~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to www/php/phpBB3/includes/functions_upload.php

Merge setup-stuff.

phpBB is gone, configuration, setup and jail building are completely redone.

Please read doc/setup/install_proc.txt, or you'll not get far.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?php
2
 
/**
3
 
*
4
 
* @package phpBB3
5
 
* @version $Id: functions_upload.php,v 1.40 2007/10/05 14:30:11 acydburn Exp $
6
 
* @copyright (c) 2005 phpBB Group
7
 
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
8
 
*
9
 
*/
10
 
 
11
 
/**
12
 
* @ignore
13
 
*/
14
 
if (!defined('IN_PHPBB'))
15
 
{
16
 
        exit;
17
 
}
18
 
 
19
 
/**
20
 
* Responsible for holding all file relevant information, as well as doing file-specific operations.
21
 
* The {@link fileupload fileupload class} can be used to upload several files, each of them being this object to operate further on.
22
 
* @package phpBB3
23
 
*/
24
 
class filespec
25
 
{
26
 
        var $filename = '';
27
 
        var $realname = '';
28
 
        var $uploadname = '';
29
 
        var $mimetype = '';
30
 
        var $extension = '';
31
 
        var $filesize = 0;
32
 
        var $width = 0;
33
 
        var $height = 0;
34
 
        var $image_info = array();
35
 
 
36
 
        var $destination_file = '';
37
 
        var $destination_path = '';
38
 
 
39
 
        var $file_moved = false;
40
 
        var $init_error = false;
41
 
        var $local = false;
42
 
 
43
 
        var $error = array();
44
 
 
45
 
        var $upload = '';
46
 
 
47
 
        /**
48
 
        * File Class
49
 
        * @access private
50
 
        */
51
 
        function filespec($upload_ary, $upload_namespace)
52
 
        {
53
 
                if (!isset($upload_ary))
54
 
                {
55
 
                        $this->init_error = true;
56
 
                        return;
57
 
                }
58
 
 
59
 
                $this->filename = $upload_ary['tmp_name'];
60
 
                $this->filesize = $upload_ary['size'];
61
 
                $name = trim(htmlspecialchars(basename($upload_ary['name'])));
62
 
                $this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
63
 
                $this->mimetype = $upload_ary['type'];
64
 
 
65
 
                // Opera adds the name to the mime type
66
 
                $this->mimetype = (strpos($this->mimetype, '; name') !== false) ? str_replace(strstr($this->mimetype, '; name'), '', $this->mimetype) : $this->mimetype;
67
 
 
68
 
                if (!$this->mimetype)
69
 
                {
70
 
                        $this->mimetype = 'application/octetstream';
71
 
                }
72
 
 
73
 
                $this->extension = strtolower($this->get_extension($this->realname));
74
 
 
75
 
                // Try to get real filesize from temporary folder (not always working) ;)
76
 
                $this->filesize = (@filesize($this->filename)) ? @filesize($this->filename) : $this->filesize;
77
 
 
78
 
                $this->width = $this->height = 0;
79
 
                $this->file_moved = false;
80
 
 
81
 
                $this->local = (isset($upload_ary['local_mode'])) ? true : false;
82
 
                $this->upload = $upload_namespace;
83
 
        }
84
 
 
85
 
        /**
86
 
        * Cleans destination filename
87
 
        *
88
 
        * @param real|unique|unique_ext $mode real creates a realname, filtering some characters, lowering every character. Unique creates an unique filename
89
 
        * @param string $prefix Prefix applied to filename
90
 
        * @access public
91
 
        */
92
 
        function clean_filename($mode = 'unique', $prefix = '', $user_id = '')
93
 
        {
94
 
                if ($this->init_error)
95
 
                {
96
 
                        return;
97
 
                }
98
 
 
99
 
                switch ($mode)
100
 
                {
101
 
                        case 'real':
102
 
                                // Remove every extension from filename (to not let the mime bug being exposed)
103
 
