From e50718008a44953181e133de1e37304ed6a5994f Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 19 Sep 2015 16:39:17 +0200 Subject: [ticket/14168] Add attachment upload class PHPBB3-14168 --- phpBB/phpbb/attachment/upload.php | 261 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 261 insertions(+) create mode 100644 phpBB/phpbb/attachment/upload.php (limited to 'phpBB/phpbb/attachment/upload.php') diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php new file mode 100644 index 0000000000..a175dee0b3 --- /dev/null +++ b/phpBB/phpbb/attachment/upload.php @@ -0,0 +1,261 @@ + + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\attachment; + +use phpbb\auth\auth; +use \phpbb\cache\service; +use \phpbb\config\config; +use \phpbb\event\dispatcher; +use \phpbb\language\language; +use \phpbb\mimetype\guesser; +use \phpbb\plupload\plupload; +use \phpbb\user; + +/** + * Attachment upload class + */ + +class upload +{ + /** @var auth */ + protected $auth; + + /** @var service */ + protected $cache; + + /** @var config */ + protected $config; + + /** @var \phpbb\files\upload Upload class */ + protected $files_upload; + + /** @var \phpbb\language\language */ + protected $language; + + /** @var guesser Mimetype guesser */ + protected $mimetype_guesser; + + /** @var dispatcher */ + protected $phpbb_dispatcher; + + /** @var plupload Plupload */ + protected $plupload; + + /** @var user */ + protected $user; + + /** + * Constructor for attachments upload class + * + * @param auth $auth + * @param service $cache + * @param config $config + * @param \phpbb\files\upload $files_upload + * @param language $language + * @param guesser $mimetype_guesser + * @param dispatcher $phpbb_dispatcher + * @param plupload $plupload + * @param user $user + * @param $phpbb_root_path + */ + public function __construct(auth $auth, service $cache, config $config, \phpbb\files\upload $files_upload, language $language, guesser $mimetype_guesser, dispatcher $phpbb_dispatcher, plupload $plupload, user $user, $phpbb_root_path) + { + $this->auth = $auth; + $this->cache = $cache; + $this->config = $config; + $this->files_upload = $files_upload; + $this->language = $language; + $this->mimetype_guesser = $mimetype_guesser; + $this->phpbb_dispatcher = $phpbb_dispatcher; + $this->plupload = $plupload; + $this->user = $user; + $this->phpbb_root_path = $phpbb_root_path; + } + + /** + * Upload Attachment - filedata is generated here + * Uses upload class + * + * @param string $form_name The form name of the file upload input + * @param int $forum_id The id of the forum + * @param bool $local Whether the file is local or not + * @param string $local_storage The path to the local file + * @param bool $is_message Whether it is a PM or not + * @param array $local_filedata An file data object created for the local file + * + * @return object filespec + */ + public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false) + { + $filedata = array( + 'error' => array() + ); + + if ($this->config['check_attachment_content'] && isset($this->config['mime_triggers'])) + { + $this->files_upload->set_disallowed_content(explode('|', $this->config['mime_triggers'])); + } + else if (!$this->config['check_attachment_content']) + { + $this->files_upload->set_disallowed_content(array()); + } + + $filedata['post_attach'] = $local || $this->files_upload->is_valid($form_name); + + if (!$filedata['post_attach']) + { + $filedata['error'][] = $this->user->lang['NO_UPLOAD_FORM_FOUND']; + return $filedata; + } + + $extensions = $this->cache->obtain_attach_extensions((($is_message) ? false : (int) $forum_id)); + $this->files_upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); + + /** @var \phpbb\files\filespec $file */ + $file = ($local) ? $this->files_upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $this->files_upload->handle_upload('files.types.form', $form_name); + + if ($file->init_error()) + { + $filedata['post_attach'] = false; + return $filedata; + } + + // Whether the uploaded file is in the image category + $is_image = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; + + if (!$this->auth->acl_get('a_') && !