From 91b9cc90dd078fda135d975f0e5af798535d9014 Mon Sep 17 00:00:00 2001
From: Fyorl <gaelreth@gmail.com>
Date: Wed, 15 Aug 2012 15:00:03 +0100
Subject: [ticket/10939] Modified functions_upload to not use $_FILES

PHPBB3-10939
---
 phpBB/includes/functions_upload.php | 45 ++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 20 deletions(-)

(limited to 'phpBB/includes/functions_upload.php')

diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index d4c6b42cf4..b467aa93d1 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -566,10 +566,11 @@ class fileupload
 	*/
 	function form_upload($form_name)
 	{
-		global $user;
+		global $user, $request;
 
-		unset($_FILES[$form_name]['local_mode']);
-		$file = new filespec($_FILES[$form_name], $this);
+		$upload = $request->file($form_name);
+		unset($upload['local_mode']);
+		$file = new filespec($upload, $this);
 
 		if ($file->init_error)
 		{
@@ -578,9 +579,9 @@ class fileupload
 		}
 
 		// Error array filled?
-		if (isset($_FILES[$form_name]['error']))
+		if (isset($upload['error']))
 		{
-			$error = $this->assign_internal_error($_FILES[$form_name]['error']);
+			$error = $this->assign_internal_error($upload['error']);
 
 			if ($error !== false)
 			{
@@ -590,7 +591,7 @@ class fileupload
 		}
 
 		// Check if empty file got uploaded (not catched by is_uploaded_file)
-		if (isset($_FILES[$form_name]['size']) && $_FILES[$form_name]['size'] == 0)
+		if (isset($upload['size']) && $upload['size'] == 0)
 		{
 			$file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD'];
 			return $file;
@@ -631,17 +632,17 @@ class fileupload
 	*/
 	function local_upload($source_file, $filedata = false)
 	{
-		global $user;
+		global $user, $request;
 
-		$form_name = 'local';
+		$upload = array();
 
-		$_FILES[$form_name]['local_mode'] = true;
-		$_FILES[$form_name]['tmp_name'] = $source_file;
+		$upload['local_mode'] = true;
+		$upload['tmp_name'] = $source_file;
 
 		if ($filedata === false)
 		{
-			$_FILES[$form_name]['name'] = utf8_basename($source_file);
-			$_FILES[$form_name]['size'] = 0;
+			$upload['name'] = utf8_basename($source_file);
+			$upload['size'] = 0;
 			$mimetype = '';
 
 			if (function_exists('mime_content_type'))
@@ -655,16 +656,16 @@ class fileupload
 				$mimetype = 'application/octetstream';
 			}
 
-			$_FILES[$form_name]['type'] = $mimetype;
+			$upload['type'] = $mimetype;
 		}
 		else
 		{
-			$_FILES[$form_name]['name'] = $filedata['realname'];
-			$_FILES[$form_name]['size'] = $filedata['size'];
-			$_FILES[$form_name]['type'] = $filedata['type'];
+			$upload['name'] = $filedata['realname'];
+			$upload['size'] = $filedata['size'];
+			$upload['type'] = $filedata['type'];
 		}
 
-		$file = new filespec($_FILES[$form_name], $this);
+		$file = new filespec($upload, $this);
 
 		if ($file->init_error)
 		{
@@ -672,9 +673,9 @@ class fileupload
 			return $file;
 		}
 
-		if (isset($_FILES[$form_name]['error']))
+		if (isset($upload['error']))
 		{
-			$error = $this->assign_internal_error($_FILES[$form_name]['error']);
+			$error = $this->assign_internal_error($upload['error']);
 
 			if ($error !== false)
 			{
@@ -709,6 +710,7 @@ class fileupload
 		}
 
 		$this->common_checks($file);
+		$request->overwrite('local', $upload, phpbb_request_interface::FILES);
 
 		return $file;
 	}
@@ -1001,7 +1003,10 @@ class fileupload
 	*/
 	function is_valid($form_name)
 	{
-		return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
+		global $request;
+		$upload = $request->file($form_name);
+
+		return (!empty($upload) && $upload['name'] !== 'none');
 	}
 
 
-- 
cgit v1.2.1


From 54d96dfac720d5aa1cdc617ca93749d26ee9f264 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 17 Dec 2012 12:59:44 +0100
Subject: [ticket/10763] Make functions for remote avatars static

fileupload::image_types() and filespec::get_extension() are called
statically while submitting the form for the remote avatar. Make them
static as described in the ticket in order to prevent a PHP notice.
Also change the tests to use the static functions.

PHPBB3-10763
---
 phpBB/includes/functions_upload.php | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'phpBB/includes/functions_upload.php')

diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index b467aa93d1..d4cb34cc4e 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -70,7 +70,7 @@ class filespec
 			$this->mimetype = 'application/octetstream';
 		}
 
-		$this->extension = strtolower($this->get_extension($this->realname));
+		$this->extension = strtolower(filespec::get_extension($this->realname));
 
 		// Try to get real filesize from temporary folder (not always working) ;)
 		$this->filesize = (@filesize($this->filename)) ? @filesize($this->filename) : $this->filesize;
@@ -187,8 +187,11 @@ class filespec
 
 	/**
 	* Get file extension
+	*
+	* @param string Filename that needs to be checked
+	* @return string Extension of the supplied filename
 	*/
-	function get_extension($filename)
+	static public function get_extension($filename)
 	{
 		if (strpos($filename, '.') === false)
 		{
@@ -369,7 +372,7 @@ class filespec
 				}
 
 				// Check image type
-				$types = $this->upload->image_types();
+				$types = fileupload::image_types();
 
 				if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]]))
 				{
@@ -1019,9 +1022,11 @@ class fileupload
 	}
 
 	/**
-	* Return image type/extension mapping
+	* Get image type/extension mapping
+	*
+	* @return array Array containing the image types and their extensions
 	*/
-	function image_types()
+	static public function image_types()
 	{
 		return array(
 			IMAGETYPE_GIF		=> array('gif'),
-- 
cgit v1.2.1


From 4ae0c787828ea34bb927a8346804e52bd25cffac Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 17 Dec 2012 19:17:32 +0100
Subject: [ticket/10763] Use self when calling get_extension() in filespec
 class

PHPBB3-10763
---
 phpBB/includes/functions_upload.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/includes/functions_upload.php')

diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index d4cb34cc4e..4f31a85e83 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -70,7 +70,7 @@ class filespec
 			$this->mimetype = 'application/octetstream';
 		}
 
-		$this->extension = strtolower(filespec::get_extension($this->realname));
+		$this->extension = strtolower(self::get_extension($this->realname));
 
 		// Try to get real filesize from temporary folder (not always working) ;)
 		$this->filesize = (@filesize($this->filename)) ? @filesize($this->filename) : $this->filesize;
-- 
cgit v1.2.1