diff options
author | Maat <maat-pub@mageia.biz> | 2020-05-08 18:29:30 +0200 |
---|---|---|
committer | Maat <maat-pub@mageia.biz> | 2020-05-08 21:36:04 +0200 |
commit | 36bc1870f21fac04736a1049c1d5b8e127d729f4 (patch) | |
tree | 9d102331eeaf1ef3cd23e656320d7c08e65757ed /phpBB/phpbb/avatar/driver/upload.php | |
parent | 8875d385d0579b451dac4d9bda465172b4f69ee0 (diff) | |
parent | 149375253685b3a38996f63015a74b7a0f53aa14 (diff) | |
download | forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar.gz forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar.bz2 forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar.xz forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.zip |
Merge remote-tracking branch 'upstream/prep-release-3.1.11'
Diffstat (limited to 'phpBB/phpbb/avatar/driver/upload.php')
-rw-r--r-- | phpBB/phpbb/avatar/driver/upload.php | 307 |
1 files changed, 307 insertions, 0 deletions
diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php new file mode 100644 index 0000000000..0dae5607f6 --- /dev/null +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -0,0 +1,307 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\avatar\driver; + +/** +* Handles avatars uploaded to the board +*/ +class upload extends \phpbb\avatar\driver\driver +{ + /** + * @var \phpbb\mimetype\guesser + */ + protected $mimetype_guesser; + + /** + * @var \phpbb\event\dispatcher_interface + */ + protected $dispatcher; + + /** + * Construct a driver object + * + * @param \phpbb\config\config $config phpBB configuration + * @param string $phpbb_root_path Path to the phpBB root + * @param string $php_ext PHP file extension + * @param \phpbb_path_helper $path_helper phpBB path helper + * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser + * @param \phpbb\event\dispatcher_interface $dispatcher phpBB Event dispatcher object + * @param \phpbb\cache\driver\driver_interface $cache Cache driver + */ + public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\path_helper $path_helper, \phpbb\mimetype\guesser $mimetype_guesser, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\cache\driver\driver_interface $cache = null) + { + $this->config = $config; + $this->phpbb_root_path = $phpbb_root_path; + $this->php_ext = $php_ext; + $this->path_helper = $path_helper; + $this->mimetype_guesser = $mimetype_guesser; + $this->dispatcher = $dispatcher; + $this->cache = $cache; + } + + /** + * {@inheritdoc} + */ + public function get_data($row) + { + $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path(); + + return array( + 'src' => $root_path . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'], + 'width' => $row['avatar_width'], + 'height' => $row['avatar_height'], + ); + } + + /** + * {@inheritdoc} + */ + public function prepare_form($request, $template, $user, $row, &$error) + { + if (!$this->can_upload()) + { + return false; + } + + $template->assign_vars(array( + 'S_UPLOAD_AVATAR_URL' => ($this->config['allow_avatar_remote_upload']) ? true : false, + 'AVATAR_UPLOAD_SIZE' => $this->config['avatar_filesize'], + )); + + return true; + } + + /** + * {@inheritdoc} + */ + public function process_form($request, $template, $user, $row, &$error) + { + if (!$this->can_upload()) + { + return false; + } + + if (!class_exists('fileupload')) + { + include($this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext); + } + + $upload = new \fileupload('AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], (isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false)); + + $url = $request->variable('avatar_upload_url', ''); + $upload_file = $request->file('avatar_upload_file'); + + if (!empty($upload_file['name'])) + { + $file = $upload->form_upload('avatar_upload_file', $this->mimetype_guesser); + } + else if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) + { + if (!preg_match('#^(http|https|ftp)://#i', $url)) + { + $url = 'http://' . $url; + } + + if (!function_exists('validate_data')) + { + require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); + } + + $validate_array = validate_data( + array( + 'url' => $url, + ), + array( + 'url' => array('string', true, 5, 255), + ) + ); + + $error = array_merge($error, $validate_array); + + if (!empty($error)) + { + return false; + } + + // Do not allow specifying the port (see RFC 3986) or IP addresses + // remote_upload() will do its own check for allowed filetypes + if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || + preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || + preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) + { + $error[] = 