$this->auth->acl_get('m_', $forum_id)) + { + // Check Image Size, if it is an image + if ($is_image) + { + $file->upload->set_allowed_dimensions(0, 0, $this->config['img_max_width'], $this->config['img_max_height']); + } + + // Admins and mods are allowed to exceed the allowed filesize + if (!empty($extensions[$file->get('extension')]['max_filesize'])) + { + $allowed_filesize = $extensions[$file->get('extension')]['max_filesize']; + } + else + { + $allowed_filesize = ($is_message) ? $this->config['max_filesize_pm'] : $this->config['max_filesize']; + } + + $file->upload->set_max_filesize($allowed_filesize); + } + + $file->clean_filename('unique', $this->user->data['user_id'] . '_'); + + // Are we uploading an image *and* this image being within the image category? + // Only then perform additional image checks. + $file->move_file($this->config['upload_path'], false, !$is_image); + + // Do we have to create a thumbnail? + $filedata['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0; + + if (sizeof($file->error)) + { + $file->remove(); + $filedata['error'] = array_merge($filedata['error'], $file->error); + $filedata['post_attach'] = false; + + return $filedata; + } + + // Make sure the image category only holds valid images... + if ($is_image && !$file->is_image()) + { + $file->remove(); + + if ($this->plupload && $this->plupload->is_active()) + { + $this->plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE'); + } + + // If this error occurs a user tried to exploit an IE Bug by renaming extensions + // Since the image category is displaying content inline we need to catch this. + trigger_error($this->user->lang['ATTACHED_IMAGE_NOT_IMAGE']); + } + + $filedata['filesize'] = $file->get('filesize'); + $filedata['mimetype'] = $file->get('mimetype'); + $filedata['extension'] = $file->get('extension'); + $filedata['physical_filename'] = $file->get('realname'); + $filedata['real_filename'] = $file->get('uploadname'); + $filedata['filetime'] = time(); + + /** + * Event to modify uploaded file before submit to the post + * + * @event core.modify_uploaded_file + * @var array filedata Array containing uploaded file data + * @var bool is_image Flag indicating if the file is an image + * @since 3.1.0-RC3 + */ + $vars = array( + 'filedata', + 'is_image', + ); + extract($this->phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars))); + + // Check our complete quota + if ($this->config['attachment_quota']) + { + if (intval($this->config['upload_dir_size']) + $file->get('filesize') > $this->config['attachment_quota']) + { + $filedata['error'][] = $this->user->lang['ATTACH_QUOTA_REACHED']; + $filedata['post_attach'] = false; + + $file->remove(); + + return $filedata; + } + } + + // Check free disk space + if ($free_space = @disk_free_space($this->phpbb_root_path . $this->config['upload_path'])) + { + if ($free_space <= $file->get('filesize')) + { + if ($this->auth->acl_get('a_')) + { + $filedata['error'][] = $this->user->lang['ATTACH_DISK_FULL']; + } + else + { + $filedata['error'][] = $this->user->lang['ATTACH_QUOTA_REACHED']; + } + $filedata['post_attach'] = false; + + $file->remove(); + + return $filedata; + } + } + + // Create Thumbnail + if ($filedata['thumbnail']) + { + $source = $file->get('destination_file'); + $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); + + if (!create_thumbnail($source, $destination, $file->get('mimetype'))) + { + $filedata['thumbnail'] = 0; + } + } + + return $filedata; + } +} -- cgit v1.2.1 From 07c8e21e8033f35483b5c96653f616b6f094138e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 19 Sep 2015 16:45:51 +0200 Subject: [ticket/14168] Use language class and fix incorrect docblock PHPBB3-14168 --- phpBB/phpbb/attachment/upload.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/phpbb/attachment/upload.php') diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php index a175dee0b3..c7de323699 100644 --- a/phpBB/phpbb/attachment/upload.php +++ b/phpBB/phpbb/attachment/upload.php @@ -96,7 +96,7 @@ class upload * * @return object filespec */ - public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false) + public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = array()) { $filedata = array( 'error' => array() @@ -115,7 +115,7 @@ class upload if (!