From d2be8e1503db3686c62b23973511c61dea7a6616 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 1 Jun 2015 13:30:17 +0200 Subject: [ticket/13904] Add fileupload class to files classes PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 655 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 655 insertions(+) create mode 100644 phpBB/phpbb/files/upload.php (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php new file mode 100644 index 0000000000..7501247e06 --- /dev/null +++ b/phpBB/phpbb/files/upload.php @@ -0,0 +1,655 @@ + + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\files; + +/** + * File upload class + * Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads + */ +class upload +{ + var $allowed_extensions = array(); + var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); + var $max_filesize = 0; + var $min_width = 0; + var $min_height = 0; + var $max_width = 0; + var $max_height = 0; + var $error_prefix = ''; + + /** @var int Timeout for remote upload */ + var $upload_timeout = 6; + + /** + * @var \phpbb\filesystem\filesystem_interface + */ + protected $filesystem; + + /** + * Init file upload class. + * + * @param \phpbb\filesystem\filesystem_interface $filesystem + * @param string $error_prefix Used error messages will get prefixed by this string + * @param array $allowed_extensions Array of allowed extensions, for example array('jpg', 'jpeg', 'gif', 'png') + * @param int $max_filesize Maximum filesize + * @param int $min_width Minimum image width (only checked for images) + * @param int $min_height Minimum image height (only checked for images) + * @param int $max_width Maximum image width (only checked for images) + * @param int $max_height Maximum image height (only checked for images) + * @param bool|array $disallowed_content If enabled, the first 256 bytes of the file must not + * contain any of its values. Defaults to false. + * + */ + function fileupload(\phpbb\filesystem\filesystem_interface $filesystem, $error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false) + { + $this->set_allowed_extensions($allowed_extensions); + $this->set_max_filesize($max_filesize); + $this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height); + $this->set_error_prefix($error_prefix); + $this->set_disallowed_content($disallowed_content); + $this->filesystem = $filesystem; + } + + /** + * Reset vars + */ + function reset_vars() + { + $this->max_filesize = 0; + $this->min_width = $this->min_height = $this->max_width = $this->max_height = 0; + $this->error_prefix = ''; + $this->allowed_extensions = array(); + $this->disallowed_content = array(); + } + + /** + * Set allowed extensions + */ + function set_allowed_extensions($allowed_extensions) + { + if ($allowed_extensions !== false && is_array($allowed_extensions)) + { + $this->allowed_extensions = $allowed_extensions; + } + } + + /** + * Set allowed dimensions + */ + function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height) + { + $this->min_width = (int) $min_width; + $this->min_height = (int) $min_height; + $this->max_width = (int) $max_width; + $this->max_height = (int) $max_height; + } + + /** + * Set maximum allowed filesize + */ + function set_max_filesize($max_filesize) + { + if ($max_filesize !== false && (int) $max_filesize) + { + $this->max_filesize = (int) $max_filesize; + } + } + + /** + * Set disallowed strings + */ + function set_disallowed_content($disallowed_content) + { + if ($disallowed_content !== false && is_array($disallowed_content)) + { + $this->disallowed_content = array_diff($disallowed_content, array('')); + } + } + + /** + * Set error prefix + */ + function set_error_prefix($error_prefix) + { + $this->error_prefix = $error_prefix; + } + + /** + * Form upload method + * Upload file from users harddisk + * + * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified) + * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser + * @param \phpbb\plupload\plupload $plupload The plupload object + * + * @return object $file Object "filespec" is returned, all further operations can be done with this object + * @access public + */ + function form_upload($form_name, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null) + { + global $user, $request, $phpbb_container; + + $upload = $request->file($form_name); + unset($upload['local_mode']); + + if ($plupload) + { + $result = $plupload->handle_upload($form_name); + if (is_array($result)) + { + $upload = array_merge($upload, $result); + } + } + + /** @var \phpbb\files\filespec $file */ + $file = $phpbb_container->get('files.filespec') + ->set_upload_ary($upload) + ->set_upload_namespace($this); + + if ($file->init_error()) + { + $file->error[] = ''; + return $file; + } + + // Error array filled? + if (isset($upload['error'])) + { + $error = $this->assign_internal_error($upload['error']); + + if ($error !== false) + { + $file->error[] = $error; + return $file; + } + } + + // Check if empty file got uploaded (not catched by is_uploaded_file) + if (isset($upload['size']) && $upload['size'] == 0) + { + $file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD']; + return $file; + } + + // PHP Upload filesize exceeded + if ($file->get('filename') == 'none') + { + $max_filesize = @ini_get('upload_max_filesize'); + $unit = 'MB'; + + if (!empty($max_filesize)) + { + $unit = strtolower(substr($max_filesize, -1, 1)); + $max_filesize = (int) $max_filesize; + + $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); + } + + $file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); + return $file; + } + + // Not correctly uploaded + if (!$file->is_uploaded()) + { + $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; + return $file; + } + + $this->common_checks($file); + + return $file; + } + + /** + * Move file from another location to phpBB + */ + function local_upload($source_file, $filedata = false, \phpbb\mimetype\guesser $mimetype_guesser = null) + { + global $user, $request, $phpbb_container; + + $upload = array(); + + $upload['local_mode'] = true; + $upload['tmp_name'] = $source_file; + + if ($filedata === false) + { + $upload['name'] = utf8_basename($source_file); + $upload['size'] = 0; + } + else + { + $upload['name'] = $filedata['realname']; + $upload['size'] = $filedata['size']; + $upload['type'] = $filedata['type']; + } + + /** @var \phpbb\files\filespec $file */ + $file = $phpbb_container->get('files.filespec') + ->set_upload_ary($upload) + ->set_upload_namespace($this); + + if ($file->init_error()) + { + $file->error[] = ''; + return $file; + } + + if (isset($upload['error'])) + { + $error = $this->assign_internal_error($upload['error']); + + if ($error !== false) + { + $file->error[] = $error; + return $file; + } + } + + // PHP Upload filesize exceeded + if ($file->get('filename') == 'none') + { + $max_filesize = @ini_get('upload_max_filesize'); + $unit = 'MB'; + + if (!empty($max_filesize)) + { + $unit = strtolower(substr($max_filesize, -1, 1)); + $max_filesize = (int) $max_filesize; + + $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); + } + + $file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); + return $file; + } + + // Not correctly uploaded + if (!