diff options
author | Marc Alexander <admin@m-a-styles.de> | 2014-06-21 11:55:54 +0200 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2014-06-21 11:55:54 +0200 |
commit | 0499655ba4448fd2ae232d82bd78b47809e56591 (patch) | |
tree | 196f53dcb12dec218ba3f169460a72950baa7372 /phpBB/includes | |
parent | 51b2cc14f8075b4def8f7aae4d2bc13ddd133c6e (diff) | |
download | forums-0499655ba4448fd2ae232d82bd78b47809e56591.tar forums-0499655ba4448fd2ae232d82bd78b47809e56591.tar.gz forums-0499655ba4448fd2ae232d82bd78b47809e56591.tar.bz2 forums-0499655ba4448fd2ae232d82bd78b47809e56591.tar.xz forums-0499655ba4448fd2ae232d82bd78b47809e56591.zip |
[ticket/12755] Add timeout to remote upload to prevent infinite loop
PHPBB3-12755
Diffstat (limited to 'phpBB/includes')
-rw-r--r-- | phpBB/includes/functions_upload.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 73ac1df2d2..afffff1351 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -466,6 +466,9 @@ class fileupload var $max_height = 0; var $error_prefix = ''; + /** @var int Timeout for remote upload */ + var $upload_timeout = 5; + /** * Init file upload class. * @@ -785,6 +788,9 @@ class fileupload return $file; } + // Set a proper timeout for the socket + socket_set_timeout($fsock, $this->upload_timeout); + // Make sure $path not beginning with / if (strpos($path, '/') === 0) { @@ -797,6 +803,8 @@ class fileupload $get_info = false; $data = ''; + $upload_start = time(); + while (!@feof($fsock)) { if ($get_info) @@ -813,6 +821,13 @@ class fileupload } $data .= $block; + + // Cancel upload if we exceed timeout + if ((time() - $upload_start) >= $this->upload_timeout) + { + $file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']); + return $file; + } } else { |