Line 58 | Line 58 |
---|
$this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size'];
|
$this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size'];
|
$name = trim(htmlspecialchars(basename($upload_ary['name']))); $this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
| $name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name']; $name = trim(utf8_htmlspecialchars(utf8_basename($name))); $this->realname = $this->uploadname = $name;
|
$this->mimetype = $upload_ary['type'];
// Opera adds the name to the mime type
| $this->mimetype = $upload_ary['type'];
// Opera adds the name to the mime type
|
Line 290 | Line 291 |
---|
$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy'; $upload_mode = ($this->local) ? 'local' : $upload_mode;
|
$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy'; $upload_mode = ($this->local) ? 'local' : $upload_mode;
|
$this->destination_file = $this->destination_path . '/' . basename($this->realname);
| $this->destination_file = $this->destination_path . '/' . utf8_basename($this->realname);
|
// Check if the file already exist, else there is something wrong... if (file_exists($this->destination_file) && !$overwrite)
| // Check if the file already exist, else there is something wrong... if (file_exists($this->destination_file) && !$overwrite)
|
Line 313 | Line 314 |
---|
if (!@move_uploaded_file($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
|
if (!@move_uploaded_file($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
|
return false;
| |
} }
|
} }
|
@unlink($this->filename);
| |
break;
| break;
|
Line 328 | Line 326 |
---|
if (!@copy($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
|
if (!@copy($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
|
return false;
| |
} }
|
} }
|
@unlink($this->filename);
| |
break;
| break;
|
Line 341 | Line 336 |
---|
if (!@copy($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
|
if (!@copy($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
|
return false;
| |
}
|
}
|
| break; }
// Remove temporary filename
|
@unlink($this->filename);
|
@unlink($this->filename);
|
break;
| if (sizeof($this->error)) { return false;
|
}
phpbb_chmod($this->destination_file, $chmod);
| }
phpbb_chmod($this->destination_file, $chmod);
|
Line 417 | Line 418 |
---|
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0)) {
|
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0)) {
|
$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES'] );
| |
$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
|
$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
|
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
| $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);
|
return false; }
| return false; }
|
Line 458 | Line 458 |
---|
class fileupload { var $allowed_extensions = array();
|
class fileupload { var $allowed_extensions = array();
|
var $disallowed_content = array();
| var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title');
|
var $max_filesize = 0; var $min_width = 0; var $min_height = 0; var $max_width = 0; var $max_height = 0; var $error_prefix = '';
|
var $max_filesize = 0; var $min_width = 0; var $min_height = 0; var $max_width = 0; var $max_height = 0; var $error_prefix = '';
|
| /** @var int Timeout for remote upload */ var $upload_timeout = 6;
|
/** * Init file upload class.
| /** * Init file upload class.
|
Line 539 | Line 542 |
---|
{ if ($disallowed_content !== false && is_array($disallowed_content)) {
|
{ if ($disallowed_content !== false && is_array($disallowed_content)) {
|
$this->disallowed_content = $disallowed_content;
| $this->disallowed_content = array_diff($disallowed_content, array(''));
|
} }
| } }
|
Line 594 | Line 597 |
---|
// PHP Upload filesize exceeded if ($file->get('filename') == 'none') {
|
// PHP Upload filesize exceeded if ($file->get('filename') == 'none') {
|
$file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
| $max_filesize = @ini_get('upload_max_filesize'); $unit = 'MB';
if (!empty($max_filesize)) { $unit = strtolower(substr($max_filesize, -1, 1)); $max_filesize = (int) $max_filesize;
$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); }
$file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);
|
return $file; }
| return $file; }
|
Line 624 | Line 638 |
---|
if ($filedata === false) {
|
if ($filedata === false) {
|
$_FILES[$form_name]['name'] = basename($source_file);
| $_FILES[$form_name]['name'] = utf8_basename($source_file);
|
$_FILES[$form_name]['size'] = 0; $mimetype = '';
| $_FILES[$form_name]['size'] = 0; $mimetype = '';
|
Line 670 | Line 684 |
---|
// PHP Upload filesize exceeded if ($file->get('filename') == 'none') {
|
// PHP Upload filesize exceeded if ($file->get('filename') == 'none') {
|
$file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