$file->is_uploaded()) + { + $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; + return $file; + } + + $this->common_checks($file); + $request->overwrite('local', $upload, \phpbb\request\request_interface::FILES); + + return $file; + } + + /** + * Remote upload method + * Uploads file from given url + * + * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif + * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser + * @return object $file Object "filespec" is returned, all further operations can be done with this object + * @access public + */ + function remote_upload($upload_url, \phpbb\mimetype\guesser $mimetype_guesser = null) + { + global $user, $phpbb_root_path, $phpbb_container; + + $upload_ary = array(); + $upload_ary['local_mode'] = true; + + if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match)) + { + $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']); + return $file; + } + + if (empty($match[2])) + { + $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']); + return $file; + } + + $url = parse_url($upload_url); + + $host = $url['host']; + $path = $url['path']; + $port = (!empty($url['port'])) ? (int) $url['port'] : 80; + + $upload_ary['type'] = 'application/octet-stream'; + + $url['path'] = explode('.', $url['path']); + $ext = array_pop($url['path']); + + $url['path'] = implode('', $url['path']); + $upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : ''); + $filename = $url['path']; + $filesize = 0; + + $remote_max_filesize = $this->max_filesize; + if (!$remote_max_filesize) + { + $max_filesize = @ini_get('upload_max_filesize'); + + if (!empty($max_filesize)) + { + $unit = strtolower(substr($max_filesize, -1, 1)); + $remote_max_filesize = (int) $max_filesize; + + switch ($unit) + { + case 'g': + $remote_max_filesize *= 1024; + // no break + case 'm': + $remote_max_filesize *= 1024; + // no break + case 'k': + $remote_max_filesize *= 1024; + // no break + } + } + } + + $errno = 0; + $errstr = ''; + + if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) + { + $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']); + return $file; + } + + // Make sure $path not beginning with / + if (strpos($path, '/') === 0) + { + $path = substr($path, 1); + } + + fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n"); + fputs($fsock, "HOST: " . $host . "\r\n"); + fputs($fsock, "Connection: close\r\n\r\n"); + + // Set a proper timeout for the socket + socket_set_timeout($fsock, $this->upload_timeout); + + $get_info = false; + $data = ''; + $length = false; + $timer_stop = time() + $this->upload_timeout; + + while ((!$length || $filesize < $length) && !@feof($fsock)) + { + if ($get_info) + { + if ($length) + { + // Don't attempt to read past end of file if server indicated length + $block = @fread($fsock, min($length - $filesize, 1024)); + } + else + { + $block = @fread($fsock, 1024); + } + + $filesize += strlen($block); + + if ($remote_max_filesize && $filesize > $remote_max_filesize) + { + $max_filesize = get_formatted_filesize($remote_max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + + $data .= $block; + } + else + { + $line = @fgets($fsock, 1024); + + if ($line == "\r\n") + { + $get_info = true; + } + else + { + if (stripos($line, 'content-type: ') !== false) + { + $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); + } + else if ($this->max_filesize && stripos($line, 'content-length: ') !== false) + { + $length = (int) str_replace('content-length: ', '', strtolower($line)); + + if ($remote_max_filesize && $length && $length > $remote_max_filesize) + { + $max_filesize = get_formatted_filesize($remote_max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + } + else if (stripos($line, '404 not found') !== false) + { + $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); + return $file; + } + } + } + + $stream_meta_data = stream_get_meta_data($fsock); + + // Cancel upload if we exceed timeout + if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) + { + $file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']); + return $file; + } + } + @fclose($fsock); + + if (empty($data)) + { + $file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']); + return $file; + } + + $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache'; + $filename = tempnam($tmp_path, unique_id() . '-'); + + if (!($fp = @fopen($filename, 'wb'))) + { + $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']); + return $file; + } + + $upload_ary['size'] = fwrite($fp, $data); + fclose($fp); + unset($data); + + $upload_ary['tmp_name'] = $filename; + + /** @var \phpbb\files\filespec $file */ + $file = $phpbb_container->get('files.filespec') + ->set_upload_ary($upload_ary) + ->set_upload_namespace($this); + $this->common_checks($file); + + return $file; + } + + /** + * Assign internal error + * @access private + */ + function assign_internal_error($errorcode) + { + global $user; + + switch ($errorcode) + { + case 1: + $max_filesize = @ini_get('upload_max_filesize'); + $unit = 'MB'; + + if (!empty($max_filesize)) + { + $unit = strtolower(substr($max_filesize, -1, 1)); + $max_filesize = (int) $max_filesize; + + $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); + } + + $error = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); + break; + + case 2: + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']); + break; + + case 3: + $error = $user->lang[$this->error_prefix . 'PARTIAL_UPLOAD']; + break; + + case 4: + $error = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; + break; + + case 6: + $error = 'Temporary folder could not be found. Please check your PHP installation.'; + break; + + default: + $error = false; + break; + } + + return $error; + } + + /** + * Perform common checks + */ + function common_checks(&$file) + { + global $user; + + // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form + if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0)) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']); + } + + // check Filename + if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname'))) + { + $file->error[] = sprintf($user->lang[$this->error_prefix . 'INVALID_FILENAME'], $file->get('realname')); + } + + // Invalid Extension + if (!$this->valid_extension($file)) + { + $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension')); + } + + // MIME Sniffing + if (!$this->valid_content($file)) + { + $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']); + } + } + + /** + * Check for allowed extension + */ + function valid_extension(&$file) + { + return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false; + } + + /** + * Check for allowed dimension + */ + function valid_dimensions(&$file) + { + if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height) + { + return true; + } + + if (($file->get('width') > $this->max_width && $this->max_width) || + ($file->get('height') > $this->max_height && $this->max_height) || + ($file->get('width') < $this->min_width && $this->min_width) || + ($file->get('height') < $this->min_height && $this->min_height)) + { + return false; + } + + return true; + } + + /** + * Check if form upload is valid + */ + function is_valid($form_name) + { + global $request; + $upload = $request->file($form_name); + + return (!empty($upload) && $upload['name'] !== 'none'); + } + + + /** + * Check for bad content (IE mime-sniffing) + */ + function valid_content(&$file) + { + return ($file->check_content($this->disallowed_content)); + } + + /** + * Get image type/extension mapping + * + * @return array Array containing the image types and their extensions + */ + static public function image_types() + { + $result = array( + IMAGETYPE_GIF => array('gif'), + IMAGETYPE_JPEG => array('jpg', 'jpeg'), + IMAGETYPE_PNG => array('png'), + IMAGETYPE_SWF => array('swf'), + IMAGETYPE_PSD => array('psd'), + IMAGETYPE_BMP => array('bmp'), + IMAGETYPE_TIFF_II => array('tif', 'tiff'), + IMAGETYPE_TIFF_MM => array('tif', 'tiff'), + IMAGETYPE_JPC => array('jpg', 'jpeg'), + IMAGETYPE_JP2 => array('jpg', 'jpeg'), + IMAGETYPE_JPX => array('jpg', 'jpeg'), + IMAGETYPE_JB2 => array('jpg', 'jpeg'), + IMAGETYPE_IFF => array('iff'), + IMAGETYPE_WBMP => array('wbmp'), + IMAGETYPE_XBM => array('xbm'), + ); + + if (defined('IMAGETYPE_SWC')) + { + $result[IMAGETYPE_SWC] = array('swc'); + } + + return $result; + } +} -- cgit v1.2.1 From 1af6f052d80e693d289258d490c1187a064093b9 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 14 Aug 2015 09:03:55 +0200 Subject: [ticket/13904] Load upload class using factory PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 7501247e06..8666b857a5 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -40,24 +40,15 @@ class upload * Init file upload class. * * @param \phpbb\filesystem\filesystem_interface $filesystem - * @param string $error_prefix Used error messages will get prefixed by this string - * @param array $allowed_extensions Array of allowed extensions, for example array('jpg', 'jpeg', 'gif', 'png') - * @param int $max_filesize Maximum filesize - * @param int $min_width Minimum image width (only checked for images) - * @param int $min_height Minimum image height (only checked for images) - * @param int $max_width Maximum image width (only checked for images) - * @param int $max_height Maximum image height (only checked for images) - * @param bool|array $disallowed_content If enabled, the first 256 bytes of the file must not - * contain any of its values. Defaults to false. * */ - function fileupload(\phpbb\filesystem\filesystem_interface $filesystem, $error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false) + public function __construct(\phpbb\filesystem\filesystem_interface $filesystem) { - $this->set_allowed_extensions($allowed_extensions); - $this->set_max_filesize($max_filesize); - $this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height); - $this->set_error_prefix($error_prefix); - $this->set_disallowed_content($disallowed_content); +// $this->set_allowed_extensions($allowed_extensions); +// $this->set_max_filesize($max_filesize); +// $this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height); +// $this->set_error_prefix($error_prefix); +// $this->set_disallowed_content($disallowed_content); $this->filesystem = $filesystem; } @@ -82,6 +73,8 @@ class upload { $this->allowed_extensions = $allowed_extensions; } + + return $this; } /** @@ -93,6 +86,8 @@ class upload $this->min_height = (int) $min_height; $this->max_width = (int) $max_width; $this->max_height = (int) $max_height; + + return $this; } /** @@ -104,6 +99,8 @@ class upload { $this->max_filesize = (int) $max_filesize; } + + return $this; } /** @@ -115,6 +112,8 @@ class upload { $this->disallowed_content = array_diff($disallowed_content, array('')); } + + return $this; } /** @@ -123,6 +122,8 @@ class upload function set_error_prefix($error_prefix) { $this->error_prefix = $error_prefix; + + return $this; } /** -- cgit v1.2.1 From a96e7a8ec6efa483b47dca3395ee2de608cfc675 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 1 Jun 2015 13:57:17 +0200 Subject: [ticket/13904] Get rid of useless parameters and variables PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 8666b857a5..1892d22adf 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -131,13 +131,12 @@ class upload * Upload file from users harddisk * * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified) - * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser * @param \phpbb\plupload\plupload $plupload The plupload object * * @return object $file Object "filespec" is returned, all further operations can be done with this object * @access public */ - function form_upload($form_name, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null) + function form_upload($form_name, \phpbb\plupload\plupload $plupload = null) { global $user, $request, $phpbb_container; @@ -216,7 +215,7 @@ class upload /** * Move file from another location to phpBB */ - function local_upload($source_file, $filedata = false, \phpbb\mimetype\guesser $mimetype_guesser = null) + function local_upload($source_file, $filedata = false) { global $user, $request, $phpbb_container; @@ -295,11 +294,10 @@ class upload * Uploads file from given url * * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif - * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser * @return object $file Object "filespec" is returned, all further operations can be done with this object * @access public */ - function remote_upload($upload_url, \phpbb\mimetype\guesser $mimetype_guesser = null) + function remote_upload($upload_url) { global $user, $phpbb_root_path, $phpbb_container; -- cgit v1.2.1 From eb11973ea8af41623a9e6e6c320cb1fb0df7a222 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 14 Aug 2015 09:13:27 +0200 Subject: [ticket/13904] Use factory instead of container and add factory to services PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 1892d22adf..7ca29efe1a 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -36,20 +36,20 @@ class upload */ protected $filesystem; + /** @var \phpbb\files\factory Files factory */ + protected $factory; + /** * Init file upload class. * * @param \phpbb\filesystem\filesystem_interface $filesystem + * @param \phpbb\files\factory $factory Files factory * */ - public function __construct(\phpbb\filesystem\filesystem_interface $filesystem) + public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, factory $factory) { -// $this->set_allowed_extensions($allowed_extensions); -// $this->set_max_filesize($max_filesize); -// $this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height); -// $this->set_error_prefix($error_prefix); -// $this->set_disallowed_content($disallowed_content); $this->filesystem = $filesystem; + $this->factory = $factory; } /** @@ -138,7 +138,7 @@ class upload */ function form_upload($form_name, \phpbb\plupload\plupload $plupload = null) { - global $user, $request, $phpbb_container; + global $user, $request; $upload = $request->file($form_name); unset($upload['local_mode']); @@ -153,7 +153,7 @@ class upload } /** @var \phpbb\files\filespec $file */ - $file = $phpbb_container->get('files.filespec') + $file = $this->factory->get('filespec') ->set_upload_ary($upload) ->set_upload_namespace($this); @@ -217,7 +217,7 @@ class upload */ function local_upload($source_file, $filedata = false) { - global $user, $request, $phpbb_container; + global $user, $request; $upload = array(); @@ -237,7 +237,7 @@ class upload } /** @var \phpbb\files\filespec $file */ - $file = $phpbb_container->get('files.filespec') + $file = $this->factory->get('filespec') ->set_upload_ary($upload) ->set_upload_namespace($this); @@ -299,7 +299,7 @@ class upload */ function remote_upload($upload_url) { - global $user, $phpbb_root_path, $phpbb_container; + global $user, $phpbb_root_path; $upload_ary = array(); $upload_ary['local_mode'] = true; @@ -477,7 +477,7 @@ class upload $upload_ary['tmp_name'] = $filename; /** @var \phpbb\files\filespec $file */ - $file = $phpbb_container->get('files.filespec') + $file = $this->factory->get('filespec') ->set_upload_ary($upload_ary) ->set_upload_namespace($this); $this->common_checks($file); -- cgit v1.2.1 From a53825ad760cc8437d8c26eb1f947622c0fcf229 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 2 Jun 2015 11:48:55 +0200 Subject: [ticket/13904] No longer use fileerror class for extending filespec class PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 7ca29efe1a..291cdb266c 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -306,14 +306,12 @@ class upload if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match)) { - $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']); - return $file; + return $this->factory->get('filespec')->set_error($user->lang[$this->error_prefix . 'URL_INVALID']); } if (empty($match[2])) { - $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']); - return $file; + return $this->factory->get('filespec')->set_error($user->lang[$this->error_prefix . 'URL_INVALID']);e; } $url = parse_url($upload_url); @@ -362,8 +360,7 @@ class upload if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) { - $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']); - return $file; + return $this->factory->get('filespec')->set_error($user->lang[$this->error_prefix . 