                                if (strpos($this->realname, '.') !== false)
104
 
                                {
105
 
                                        $this->realname = substr($this->realname, 0, strpos($this->realname, '.'));
106
 
                                }
107
 
 
108
 
                                // Replace any chars which may cause us problems with _
109
 
                                $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
110
 
 
111
 
                                $this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname)));
112
 
                                $this->realname = preg_replace("/%(\w{2})/", '_', $this->realname);
113
 
 
114
 
                                $this->realname = $prefix . $this->realname . '.' . $this->extension;
115
 
                        break;
116
 
 
117
 
                        case 'unique':
118
 
                                $this->realname = $prefix . md5(unique_id());
119
 
                        break;
120
 
 
121
 
                        case 'avatar':
122
 
                                $this->extension = strtolower($this->extension);
123
 
                                $this->realname = $prefix . $user_id . '.' . $this->extension;
124
 
                                
125
 
                        break;
126
 
                        
127
 
                        case 'unique_ext':
128
 
                        default:
129
 
                                $this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
130
 
                        break;
131
 
                }
132
 
        }
133
 
 
134
 
        /**
135
 
        * Get property from file object
136
 
        */
137
 
        function get($property)
138
 
        {
139
 
                if ($this->init_error || !isset($this->$property))
140
 
                {
141
 
                        return false;
142
 
                }
143
 
 
144
 
                return $this->$property;
145
 
        }
146
 
 
147
 
        /**
148
 
        * Check if file is an image (mimetype)
149
 
        *
150
 
        * @return true if it is an image, false if not
151
 
        */
152
 
        function is_image()
153
 
        {
154
 
                return (strpos($this->mimetype, 'image/') !== false) ? true : false;
155
 
        }
156
 
 
157
 
        /**
158
 
        * Check if the file got correctly uploaded
159
 
        *
160
 
        * @return true if it is a valid upload, false if not
161
 
        */
162
 
        function is_uploaded()
163
 
        {
164
 
                if (!$this->local && !is_uploaded_file($this->filename))
165
 
                {
166
 
                        return false;
167
 
                }
168
 
 
169
 
                if ($this->local && !file_exists($this->filename))
170
 
                {
171
 
                        return false;
172
 
                }
173
 
 
174
 
                return true;
175
 
        }
176
 
 
177
 
        /**
178
 
        * Remove file
179
 
        */
180
 
        function remove()
181
 
        {
182
 
                if ($this->file_moved)
183
 
                {
184
 
                        @unlink($this->destination_file);
185
 
                }
186
 
        }
187
 
 
188
 
        /**
189
 
        * Get file extension
190
 
        */
191
 
        function get_extension($filename)
192
 
        {
193
 
                if (strpos($filename, '.') === false)
194
 
                {
195
 
                        return '';
196
 
                }
197
 
 
198
 
                $filename = explode('.', $filename);
199
 
                return array_pop($filename);
200
 
        }
201
 
 
202
 
        /**
203
 
        * Get mimetype. Utilize mime_content_type if the function exist.
204
 
        * Not used at the moment...
205
 
        */
206
 
        function get_mimetype($filename)
207
 
        {
208
 
                $mimetype = '';
209
 
 
210
 
                if (function_exists('mime_content_type'))
211
 
                {
212
 
                        $mimetype = mime_content_type($filename);
213
 
                }
214
 
 
215
 
                // Some browsers choke on a mimetype of application/octet-stream
216
 
                if (!$mimetype || $mimetype == 'application/octet-stream')
217
 
                {
218
 
                        $mimetype = 'application/octetstream';
219
 
                }
220
 
 
221
 
                return $mimetype;
222
 
        }
223
 
 
224
 
        /**
225
 
        * Get filesize
226
 
        */
227
 
        function get_filesize($filename)
228
 
        {
229
 
                return @filesize($filename);
230
 
        }
231
 
 
232
 
        /**
233
 
        * Move file to destination folder
234
 
        * The phpbb_root_path variable will be applied to the destination path
235
 
        *
236
 
        * @param string $destination_path Destination path, for example $config['avatar_path']
237
 
        * @param bool $overwrite If set to true, an already existing file will be overwritten
238
 
        * @param octal $chmod Permission mask for chmodding the file after a successful move
239
 
