phpBB

Code Changes

File: includes/functions_upload.php

  Unmodified   Added   Modified   Removed
Line 58Line 58

$this->filename = $upload_ary['tmp_name'];
$this->filesize = $upload_ary['size'];


$this->filename = $upload_ary['tmp_name'];
$this->filesize = $upload_ary['size'];

		$name = trim(htmlspecialchars(basename($upload_ary['name'])));
$this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;


		$name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name'];
$name = trim(utf8_htmlspecialchars(utf8_basename($name)));
$this->realname = $this->uploadname = $name;

		$this->mimetype = $upload_ary['type'];

// Opera adds the name to the mime type

		$this->mimetype = $upload_ary['type'];

// Opera adds the name to the mime type

Line 227Line 228
	function get_filesize($filename)
{
return @filesize($filename);

	function get_filesize($filename)
{
return @filesize($filename);

 
	}


/**
* Check the first 256 bytes for forbidden content
*/
function check_content($disallowed_content)
{
if (empty($disallowed_content))
{
return true;
}

$fp = @fopen($this->filename, 'rb');

if ($fp !== false)
{
$ie_mime_relevant = fread($fp, 256);
fclose($fp);
foreach ($disallowed_content as $forbidden)
{
if (stripos($ie_mime_relevant, '<' . $forbidden) !== false)
{
return false;
}
}
}
return true;

	}

/**

	}

/**

Line 235Line 264
	*
* @param string $destination_path Destination path, for example $config['avatar_path']
* @param bool $overwrite If set to true, an already existing file will be overwritten

	*
* @param string $destination_path Destination path, for example $config['avatar_path']
* @param bool $overwrite If set to true, an already existing file will be overwritten

	* @param octal $chmod Permission mask for chmodding the file after a successful move


	* @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here reflects the mode defined by {@link phpbb_chmod()}
*

	* @access public
*/

	* @access public
*/

	function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = 0666)

	function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false)

	{
global $user, $phpbb_root_path;


	{
global $user, $phpbb_root_path;


Line 246Line 276
		{
return false;
}

		{
return false;
}

 

$chmod = ($chmod === false) ? CHMOD_READ | CHMOD_WRITE : $chmod;


// We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
$this->destination_path = $phpbb_root_path . $destination;


// We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
$this->destination_path = $phpbb_root_path . $destination;

Line 257Line 289
			return false;
}


			return false;
}


		$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy';

		$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';

		$upload_mode = ($this->local) ? 'local' : $upload_mode;

		$upload_mode = ($this->local) ? 'local' : $upload_mode;

		$this->destination_file = $this->destination_path . '/' . basename($this->realname);

		$this->destination_file = $this->destination_path . '/' . utf8_basename($this->realname);


// Check if the file already exist, else there is something wrong...
if (file_exists($this->destination_file) && !$overwrite)


// Check if the file already exist, else there is something wrong...
if (file_exists($this->destination_file) && !$overwrite)

Line 282Line 314
						if (!@move_uploaded_file($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

						if (!@move_uploaded_file($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

							return false;

 
						}
}

						}
}


@unlink($this->filename);

 

break;



break;


Line 297Line 326
						if (!@copy($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

						if (!@copy($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

							return false;

 
						}
}

						}
}


@unlink($this->filename);

 

break;



break;


Line 310Line 336
					if (!@copy($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

					if (!@copy($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

						return false;

 
					}

					}

					@unlink($this->filename);

 

break;
}



break;
}


			@chmod($this->destination_file, $chmod);









			// Remove temporary filename
@unlink($this->filename);

if (sizeof($this->error))
{
return false;
}

phpbb_chmod($this->destination_file, $chmod);

		}

// Try to get real filesize from destination folder

		}

// Try to get real filesize from destination folder

Line 386Line 418
		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
{

		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
{

			$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
$max_filesize = ($this->upload->max_filesize >= 1048576) ? round($this->upload->max_filesize / 1048576 * 100) / 100 : (($this->upload->max_filesize >= 1024) ? round($this->upload->max_filesize / 1024 * 100) / 100 : $this->upload->max_filesize);

