664 |
||
665 |
if (empty($match[2])) |
|
666 |
{
|
|
667 |
$file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']); |
|
668 |
return $file; |
|
669 |
}
|
|
670 |
||
671 |
$url = parse_url($upload_url); |
|
672 |
||
673 |
$host = $url['host']; |
|
674 |
$path = $url['path']; |
|
675 |
$port = (!empty($url['port'])) ? (int) $url['port'] : 80; |
|
676 |
||
677 |
$upload_ary['type'] = 'application/octet-stream'; |
|
678 |
||
679 |
$url['path'] = explode('.', $url['path']); |
|
680 |
$ext = array_pop($url['path']); |
|
681 |
||
682 |
$url['path'] = implode('', $url['path']); |
|
683 |
$upload_ary['name'] = basename($url['path']) . (($ext) ? '.' . $ext : ''); |
|
684 |
$filename = $url['path']; |
|
685 |
$filesize = 0; |
|
686 |
||
687 |
$errno = 0; |
|
688 |
$errstr = ''; |
|
689 |
||
690 |
if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) |
|
691 |
{
|
|
692 |
$file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']); |
|
693 |
return $file; |
|
694 |
}
|
|
695 |
||
696 |
// Make sure $path not beginning with /
|
|
697 |
if (strpos($path, '/') === 0) |
|
698 |
{
|
|
699 |
$path = substr($path, 1); |
|
700 |
}
|
|
701 |
||
702 |
fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n"); |
|
703 |
fputs($fsock, "HOST: " . $host . "\r\n"); |
|
704 |
fputs($fsock, "Connection: close\r\n\r\n"); |
|
705 |
||
706 |
$get_info = false; |
|
707 |
$data = ''; |
|
708 |
while (!@feof($fsock)) |
|
709 |
{
|
|
710 |
if ($get_info) |
|
711 |
{
|
|
712 |
$data .= @fread($fsock, 1024); |
|
713 |
}
|
|
714 |
else
|
|
715 |
{
|
|
716 |
$line = @fgets($fsock, 1024); |
|
717 |
||
718 |
if ($line == "\r\n") |
|
719 |
{
|
|
720 |
$get_info = true; |
|
721 |
}
|
|
722 |
else
|
|
723 |
{
|
|
724 |
if (stripos($line, 'content-type: ') !== false) |
|
725 |
{
|
|
726 |
$upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); |
|
727 |
}
|
|
728 |
else if (stripos($line, '404 not found') !== false) |
|
729 |
{
|
|
730 |
$file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); |
|
731 |
return $file; |
|
732 |
}
|
|
733 |
}
|
|
734 |
}
|
|
735 |
}
|
|
736 |
@fclose($fsock); |
|
737 |
||
738 |
if (empty($data)) |
|
739 |
{
|
|
740 |
$file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']); |
|
741 |
return $file; |
|
742 |
}
|
|
743 |
||
744 |
$tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache'; |
|
745 |
$filename = tempnam($tmp_path, unique_id() . '-'); |
|
746 |
||
747 |
if (!($fp = @fopen($filename, 'wb'))) |
|
748 |
{
|
|
749 |
$file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']); |
|
750 |
return $file; |
|
751 |
}
|
|
752 |
||
753 |
$upload_ary['size'] = fwrite($fp, $data); |
|
754 |
fclose($fp); |
|
755 |
unset($data); |
|
756 |
||
757 |
$upload_ary['tmp_name'] = $filename; |
|
758 |
||
759 |
$file = new filespec($upload_ary, $this); |
|
760 |
$this->common_checks($file); |
|
761 |
||
762 |
return $file; |
|
763 |
}
|
|
764 |
||
765 |
/**
|
|
766 |
* Assign internal error
|
|
767 |
* @access private
|
|
768 |
*/
|
|
769 |
function assign_internal_error($errorcode) |
|
770 |
{
|
|
771 |
global $user; |
|
772 |
||
773 |
switch ($errorcode) |
|
774 |
{
|
|
775 |
case 1: |
|
776 |
$error = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize')); |
|
777 |
break; |
|
778 |
||
779 |
case 2: |
|
780 |
$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); |
|
781 |
$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize); |
