diff options
Diffstat (limited to 'phpBB/phpbb/avatar/driver')
| -rw-r--r-- | phpBB/phpbb/avatar/driver/driver.php | 23 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/driver_interface.php | 14 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/gravatar.php | 29 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/local.php | 24 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/remote.php | 51 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/upload.php | 166 |
6 files changed, 236 insertions, 71 deletions
diff --git a/phpBB/phpbb/avatar/driver/driver.php b/phpBB/phpbb/avatar/driver/driver.php index b3ced7edf7..45681f3e59 100644 --- a/phpBB/phpbb/avatar/driver/driver.php +++ b/phpBB/phpbb/avatar/driver/driver.php @@ -30,6 +30,9 @@ abstract class driver implements \phpbb\avatar\driver\driver_interface */ protected $config; + /** @var \FastImageSize\FastImageSize */ + protected $imagesize; + /** * Current $phpbb_root_path * @var string @@ -73,14 +76,16 @@ abstract class driver implements \phpbb\avatar\driver\driver_interface * Construct a driver object * * @param \phpbb\config\config $config phpBB configuration + * @param \FastImageSize\FastImageSize $imagesize FastImageSize class * @param string $phpbb_root_path Path to the phpBB root * @param string $php_ext PHP file extension * @param \phpbb\path_helper $path_helper phpBB path helper * @param \phpbb\cache\driver\driver_interface $cache Cache driver */ - public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\path_helper $path_helper, \phpbb\cache\driver\driver_interface $cache = null) + public function __construct(\phpbb\config\config $config, \FastImageSize\FastImageSize $imagesize, $phpbb_root_path, $php_ext, \phpbb\path_helper $path_helper, \phpbb\cache\driver\driver_interface $cache = null) { $this->config = $config; + $this->imagesize = $imagesize; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; $this->path_helper = $path_helper; @@ -120,6 +125,22 @@ abstract class driver implements \phpbb\avatar\driver\driver_interface } /** + * {@inheritdoc} + */ + public function get_config_name() + { + return preg_replace('#^phpbb\\\\avatar\\\\driver\\\\#', '', get_class($this)); + } + + /** + * {@inheritdoc} + */ + public function get_acp_template_name() + { + return 'acp_avatar_options_' . $this->get_config_name() . '.html'; + } + + /** * Sets the name of the driver. * * @param string $name Driver name diff --git a/phpBB/phpbb/avatar/driver/driver_interface.php b/phpBB/phpbb/avatar/driver/driver_interface.php index 835609745a..7d6c2cff8a 100644 --- a/phpBB/phpbb/avatar/driver/driver_interface.php +++ b/phpBB/phpbb/avatar/driver/driver_interface.php @@ -26,6 +26,13 @@ interface driver_interface public function get_name(); /** + * Returns the config name of the driver. To be used in accessing the CONFIG variables. + * + * @return string Config name of driver. + */ + public function get_config_name(); + + /** * Get the avatar url and dimensions * * @param array $row User data or group data that has been cleaned with @@ -110,4 +117,11 @@ interface driver_interface * @return string Avatar driver's template name */ public function get_template_name(); + + /** + * Get the avatar driver's template name (ACP) + * + * @return string Avatar driver's template name + */ + public function get_acp_template_name(); } diff --git a/phpBB/phpbb/avatar/driver/gravatar.php b/phpBB/phpbb/avatar/driver/gravatar.php index 2082e0fd02..3e4e7ff98b 100644 --- a/phpBB/phpbb/avatar/driver/gravatar.php +++ b/phpBB/phpbb/avatar/driver/gravatar.php @@ -52,8 +52,8 @@ class gravatar extends \phpbb\avatar\driver\driver public function prepare_form($request, $template, $user, $row, &$error) { $template->assign_vars(array( - 'AVATAR_GRAVATAR_WIDTH' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_width']) ? $row['avatar_width'] : $request->variable('avatar_gravatar_width', 0), - 'AVATAR_GRAVATAR_HEIGHT' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_height']) ? $row['avatar_height'] : $request->variable('avatar_gravatar_width', 0), + 'AVATAR_GRAVATAR_WIDTH' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_width']) ? $row['avatar_width'] : $request->variable('avatar_gravatar_width', ''), + 'AVATAR_GRAVATAR_HEIGHT' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_height']) ? $row['avatar_height'] : $request->variable('avatar_gravatar_width', ''), 'AVATAR_GRAVATAR_EMAIL' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar']) ? $row['avatar'] : '', )); @@ -98,8 +98,8 @@ class gravatar extends \phpbb\avatar\driver\driver return false; } - // Make sure getimagesize works... - if (function_exists('getimagesize') && ($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0)) + // Get image dimensions if they are not set + if ($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0) { /** * default to the minimum of the maximum allowed avatar size if the size @@ -108,20 +108,20 @@ class gravatar extends \phpbb\avatar\driver\driver $row['avatar_width'] = $row['avatar_height'] = min($this->config['avatar_max_width'], $this->config['avatar_max_height']); $url = $this->get_gravatar_url($row); - if (($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0) && (($image_data = getimagesize($url)) === false)) + if (($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0) && (($image_data = $this->imagesize->getImageSize($url)) === false)) { $error[] = 'UNABLE_GET_IMAGE_SIZE'; return false; } - if (!empty($image_data) && ($image_data[0] <= 0 || $image_data[1] <= 0)) + if (!empty($image_data) && ($image_data['width'] <= 0 || $image_data['width'] <= 0)) { $error[] = 'AVATAR_NO_SIZE'; return false; } - $row['avatar_width'] = ($row['avatar_width'] && $row['avatar_height']) ? $row['avatar_width'] : $image_data[0]; - $row['avatar_height'] = ($row['avatar_width'] && $row['avatar_height']) ? $row['avatar_height'] : $image_data[1]; + $row['avatar_width'] = ($row['avatar_width'] && $row['avatar_height']) ? $row['avatar_width'] : $image_data['width']; + $row['avatar_height'] = ($row['avatar_width'] && $row['avatar_height']) ? $row['avatar_height'] : $image_data['height']; } if ($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0) @@ -172,6 +172,8 @@ class gravatar extends \phpbb\avatar\driver\driver */ protected function get_gravatar_url($row) { + global $phpbb_dispatcher; + $url = self::GRAVATAR_URL; $url .= md5(strtolower(trim($row['avatar']))); @@ -180,6 +182,17 @@ class gravatar extends \phpbb\avatar\driver\driver $url .= '?s=' . max($row['avatar_width'], $row['avatar_height']); } + /** + * Modify gravatar url + * + * @event core.get_gravatar_url_after + * @var string row User data or group data + * @var string url Gravatar URL + * @since 3.1.7-RC1 + */ + $vars = array('row', 'url'); + extract($phpbb_dispatcher->trigger_event('core.get_gravatar_url_after', compact($vars))); + return $url; } } diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php index 8888686b2d..4b84e4201c 100644 --- a/phpBB/phpbb/avatar/driver/local.php +++ b/phpBB/phpbb/avatar/driver/local.php @@ -23,8 +23,10 @@ class local extends \phpbb\avatar\driver\driver */ public function get_data($row) { + $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path(); + return array( - 'src' => $this->path_helper->get_web_root_path() . $this->config['avatar_gallery_path'] . '/' . $row['avatar'], + 'src' => $root_path . $this->config['avatar_gallery_path'] . '/' . $row['avatar'], 'width' => $row['avatar_width'], 'height' => $row['avatar_height'], ); @@ -62,7 +64,7 @@ class local extends \phpbb\avatar\driver\driver $table_cols = isset($row['avatar_gallery_cols']) ? $row['avatar_gallery_cols'] : 4; $row_count = $col_count = $avatar_pos = 0; - $avatar_count = sizeof($avatar_list[$category]); + $avatar_count = count($avatar_list[$category]); reset($avatar_list[$category]); @@ -82,11 +84,13 @@ class local extends \phpbb\avatar\driver\driver 'AVATAR_IMAGE' => $this->phpbb_root_path . $this->config['avatar_gallery_path'] . '/' . $img['file'], 'AVATAR_NAME' => $img['name'], 'AVATAR_FILE' => $img['filename'], + 'CHECKED' => $img['file'] === $row['avatar'], )); $template->assign_block_vars('avatar_local_row.avatar_local_option', array( 'AVATAR_FILE' => $img['filename'], - 'S_OPTIONS_AVATAR' => $img['filename'] + 'S_OPTIONS_AVATAR' => $img['filename'], + 'CHECKED' => $img['file'] === $row['avatar'], )); $col_count = ($col_count + 1) % $table_cols; @@ -154,7 +158,7 @@ class local extends \phpbb\avatar\driver\driver */ protected function get_avatar_list($user) { - $avatar_list = ($this->cache == null) ? false : $this->cache->get('_avatar_local_list'); + $avatar_list = ($this->cache == null) ? false : $this->cache->get('_avatar_local_list_' . $user->data['user_lang']); if ($avatar_list === false) { @@ -170,17 +174,19 @@ class local extends \phpbb\avatar\driver\driver // Match all images in the gallery folder if (preg_match('#^[^&\'"<>]+\.