			$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);


	

	

			$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);

			$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);


return false;
}


return false;
}

Line 427Line 458
class fileupload
{
var $allowed_extensions = array();

class fileupload
{
var $allowed_extensions = array();

 
	var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); 

	var $max_filesize = 0;
var $min_width = 0;
var $min_height = 0;
var $max_width = 0;
var $max_height = 0;
var $error_prefix = '';

	var $max_filesize = 0;
var $min_width = 0;
var $min_height = 0;
var $max_width = 0;
var $max_height = 0;
var $error_prefix = '';

 

/** @var int Timeout for remote upload */
var $upload_timeout = 6;


/**
* Init file upload class.


/**
* Init file upload class.

Line 446Line 481
	* @param int $max_height Maximum image height (only checked for images)
*
*/

	* @param int $max_height Maximum image height (only checked for images)
*
*/

	function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false)

	function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false)

	{
$this->set_allowed_extensions($allowed_extensions);
$this->set_max_filesize($max_filesize);
$this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height);
$this->set_error_prefix($error_prefix);

	{
$this->set_allowed_extensions($allowed_extensions);
$this->set_max_filesize($max_filesize);
$this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height);
$this->set_error_prefix($error_prefix);

 
		$this->set_disallowed_content($disallowed_content);

	}

/**

	}

/**

Line 463Line 499
		$this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
$this->error_prefix = '';
$this->allowed_extensions = array();

		$this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
$this->error_prefix = '';
$this->allowed_extensions = array();

 
		$this->disallowed_content = array();

	}

/**

	}

/**

Line 495Line 532
		if ($max_filesize !== false && (int) $max_filesize)
{
$this->max_filesize = (int) $max_filesize;

		if ($max_filesize !== false && (int) $max_filesize)
{
$this->max_filesize = (int) $max_filesize;

 
		}
}

/**
* Set disallowed strings
*/
function set_disallowed_content($disallowed_content)
{
if ($disallowed_content !== false && is_array($disallowed_content))
{
$this->disallowed_content = array_diff($disallowed_content, array(''));

		}
}


		}
}


Line 549Line 597
		// PHP Upload filesize exceeded
if ($file->get('filename') == 'none')
{

		// PHP Upload filesize exceeded
if ($file->get('filename') == 'none')
{

			$file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));












			$max_filesize = @ini_get('upload_max_filesize');
$unit = 'MB';

if (!empty($max_filesize))
{
$unit = strtolower(substr($max_filesize, -1, 1));
$max_filesize = (int) $max_filesize;

$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
}

$file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);

			return $file;
}


			return $file;
}


Line 579Line 638

if ($filedata === false)
{


if ($filedata === false)
{

			$_FILES[$form_name]['name'] = basename($source_file);

			$_FILES[$form_name]['name'] = utf8_basename($source_file);

			$_FILES[$form_name]['size'] = 0;
$mimetype = '';


			$_FILES[$form_name]['size'] = 0;
$mimetype = '';


Line 625Line 684
		// PHP Upload filesize exceeded
if ($file->get('filename') == 'none')
{

		// PHP Upload filesize exceeded
if ($file->get('filename') == 'none')
{

			$file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));












			$max_filesize = @ini_get('upload_max_filesize');
$unit = 'MB';

if (!empty($max_filesize))
{
$unit = strtolower(substr($max_filesize, -1, 1));
$max_filesize = (int) $max_filesize;

$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
}

$file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);

			return $file;
}


			return $file;
}


Line 680Line 750
		$ext = array_pop($url['path']);

$url['path'] = implode('', $url['path']);

		$ext = array_pop($url['path']);

$url['path'] = implode('', $url['path']);

		$upload_ary['name'] = basename($url['path']) . (($ext) ? '.' . $ext : '');

		$upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : '');

		$filename = $url['path'];
$filesize = 0;

		$filename = $url['path'];
$filesize = 0;

 