'NOT_UPLOADED']); } // Make sure $path not beginning with / @@ -404,8 +401,7 @@ class upload { $max_filesize = get_formatted_filesize($remote_max_filesize, false); - $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); - return $file; + return $this->factory->get('filespec')->set_error(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); } $data .= $block; @@ -432,14 +428,12 @@ class upload { $max_filesize = get_formatted_filesize($remote_max_filesize, false); - $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); - return $file; + return $this->factory->get('filespec')->set_error(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); } } else if (stripos($line, '404 not found') !== false) { - $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); - return $file; + return $this->factory->get('filespec')->set_error($this->error_prefix . 'URL_NOT_FOUND'); } } } @@ -449,16 +443,14 @@ class upload // Cancel upload if we exceed timeout if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) { - $file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']); - return $file; + return $this->factory->get('filespec')->set_error($this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT'); } } @fclose($fsock); if (empty($data)) { - $file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']); - return $file; + return $this->factory->get('filespec')->set_error($this->error_prefix . 'EMPTY_REMOTE_DATA'); } $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache'; @@ -466,8 +458,7 @@ class upload if (!($fp = @fopen($filename, 'wb'))) { - $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']); - return $file; + return $this->factory->get('filespec')->set_error($this->error_prefix . 'NOT_UPLOADED'); } $upload_ary['size'] = fwrite($fp, $data); -- cgit v1.2.1 From e4546ad03c0c0130e60d164f3741cc57c33b8980 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 2 Jun 2015 13:23:51 +0200 Subject: [ticket/13904] Improve doc blocks in upload class PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 85 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 74 insertions(+), 11 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 291cdb266c..f253fc762d 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -19,21 +19,34 @@ namespace phpbb\files; */ class upload { + /** @var array Allowed file extensions */ var $allowed_extensions = array(); + + /** @var array Disallowed content */ var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); + + /** @var int Maximum filesize */ var $max_filesize = 0; + + /** @var int Minimum width of images */ var $min_width = 0; + + /** @var int Minimum height of images */ var $min_height = 0; + + /** @var int Maximum width of images */ var $max_width = 0; + + /** @var int Maximum height of images */ var $max_height = 0; + + /** @var string Prefix for language variables of errors */ var $error_prefix = ''; /** @var int Timeout for remote upload */ var $upload_timeout = 6; - /** - * @var \phpbb\filesystem\filesystem_interface - */ + /** @var \phpbb\filesystem\filesystem_interface */ protected $filesystem; /** @var \phpbb\files\factory Files factory */ @@ -44,7 +57,6 @@ class upload * * @param \phpbb\filesystem\filesystem_interface $filesystem * @param \phpbb\files\factory $factory Files factory - * */ public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, factory $factory) { @@ -66,6 +78,10 @@ class upload /** * Set allowed extensions + * + * @param array $allowed_extensions Allowed file extensions + * + * @return \phpbb\files\upload This instance of upload */ function set_allowed_extensions($allowed_extensions) { @@ -79,6 +95,13 @@ class upload /** * Set allowed dimensions + * + * @param int $min_width Minimum image width + * @param int $min_height Minimum image height + * @param int $max_width Maximum image width + * @param int $max_height Maximum image height + * + * @return \phpbb\files\upload This instance of upload */ function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height) { @@ -91,7 +114,11 @@ class upload } /** - * Set maximum allowed filesize + * Set maximum allowed file size + * + * @param int $max_filesize Maximum file size + * + * @return \phpbb\files\upload This instance of upload */ function set_max_filesize($max_filesize) { @@ -105,6 +132,10 @@ class upload /** * Set disallowed strings + * + * @param array $disallowed_content Disallowed content + * + * @return \phpbb\files\upload This instance of upload */ function set_disallowed_content($disallowed_content) { @@ -118,6 +149,10 @@ class upload /** * Set error prefix + * + * @param string $error_prefix Prefix for language variables of errors + * + * @return \phpbb\files\upload This instance of upload */ function set_error_prefix($error_prefix) { @@ -133,7 +168,7 @@ class upload * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified) * @param \phpbb\plupload\plupload $plupload The plupload object * - * @return object $file Object "filespec" is returned, all further operations can be done with this object + * @return filespec $file Object "filespec" is returned, all further operations can be done with this object * @access public */ function form_upload($form_name, \phpbb\plupload\plupload $plupload = null) @@ -152,7 +187,7 @@ class upload } } - /** @var \phpbb\files\filespec $file */ + /** @var filespec $file */ $file = $this->factory->get('filespec') ->set_upload_ary($upload) ->set_upload_namespace($this); @@ -214,6 +249,11 @@ class upload /** * Move file from another location to phpBB + * + * @param string $source_file Filename of source file + * @param array|bool $filedata Array with filedata or false + * + * @return filespec Object "filespec" is returned, all further operations can be done with this object */ function local_upload($source_file, $filedata = false) { @@ -236,7 +276,7 @@ class upload $upload['type'] = $filedata['type']; } - /** @var \phpbb\files\filespec $file */ + /** @var filespec $file */ $file = $this->factory->get('filespec') ->set_upload_ary($upload) ->set_upload_namespace($this); @@ -294,7 +334,7 @@ class upload * Uploads file from given url * * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif - * @return object $file Object "filespec" is returned, all further operations can be done with this object + * @return filespec $file Object "filespec" is returned, all further operations can be done with this object * @access public */ function remote_upload($upload_url) @@ -467,7 +507,7 @@ class upload $upload_ary['tmp_name'] = $filename; - /** @var \phpbb\files\filespec $file */ + /** @var filespec $file */ $file = $this->factory->get('filespec') ->set_upload_ary($upload_ary) ->set_upload_namespace($this); @@ -478,6 +518,10 @@ class upload /** * Assign internal error + * + * @param string $errorcode Error code to assign + * + * @return string Error string * @access private */ function assign_internal_error($errorcode) @@ -528,7 +572,9 @@ class upload } /** - * Perform common checks + * Perform common file checks + * + * @param filespec $file Instance of filespec class */ function common_checks(&$file) { @@ -563,6 +609,10 @@ class upload /** * Check for allowed extension + * + * @param filespec $file Instance of filespec class + * + * @return bool True if extension is allowed, false if not */ function valid_extension(&$file) { @@ -571,6 +621,11 @@ class upload /** * Check for allowed dimension + * + * @param filespec $file Instance of filespec class + * + * @return bool True if dimensions are valid or no constraints set, false + * if not */ function valid_dimensions(&$file) { @@ -592,6 +647,10 @@ class upload /** * Check if form upload is valid + * + * @param string $form_name Name of form + * + * @return bool True if form upload is valid, false if not */ function is_valid($form_name) { @@ -604,6 +663,10 @@ class upload /** * Check