$filedata['post_attach']) { - $filedata['error'][] = $this->user->lang['NO_UPLOAD_FORM_FOUND']; + $filedata['error'][] = $this->language->lang('NO_UPLOAD_FORM_FOUND'); return $filedata; } @@ -185,7 +185,7 @@ class upload // If this error occurs a user tried to exploit an IE Bug by renaming extensions // Since the image category is displaying content inline we need to catch this. - trigger_error($this->user->lang['ATTACHED_IMAGE_NOT_IMAGE']); + trigger_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE')); } $filedata['filesize'] = $file->get('filesize'); @@ -214,7 +214,7 @@ class upload { if (intval($this->config['upload_dir_size']) + $file->get('filesize') > $this->config['attachment_quota']) { - $filedata['error'][] = $this->user->lang['ATTACH_QUOTA_REACHED']; + $filedata['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED'); $filedata['post_attach'] = false; $file->remove(); @@ -230,11 +230,11 @@ class upload { if ($this->auth->acl_get('a_')) { - $filedata['error'][] = $this->user->lang['ATTACH_DISK_FULL']; + $filedata['error'][] = $this->language->lang('ATTACH_DISK_FULL'); } else { - $filedata['error'][] = $this->user->lang['ATTACH_QUOTA_REACHED']; + $filedata['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED'); } $filedata['post_attach'] = false; -- cgit v1.2.1 From 6c1cd26b7a3602932f3571eebcd5a21d1ce8ae51 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 19 Sep 2015 16:50:21 +0200 Subject: [ticket/14168] Split thumbnail creation to separate method PHPBB3-14168 --- phpBB/phpbb/attachment/upload.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'phpBB/phpbb/attachment/upload.php') diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php index c7de323699..fa6fbad60d 100644 --- a/phpBB/phpbb/attachment/upload.php +++ b/phpBB/phpbb/attachment/upload.php @@ -245,6 +245,21 @@ class upload } // Create Thumbnail + $filedata = $this->create_thumbnail($file, $filedata); + + return $filedata; + } + + /** + * Create thumbnail for file if necessary + * + * @param \phpbb\files\filespec $file + * @param array $filedata File's filedata + * + * @return array Updated $filedata + */ + protected function create_thumbnail(\phpbb\files\filespec $file, $filedata) + { if ($filedata['thumbnail']) { $source = $file->get('destination_file'); -- cgit v1.2.1 From e10aa45470889cba22b51ac4f43582ecfa131310 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 20 Sep 2015 00:51:51 +0200 Subject: [ticket/14168] Further split up attachment upload class PHPBB3-14168 --- phpBB/phpbb/attachment/upload.php | 130 +++++++++++++++++++++++--------------- 1 file changed, 78 insertions(+), 52 deletions(-) (limited to 'phpBB/phpbb/attachment/upload.php') diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php index fa6fbad60d..2880e9e42e 100644 --- a/phpBB/phpbb/attachment/upload.php +++ b/phpBB/phpbb/attachment/upload.php @@ -55,6 +55,12 @@ class upload /** @var user */ protected $user; + /** @var \phpbb\files\filespec Current filespec instance */ + private $file; + + /** @var array Extensions array */ + private $extensions; + /** * Constructor for attachments upload class * @@ -102,14 +108,7 @@ class upload 'error' => array() ); - if ($this->config['check_attachment_content'] && isset($this->config['mime_triggers'])) - { - $this->files_upload->set_disallowed_content(explode('|', $this->config['mime_triggers'])); - } - else if (!$this->config['check_attachment_content']) - { - $this->files_upload->set_disallowed_content(array()); - } + $this->init_files_upload($forum_id, $is_message); $filedata['post_attach'] = $local || $this->files_upload->is_valid($form_name); @@ -119,80 +118,64 @@ class upload return $filedata; } - $extensions = $this->cache->obtain_attach_extensions((($is_message) ? false : (int) $forum_id)); - $this->files_upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); - - /** @var \phpbb\files\filespec $file */ - $file = ($local) ? $this->files_upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $this->files_upload->handle_upload('files.types.form', $form_name); + $this->file = ($local) ? $this->files_upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $this->files_upload->handle_upload('files.types.form', $form_name); - if ($file->init_error()) + if ($this->file->init_error()) { $filedata['post_attach'] = false; return $filedata; } // Whether the uploaded file is in the image category - $is_image = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; + $is_image = (isset($this->extensions[$this->file->get('extension')]['display_cat'])) ? $this->extensions[$this->file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; if (!