$remote_max_filesize = $this->max_filesize;
if (!$remote_max_filesize)
{
$max_filesize = @ini_get('upload_max_filesize');

if (!empty($max_filesize))
{
$unit = strtolower(substr($max_filesize, -1, 1));
$remote_max_filesize = (int) $max_filesize;

switch ($unit)
{
case 'g':
$remote_max_filesize *= 1024;
// no break
case 'm':
$remote_max_filesize *= 1024;
// no break
case 'k':
$remote_max_filesize *= 1024;
// no break
}
}
}


$errno = 0;
$errstr = '';


$errno = 0;
$errstr = '';

Line 702Line 797
		fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");

		fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");

 

// Set a proper timeout for the socket
socket_set_timeout($fsock, $this->upload_timeout);


$get_info = false;
$data = '';


$get_info = false;
$data = '';

		while (!@feof($fsock))




		$length = false;
$timer_stop = time() + $this->upload_timeout;

while ((!$length || $filesize < $length) && !@feof($fsock))

		{
if ($get_info)
{

		{
if ($get_info)
{

				$data .= @fread($fsock, 1024);





















				if ($length)
{
// Don't attempt to read past end of file if server indicated length
$block = @fread($fsock, min($length - $filesize, 1024));
}
else
{
$block = @fread($fsock, 1024);
}

$filesize += strlen($block);

if ($remote_max_filesize && $filesize > $remote_max_filesize)
{
$max_filesize = get_formatted_filesize($remote_max_filesize, false);

$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
}

$data .= $block;

			}
else
{

			}
else
{

Line 724Line 845
					if (stripos($line, 'content-type: ') !== false)
{
$upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));

					if (stripos($line, 'content-type: ') !== false)
{
$upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));

 
					}
else if ($this->max_filesize && stripos($line, 'content-length: ') !== false)
{
$length = (int) str_replace('content-length: ', '', strtolower($line));

if ($remote_max_filesize && $length && $length > $remote_max_filesize)
{
$max_filesize = get_formatted_filesize($remote_max_filesize, false);

$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
}

					}
else if (stripos($line, '404 not found') !== false)
{

					}
else if (stripos($line, '404 not found') !== false)
{

Line 731Line 864
						return $file;
}
}

						return $file;
}
}

 
			}

$stream_meta_data = stream_get_meta_data($fsock);

// Cancel upload if we exceed timeout
if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
{
$file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']);
return $file;

			}
}
@fclose($fsock);

			}
}
@fclose($fsock);

Line 741Line 883
			return $file;
}


			return $file;
}


		$tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache';

		$tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache';

		$filename = tempnam($tmp_path, unique_id() . '-');

if (!($fp = @fopen($filename, 'wb')))

		$filename = tempnam($tmp_path, unique_id() . '-');

if (!($fp = @fopen($filename, 'wb')))

Line 773Line 915
		switch ($errorcode)
{
case 1:

		switch ($errorcode)
{
case 1:

				$error = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));












				$max_filesize = @ini_get('upload_max_filesize');
$unit = 'MB';

if (!empty($max_filesize))
{
$unit = strtolower(substr($max_filesize, -1, 1));
$max_filesize = (int) $max_filesize;

$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
}

$error = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);

			break;

case 2:

			break;

case 2:

				$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);

				$max_filesize = get_formatted_filesize($this->max_filesize, false);






				$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);

				$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);

			break;

case 3:

			break;

case 3:

Line 813Line 965
		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
{

		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
{

			$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);

			$max_filesize = get_formatted_filesize($this->max_filesize, false);






			$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);

			$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);

		}

// check Filename

		}

// check Filename

Line 829Line 980
		if (!$this->valid_extension($file))
{
$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));

		if (!$this->valid_extension($file))
{
$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));

 
		}

// MIME Sniffing
if (!$this->valid_content($file))
{
$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']);

		}
}


		}
}


Line 867Line 1024
	function is_valid($form_name)
{
return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;

	function is_valid($form_name)
{
return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;

 
	}


/**
* Check for allowed extension
*/
function valid_content(&$file)
{
return ($file->check_content($this->disallowed_content));

	}

/**

	}

/**