for bad content (IE mime-sniffing) + * + * @param filespec $file Instance of filespec class + * + * @return bool True if content is valid, false if not */ function valid_content(&$file) { -- cgit v1.2.1 From 0121e60cd73963043047e1b29b8d94ea9aa684e3 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 2 Jun 2015 13:33:10 +0200 Subject: [ticket/13904] Use language class instead of user global in upload PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 55 +++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 26 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index f253fc762d..e37f90e820 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -13,6 +13,8 @@ namespace phpbb\files; +use \phpbb\language\language; + /** * File upload class * Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads @@ -52,16 +54,21 @@ class upload /** @var \phpbb\files\factory Files factory */ protected $factory; + /** @var \phpbb\language\language Language class */ + protected $language; + /** * Init file upload class. * * @param \phpbb\filesystem\filesystem_interface $filesystem * @param \phpbb\files\factory $factory Files factory + * @param \phpbb\language\language $language Language class */ - public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, factory $factory) + public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, factory $factory, language $language) { $this->filesystem = $filesystem; $this->factory = $factory; + $this->language = $language; } /** @@ -173,7 +180,7 @@ class upload */ function form_upload($form_name, \phpbb\plupload\plupload $plupload = null) { - global $user, $request; + global $request; $upload = $request->file($form_name); unset($upload['local_mode']); @@ -213,7 +220,7 @@ class upload // Check if empty file got uploaded (not catched by is_uploaded_file) if (isset($upload['size']) && $upload['size'] == 0) { - $file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD']; + $file->error[] = $this->language->lang($this->error_prefix . 'EMPTY_FILEUPLOAD'); return $file; } @@ -231,14 +238,14 @@ class upload $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); } - $file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); + $file->error[] = (empty($max_filesize)) ? $this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit)); return $file; } // Not correctly uploaded if (!$file->is_uploaded()) { - $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; + $file->error[] = $this->language->lang($this->error_prefix . 'NOT_UPLOADED'); return $file; } @@ -257,7 +264,7 @@ class upload */ function local_upload($source_file, $filedata = false) { - global $user, $request; + global $request; $upload = array(); @@ -312,14 +319,14 @@ class upload $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); } - $file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); + $file->error[] = (empty($max_filesize)) ?$this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit)); return $file; } // Not correctly uploaded if (!$file->is_uploaded()) { - $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; + $file->error[] = $this->language->lang($this->error_prefix . 'NOT_UPLOADED'); return $file; } @@ -339,19 +346,19 @@ class upload */ function remote_upload($upload_url) { - global $user, $phpbb_root_path; + global $phpbb_root_path; $upload_ary = array(); $upload_ary['local_mode'] = true; if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match)) { - return $this->factory->get('filespec')->set_error($user->lang[$this->error_prefix . 'URL_INVALID']); + return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'URL_INVALID')); } if (empty($match[2])) { - return $this->factory->get('filespec')->set_error($user->lang[$this->error_prefix . 'URL_INVALID']);e; + return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'URL_INVALID')); } $url = parse_url($upload_url); @@ -400,7 +407,7 @@ class upload if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) { - return $this->factory->get('filespec')->set_error($user->lang[$this->error_prefix . 'NOT_UPLOADED']); + return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'NOT_UPLOADED')); } // Make sure $path not beginning with / @@ -441,7 +448,7 @@ class upload { $max_filesize = get_formatted_filesize($remote_max_filesize, false); - return $this->factory->get('filespec')->set_error(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); } $data .= $block; @@ -468,7 +475,7 @@ class upload { $max_filesize = get_formatted_filesize($remote_max_filesize, false); - return $this->factory->get('filespec')->set_error(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); } } else if (stripos($line, '404 not found') !== false) @@ -526,8 +533,6 @@ class upload */ function assign_internal_error($errorcode) { - global $user; - switch ($errorcode) { case 1: @@ -542,21 +547,21 @@ class upload $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); } - $error = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); + $error = (empty($max_filesize)) ? $this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit)); break; case 2: $max_filesize = get_formatted_filesize($this->max_filesize, false); - $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']); + $error = $this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']); break; case 3: - $error = $user->lang[$this->error_prefix . 'PARTIAL_UPLOAD']; + $error = $this->language->lang($this->error_prefix . 'PARTIAL_UPLOAD'); break; case 4: - $error = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; + $error = $this->language->lang($this->error_prefix . 'NOT_UPLOADED'); break; case 6: @@ -578,32 +583,30 @@ class upload */ function common_checks(&$file) { - global $user; - // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0)) { $max_filesize = get_formatted_filesize($this->max_filesize, false); - $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']); + $file->error[] = $this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']); } // check Filename if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname'))) { - $file->error[] = sprintf($user->lang[$this->error_prefix . 'INVALID_FILENAME'], $file->get('realname')); + $file->error[] = $this->language->lang($this->error_prefix . 'INVALID_FILENAME', $file->get('realname')); } // Invalid Extension if (!$this->valid_extension($file)) { - $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension')); + $file->error[] = $this->language->lang($this->error_prefix . 'DISALLOWED_EXTENSION', $file->get('extension')); } // MIME Sniffing if (!$this->valid_content($file)) { - $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']); + $file->error[] = $this->language->lang($this->error_prefix . 