        * @access public
240
 
        */
241
 
        function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = 0666)
242
 
        {
243
 
                global $user, $phpbb_root_path;
244
 
 
245
 
                if (sizeof($this->error))
246
 
                {
247
 
                        return false;
248
 
                }
249
 
 
250
 
                // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
251
 
                $this->destination_path = $phpbb_root_path . $destination;
252
 
 
253
 
                // Check if the destination path exist...
254
 
                if (!file_exists($this->destination_path))
255
 
                {
256
 
                        @unlink($this->filename);
257
 
                        return false;
258
 
                }
259
 
 
260
 
                $upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy';
261
 
                $upload_mode = ($this->local) ? 'local' : $upload_mode;
262
 
                $this->destination_file = $this->destination_path . '/' . basename($this->realname);
263
 
 
264
 
                // Check if the file already exist, else there is something wrong...
265
 
                if (file_exists($this->destination_file) && !$overwrite)
266
 
                {
267
 
                        @unlink($this->filename);
268
 
                }
269
 
                else
270
 
                {
271
 
                        if (file_exists($this->destination_file))
272
 
                        {
273
 
                                @unlink($this->destination_file);
274
 
                        }
275
 
 
276
 
                        switch ($upload_mode)
277
 
                        {
278
 
                                case 'copy':
279
 
 
280
 
                                        if (!@copy($this->filename, $this->destination_file))
281
 
                                        {
282
 
                                                if (!@move_uploaded_file($this->filename, $this->destination_file))
283
 
                                                {
284
 
                                                        $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
285
 
                                                        return false;
286
 
                                                }
287
 
                                        }
288
 
 
289
 
                                        @unlink($this->filename);
290
 
 
291
 
                                break;
292
 
 
293
 
                                case 'move':
294
 
 
295
 
                                        if (!@move_uploaded_file($this->filename, $this->destination_file))
296
 
                                        {
297
 
                                                if (!@copy($this->filename, $this->destination_file))
298
 
                                                {
299
 
                                                        $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
300
 
                                                        return false;
301
 
                                                }
302
 
                                        }
303
 
 
304
 
                                        @unlink($this->filename);
305
 
 
306
 
                                break;
307
 
 
308
 
                                case 'local':
309
 
 
310
 
                                        if (!@copy($this->filename, $this->destination_file))
311
 
                                        {
312
 
                                                $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
313
 
                                                return false;
314
 
                                        }
315
 
                                        @unlink($this->filename);
316
 
 
317
 
                                break;
318
 
                        }
319
 
 
320
 
                        @chmod($this->destination_file, $chmod);
321
 
                }
322
 
 
323
 
                // Try to get real filesize from destination folder
324
 
                $this->filesize = (@filesize($this->destination_file)) ? @filesize($this->destination_file) : $this->filesize;
325
 
 
326
 
                if ($this->is_image() && !$skip_image_check)
327
 
                {
328
 
                        $this->width = $this->height = 0;
329
 
 
330
 
                        if (($this->image_info = @getimagesize($this->destination_file)) !== false)
331
 
                        {
332
 
                                $this->width = $this->image_info[0];
333
 
                                $this->height = $this->image_info[1];
334
 
 
335
 
                                if (!empty($this->image_info['mime']))
336
 
                                {
337
 
                                        $this->mimetype = $this->image_info['mime'];
338
 
                                }
339
 
 
340
 
                                // Check image type
341
 
                                $types = $this->upload->image_types();
342
 
 
343
 
                                if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]]))
344
 
                                {
345
 
                                        if (!isset($types[$this->image_info[2]]))
346
 
                                        {
347
 
                                                $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype);
348
 
                                        }
349
 
                                        else
350
 
                                        {
351
 
                                                $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension);
352
 
                                        }
353
 
                                }
354
 
 
355
 
                                // Make sure the dimensions match a valid image
356
 
                                if (empty($this->width) || empty($this->height))
357
 
                                {
358
 
                                        $this->error[] = $user->lang['ATTACHED_IMAGE_NOT_IMAGE'];
359
 
                                }
360
 
                        }
361
 
                        else
362
 
                        {
363
 
                                $this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
364
 
                        }
365
 
                }
366
 
 
367
 
                $this->file_moved = true;
368
 
                $this->additional_checks();
369
 
                unset($this->upload);
370
 
 
371
 
                return true;
372
 
        }
373
 
 
374
 
        /**
375
 
        * Performing additional checks
376
 
        */
377
 
        function additional_checks()
378
 
        {
379
 
                global $user;
380
 
 
381
 
                if (!$this->file_moved)
382
 
                {
383
 
                        return false;
384
 
                }
385
 
 
386
 
                // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
387
 
                if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
388
 
                {
389
 
                        $size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
390
 
                        $max_filesize = ($this->upload->max_filesize >= 1048576) ? round($this->upload->max_filesize / 1048576 * 100) / 100 : (($this->upload->max_filesize >= 1024) ? round($this->upload->max_filesize / 1024 * 100) / 100 : $this->upload->max_filesize);
391
 
