phpBB

Code Changes

File: phpbb/avatar/driver/upload.php

  Unmodified   Added   Modified   Removed
Line 22Line 22
	* @var \phpbb\mimetype\guesser
*/
protected $mimetype_guesser;

	* @var \phpbb\mimetype\guesser
*/
protected $mimetype_guesser;

 

/**
* @var \phpbb\event\dispatcher_interface
*/
protected $dispatcher;


/**
* Construct a driver object


/**
* Construct a driver object

Line 31Line 36
	* @param string $php_ext PHP file extension
* @param \phpbb_path_helper $path_helper phpBB path helper
* @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser

	* @param string $php_ext PHP file extension
* @param \phpbb_path_helper $path_helper phpBB path helper
* @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser

 
	* @param \phpbb\event\dispatcher_interface $dispatcher phpBB Event dispatcher object

	* @param \phpbb\cache\driver\driver_interface $cache Cache driver
*/

	* @param \phpbb\cache\driver\driver_interface $cache Cache driver
*/

	public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\path_helper $path_helper, \phpbb\mimetype\guesser $mimetype_guesser, \phpbb\cache\driver\driver_interface $cache = null)

	public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\path_helper $path_helper, \phpbb\mimetype\guesser $mimetype_guesser, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\cache\driver\driver_interface $cache = null)

	{
$this->config = $config;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
$this->path_helper = $path_helper;
$this->mimetype_guesser = $mimetype_guesser;

	{
$this->config = $config;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
$this->path_helper = $path_helper;
$this->mimetype_guesser = $mimetype_guesser;

 
		$this->dispatcher = $dispatcher;

		$this->cache = $cache;
}

/**
* {@inheritdoc}
*/

		$this->cache = $cache;
}

/**
* {@inheritdoc}
*/

	public function get_data($row, $ignore_config = false)

	public function get_data($row)

	{
$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path();


	{
$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path();


Line 124Line 131

if (!empty($error))
{


if (!empty($error))
{

 
				return false;
}

// Do not allow specifying the port (see RFC 3986) or IP addresses
// remote_upload() will do its own check for allowed filetypes
if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url))
{
$error[] = 'AVATAR_URL_INVALID';

				return false;
}


				return false;
}


Line 137Line 154
		$prefix = $this->config['avatar_salt'] . '_';
$file->clean_filename('avatar', $prefix, $row['id']);


		$prefix = $this->config['avatar_salt'] . '_';
$file->clean_filename('avatar', $prefix, $row['id']);


 
		// If there was an error during upload, then abort operation
if (sizeof($file->error))
{
$file->remove();
$error = $file->error;
return false;
}

// Calculate new destination

		$destination = $this->config['avatar_path'];

// Adjust destination path (no trailing slash)

		$destination = $this->config['avatar_path'];

// Adjust destination path (no trailing slash)

Line 151Line 177
			$destination = '';
}


			$destination = '';
}


 
		$filedata = array(
'filename' => $file->get('filename'),
'filesize' => $file->get('filesize'),
'mimetype' => $file->get('mimetype'),
'extension' => $file->get('extension'),
'physical_filename' => $file->get('realname'),
'real_filename' => $file->get('uploadname'),
);

/**
* Before moving new file in place (and eventually overwriting the existing avatar with the newly uploaded avatar)
*
* @event core.avatar_driver_upload_move_file_before
* @var array filedata Array containing uploaded file data
* @var string destination Destination directory where the file is going to be moved
* @var string prefix Prefix for the avatar filename
* @var array row Array with avatar row data
* @var array error Array of errors, if filled in by this event file will not be moved
* @since 3.1.6-RC1
* @changed 3.1.9-RC1 Added filedata
*/
$vars = array(
'filedata',
'destination',
'prefix',
'row',
'error',
);
extract($this->dispatcher->trigger_event('core.avatar_driver_upload_move_file_before', compact($vars)));

unset($filedata);

if (!sizeof($error))
{

		// Move file and overwrite any existing image
$file->move_file($destination, true);

		// Move file and overwrite any existing image
$file->move_file($destination, true);

 
		}





		if (sizeof($file->error))



		// If there was an error during move, then clean up leftovers
$error = array_merge($error, $file->error);
if (sizeof($error))

		{
$file->remove();

		{
$file->remove();

			$error = array_merge($error, $file->error);

 
			return false;

			return false;

 
		}

// Delete current avatar if not overwritten
$ext = substr(strrchr($row['avatar'], '.'), 1);
if ($ext && $ext !== $file->get('extension'))
{
$this->delete($row);

		}

return array(

		}

return array(

Line 185Line 254
	*/
public function delete($row)
{

	*/
public function delete($row)
{

 

$error = array();
$destination = $this->config['avatar_path'];
$prefix = $this->config['avatar_salt'] . '_';

		$ext = substr(strrchr($row['avatar'], '.'), 1);

		$ext = substr(strrchr($row['avatar'], '.'), 1);

		$filename = $this->phpbb_root_path . $this->config['avatar_path'] . '/' . $this->config['avatar_salt'] . '_' . $row['id'] . '.' . $ext;



















		$filename = $this->phpbb_root_path . $destination . '/' . $prefix . $row['id'] . '.' . $ext;

/**
* Before deleting an existing avatar
*
* @event core.avatar_driver_upload_delete_before
* @var string destination Destination directory where the file is going to be deleted
* @var string prefix Prefix for the avatar filename
* @var array row Array with avatar row data
* @var array error Array of errors, if filled in by this event file will not be deleted
* @since 3.1.6-RC1
*/
$vars = array(
'destination',
'prefix',
'row',
'error',
);
extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars)));





		if (file_exists($filename))

		if (!sizeof($error) && file_exists($filename))

		{
@unlink($filename);
}

		{
@unlink($filename);
}