phpBB

Code Changes

File: includes/functions_upload.php

  Unmodified   Added   Modified   Removed
Line 58Line 58

$this->filename = $upload_ary['tmp_name'];
$this->filesize = $upload_ary['size'];


$this->filename = $upload_ary['tmp_name'];
$this->filesize = $upload_ary['size'];

		$name = trim(htmlspecialchars(basename($upload_ary['name'])));
$this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;


		$name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name'];
$name = trim(utf8_htmlspecialchars(utf8_basename($name)));
$this->realname = $this->uploadname = $name;

		$this->mimetype = $upload_ary['type'];

// Opera adds the name to the mime type

		$this->mimetype = $upload_ary['type'];

// Opera adds the name to the mime type

Line 263Line 264
	*
* @param string $destination_path Destination path, for example $config['avatar_path']
* @param bool $overwrite If set to true, an already existing file will be overwritten

	*
* @param string $destination_path Destination path, for example $config['avatar_path']
* @param bool $overwrite If set to true, an already existing file will be overwritten

	* @param octal $chmod Permission mask for chmodding the file after a successful move


	* @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here reflects the mode defined by {@link phpbb_chmod()}
*

	* @access public
*/

	* @access public
*/

	function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = 0666)

	function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false)

	{
global $user, $phpbb_root_path;


	{
global $user, $phpbb_root_path;


Line 274Line 276
		{
return false;
}

		{
return false;
}

 

$chmod = ($chmod === false) ? CHMOD_READ | CHMOD_WRITE : $chmod;


// We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
$this->destination_path = $phpbb_root_path . $destination;


// We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
$this->destination_path = $phpbb_root_path . $destination;

Line 287Line 291

$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
$upload_mode = ($this->local) ? 'local' : $upload_mode;


$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
$upload_mode = ($this->local) ? 'local' : $upload_mode;

		$this->destination_file = $this->destination_path . '/' . basename($this->realname);

		$this->destination_file = $this->destination_path . '/' . utf8_basename($this->realname);


// Check if the file already exist, else there is something wrong...
if (file_exists($this->destination_file) && !$overwrite)


// Check if the file already exist, else there is something wrong...
if (file_exists($this->destination_file) && !$overwrite)

Line 310Line 314
						if (!@move_uploaded_file($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

						if (!@move_uploaded_file($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

							return false;

 
						}
}

						}
}


@unlink($this->filename);

 

break;



break;


Line 325Line 326
						if (!@copy($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

						if (!@copy($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

							return false;

 
						}
}

						}
}


@unlink($this->filename);

 

break;



break;


Line 338Line 336
					if (!@copy($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

					if (!@copy($this->filename, $this->destination_file))
{
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);

						return false;

 
					}

					}

					@unlink($this->filename);

 

break;
}



break;
}


			@chmod($this->destination_file, $chmod);









			// Remove temporary filename
@unlink($this->filename);

if (sizeof($this->error))
{
return false;
}

phpbb_chmod($this->destination_file, $chmod);

		}

// Try to get real filesize from destination folder

		}

// Try to get real filesize from destination folder

Line 414Line 418
		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
{

		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
{

			$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES'] );

 
			$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);


			$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);


			$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);

			$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);


return false;
}


return false;
}

Line 455Line 458
class fileupload
{
var $allowed_extensions = array();

class fileupload
{
var $allowed_extensions = array();

	var $disallowed_content = array();

	var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); 

	var $max_filesize = 0;
var $min_width = 0;
var $min_height = 0;
var $max_width = 0;
var $max_height = 0;
var $error_prefix = '';

	var $max_filesize = 0;
var $min_width = 0;
var $min_height = 0;
var $max_width = 0;
var $max_height = 0;
var $error_prefix = '';

 

/** @var int Timeout for remote upload */
var $upload_timeout = 6;


/**
* Init file upload class.


/**
* Init file upload class.

Line 536Line 542
	{
if ($disallowed_content !== false && is_array($disallowed_content))
{

	{
if ($disallowed_content !== false && is_array($disallowed_content))
{

			$this->disallowed_content = $disallowed_content;

			$this->disallowed_content = array_diff($disallowed_content, array(''));

		}
}


		}
}


Line 591Line 597
		// PHP Upload filesize exceeded
if ($file->get('filename') == 'none')
{

		// PHP Upload filesize exceeded
if ($file->get('filename') == 'none')
{

			$file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));












			$max_filesize = @ini_get('upload_max_filesize');
$unit = 'MB';

if (!empty($max_filesize))
{
$unit = strtolower(substr($max_filesize, -1, 1));
$max_filesize = (int) $max_filesize;