        
392
 
                        $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
393
 
 
394
 
                        return false;
395
 
                }
396
 
 
397
 
                if (!$this->upload->valid_dimensions($this))
398
 
                {
399
 
                        $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_SIZE'], $this->upload->min_width, $this->upload->min_height, $this->upload->max_width, $this->upload->max_height, $this->width, $this->height);
400
 
 
401
 
                        return false;
402
 
                }
403
 
 
404
 
                return true;
405
 
        }
406
 
}
407
 
 
408
 
/**
409
 
* Class for assigning error messages before a real filespec class can be assigned
410
 
*
411
 
* @package phpBB3
412
 
*/
413
 
class fileerror extends filespec
414
 
{
415
 
        function fileerror($error_msg)
416
 
        {
417
 
                $this->error[] = $error_msg;
418
 
        }
419
 
}
420
 
 
421
 
/**
422
 
* File upload class
423
 
* Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads
424
 
*
425
 
* @package phpBB3
426
 
*/
427
 
class fileupload
428
 
{
429
 
        var $allowed_extensions = array();
430
 
        var $max_filesize = 0;
431
 
        var $min_width = 0;
432
 
        var $min_height = 0;
433
 
        var $max_width = 0;
434
 
        var $max_height = 0;
435
 
        var $error_prefix = '';
436
 
 
437
 
        /**
438
 
        * Init file upload class.
439
 
        *
440
 
        * @param string $error_prefix Used error messages will get prefixed by this string
441
 
        * @param array $allowed_extensions Array of allowed extensions, for example array('jpg', 'jpeg', 'gif', 'png')
442
 
        * @param int $max_filesize Maximum filesize
443
 
        * @param int $min_width Minimum image width (only checked for images)
444
 
        * @param int $min_height Minimum image height (only checked for images)
445
 
        * @param int $max_width Maximum image width (only checked for images)
446
 
        * @param int $max_height Maximum image height (only checked for images)
447
 
        *
448
 
        */
449
 
        function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false)
450
 
        {
451
 
                $this->set_allowed_extensions($allowed_extensions);
452
 
                $this->set_max_filesize($max_filesize);
453
 
                $this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height);
454
 
                $this->set_error_prefix($error_prefix);
455
 
        }
456
 
 
457
 
        /**
458
 
        * Reset vars
459
 
        */
460
 
        function reset_vars()
461
 
        {
462
 
                $this->max_filesize = 0;
463
 
                $this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
464
 
                $this->error_prefix = '';
465
 
                $this->allowed_extensions = array();
466
 
        }
467
 
 
468
 
        /**
469
 
        * Set allowed extensions
470
 
        */
471
 
        function set_allowed_extensions($allowed_extensions)
472
 
        {
473
 
                if ($allowed_extensions !== false && is_array($allowed_extensions))
474
 
                {
475
 
                        $this->allowed_extensions = $allowed_extensions;
476
 
                }
477
 
        }
478
 
 
479
 
        /**
480
 
        * Set allowed dimensions
481
 
        */
482
 
        function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height)
483
 
        {
484
 
                $this->min_width = (int) $min_width;
485
 
                $this->min_height = (int) $min_height;
486
 
                $this->max_width = (int) $max_width;
487
 
                $this->max_height = (int) $max_height;
488
 
        }
489
 
 
490
 
        /**
491
 
        * Set maximum allowed filesize
492
 
        */
493
 
        function set_max_filesize($max_filesize)
494
 
        {
495
 
                if ($max_filesize !== false && (int) $max_filesize)
496
 
                {
497
 
                        $this->max_filesize = (int) $max_filesize;
498
 
                }
499
 
        }
500
 
 
501
 
        /**
502
 
        * Set error prefix
503
 
        */
504
 
        function set_error_prefix($error_prefix)
505
 
        {
506
 
                $this->error_prefix = $error_prefix;
507
 
        }
508
 
 
509
 
        /**
510
 
        * Form upload method
511
 
        * Upload file from users harddisk
512
 
        *
513
 
        * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified)
514
 
        * @return object $file Object "filespec" is returned, all further operations can be done with this object
515
 