$this->auth->acl_get('a_') && !$this->auth->acl_get('m_', $forum_id)) { // Check Image Size, if it is an image if ($is_image) { - $file->upload->set_allowed_dimensions(0, 0, $this->config['img_max_width'], $this->config['img_max_height']); + $this->file->upload->set_allowed_dimensions(0, 0, $this->config['img_max_width'], $this->config['img_max_height']); } // Admins and mods are allowed to exceed the allowed filesize - if (!empty($extensions[$file->get('extension')]['max_filesize'])) + if (!empty($this->extensions[$this->file->get('extension')]['max_filesize'])) { - $allowed_filesize = $extensions[$file->get('extension')]['max_filesize']; + $allowed_filesize = $this->extensions[$this->file->get('extension')]['max_filesize']; } else { $allowed_filesize = ($is_message) ? $this->config['max_filesize_pm'] : $this->config['max_filesize']; } - $file->upload->set_max_filesize($allowed_filesize); + $this->file->upload->set_max_filesize($allowed_filesize); } - $file->clean_filename('unique', $this->user->data['user_id'] . '_'); + $this->file->clean_filename('unique', $this->user->data['user_id'] . '_'); // Are we uploading an image *and* this image being within the image category? // Only then perform additional image checks. - $file->move_file($this->config['upload_path'], false, !$is_image); + $this->file->move_file($this->config['upload_path'], false, !$is_image); // Do we have to create a thumbnail? $filedata['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0; - if (sizeof($file->error)) + if (sizeof($this->file->error)) { - $file->remove(); - $filedata['error'] = array_merge($filedata['error'], $file->error); + $this->file->remove(); + $filedata['error'] = array_merge($filedata['error'], $this->file->error); $filedata['post_attach'] = false; return $filedata; } // Make sure the image category only holds valid images... - if ($is_image && !$file->is_image()) - { - $file->remove(); - - if ($this->plupload && $this->plupload->is_active()) - { - $this->plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE'); - } - - // If this error occurs a user tried to exploit an IE Bug by renaming extensions - // Since the image category is displaying content inline we need to catch this. - trigger_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE')); - } + $this->check_image($is_image); - $filedata['filesize'] = $file->get('filesize'); - $filedata['mimetype'] = $file->get('mimetype'); - $filedata['extension'] = $file->get('extension'); - $filedata['physical_filename'] = $file->get('realname'); - $filedata['real_filename'] = $file->get('uploadname'); + $filedata['filesize'] = $this->file->get('filesize'); + $filedata['mimetype'] = $this->file->get('mimetype'); + $filedata['extension'] = $this->file->get('extension'); + $filedata['physical_filename'] = $this->file->get('realname'); + $filedata['real_filename'] = $this->file->get('uploadname'); $filedata['filetime'] = time(); /** @@ -212,12 +195,12 @@ class upload // Check our complete quota if ($this->config['attachment_quota']) { - if (intval($this->config['upload_dir_size']) + $file->get('filesize') > $this->config['attachment_quota']) + if (intval($this->config['upload_dir_size']) + $this->file->get('filesize') > $this->config['attachment_quota']) { $filedata['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED'); $filedata['post_attach'] = false; - $file->remove(); + $this->file->remove(); return $filedata; } @@ -226,7 +209,7 @@ class upload // Check free disk space if ($free_space = @disk_free_space($this->phpbb_root_path . $this->config['upload_path'])) { - if ($free_space <= $file->get('filesize')) + if ($free_space <= $this->file->get('filesize')) { if ($this->auth->acl_get('a_')) { @@ -238,14 +221,14 @@ class upload } $filedata['post_attach'] = false; - $file->remove(); + $this->file->remove(); return $filedata; } } // Create