'DISALLOWED_CONTENT'); } } -- cgit v1.2.1 From 47f8f2cc88bdcd40087c8e391be1d33d36a2d308 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 2 Jun 2015 15:24:38 +0200 Subject: [ticket/13904] Pass request service to upload instead of using global PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index e37f90e820..e62c29883a 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -13,7 +13,10 @@ namespace phpbb\files; +use \phpbb\filesystem\filesystem_interface; use \phpbb\language\language; +use \phpbb\plupload\plupload; +use \phpbb\request\request_interface; /** * File upload class @@ -57,18 +60,23 @@ class upload /** @var \phpbb\language\language Language class */ protected $language; + /** @var \phpbb\request\request_interface Request class */ + protected $request; + /** * Init file upload class. * * @param \phpbb\filesystem\filesystem_interface $filesystem * @param \phpbb\files\factory $factory Files factory * @param \phpbb\language\language $language Language class + * @param \phpbb\request\request_interface $request Request class */ - public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, factory $factory, language $language) + public function __construct(filesystem_interface $filesystem, factory $factory, language $language, request_interface $request) { $this->filesystem = $filesystem; $this->factory = $factory; $this->language = $language; + $this->request = $request; } /** @@ -178,11 +186,9 @@ class upload * @return filespec $file Object "filespec" is returned, all further operations can be done with this object * @access public */ - function form_upload($form_name, \phpbb\plupload\plupload $plupload = null) + function form_upload($form_name, plupload $plupload = null) { - global $request; - - $upload = $request->file($form_name); + $upload = $this->request->file($form_name); unset($upload['local_mode']); if ($plupload) @@ -264,8 +270,6 @@ class upload */ function local_upload($source_file, $filedata = false) { - global $request; - $upload = array(); $upload['local_mode'] = true; @@ -331,7 +335,7 @@ class upload } $this->common_checks($file); - $request->overwrite('local', $upload, \phpbb\request\request_interface::FILES); + $this->request->overwrite('local', $upload, request_interface::FILES); return $file; } @@ -657,8 +661,7 @@ class upload */ function is_valid($form_name) { - global $request; - $upload = $request->file($form_name); + $upload = $this->request->file($form_name); return (!empty($upload) && $upload['name'] !== 'none'); } -- cgit v1.2.1 From 52652ca1824e91ecfe7549167aebd92c314af678 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 2 Jun 2015 15:29:32 +0200 Subject: [ticket/13904] Remove phpbb_root_path global from upload class PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index e62c29883a..38aad5a3bd 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -63,6 +63,9 @@ class upload /** @var \phpbb\request\request_interface Request class */ protected $request; + /** @var string phpBB root path */ + protected $phpbb_root_path; + /** * Init file upload class. * @@ -70,13 +73,15 @@ class upload * @param \phpbb\files\factory $factory Files factory * @param \phpbb\language\language $language Language class * @param \phpbb\request\request_interface $request Request class + * @param string $phpbb_root_path phpBB root path */ - public function __construct(filesystem_interface $filesystem, factory $factory, language $language, request_interface $request) + public function __construct(filesystem_interface $filesystem, factory $factory, language $language, request_interface $request, $phpbb_root_path) { $this->filesystem = $filesystem; $this->factory = $factory; $this->language = $language; $this->request = $request; + $this->phpbb_root_path = $phpbb_root_path; } /** @@ -350,8 +355,6 @@ class upload */ function remote_upload($upload_url) { - global $phpbb_root_path; - $upload_ary = array(); $upload_ary['local_mode'] = true; @@ -504,7 +507,7 @@ class upload return $this->factory->get('filespec')->set_error($this->error_prefix . 'EMPTY_REMOTE_DATA'); } - $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache'; + $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $this->phpbb_root_path . 'cache'; $filename = tempnam($tmp_path, unique_id() . '-'); if (!($fp = @fopen($filename, 'wb'))) -- cgit v1.2.1 From 11b2c938c6c3a6a14465f04ed356fbd013276143 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 Jul 2015 16:15:39 +0200 Subject: [ticket/13904] Move form_upload to its own class and define type classes PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 90 ++++++-------------------------------------- 1 file changed, 12 insertions(+), 78 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 38aad5a3bd..09f2b9408d 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -182,87 +182,21 @@ class upload } /** - * Form upload method - * Upload file from users harddisk + * Handle upload based on type * - * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified) - * @param \phpbb\plupload\plupload $plupload The plupload object + * @param string $type Upload type * - * @return filespec $file Object "filespec" is returned, all further operations can be done with this object - * @access public + * @return \phpbb\files\filespec|bool A filespec instance if upload was + * successful, false if there were issues or the type is not supported */ - function form_upload($form_name, plupload $plupload = null) + public function handle_upload($type) { - $upload = $this->request->file($form_name); - unset($upload['local_mode']); - - if ($plupload) - { - $result = $plupload->handle_upload($form_name); - if (is_array($result)) - { - $upload = array_merge($upload, $result); - } - } - - /** @var filespec $file */ - $file = $this->factory->get('filespec') - ->set_upload_ary($upload) - ->set_upload_namespace($this); - - if ($file->init_error()) - { - $file->error[] = ''; - return $file; - } - - // Error array filled? - if (isset($upload['error'])) - { - $error = $this->assign_internal_error($upload['error']); - - if ($error !== false) - { - $file->error[] = $error; - return $file; - } - } - - // Check if empty file got uploaded (not catched by is_uploaded_file) - if (isset($upload['size']) && $upload['size'] == 0) - { - $file->error[] = $this->language->lang($this->error_prefix . 'EMPTY_FILEUPLOAD'); - return $file; - } - - // PHP Upload filesize exceeded - if ($file->get('filename') == 'none') - { - $max_filesize = @ini_get('upload_max_filesize'); - $unit = 'MB'; - - if (!empty($max_filesize)) - { - $unit = strtolower(substr($max_filesize, -1, 1)); - $max_filesize = (int) $max_filesize; + $args = func_get_args(); + array_shift($args); + $type_class = $this->factory->get('types.' . $type) + ->set_upload($this); - $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); - } - - $file->error[] = (empty($max_filesize)) ? $this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit)); - return $file; - } - - // Not correctly uploaded - if (!$file->is_uploaded()) - { - $file->error[] = $this->language->lang($this->error_prefix . 'NOT_UPLOADED'); - return $file; - } - - $this->common_checks($file); - - return $file; + return (is_object($type_class)) ? call_user_func_array(array($type_class, 'upload'), $args) : false; } /** @@ -536,9 +470,9 @@ class upload * @param string $errorcode Error code to assign * * @return string Error string - * @access private + * @access public */ - function assign_internal_error($errorcode) + public function assign_internal_error($errorcode) { switch ($errorcode) { -- cgit v1.2.1 From adcc901af181b6727dd7af89a3926c9923a58471 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 15 Jul 2015 16:08:20 +0200 Subject: [ticket/13904] Fix minor issues and move local_upload to its own class PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 80 -------------------------------------------- 1 file changed, 80 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 09f2b9408d..471c9c378f 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -199,86 +199,6 @@ class upload return (is_object($type_class)) ? call_user_func_array(array($type_class, 'upload'), $args) : false; } - /** - * Move file from another location to phpBB - * - * @param string $source_file Filename of source file - * @param array|bool $filedata Array with filedata or false - * - * @return filespec Object "filespec" is returned, all further operations can be done with this object - */ - function local_upload($source_file, $filedata = false) - { - $upload = array(); - - $upload['local_mode'] = true; - $upload['tmp_name'] = $source_file; - - if ($filedata === false) - { - $upload['name'] = utf8_basename($source_file); - $upload['size'] = 0; - } - else - { - $upload['name'] = $filedata['realname']; - $upload['size'] = $filedata['size']; - $upload['type'] = $filedata['type']; - } - - /** @var filespec $file */ - $file = $this->factory->get('filespec') - ->set_upload_ary($upload) - ->set_upload_namespace($this); - - if ($file->init_error()) - { - $file->error[] = ''; - return $file; - } - - if (isset($upload['error'])) - { - $error = $this->assign_internal_error($upload['error']); - - if ($error !