        * @access public
516
 
        */
517
 
        function form_upload($form_name)
518
 
        {
519
 
                global $user;
520
 
 
521
 
                unset($_FILES[$form_name]['local_mode']);
522
 
                $file = new filespec($_FILES[$form_name], $this);
523
 
 
524
 
                if ($file->init_error)
525
 
                {
526
 
                        $file->error[] = '';
527
 
                        return $file;
528
 
                }
529
 
 
530
 
                // Error array filled?
531
 
                if (isset($_FILES[$form_name]['error']))
532
 
                {
533
 
                        $error = $this->assign_internal_error($_FILES[$form_name]['error']);
534
 
 
535
 
                        if ($error !== false)
536
 
                        {
537
 
                                $file->error[] = $error;
538
 
                                return $file;
539
 
                        }
540
 
                }
541
 
 
542
 
                // Check if empty file got uploaded (not catched by is_uploaded_file)
543
 
                if (isset($_FILES[$form_name]['size']) && $_FILES[$form_name]['size'] == 0)
544
 
                {
545
 
                        $file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD'];
546
 
                        return $file;
547
 
                }
548
 
 
549
 
                // PHP Upload filesize exceeded
550
 
                if ($file->get('filename') == 'none')
551
 
                {
552
 
                        $file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
553
 
                        return $file;
554
 
                }
555
 
 
556
 
                // Not correctly uploaded
557
 
                if (!$file->is_uploaded())
558
 
                {
559
 
                        $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
560
 
                        return $file;
561
 
                }
562
 
 
563
 
                $this->common_checks($file);
564
 
 
565
 
                return $file;
566
 
        }
567
 
 
568
 
        /**
569
 
        * Move file from another location to phpBB
570
 
        */
571
 
        function local_upload($source_file, $filedata = false)
572
 
        {
573
 
                global $user;
574
 
 
575
 
                $form_name = 'local';
576
 
 
577
 
                $_FILES[$form_name]['local_mode'] = true;
578
 
                $_FILES[$form_name]['tmp_name'] = $source_file;
579
 
 
580
 
                if ($filedata === false)
581
 
                {
582
 
                        $_FILES[$form_name]['name'] = basename($source_file);
583
 
                        $_FILES[$form_name]['size'] = 0;
584
 
                        $mimetype = '';
585
 
 
586
 
                        if (function_exists('mime_content_type'))
587
 
                        {
588
 
                                $mimetype = mime_content_type($source_file);
589
 
                        }
590
 
 
591
 
                        // Some browsers choke on a mimetype of application/octet-stream
592
 
                        if (!$mimetype || $mimetype == 'application/octet-stream')
593
 
                        {
594
 
                                $mimetype = 'application/octetstream';
595
 
                        }
596
 
 
597
 
                        $_FILES[$form_name]['type'] = $mimetype;
598
 
                }
599
 
                else
600
 
                {
601
 
                        $_FILES[$form_name]['name'] = $filedata['realname'];
602
 
                        $_FILES[$form_name]['size'] = $filedata['size'];
603
 
                        $_FILES[$form_name]['type'] = $filedata['type'];
604
 
                }
605
 
 
606
 
                $file = new filespec($_FILES[$form_name], $this);
607
 
 
608
 
                if ($file->init_error)
609
 
                {
610
 
                        $file->error[] = '';
611
 
                        return $file;
612
 
                }
613
 
 
614
 
                if (isset($_FILES[$form_name]['error']))
615
 
                {
616
 
                        $error = $this->assign_internal_error($_FILES[$form_name]['error']);
617
 
 
618
 
                        if ($error !== false)
619
 
                        {
620
 
                                $file->error[] = $error;
621
 
                                return $file;
622
 
                        }
623
 
                }
624
 
 
625
 
                // PHP Upload filesize exceeded
626
 
                if ($file->get('filename') == 'none')
627
 
                {
628
 
                        $file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
629
 
                        return $file;
630
 
                }
631
 
 
632
 
                // Not correctly uploaded
633
 
                if (!$file->is_uploaded())
634
 
                {
635
 
                        $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
636
 
                        return $file;
637
 
                }
638
 
 
639
 
                $this->common_checks($file);
640
 
 
641
 
                return $file;
642
 
        }
643
 
 
644
 
        /**
645
 
        * Remote upload method
646
 
        * Uploads file from given url
647
 
        *
648
 
        * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif
649
 
        * @return object $file Object "filespec" is returned, all further operations can be done with this object
650
 