$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
}

$file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);

			return $file;
}


			return $file;
}


Line 621Line 638

if ($filedata === false)
{


if ($filedata === false)
{

			$_FILES[$form_name]['name'] = basename($source_file);

			$_FILES[$form_name]['name'] = utf8_basename($source_file);

			$_FILES[$form_name]['size'] = 0;
$mimetype = '';


			$_FILES[$form_name]['size'] = 0;
$mimetype = '';


Line 667Line 684
		// PHP Upload filesize exceeded
if ($file->get('filename') == 'none')
{

		// PHP Upload filesize exceeded
if ($file->get('filename') == 'none')
{

			$file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));












			$max_filesize = @ini_get('upload_max_filesize');
$unit = 'MB';

if (!empty($max_filesize))
{
$unit = strtolower(substr($max_filesize, -1, 1));
$max_filesize = (int) $max_filesize;

$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
}

$file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);

			return $file;
}


			return $file;
}


Line 722Line 750
		$ext = array_pop($url['path']);

$url['path'] = implode('', $url['path']);

		$ext = array_pop($url['path']);

$url['path'] = implode('', $url['path']);

		$upload_ary['name'] = basename($url['path']) . (($ext) ? '.' . $ext : '');

		$upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : '');

		$filename = $url['path'];
$filesize = 0;

		$filename = $url['path'];
$filesize = 0;

 

$remote_max_filesize = $this->max_filesize;
if (!$remote_max_filesize)
{
$max_filesize = @ini_get('upload_max_filesize');

if (!empty($max_filesize))
{
$unit = strtolower(substr($max_filesize, -1, 1));
$remote_max_filesize = (int) $max_filesize;

switch ($unit)
{
case 'g':
$remote_max_filesize *= 1024;
// no break
case 'm':
$remote_max_filesize *= 1024;
// no break
case 'k':
$remote_max_filesize *= 1024;
// no break
}
}
}


$errno = 0;
$errstr = '';


$errno = 0;
$errstr = '';

Line 744Line 797
		fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");

		fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");

 

// Set a proper timeout for the socket
socket_set_timeout($fsock, $this->upload_timeout);


$get_info = false;
$data = '';


$get_info = false;
$data = '';

		while (!@feof($fsock))




		$length = false;
$timer_stop = time() + $this->upload_timeout;

while ((!$length || $filesize < $length) && !@feof($fsock))

		{
if ($get_info)
{

		{
if ($get_info)
{

				$data .= @fread($fsock, 1024);





















				if ($length)
{
// Don't attempt to read past end of file if server indicated length
$block = @fread($fsock, min($length - $filesize, 1024));
}
else
{
$block = @fread($fsock, 1024);
}

$filesize += strlen($block);

if ($remote_max_filesize && $filesize > $remote_max_filesize)
{
$max_filesize = get_formatted_filesize($remote_max_filesize, false);

$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
}

$data .= $block;

			}
else
{

			}
else
{

Line 766Line 845
					if (stripos($line, 'content-type: ') !== false)
{
$upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));

					if (stripos($line, 'content-type: ') !== false)
{
$upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));

 
					}
else if ($this->max_filesize && stripos($line, 'content-length: ') !== false)
{
$length = (int) str_replace('content-length: ', '', strtolower($line));

if ($remote_max_filesize && $length && $length > $remote_max_filesize)
{
$max_filesize = get_formatted_filesize($remote_max_filesize, false);

$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
}

					}
else if (stripos($line, '404 not found') !== false)
{

					}
else if (stripos($line, '404 not found') !== false)
{

Line 773Line 864
						return $file;
}
}

						return $file;
}
}

 
			}

$stream_meta_data = stream_get_meta_data($fsock);

// Cancel upload if we exceed timeout
if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
{
$file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']);
return $file;

			}
}
@fclose($fsock);

			}
}
@fclose($fsock);

Line 815Line 915
		switch ($errorcode)
{
case 1:

		switch ($errorcode)
{
case 1:

				$error = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));












				$max_filesize = @ini_get('upload_max_filesize');
$unit = 'MB';

if (!empty($max_filesize))
{
$unit = strtolower(substr($max_filesize, -1, 1));
$max_filesize = (int) $max_filesize;

$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
}

$error = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);

			break;

case 2:

			break;

case 2:

				$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);

 
				$max_filesize = get_formatted_filesize($this->max_filesize, false);


				$max_filesize = get_formatted_filesize($this->max_filesize, false);


				$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);

				$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);

			break;

case 3:

			break;

case 3:

Line 855Line 965
		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
{

		// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
{

			$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);

 
			$max_filesize = get_formatted_filesize($this->max_filesize, false);


			$max_filesize = get_formatted_filesize($this->max_filesize, false);


			$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);

			$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);

		}

// check Filename

		}

// check Filename