phpBB

Code Changes

File: phpbb/avatar/driver/upload.php

  Unmodified   Added   Modified   Removed
Line 143Line 143

if (!empty($error))
{


if (!empty($error))
{

 
				return false;
}

// Do not allow specifying the port (see RFC 3986) or IP addresses
// remote_upload() will do its own check for allowed filetypes
if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) ||
preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url))
{
$error[] = 'AVATAR_URL_INVALID';

				return false;
}


				return false;
}


Line 157Line 168
		$file->clean_filename('avatar', $prefix, $row['id']);

// If there was an error during upload, then abort operation

		$file->clean_filename('avatar', $prefix, $row['id']);

// If there was an error during upload, then abort operation

		if (sizeof($file->error))

		if (count($file->error))

		{
$file->remove();
$error = $file->error;

		{
$file->remove();
$error = $file->error;

Line 193Line 204
		*
* @event core.avatar_driver_upload_move_file_before
* @var array filedata Array containing uploaded file data

		*
* @event core.avatar_driver_upload_move_file_before
* @var array filedata Array containing uploaded file data

 
		* @var	\phpbb\files\filespec file	Instance of filespec class

		* @var	string	destination			Destination directory where the file is going to be moved
* @var string prefix Prefix for the avatar filename
* @var array row Array with avatar row data
* @var array error Array of errors, if filled in by this event file will not be moved
* @since 3.1.6-RC1
* @changed 3.1.9-RC1 Added filedata

		* @var	string	destination			Destination directory where the file is going to be moved
* @var string prefix Prefix for the avatar filename
* @var array row Array with avatar row data
* @var array error Array of errors, if filled in by this event file will not be moved
* @since 3.1.6-RC1
* @changed 3.1.9-RC1 Added filedata

 
		* @changed 3.2.3-RC1 Added file

		*/
$vars = array(
'filedata',

		*/
$vars = array(
'filedata',

 
			'file',

			'destination',
'prefix',
'row',

			'destination',
'prefix',
'row',

Line 211Line 225

unset($filedata);



unset($filedata);


		if (!sizeof($error))

		if (!count($error))

		{
// Move file and overwrite any existing image
$file->move_file($destination, true);

		{
// Move file and overwrite any existing image
$file->move_file($destination, true);

Line 219Line 233

// If there was an error during move, then clean up leftovers
$error = array_merge($error, $file->error);


// If there was an error during move, then clean up leftovers
$error = array_merge($error, $file->error);

		if (sizeof($error))

		if (count($error))

		{
$file->remove();
return false;

		{
$file->remove();
return false;

Line 281Line 295
		);
extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars)));


		);
extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars)));


		if (!sizeof($error) && file_exists($filename))

		if (!count($error) && $this->filesystem->exists($filename))

		{

		{

			@unlink($filename);









			try
{
$this->filesystem->remove($filename);
return true;
}
catch (\phpbb\filesystem\exception\filesystem_exception $e)
{
// Fail is covered by return statement below
}

		}


		}


		return true;

		return false;

	}

/**

	}

/**

Line 304Line 326
	*/
protected function can_upload()
{

	*/
protected function can_upload()
{

		return (file_exists($this->phpbb_root_path . $this->config['avatar_path']) && $this->filesystem->is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on'));

		return ($this->filesystem->exists($this->phpbb_root_path . $this->config['avatar_path']) && $this->filesystem->is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on'));

	}
}


	}
}