(?:' . implode('|', $this->allowed_extensions) . ')$#i', $image) && is_file($file_path . '/' . $image)) { - if (function_exists('getimagesize')) + $dims = $this->imagesize->getImageSize($file_path . '/' . $image); + + if ($dims === false) { - $dims = getimagesize($file_path . '/' . $image); + $dims = array(0, 0); } else { - $dims = array(0, 0); + $dims = array($dims['width'], $dims['height']); } $cat = ($path == $file_path) ? $user->lang['NO_AVATAR_CATEGORY'] : str_replace("$path/", '', $file_path); $avatar_list[$cat][$image] = array( - 'file' => ($cat != $user->lang['NO_AVATAR_CATEGORY']) ? rawurlencode($cat) . '/' . rawurlencode($image) : rawurlencode($image), + 'file' => ($cat != $user->lang['NO_AVATAR_CATEGORY']) ? str_replace('%2F', '/', rawurlencode($cat)) . '/' . rawurlencode($image) : rawurlencode($image), 'filename' => rawurlencode($image), 'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $image))), 'width' => $dims[0], @@ -192,7 +198,7 @@ class local extends \phpbb\avatar\driver\driver if ($this->cache != null) { - $this->cache->put('_avatar_local_list', $avatar_list, 86400); + $this->cache->put('_avatar_local_list_' . $user->data['user_lang'], $avatar_list, 86400); } } diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php index 4b0ee3f06f..efc4f5ec0f 100644 --- a/phpBB/phpbb/avatar/driver/remote.php +++ b/phpBB/phpbb/avatar/driver/remote.php @@ -36,8 +36,8 @@ class remote extends \phpbb\avatar\driver\driver public function prepare_form($request, $template, $user, $row, &$error) { $template->assign_vars(array( - 'AVATAR_REMOTE_WIDTH' => ((in_array($row['avatar_type'], array(AVATAR_REMOTE, $this->get_name(), 'remote'))) && $row['avatar_width']) ? $row['avatar_width'] : $request->variable('avatar_remote_width', 0), - 'AVATAR_REMOTE_HEIGHT' => ((in_array($row['avatar_type'], array(AVATAR_REMOTE, $this->get_name(), 'remote'))) && $row['avatar_height']) ? $row['avatar_height'] : $request->variable('avatar_remote_width', 0), + 'AVATAR_REMOTE_WIDTH' => ((in_array($row['avatar_type'], array(AVATAR_REMOTE, $this->get_name(), 'remote'))) && $row['avatar_width']) ? $row['avatar_width'] : $request->variable('avatar_remote_width', ''), + 'AVATAR_REMOTE_HEIGHT' => ((in_array($row['avatar_type'], array(AVATAR_REMOTE, $this->get_name(), 'remote'))) && $row['avatar_height']) ? $row['avatar_height'] : $request->variable('avatar_remote_width', ''), 'AVATAR_REMOTE_URL' => ((in_array($row['avatar_type'], array(AVATAR_REMOTE, $this->get_name(), 'remote'))) && $row['avatar']) ? $row['avatar'] : '', )); @@ -85,45 +85,40 @@ class remote extends \phpbb\avatar\driver\driver } // Check if this url looks alright - // This isn't perfect, but it's what phpBB 3.0 did, and might as well make sure everything is compatible - if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url)) + // Do not allow specifying the port (see RFC 3986) or IP addresses + if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || + preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || + preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || + preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) { $error[] = 'AVATAR_URL_INVALID'; return false; } - // Make sure getimagesize works... - if (function_exists('getimagesize')) + // Get image dimensions + if (($width <= 0 || $height <= 0) && (($image_data = $this->imagesize->getImageSize($url)) === false)) { - if (($width <= 0 || $height <= 0) && (($image_data = @getimagesize($url)) === false)) - { - $error[] = 'UNABLE_GET_IMAGE_SIZE'; - return false; - } - - if (!empty($image_data) && ($image_data[0] <= 0 || $image_data[1] <= 0)) - { - $error[] = 'AVATAR_NO_SIZE'; - return false; - } - - $width = ($width && $height) ? $width : $image_data[0]; - $height = ($width && $height) ? $height : $image_data[1]; + $error[] = 'UNABLE_GET_IMAGE_SIZE'; + return false; } - if ($width <= 0 || $height <= 0) + if (!empty($image_data) && ($image_data['width'] <= 0 || $image_data['height'] <= 0)) { $error[] = 'AVATAR_NO_SIZE'; return false; } - if (!class_exists('fileupload')) + $width = ($width && $height) ? $width : $image_data['width']; + $height = ($width && $height) ? $height : $image_data['height']; + + if ($width <= 0 || $height <= 0) { - include($this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext); + $error[] = 'AVATAR_NO_SIZE'; + return false; } - $types = \fileupload::image_types(); - $extension = strtolower(\filespec::get_extension($url)); + $types = \phpbb\files\upload::image_types(); + $extension = strtolower(\phpbb\files\filespec::get_extension($url)); // Check if this is actually an image if ($file_stream = @fopen($url, 'r')) @@ -172,15 +167,15 @@ class remote extends \phpbb\avatar\driver\driver return