        * @access public
651
 
        */
652
 
        function remote_upload($upload_url)
653
 
        {
654
 
                global $user, $phpbb_root_path;
655
 
 
656
 
                $upload_ary = array();
657
 
                $upload_ary['local_mode'] = true;
658
 
 
659
 
                if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match))
660
 
                {
661
 
                        $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']);
662
 
                        return $file;
663
 
                }
664
 
 
665
 
                if (empty($match[2]))
666
 
                {
667
 
                        $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']);
668
 
                        return $file;
669
 
                }
670
 
 
671
 
                $url = parse_url($upload_url);
672
 
 
673
 
                $host = $url['host'];
674
 
                $path = $url['path'];
675
 
                $port = (!empty($url['port'])) ? (int) $url['port'] : 80;
676
 
 
677
 
                $upload_ary['type'] = 'application/octet-stream';
678
 
 
679
 
                $url['path'] = explode('.', $url['path']);
680
 
                $ext = array_pop($url['path']);
681
 
 
682
 
                $url['path'] = implode('', $url['path']);
683
 
                $upload_ary['name'] = basename($url['path']) . (($ext) ? '.' . $ext : '');
684
 
                $filename = $url['path'];
685
 
                $filesize = 0;
686
 
 
687
 
                $errno = 0;
688
 
                $errstr = '';
689
 
 
690
 
                if (!($fsock = @fsockopen($host, $port, $errno, $errstr)))
691
 
                {
692
 
                        $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']);
693
 
                        return $file;
694
 
                }
695
 
 
696
 
                // Make sure $path not beginning with /
697
 
                if (strpos($path, '/') === 0)
698
 
                {
699
 
                        $path = substr($path, 1);
700
 
                }
701
 
 
702
 
                fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
703
 
                fputs($fsock, "HOST: " . $host . "\r\n");
704
 
                fputs($fsock, "Connection: close\r\n\r\n");
705
 
 
706
 
                $get_info = false;
707
 
                $data = '';
708
 
                while (!@feof($fsock))
709
 
                {
710
 
                        if ($get_info)
711
 
                        {
712
 
                                $data .= @fread($fsock, 1024);
713
 
                        }
714
 
                        else
715
 
                        {
716
 
                                $line = @fgets($fsock, 1024);
717
 
 
718
 
                                if ($line == "\r\n")
719
 
                                {
720
 
                                        $get_info = true;
721
 
                                }
722
 
                                else
723
 
                                {
724
 
                                        if (stripos($line, 'content-type: ') !== false)
725
 
                                        {
726
 
                                                $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
727
 
                                        }
728
 
                                        else if (stripos($line, '404 not found') !== false)
729
 
                                        {
730
 
                                                $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']);
731
 
                                                return $file;
732
 
                                        }
733
 
                                }
734
 
                        }
735
 
                }
736
 
                @fclose($fsock);
737
 
 
738
 
                if (empty($data))
739
 
                {
740
 
                        $file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']);
741
 
                        return $file;
742
 
                }
743
 
 
744
 
                $tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache';
745
 
                $filename = tempnam($tmp_path, unique_id() . '-');
746
 
 
747
 
                if (!($fp = @fopen($filename, 'wb')))
748
 
                {
749
 
                        $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']);
750
 
                        return $file;
751
 
                }
752
 
 
753
 
                $upload_ary['size'] = fwrite($fp, $data);
754
 
                fclose($fp);
755
 
                unset($data);
756
 
 
757
 
                $upload_ary['tmp_name'] = $filename;
758
 
 
759
 
                $file = new filespec($upload_ary, $this);
760
 
                $this->common_checks($file);
761
 
 
762
 
                return $file;
763
 
        }
764
 
 
765
 
        /**
766
 
        * Assign internal error
767
 
        * @access private
768
 
        */
769
 
        function assign_internal_error($errorcode)
770
 
        {
771
 
                global $user;
772
 
 
773
 