|
782 |
||
783 |
$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang); |
|
784 |
break; |
|
785 |
||
786 |
case 3: |
|
787 |
$error = $user->lang[$this->error_prefix . 'PARTIAL_UPLOAD']; |
|
788 |
break; |
|
789 |
||
790 |
case 4: |
|
791 |
$error = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; |
|
792 |
break; |
|
793 |
||
794 |
case 6: |
|
795 |
$error = 'Temporary folder could not be found. Please check your PHP installation.'; |
|
796 |
break; |
|
797 |
||
798 |
default: |
|
799 |
$error = false; |
|
800 |
break; |
|
801 |
}
|
|
802 |
||
803 |
return $error; |
|
804 |
}
|
|
805 |
||
806 |
/**
|
|
807 |
* Perform common checks
|
|
808 |
*/
|
|
809 |
function common_checks(&$file) |
|
810 |
{
|
|
811 |
global $user; |
|
812 |
||
813 |
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
|
|
814 |
if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0)) |
|
815 |
{
|
|
816 |
$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); |
|
817 |
$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize); |
|
818 |
||
819 |
$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang); |
|
820 |
}
|
|
821 |
||
822 |
// check Filename
|
|
823 |
if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname'))) |
|
824 |
{
|
|
825 |
$file->error[] = sprintf($user->lang[$this->error_prefix . 'INVALID_FILENAME'], $file->get('realname')); |
|
826 |
}
|
|
827 |
||
828 |
// Invalid Extension
|
|
829 |
if (!$this->valid_extension($file)) |
|
830 |
{
|
|
831 |
$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension')); |
|
832 |
}
|
|
833 |
}
|
|
834 |
||
835 |
/**
|
|
836 |
* Check for allowed extension
|
|
837 |
*/
|
|
838 |
function valid_extension(&$file) |
|
839 |
{
|
|
840 |
return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false; |
|
841 |
}
|
|
842 |
||
843 |
/**
|
|
844 |
* Check for allowed dimension
|
|
845 |
*/
|
|
846 |
function valid_dimensions(&$file) |
|
847 |
{
|
|
848 |
if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height) |
|
849 |
{
|
|
850 |
return true; |
|
851 |
}
|
|
852 |
||
853 |
if (($file->get('width') > $this->max_width && $this->max_width) || |
|
854 |
($file->get('height') > $this->max_height && $this->max_height) || |
|
855 |
($file->get('width') < $this->min_width && $this->min_width) || |
|
856 |
($file->get('height') < $this->min_height && $this->min_height)) |
|
857 |
{
|
|
858 |
return false; |
|
859 |
}
|
|
860 |
||
861 |
return true; |
|
862 |
}
|
|
863 |
||
864 |
/**
|
|
865 |
* Check if form upload is valid
|
|
866 |
*/
|
|
867 |
function is_valid($form_name) |
|
868 |
{
|
|
869 |
return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false; |
|
870 |
}
|
|
871 |
||
872 |
/**
|
|
873 |
* Return image type/extension mapping
|
|
874 |
*/
|
|
875 |
function image_types() |
|
876 |
{
|
|
877 |
return array( |
|
878 |
1 => array('gif'), |
|
879 |
2 => array('jpg', 'jpeg'), |
|
880 |
3 => array('png'), |
|
881 |
4 => array('swf'), |
|
882 |
5 => array('psd'), |
|
883 |
6 => array('bmp'), |
|
884 |
7 => array('tif', 'tiff'), |
|
885 |
8 => array('tif', 'tiff'), |
|
886 |
9 => array('jpg', 'jpeg'), |
|
887 |
10 => array('jpg', 'jpeg'), |
|
888 |
11 => array('jpg', 'jpeg'), |
|
889 |
12 => array('jpg', 'jpeg'), |
|
890 |
13 => array('swc'), |
|
891 |
14 => array('iff'), |
|
892 |
15 => array('wbmp'), |
|
893 |
16 => array('xbm'), |
|
894 |
);
|
|
895 |
}
|
|
896 |
}
|
|
897 |
||
898 |
?>
|