== false) - { - $file->error[] = $error; - return $file; - } - } - - // PHP Upload filesize exceeded - if ($file->get('filename') == 'none') - { - $max_filesize = @ini_get('upload_max_filesize'); - $unit = 'MB'; - - if (!empty($max_filesize)) - { - $unit = strtolower(substr($max_filesize, -1, 1)); - $max_filesize = (int) $max_filesize; - - $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); - } - - $file->error[] = (empty($max_filesize)) ?$this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit)); - return $file; - } - - // Not correctly uploaded - if (!$file->is_uploaded()) - { - $file->error[] = $this->language->lang($this->error_prefix . 'NOT_UPLOADED'); - return $file; - } - - $this->common_checks($file); - $this->request->overwrite('local', $upload, request_interface::FILES); - - return $file; - } - /** * Remote upload method * Uploads file from given url -- cgit v1.2.1 From 5b21830ba81b5512b7c3f945a899da9103c80558 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 15 Jul 2015 18:00:26 +0200 Subject: [ticket/13904] Improve docblock PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 471c9c378f..43f06c3503 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -15,7 +15,6 @@ namespace phpbb\files; use \phpbb\filesystem\filesystem_interface; use \phpbb\language\language; -use \phpbb\plupload\plupload; use \phpbb\request\request_interface; /** @@ -51,7 +50,7 @@ class upload /** @var int Timeout for remote upload */ var $upload_timeout = 6; - /** @var \phpbb\filesystem\filesystem_interface */ + /** @var filesystem_interface */ protected $filesystem; /** @var \phpbb\files\factory Files factory */ @@ -60,7 +59,7 @@ class upload /** @var \phpbb\language\language Language class */ protected $language; - /** @var \phpbb\request\request_interface Request class */ + /** @var request_interface Request class */ protected $request; /** @var string phpBB root path */ @@ -69,10 +68,10 @@ class upload /** * Init file upload class. * - * @param \phpbb\filesystem\filesystem_interface $filesystem - * @param \phpbb\files\factory $factory Files factory - * @param \phpbb\language\language $language Language class - * @param \phpbb\request\request_interface $request Request class + * @param filesystem_interface $filesystem + * @param factory $factory Files factory + * @param language $language Language class + * @param request_interface $request Request class * @param string $phpbb_root_path phpBB root path */ public function __construct(filesystem_interface $filesystem, factory $factory, language $language, request_interface $request, $phpbb_root_path) -- cgit v1.2.1 From 57ccfe0c483254e54b7b40bc1906ef946daf4f55 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 15 Jul 2015 18:00:52 +0200 Subject: [ticket/13904] Move remote upload to its own type class PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 185 ------------------------------------------- 1 file changed, 185 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 43f06c3503..ceb7e1a741 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -198,191 +198,6 @@ class upload return (is_object($type_class)) ? call_user_func_array(array($type_class, 'upload'), $args) : false; } - /** - * Remote upload method - * Uploads file from given url - * - * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif - * @return filespec $file Object "filespec" is returned, all further operations can be done with this object - * @access public - */ - function remote_upload($upload_url) - { - $upload_ary = array(); - $upload_ary['local_mode'] = true; - - if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match)) - { - return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'URL_INVALID')); - } - - if (empty($match[2])) - { - return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'URL_INVALID')); - } - - $url = parse_url($upload_url); - - $host = $url['host']; - $path = $url['path']; - $port = (!empty($url['port'])) ? (int) $url['port'] : 80; - - $upload_ary['type'] = 'application/octet-stream'; - - $url['path'] = explode('.', $url['path']); - $ext = array_pop($url['path']); - - $url['path'] = implode('', $url['path']); - $upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : ''); - $filename = $url['path']; - $filesize = 0; - - $remote_max_filesize = $this->max_filesize; - if (!$remote_max_filesize) - { - $max_filesize = @ini_get('upload_max_filesize'); - - if (!empty($max_filesize)) - { - $unit = strtolower(substr($max_filesize, -1, 1)); - $remote_max_filesize = (int) $max_filesize; - - switch ($unit) - { - case 'g': - $remote_max_filesize *= 1024; - // no break - case 'm': - $remote_max_filesize *= 1024; - // no break - case 'k': - $remote_max_filesize *= 1024; - // no break - } - } - } - - $errno = 0; - $errstr = ''; - - if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) - { - return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'NOT_UPLOADED')); - } - - // Make sure $path not beginning with / - if (strpos($path, '/') === 0) - { - $path = substr($path, 1); - } - - fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n"); - fputs($fsock, "HOST: " . $host . "\r\n"); - fputs($fsock, "Connection: close\r\n\r\n"); - - // Set a proper timeout for the socket - socket_set_timeout($fsock, $this->upload_timeout); - - $get_info = false; - $data = ''; - $length = false; - $timer_stop = time() + $this->upload_timeout; - - while ((!$length || $filesize < $length) && !@feof($fsock)) - { - if ($get_info) - { - if ($length) - { - // Don't attempt to read past end of file if server indicated length - $block = @fread($fsock, min($length - $filesize, 1024)); - } - else - { - $block = @fread($fsock, 1024); - } - - $filesize += strlen($block); - - if ($remote_max_filesize && $filesize > $remote_max_filesize) - { - $max_filesize = get_formatted_filesize($remote_max_filesize, false); - - return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); - } - - $data .= $block; - } - else - { - $line = @fgets($fsock, 1024); - - if ($line == "\r\n") - { - $get_info = true; - } - else - { - if (stripos($line, 'content-type: ') !== false) - { - $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); - } - else if ($this->max_filesize && stripos($line, 'content-length: ') !== false) - { - $length = (int) str_replace('content-length: ', '', strtolower($line)); - - if ($remote_max_filesize && $length && $length > $remote_max_filesize) - { - $max_filesize = get_formatted_filesize($remote_max_filesize, false); - - return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); - } - } - else if (stripos($line, '404 not found') !== false) - { - return $this->factory->get('filespec')->set_error($this->error_prefix . 'URL_NOT_FOUND'); - } - } - } - - $stream_meta_data = stream_get_meta_data($fsock); - - // Cancel upload if we exceed timeout - if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) - { - return $this->factory->get('filespec')->set_error($this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT'); - } - } - @fclose($fsock); - - if (empty($data)) - { - return $this->factory->get('filespec')->set_error($this->error_prefix . 'EMPTY_REMOTE_DATA'); - } - - $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $this->phpbb_root_path . 'cache'; - $filename = tempnam($tmp_path, unique_id() . '-'); - - if (!($fp = @fopen($filename, 'wb'))) - { - return $this->factory->get('filespec')->set_error($this->error_prefix . 