phpBB

Code Changes

File: includes/functions_upload.php

  Unmodified   Added   Modified   Removed
Line 458Line 458
class fileupload
{
var $allowed_extensions = array();

class fileupload
{
var $allowed_extensions = array();

	var $disallowed_content = array();

	var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); 

	var $max_filesize = 0;
var $min_width = 0;
var $min_height = 0;
var $max_width = 0;
var $max_height = 0;
var $error_prefix = '';

	var $max_filesize = 0;
var $min_width = 0;
var $min_height = 0;
var $max_width = 0;
var $max_height = 0;
var $error_prefix = '';

 

/** @var int Timeout for remote upload */
var $upload_timeout = 6;


/**
* Init file upload class.


/**
* Init file upload class.

Line 539Line 542
	{
if ($disallowed_content !== false && is_array($disallowed_content))
{

	{
if ($disallowed_content !== false && is_array($disallowed_content))
{

			$this->disallowed_content = $disallowed_content;

			$this->disallowed_content = array_diff($disallowed_content, array(''));

		}
}


		}
}


Line 750Line 753
		$upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : '');
$filename = $url['path'];
$filesize = 0;

		$upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : '');
$filename = $url['path'];
$filesize = 0;

 

$remote_max_filesize = $this->max_filesize;
if (!$remote_max_filesize)
{
$max_filesize = @ini_get('upload_max_filesize');

if (!empty($max_filesize))
{
$unit = strtolower(substr($max_filesize, -1, 1));
$remote_max_filesize = (int) $max_filesize;

switch ($unit)
{
case 'g':
$remote_max_filesize *= 1024;
// no break
case 'm':
$remote_max_filesize *= 1024;
// no break
case 'k':
$remote_max_filesize *= 1024;
// no break
}
}
}


$errno = 0;
$errstr = '';


$errno = 0;
$errstr = '';

Line 769Line 797
		fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");

		fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");

 

// Set a proper timeout for the socket
socket_set_timeout($fsock, $this->upload_timeout);


$get_info = false;
$data = '';


$get_info = false;
$data = '';

		while (!@feof($fsock))




		$length = false;
$timer_stop = time() + $this->upload_timeout;

while ((!$length || $filesize < $length) && !@feof($fsock))

		{
if ($get_info)

		{
if ($get_info)

 
			{
if ($length)
{
// Don't attempt to read past end of file if server indicated length
$block = @fread($fsock, min($length - $filesize, 1024));
}
else

			{
$block = @fread($fsock, 1024);

			{
$block = @fread($fsock, 1024);

 
				}


				$filesize += strlen($block);


				$filesize += strlen($block);


				if ($this->max_filesize && $filesize > $this->max_filesize)

				if ($remote_max_filesize && $filesize > $remote_max_filesize)

				{

				{

					$max_filesize = get_formatted_filesize($this->max_filesize, false);

					$max_filesize = get_formatted_filesize($remote_max_filesize, false);


$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;


$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;

Line 807Line 850
					{
$length = (int) str_replace('content-length: ', '', strtolower($line));


					{
$length = (int) str_replace('content-length: ', '', strtolower($line));


						if ($length && $length > $this->max_filesize)

						if ($remote_max_filesize && $length && $length > $remote_max_filesize)

						{

						{

							$max_filesize = get_formatted_filesize($this->max_filesize, false);

							$max_filesize = get_formatted_filesize($remote_max_filesize, false);


$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;


$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;

Line 821Line 864
						return $file;
}
}

						return $file;
}
}

 
			}

$stream_meta_data = stream_get_meta_data($fsock);

// Cancel upload if we exceed timeout
if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
{
$file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']);
return $file;

			}
}
@fclose($fsock);

			}
}
@fclose($fsock);