                switch ($errorcode)
774
 
                {
775
 
                        case 1:
776
 
                                $error = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
777
 
                        break;
778
 
 
779
 
                        case 2:
780
 
                                $size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
781
 
                                $max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
782
 
 
783
 
                                $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
784
 
                        break;
785
 
 
786
 
                        case 3:
787
 
                                $error = $user->lang[$this->error_prefix . 'PARTIAL_UPLOAD'];
788
 
                        break;
789
 
 
790
 
                        case 4:
791
 
                                $error = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
792
 
                        break;
793
 
 
794
 
                        case 6:
795
 
                                $error = 'Temporary folder could not be found. Please check your PHP installation.';
796
 
                        break;
797
 
 
798
 
                        default:
799
 
                                $error = false;
800
 
                        break;
801
 
                }
802
 
 
803
 
                return $error;
804
 
        }
805
 
 
806
 
        /**
807
 
        * Perform common checks
808
 
        */
809
 
        function common_checks(&$file)
810
 
        {
811
 
                global $user;
812
 
 
813
 
                // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
814
 
                if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
815
 
                {
816
 
                        $size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
817
 
                        $max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
818
 
 
819
 
                        $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
820
 
                }
821
 
 
822
 
                // check Filename
823
 
                if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname')))
824
 
                {
825
 
                        $file->error[] = sprintf($user->lang[$this->error_prefix . 'INVALID_FILENAME'], $file->get('realname'));
826
 
                }
827
 
 
828
 
                // Invalid Extension
829
 
                if (!$this->valid_extension($file))
830
 
                {
831
 
                        $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));
832
 
                }
833
 
        }
834
 
 
835
 
        /**
836
 
        * Check for allowed extension
837
 
        */
838
 
        function valid_extension(&$file)
839
 
        {
840
 
                return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false;
841
 
        }
842
 
 
843
 
        /**
844
 
        * Check for allowed dimension
845
 
        */
846
 
        function valid_dimensions(&$file)
847
 
        {
848
 
                if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height)
849
 
                {
850
 
                        return true;
851
 
                }
852
 
 
853
 
                if (($file->get('width') > $this->max_width && $this->max_width) ||
854
 
                        ($file->get('height') > $this->max_height && $this->max_height) ||
855
 
                        ($file->get('width') < $this->min_width && $this->min_width) ||
856
 
                        ($file->get('height') < $this->min_height && $this->min_height))
857
 
                {
858
 
                        return false;
859
 
                }
860
 
 
861
 
                return true;
862
 
        }
863
 
 
864
 
        /**
865
 
        * Check if form upload is valid
866
 
        */
867
 
        function is_valid($form_name)
868
 
        {
869
 
                return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
870
 
        }
871
 
 
872
 
        /**
873
 
        * Return image type/extension mapping
874
 
        */
875
 
        function image_types()
876
 
        {
877
 
                return array(
878
 
                        1 => array('gif'),
879
 
                        2 => array('jpg', 'jpeg'),
880
 
                        3 => array('png'),
881
 
                        4 => array('swf'),
882
 
                        5 => array('psd'),
883
 
                        6 => array('bmp'),
884
 
                        7 => array('tif', 'tiff'),
885
 
                        8 => array('tif', 'tiff'),
886
 
                        9 => array('jpg', 'jpeg'),
887
 
                        10 => array('jpg', 'jpeg'),
888
 
                        11 => array('jpg', 'jpeg'),
889
 
                        12 => array('jpg', 'jpeg'),
890
 
                        13 => array('swc'),
891
 
                        14 => array('iff'),
892
 
                        15 => array('wbmp'),
893
 
                        16 => array('xbm'),
894
 
                );
895
 
        }
896
 
}
897
 
 
898
 
?>
 
 
b'\\ No newline at end of file'