'AVATAR_URL_INVALID'; + return false; + } + + $file = $upload->remote_upload($url, $this->mimetype_guesser); + } + else + { + return false; + } + + $prefix = $this->config['avatar_salt'] . '_'; + $file->clean_filename('avatar', $prefix, $row['id']); + + // If there was an error during upload, then abort operation + if (sizeof($file->error)) + { + $file->remove(); + $error = $file->error; + return false; + } + + // Calculate new destination + $destination = $this->config['avatar_path']; + + // Adjust destination path (no trailing slash) + if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') + { + $destination = substr($destination, 0, -1); + } + + $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); + if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) + { + $destination = ''; + } + + $filedata = array( + 'filename' => $file->get('filename'), + 'filesize' => $file->get('filesize'), + 'mimetype' => $file->get('mimetype'), + 'extension' => $file->get('extension'), + 'physical_filename' => $file->get('realname'), + 'real_filename' => $file->get('uploadname'), + ); + + /** + * Before moving new file in place (and eventually overwriting the existing avatar with the newly uploaded avatar) + * + * @event core.avatar_driver_upload_move_file_before + * @var array filedata Array containing uploaded file data + * @var string destination Destination directory where the file is going to be moved + * @var string prefix Prefix for the avatar filename + * @var array row Array with avatar row data + * @var array error Array of errors, if filled in by this event file will not be moved + * @since 3.1.6-RC1 + * @changed 3.1.9-RC1 Added filedata + */ + $vars = array( + 'filedata', + 'destination', + 'prefix', + 'row', + 'error', + ); + extract($this->dispatcher->trigger_event('core.avatar_driver_upload_move_file_before', compact($vars))); + + unset($filedata); + + if (!sizeof($error)) + { + // Move file and overwrite any existing image + $file->move_file($destination, true); + } + + // If there was an error during move, then clean up leftovers + $error = array_merge($error, $file->error); + if (sizeof($error)) + { + $file->remove(); + return false; + } + + // Delete current avatar if not overwritten + $ext = substr(strrchr($row['avatar'], '.'), 1); + if ($ext && $ext !== $file->get('extension')) + { + $this->delete($row); + } + + return array( + 'avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), + 'avatar_width' => $file->get('width'), + 'avatar_height' => $file->get('height'), + ); + } + + /** + * {@inheritdoc} + */ + public function prepare_form_acp($user) + { + return array( + 'allow_avatar_remote_upload'=> array('lang' => 'ALLOW_REMOTE_UPLOAD', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'avatar_filesize' => array('lang' => 'MAX_FILESIZE', 'validate' => 'int:0', 'type' => 'number:0', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), + 'avatar_path' => array('lang' => 'AVATAR_STORAGE_PATH', 'validate' => 'rpath', 'type' => 'text:20:255', 'explain' => true), + ); + } + + /** + * {@inheritdoc} + */ + public function delete($row) + { + + $error = array(); + $destination = $this->config['avatar_path']; + $prefix = $this->config['avatar_salt'] . '_'; + $ext = substr(strrchr($row['avatar'], '.'), 1); + $filename = $this->phpbb_root_path . $destination . '/' . $prefix . $row['id'] . '.' . $ext; + + /** + * Before deleting an existing avatar + * + * @event core.avatar_driver_upload_delete_before + * @var string destination Destination directory where the file is going to be deleted + * @var string prefix Prefix for the avatar filename + * @var array row Array with avatar row data + * @var array error Array of errors, if filled in by this event file will not be deleted + * @since 3.1.6-RC1 + */ + $vars = array( + 'destination', + 'prefix', + 'row', + 'error', + ); + extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars))); + + if (!sizeof($error) && file_exists($filename)) + { + @unlink($filename); + } + + return true; + } + + /** + * {@inheritdoc} + */ + public function get_template_name() + { + return 'ucp_avatar_options_upload.html'; + } + + /** + * Check if user is able to upload an avatar + * + * @return bool True if user can upload, false if not + */ + protected function can_upload() + { + return (file_exists($this->phpbb_root_path . $this->config['avatar_path']) && phpbb_is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')); + } +} |