Thumbnail - $filedata = $this->create_thumbnail($file, $filedata); + $filedata = $this->create_thumbnail($filedata); return $filedata; } @@ -253,19 +236,18 @@ class upload /** * Create thumbnail for file if necessary * - * @param \phpbb\files\filespec $file * @param array $filedata File's filedata * * @return array Updated $filedata */ - protected function create_thumbnail(\phpbb\files\filespec $file, $filedata) + protected function create_thumbnail($filedata) { if ($filedata['thumbnail']) { - $source = $file->get('destination_file'); - $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); + $source = $this->file->get('destination_file'); + $destination = $this->file->get('destination_path') . '/thumb_' . $this->file->get('realname'); - if (!create_thumbnail($source, $destination, $file->get('mimetype'))) + if (!create_thumbnail($source, $destination, $this->file->get('mimetype'))) { $filedata['thumbnail'] = 0; } @@ -273,4 +255,48 @@ class upload return $filedata; } + + /** + * Init files upload class + * + * @param int $forum_id Forum ID + * @param bool $is_message Whether attachment is inside PM or not + */ + protected function init_files_upload($forum_id, $is_message) + { + if ($this->config['check_attachment_content'] && isset($this->config['mime_triggers'])) + { + $this->files_upload->set_disallowed_content(explode('|', $this->config['mime_triggers'])); + } + else if (!$this->config['check_attachment_content']) + { + $this->files_upload->set_disallowed_content(array()); + } + + $this->extensions = $this->cache->obtain_attach_extensions((($is_message) ? false : (int) $forum_id)); + $this->files_upload->set_allowed_extensions(array_keys($this->extensions['_allowed_'])); + } + + /** + * Check if uploaded file is really an image + * + * @param bool $is_image Whether file is image + */ + protected function check_image($is_image) + { + // Make sure the image category only holds valid images... + if ($is_image && !$this->file->is_image()) + { + $this->file->remove(); + + if ($this->plupload && $this->plupload->is_active()) + { + $this->plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE'); + } + + // If this error occurs a user tried to exploit an IE Bug by renaming extensions + // Since the image category is displaying content inline we need to catch this. + trigger_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE')); + } + } } -- cgit v1.2.1 From a60beb6f2f9d75e34c67a53c9b2332e15fe21b4a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 20 Sep 2015 12:18:58 +0200 Subject: [ticket/14168] Further split up attachment upload class PHPBB3-14168 --- phpBB/phpbb/attachment/upload.php | 155 +++++++++++++++++++++++--------------- 1 file changed, 94 insertions(+), 61 deletions(-) (limited to 'phpBB/phpbb/attachment/upload.php') diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php index 2880e9e42e..d57b33b137 100644 --- a/phpBB/phpbb/attachment/upload.php +++ b/phpBB/phpbb/attachment/upload.php @@ -58,6 +58,11 @@ class upload /** @var \phpbb\files\filespec Current filespec instance */ private $file; + /** @var array File data */ + private $file_data = array( + 'error' => array() + ); + /** @var array Extensions array */ private $extensions; @@ -104,26 +109,22 @@ class upload */ public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = array()) { - $filedata = array( - 'error' => array() - ); - $this->init_files_upload($forum_id, $is_message); - $filedata['post_attach'] = $local || $this->files_upload->is_valid($form_name); + $this->file_data['post_attach'] = $local || $this->files_upload->is_valid($form_name); - if (!$filedata['post_attach']) + if (!$this->file_data['post_attach']) { - $filedata['error'][] = $this->language->lang('NO_UPLOAD_FORM_FOUND'); - return $filedata; + $this->file_data['error'][] = $this->language->lang('NO_UPLOAD_FORM_FOUND'); + return $this->file_data; } $this->file = ($local) ? $this->files_upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $this->files_upload->handle_upload('files.types.form', $form_name); if ($this->file->init_error()) { - $filedata['post_attach'] = false; - return $filedata; + $this->file_data['post_attach'] = false; + return $this->file_data; } // Whether the uploaded file is in the image category @@ -157,26 +158,23 @@ class upload $this->file->move_file($this->config['upload_path'], false, !