false; } - if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))) + if (!empty($image_data) && (!isset($types[$image_data['type']]) || !in_array($extension, $types[$image_data['type']]))) { - if (!isset($types[$image_data[2]])) + if (!isset($types[$image_data['type']])) { $error[] = 'UNABLE_GET_IMAGE_SIZE'; } else { - $error[] = array('IMAGE_FILETYPE_MISMATCH', $types[$image_data[2]][0], $extension); + $error[] = array('IMAGE_FILETYPE_MISMATCH', $types[$image_data['type']][0], $extension); } return false; diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index 003b23659f..77b44754ac 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -19,9 +19,19 @@ namespace phpbb\avatar\driver; class upload extends \phpbb\avatar\driver\driver { /** - * @var \phpbb\mimetype\guesser + * @var \phpbb\filesystem\filesystem_interface + */ + protected $filesystem; + + /** + * @var \phpbb\event\dispatcher_interface */ - protected $mimetype_guesser; + protected $dispatcher; + + /** + * @var \phpbb\files\factory + */ + protected $files_factory; /** * Construct a driver object @@ -29,27 +39,33 @@ class upload extends \phpbb\avatar\driver\driver * @param \phpbb\config\config $config phpBB configuration * @param string $phpbb_root_path Path to the phpBB root * @param string $php_ext PHP file extension - * @param \phpbb_path_helper $path_helper phpBB path helper - * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser + * @param \phpbb\filesystem\filesystem_interface $filesystem phpBB filesystem helper + * @param \phpbb\path_helper $path_helper phpBB path helper + * @param \phpbb\event\dispatcher_interface $dispatcher phpBB Event dispatcher object + * @param \phpbb\files\factory $files_factory File classes factory * @param \phpbb\cache\driver\driver_interface $cache Cache driver */ - public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\path_helper $path_helper, \phpbb\mimetype\guesser $mimetype_guesser, \phpbb\cache\driver\driver_interface $cache = null) + public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\filesystem\filesystem_interface $filesystem, \phpbb\path_helper $path_helper, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\files\factory $files_factory, \phpbb\cache\driver\driver_interface $cache = null) { $this->config = $config; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; + $this->filesystem = $filesystem; $this->path_helper = $path_helper; - $this->mimetype_guesser = $mimetype_guesser; + $this->dispatcher = $dispatcher; + $this->files_factory = $files_factory; $this->cache = $cache; } /** * {@inheritdoc} */ - public function get_data($row, $ignore_config = false) + public function get_data($row) { + $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path(); + return array( - 'src' => $this->path_helper->get_web_root_path() . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'], + 'src' => $root_path . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'], 'width' => $row['avatar_width'], 'height' => $row['avatar_height'], ); @@ -83,19 +99,24 @@ class upload extends \phpbb\avatar\driver\driver return false; } - if (!class_exists('fileupload')) - { - include($this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext); - } - - $upload = new \fileupload('AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], (isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false)); + /** @var \phpbb\files\upload $upload */ + $upload = $this->files_factory->get('upload') + ->set_error_prefix('AVATAR_') + ->set_allowed_extensions($this->allowed_extensions) + ->set_max_filesize($this->config['avatar_filesize']) + ->set_allowed_dimensions( + $this->config['avatar_min_width'], + $this->config['avatar_min_height'], + $this->config['avatar_max_width'], + $this->config['avatar_max_height']) + ->set_disallowed_content((isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false)); $url = $request->variable('avatar_upload_url', ''); $upload_file = $request->file('avatar_upload_file'); if (!empty($upload_file['name'])) { - $file = $upload->form_upload('avatar_upload_file', $this->mimetype_guesser); + $file = $upload->handle_upload('files.types.form', 'avatar_upload_file'); } else if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) { @@ -125,7 +146,17 @@ class upload extends \phpbb\avatar\driver\driver return false; } - $file = $upload->remote_upload($url, $this->mimetype_guesser); + // Do not allow specifying the port (see RFC 3986) or IP addresses + // remote_upload() will do its own check for allowed filetypes + if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || + preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || + preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) + { + $error[] = 'AVATAR_URL_INVALID'; + return false; + } + + $file = $upload->handle_upload('files.types.remote', $url); } else { @@ -135,6 +166,15 @@ class upload extends \phpbb\avatar\driver\driver $prefix = $this->config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $row['id']); + // If there was an error during upload, then abort operation + if (count($file->error)) + { + $file->remove(); + $error = $file->error; + return false; + } + + // Calculate new destination $destination = $this->config['avatar_path']; // Adjust destination path (no trailing slash) @@ -149,16 +189,62 @@ class upload extends \phpbb\avatar\driver\driver $destination = ''; } - // Move file and overwrite any existing image - $file->move_file($destination, true); + $filedata = array( + 'filename' => $file->get('filename'), + 'filesize' => $file->get('filesize'), + 'mimetype' => $file->get('mimetype'), + 'extension' => $file->get('extension'), + 'physical_filename' => $file->get('realname'), + 'real_filename' => $file->get('uploadname'), + ); + + /** + * Before moving new file in place (and eventually overwriting the existing avatar with the newly uploaded avatar) + * + * @event core.avatar_driver_upload_move_file_before + * @var array filedata Array containing uploaded file data + * @var \phpbb\files\filespec file Instance of filespec class + * @var string destination Destination directory where the file is going to be moved + * @var string prefix Prefix for the avatar filename + * @var array row Array with avatar row data + * @var array error Array of errors, if filled in by this event file will not be moved + * @since 3.1.6-RC1 + * @changed 3.1.9-RC1 Added filedata + * @changed 3.2.3-RC1 Added file + */ + $vars = array( + 'filedata', + 'file', + 'destination', + 'prefix', + 'row', + 'error', + ); + extract($this->dispatcher->trigger_event('core.avatar_driver_upload_move_file_before', compact($vars))); + + unset($filedata); + + if (!count($error)) + { + // Move file and overwrite any existing image + $file->move_file($destination, true); + } - if (sizeof($file->error)) + // If there was an error during move, then clean up leftovers + $error = array_merge($error, $file->error); + if (count($error)) { $file->remove(); - $error = array_merge($error, $file->error); return false; } + // Delete current avatar if not overwritten + $ext = substr(strrchr($row['avatar'], '.'), 1); + if ($ext && $ext !== $file->get('extension')) + { + $this->delete($row); + } + return array( 'avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), 'avatar_width' => $file->get('width'), @@ -183,15 +269,45 @@ class upload extends \phpbb\avatar\driver\driver */ public function delete($row) { + + $error = array(); + $destination = $this->config['avatar_path']; + $prefix = $this->config['avatar_salt'] . '_'; $ext = substr(strrchr($row['avatar'], '.'), 1); - $filename = $this->phpbb_root_path . $this->config['avatar_path'] . '/' . $this->config['avatar_salt'] . '_' . $row['id'] . '.' . $ext; + $filename = $this->phpbb_root_path . $destination . '/' . $prefix . $row['id'] . '.' . $ext; - if (file_exists($filename)) + /** + * Before deleting an existing avatar + * + * @event core.avatar_driver_upload_delete_before + * @var string destination Destination directory where the file is going to be deleted + * @var string prefix Prefix for the avatar filename + * @var array row Array with avatar row data + * @var array error Array of errors, if filled in by this event file will not be deleted + * @since 3.1.6-RC1 + */ + $vars = array( + 'destination', + 'prefix', + 'row', + 'error', + ); + extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars))); + + if (!count($error) && $this->filesystem->exists($filename)) { - @unlink($filename); + try + { + $this->filesystem->remove($filename); + return true; + } + catch (\phpbb\filesystem\exception\filesystem_exception $e) + { + // Fail is covered by return statement below + } } - return true; + return false; } /** @@ -209,6 +325,6 @@ class upload extends \phpbb\avatar\driver\driver */ protected function can_upload() { - return (file_exists($this->phpbb_root_path . $this->config['avatar_path']) && phpbb_is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')); + return ($this->filesystem->exists($this->phpbb_root_path . $this->config['avatar_path']) && $this->filesystem->is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')); } } |