diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2014-06-24 20:59:10 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2014-06-24 20:59:10 +0200 |
| commit | 2596dbc850df86dd0d620e9d90bfd59a2f23a0eb (patch) | |
| tree | 5928193e791a4537312329a26c2d33f61669b6ce | |
| parent | 51b2cc14f8075b4def8f7aae4d2bc13ddd133c6e (diff) | |
| parent | 8b3cc9a6c494ecf7ec3262925b9e0c1381c0154e (diff) | |
| download | forums-2596dbc850df86dd0d620e9d90bfd59a2f23a0eb.tar forums-2596dbc850df86dd0d620e9d90bfd59a2f23a0eb.tar.gz forums-2596dbc850df86dd0d620e9d90bfd59a2f23a0eb.tar.bz2 forums-2596dbc850df86dd0d620e9d90bfd59a2f23a0eb.tar.xz forums-2596dbc850df86dd0d620e9d90bfd59a2f23a0eb.zip | |
Merge pull request #2633 from marc1706/ticket/12755
[ticket/12755] Add timeout to remote upload to prevent infinite loop
* marc1706/ticket/12755:
[ticket/12755] Apply de morgan to conditional
[ticket/12755] Terminate upload loop if upload reaches filesize
[ticket/12755] Change upload in remote_upload() method to fit get_remote_file
[ticket/12755] Add language string for timed out remote upload
[ticket/12755] Add timeout to remote upload to prevent infinite loop
| -rw-r--r-- | phpBB/includes/functions_upload.php | 31 | ||||
| -rw-r--r-- | phpBB/language/en/common.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/posting.php | 1 |
3 files changed, 31 insertions, 2 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 73ac1df2d2..69f10911ec 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -466,6 +466,9 @@ class fileupload var $max_height = 0; var $error_prefix = ''; + /** @var int Timeout for remote upload */ + var $upload_timeout = 6; + /** * Init file upload class. * @@ -795,13 +798,28 @@ class fileupload fputs($fsock, "HOST: " . $host . "\r\n"); fputs($fsock, "Connection: close\r\n\r\n"); + // Set a proper timeout for the socket + socket_set_timeout($fsock, $this->upload_timeout); + $get_info = false; $data = ''; - while (!@feof($fsock)) + $length = false; + $timer_stop = time() + $this->upload_timeout; + + while ((!$length || $filesize < $length) && !@feof($fsock)) { if ($get_info) { - $block = @fread($fsock, 1024); + if ($length) + { + // Don't attempt to read past end of file if server indicated length + $block = @fread($fsock, min($length - $filesize, 1024)); + } + else + { + $block = @fread($fsock, 1024); + } + $filesize += strlen($block); if ($remote_max_filesize && $filesize > $remote_max_filesize) @@ -847,6 +865,15 @@ class fileupload } } } + + $stream_meta_data = stream_get_meta_data($fsock); + + // Cancel upload if we exceed timeout + if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) + { + $file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']); + return $file; + } } @fclose($fsock); diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index cc38804fe2..2d3710e15c 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -88,6 +88,7 @@ $lang = array_merge($lang, array( 'AVATAR_PARTIAL_UPLOAD' => 'The specified file was only partially uploaded.', 'AVATAR_PHP_SIZE_NA' => 'The avatar’s filesize is too large.<br />The maximum allowed filesize set in php.ini could not be determined.', 'AVATAR_PHP_SIZE_OVERRUN' => 'The avatar’s filesize is too large. The maximum allowed upload size is %1$d %2$s.<br />Please note this is set in php.ini and cannot be overridden.', + 'AVATAR_REMOTE_UPLOAD_TIMEOUT' => 'The specified avatar could not be uploaded because the request timed out.', 'AVATAR_URL_INVALID' => 'The URL you specified is invalid.', 'AVATAR_URL_NOT_FOUND' => 'The file specified could not be found.', 'AVATAR_WRONG_FILESIZE' => 'The avatar’s filesize must be between 0 and %1$d %2$s.', diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php index df411c3228..5316011f4e 100644 --- a/phpBB/language/en/posting.php +++ b/phpBB/language/en/posting.php @@ -178,6 +178,7 @@ $lang = array_merge($lang, array( 'QUOTE_DEPTH_EXCEEDED' => 'You may embed only %1$d quotes within each other.', + 'REMOTE_UPLOAD_TIMEOUT' => 'The specified file could not be uploaded because the request timed out.', 'SAVE' => 'Save', 'SAVE_DATE' => 'Saved at', 'SAVE_DRAFT' => 'Save draft', |