$is_image); // Do we have to create a thumbnail? - $filedata['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0; + $this->file_data['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0; if (sizeof($this->file->error)) { $this->file->remove(); - $filedata['error'] = array_merge($filedata['error'], $this->file->error); - $filedata['post_attach'] = false; + $this->file_data['error'] = array_merge($this->file_data['error'], $this->file->error); + $this->file_data['post_attach'] = false; - return $filedata; + return $this->file_data; } // Make sure the image category only holds valid images... $this->check_image($is_image); - $filedata['filesize'] = $this->file->get('filesize'); - $filedata['mimetype'] = $this->file->get('mimetype'); - $filedata['extension'] = $this->file->get('extension'); - $filedata['physical_filename'] = $this->file->get('realname'); - $filedata['real_filename'] = $this->file->get('uploadname'); - $filedata['filetime'] = time(); + $this->fill_file_data(); + + $filedata = $this->file_data; /** * Event to modify uploaded file before submit to the post @@ -191,69 +189,38 @@ class upload 'is_image', ); extract($this->phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars))); + $this->file_data = $filedata; + unset($filedata); - // Check our complete quota - if ($this->config['attachment_quota']) - { - if (intval($this->config['upload_dir_size']) + $this->file->get('filesize') > $this->config['attachment_quota']) - { - $filedata['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED'); - $filedata['post_attach'] = false; - - $this->file->remove(); - - return $filedata; - } - } - - // Check free disk space - if ($free_space = @disk_free_space($this->phpbb_root_path . $this->config['upload_path'])) + // Check for attachment quota and free space + if (!$this->check_attach_quota() || !$this->check_disk_space()) { - if ($free_space <= $this->file->get('filesize')) - { - if ($this->auth->acl_get('a_')) - { - $filedata['error'][] = $this->language->lang('ATTACH_DISK_FULL'); - } - else - { - $filedata['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED'); - } - $filedata['post_attach'] = false; - - $this->file->remove(); - - return $filedata; - } + return $this->file_data; } // Create Thumbnail - $filedata = $this->create_thumbnail($filedata); + $this->create_thumbnail(); - return $filedata; + return $this->file_data; } /** * Create thumbnail for file if necessary * - * @param array $filedata File's filedata - * * @return array Updated $filedata */ - protected function create_thumbnail($filedata) + protected function create_thumbnail() { - if ($filedata['thumbnail']) + if ($this->file_data['thumbnail']) { $source = $this->file->get('destination_file'); $destination = $this->file->get('destination_path') . '/thumb_' . $this->file->get('realname'); if (!create_thumbnail($source, $destination, $this->file->get('mimetype'))) { - $filedata['thumbnail'] = 0; + $this->file_data['thumbnail'] = 0; } } - - return $filedata; } /** @@ -299,4 +266,70 @@ class upload trigger_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE')); } } + + /** + * Check if attachment quota was reached + * + * @return bool False if attachment quota was reached, true if not + */ + protected function check_attach_quota() + { + if ($this->config['attachment_quota']) + { + if (intval($this->config['upload_dir_size']) + $this->file->get('filesize') > $this->config['attachment_quota']) + { + $this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED'); + $this->file_data['post_attach'] = false; + + $this->file->remove(); + + return false; + } + } + + return true; + } + + /** + * Check if there is enough free space available on disk + * + * @return bool True if disk space is available, false if not + */ + protected function check_disk_space() + { + if ($free_space = @disk_free_space($this->phpbb_root_path . $this->config['upload_path'])) + { + if ($free_space <= $this->file->get('filesize')) + { + if ($this->auth->acl_get('a_')) + { + $this->file_data['error'][] = $this->language->lang('ATTACH_DISK_FULL'); + } + else + { + $this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED'); + } + $this->file_data['post_attach'] = false; + + $this->file->remove(); + + return false; + } + } + + return true; + } + + /** + * Fills file data with file information and current time as filetime + */ + protected function fill_file_data() + { + $this->file_data['filesize'] = $this->file->get('filesize'); + $this->file_data['mimetype'] = $this->file->get('mimetype'); + $this->file_data['extension'] = $this->file->get('extension'); + $this->file_data['physical_filename'] = $this->file->get('realname'); + $this->file_data['real_filename'] = $this->file->get('uploadname'); + $this->file_data['filetime'] = time(); + } } -- cgit v1.2.1 From 36ea105236c87e84ca2b9f0a193b5b8721e8cf97 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 4 Oct 2015 11:10:07 +0200 Subject: [ticket/14168] Move image check and don't use trigger_error() PHPBB3-14168 --- phpBB/phpbb/attachment/upload.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'phpBB/phpbb/attachment/upload.php') diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php index d57b33b137..ae8d70c18e 100644 --- a/phpBB/phpbb/attachment/upload.php +++ b/phpBB/phpbb/attachment/upload.php @@ -160,6 +160,9 @@ class upload // Do we have to create a thumbnail? $this->file_data['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0; + // Make sure the image category only holds valid images... + $this->check_image($is_image); + if (sizeof($this->file->error)) { $this->file->remove(); @@ -169,9 +172,6 @@ class upload return $this->file_data; } - // Make sure the image category only holds valid images... - $this->check_image($is_image); - $this->fill_file_data(); $filedata = $this->file_data; @@ -263,7 +263,7 @@ class upload // If this error occurs a user tried to exploit an IE Bug by renaming extensions // Since the image category is displaying content inline we need to catch this. - trigger_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE')); + $this->file->set_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE')); } } -- cgit v1.2.1 From 80e3c79f383366915b799675c6bcd3e15715780e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 7 Oct 2015 11:04:15 +0200 Subject: [ticket/14168] Minor coding style fixes PHPBB3-14168 --- phpBB/phpbb/attachment/upload.php | 1 - 1 file changed, 1 deletion(-) (limited to 'phpBB/phpbb/attachment/upload.php') diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php index ae8d70c18e..2d49e05b71 100644 --- a/phpBB/phpbb/attachment/upload.php +++ b/phpBB/phpbb/attachment/upload.php @@ -25,7 +25,6 @@ use \phpbb\user; /** * Attachment upload class */ - class upload { /** @var auth */ -- cgit v1.2.1 From bb2634b5e5bdee53118eff8cdba3fea73932ff47 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 12 Oct 2015 12:11:26 +0200 Subject: [ticket/14168] Correctly state return type of upload and upload_attachment PHPBB3-14168 --- phpBB/phpbb/attachment/upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/attachment/upload.php') diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php index 2d49e05b71..957558768b 100644 --- a/phpBB/phpbb/attachment/upload.php +++ b/phpBB/phpbb/attachment/upload.php @@ -104,7 +104,7 @@ class upload * @param bool $is_message Whether it is a PM or not * @param array $local_filedata An file data object created for the local file * - * @return object filespec + * @return array File data array */ public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = array()) { -- cgit v1.2.1 From 4614cc972f9a00b67bfc982c2da7b81dfed8c6a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1t=C3=A9=20Bartus?= Date: Wed, 13 Apr 2016 19:02:43 +0200 Subject: [ticket/14589] Fix @var usage PHPBB3-14589 --- phpBB/phpbb/attachment/upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/attachment/upload.php') diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php index 957558768b..f9863b372c 100644 --- a/phpBB/phpbb/attachment/upload.php +++ b/phpBB/phpbb/attachment/upload.php @@ -39,7 +39,7 @@ class upload /** @var \phpbb\files\upload Upload class */ protected $files_upload; - /** @var \phpbb\language\language */ + /** @var language */ protected $language; /** @var guesser Mimetype guesser */ -- cgit v1.2.1