| $max_filesize = @ini_get('upload_max_filesize'); $unit = 'MB';
if (!empty($max_filesize)) { $unit = strtolower(substr($max_filesize, -1, 1)); $max_filesize = (int) $max_filesize;
$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); }
$file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);
|
return $file; }
| return $file; }
|
Line 725 | Line 750 |
---|
$ext = array_pop($url['path']);
$url['path'] = implode('', $url['path']);
|
$ext = array_pop($url['path']);
$url['path'] = implode('', $url['path']);
|
$upload_ary['name'] = basename($url['path']) . (($ext) ? '.' . $ext : '');
| $upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : '');
|
$filename = $url['path']; $filesize = 0;
|
$filename = $url['path']; $filesize = 0;
|
| $remote_max_filesize = $this->max_filesize; if (!$remote_max_filesize) { $max_filesize = @ini_get('upload_max_filesize');
if (!empty($max_filesize)) { $unit = strtolower(substr($max_filesize, -1, 1)); $remote_max_filesize = (int) $max_filesize;
switch ($unit) { case 'g': $remote_max_filesize *= 1024; // no break case 'm': $remote_max_filesize *= 1024; // no break case 'k': $remote_max_filesize *= 1024; // no break } } }
|
$errno = 0; $errstr = '';
| $errno = 0; $errstr = '';
|
Line 747 | Line 797 |
---|
fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n"); fputs($fsock, "HOST: " . $host . "\r\n"); fputs($fsock, "Connection: close\r\n\r\n");
|
fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n"); fputs($fsock, "HOST: " . $host . "\r\n"); fputs($fsock, "Connection: close\r\n\r\n");
|
| // Set a proper timeout for the socket socket_set_timeout($fsock, $this->upload_timeout);
|
$get_info = false; $data = '';
|
$get_info = false; $data = '';
|
while (!@feof($fsock))
| $length = false; $timer_stop = time() + $this->upload_timeout;
while ((!$length || $filesize < $length) && !@feof($fsock))
|
{ if ($get_info) {
|
{ if ($get_info) {
|
$data .= @fread($fsock, 1024);
| if ($length) { // Don't attempt to read past end of file if server indicated length $block = @fread($fsock, min($length - $filesize, 1024)); } else { $block = @fread($fsock, 1024); }
$filesize += strlen($block);
if ($remote_max_filesize && $filesize > $remote_max_filesize) { $max_filesize = get_formatted_filesize($remote_max_filesize, false);
$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); return $file; }
$data .= $block;
|
} else {
| } else {
|
Line 769 | Line 845 |
---|
if (stripos($line, 'content-type: ') !== false) { $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
|
if (stripos($line, 'content-type: ') !== false) { $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
|
| } else if ($this->max_filesize && stripos($line, 'content-length: ') !== false) { $length = (int) str_replace('content-length: ', '', strtolower($line));
if ($remote_max_filesize && $length && $length > $remote_max_filesize) { $max_filesize = get_formatted_filesize($remote_max_filesize, false);
$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); return $file; }
|
} else if (stripos($line, '404 not found') !== false) {
| } else if (stripos($line, '404 not found') !== false) {
|
Line 776 | Line 864 |
---|
return $file; } }
|
return $file; } }
|
| }
$stream_meta_data = stream_get_meta_data($fsock);
// Cancel upload if we exceed timeout if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) { $file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']); return $file;
|
} } @fclose($fsock);
| } } @fclose($fsock);
|
Line 818 | Line 915 |
---|
switch ($errorcode) { case 1:
|
switch ($errorcode) { case 1:
|
$error = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
| $max_filesize = @ini_get('upload_max_filesize'); $unit = 'MB';
if (!empty($max_filesize)) { $unit = strtolower(substr($max_filesize, -1, 1)); $max_filesize = (int) $max_filesize;
$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); }
$error = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);
|
break;
case 2:
|
break;
case 2:
|
$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
| |
$max_filesize = get_formatted_filesize($this->max_filesize, false);
|
$max_filesize = get_formatted_filesize($this->max_filesize, false);
|
$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
| $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);
|
break;
case 3:
| break;
case 3:
|
Line 858 | Line 965 |
---|
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0)) {
|
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0)) {
|
$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
| |
$max_filesize = get_formatted_filesize($this->max_filesize, false);
|
$max_filesize = get_formatted_filesize($this->max_filesize, false);
|
$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
| $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);
|
}
// check Filename
| }
// check Filename
|