'NOT_UPLOADED'); - } - - $upload_ary['size'] = fwrite($fp, $data); - fclose($fp); - unset($data); - - $upload_ary['tmp_name'] = $filename; - - /** @var filespec $file */ - $file = $this->factory->get('filespec') - ->set_upload_ary($upload_ary) - ->set_upload_namespace($this); - $this->common_checks($file); - - return $file; - } - /** * Assign internal error * -- cgit v1.2.1 From 845233fc626b0d5e6d9e61039fde8e31b4dd28aa Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 16 Jul 2015 00:21:23 +0200 Subject: [ticket/13904] Improve test coverage and use constants instead of magic numbers PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index ceb7e1a741..234eb69735 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -210,7 +210,7 @@ class upload { switch ($errorcode) { - case 1: + case UPLOAD_ERR_INI_SIZE: $max_filesize = @ini_get('upload_max_filesize'); $unit = 'MB'; @@ -223,29 +223,37 @@ class upload } $error = (empty($max_filesize)) ? $this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit)); - break; + break; - case 2: + case UPLOAD_ERR_FORM_SIZE: $max_filesize = get_formatted_filesize($this->max_filesize, false); $error = $this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']); - break; + break; - case 3: + case UPLOAD_ERR_PARTIAL: $error = $this->language->lang($this->error_prefix . 'PARTIAL_UPLOAD'); - break; + break; - case 4: + case UPLOAD_ERR_NO_FILE: $error = $this->language->lang($this->error_prefix . 'NOT_UPLOADED'); - break; + break; - case 6: + case UPLOAD_ERR_NO_TMP_DIR: $error = 'Temporary folder could not be found. Please check your PHP installation.'; - break; + break; + + case UPLOAD_ERR_CANT_WRITE: + $error = 'Can’t write to temporary folder.'; + break; + + case UPLOAD_ERR_EXTENSION: + $error = 'A PHP extension has stopped the file upload.'; + break; default: $error = false; - break; + break; } return $error; -- cgit v1.2.1 From 3e99816fa2f184b859d47308254aa8f07d68f1dd Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 16 Jul 2015 12:06:23 +0200 Subject: [ticket/13904] Set visibility in files and improve test coverage PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 234eb69735..397eb5af36 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -24,31 +24,31 @@ use \phpbb\request\request_interface; class upload { /** @var array Allowed file extensions */ - var $allowed_extensions = array(); + public $allowed_extensions = array(); /** @var array Disallowed content */ - var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); + protected $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); /** @var int Maximum filesize */ - var $max_filesize = 0; + public $max_filesize = 0; /** @var int Minimum width of images */ - var $min_width = 0; + public $min_width = 0; /** @var int Minimum height of images */ - var $min_height = 0; + public $min_height = 0; /** @var int Maximum width of images */ - var $max_width = 0; + public $max_width = 0; /** @var int Maximum height of images */ - var $max_height = 0; + public $max_height = 0; /** @var string Prefix for language variables of errors */ - var $error_prefix = ''; + public $error_prefix = ''; /** @var int Timeout for remote upload */ - var $upload_timeout = 6; + public $upload_timeout = 6; /** @var filesystem_interface */ protected $filesystem; @@ -86,7 +86,7 @@ class upload /** * Reset vars */ - function reset_vars() + public function reset_vars() { $this->max_filesize = 0; $this->min_width = $this->min_height = $this->max_width = $this->max_height = 0; @@ -102,7 +102,7 @@ class upload * * @return \phpbb\files\upload This instance of upload */ - function set_allowed_extensions($allowed_extensions) + public function set_allowed_extensions($allowed_extensions) { if ($allowed_extensions !== false && is_array($allowed_extensions)) { @@ -122,7 +122,7 @@ class upload * * @return \phpbb\files\upload This instance of upload */ - function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height) + public function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height) { $this->min_width = (int) $min_width; $this->min_height = (int) $min_height; @@ -139,7 +139,7 @@ class upload * * @return \phpbb\files\upload This instance of upload */ - function set_max_filesize($max_filesize) + public function set_max_filesize($max_filesize) { if ($max_filesize !== false && (int) $max_filesize) { @@ -156,7 +156,7 @@ class upload * * @return \phpbb\files\upload This instance of upload */ - function set_disallowed_content($disallowed_content) + public function set_disallowed_content($disallowed_content) { if ($disallowed_content !== false && is_array($disallowed_content)) { @@ -173,7 +173,7 @@ class upload * * @return \phpbb\files\upload This instance of upload */ - function set_error_prefix($error_prefix) + public function set_error_prefix($error_prefix) { $this->error_prefix = $error_prefix; @@ -264,7 +264,7 @@ class upload * * @param filespec $file Instance of filespec class */ - function common_checks(&$file) + public function common_checks(&$file) { // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0)) @@ -300,7 +300,7 @@ class upload * * @return bool True if extension is allowed, false if not */ - function valid_extension(&$file) + public function valid_extension(&$file) { return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false; } @@ -313,7 +313,7 @@ class upload * @return bool True if dimensions are valid or no constraints set, false * if not */ - function valid_dimensions(&$file) + public function valid_dimensions(&$file) { if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height) { @@ -338,7 +338,7 @@ class upload * * @return bool True if form upload is valid, false if not */ - function is_valid($form_name) + public function is_valid($form_name) { $upload = $this->request->file($form_name); @@ -353,7 +353,7 @@ class upload * * @return bool True if content is valid, false if not */ - function valid_content(&$file) + public function valid_content(&$file) { return ($file->check_content($this->disallowed_content)); } -- cgit v1.2.1 From cdde86ce7e0c594fad5992789b3fae466bd526cc Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 26 Aug 2015 13:57:42 +0200 Subject: [ticket/13904] Use \phpbb\php\ini class for ini_get() PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 397eb5af36..35107ccb45 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -56,6 +56,9 @@ class upload /** @var \phpbb\files\factory Files factory */ protected $factory; + /** @var \phpbb\php\ini ini_get() wrapper */ + protected $php_ini; + /** @var \phpbb\language\language Language class */ protected $language; @@ -70,14 +73,16 @@ class upload * * @param filesystem_interface $filesystem * @param factory $factory Files factory + * @param \phpbb\php\ini $php_ini ini_get() wrapper * @param language $language Language class * @param request_interface $request Request class * @param string $phpbb_root_path phpBB root path */ - public function __construct(filesystem_interface $filesystem, factory $factory, language $language, request_interface $request, $phpbb_root_path) + public function __construct(filesystem_interface $filesystem, factory $factory, \phpbb\php\ini $php_ini, language $language, request_interface $request, $phpbb_root_path) { $this->filesystem = $filesystem; $this->factory = $factory; + $this->php_ini = $php_ini; $this->language = $language; $this->request = $request; $this->phpbb_root_path = $phpbb_root_path; @@ -211,7 +216,7 @@ class upload switch ($errorcode) { case UPLOAD_ERR_INI_SIZE: - $max_filesize = @ini_get('upload_max_filesize'); + $max_filesize = $this->php_ini->get_string('upload_max_filesize'); $unit = 'MB'; if (!empty($max_filesize)) -- cgit v1.2.1 From 36545d5cbe7188efbedf2e1f44b1a7b9617b50c1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 26 Aug 2015 16:18:10 +0200 Subject: [ticket/13904] Switch around constructor arguments PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 35107ccb45..036f216d22 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -73,17 +73,17 @@ class upload * * @param filesystem_interface $filesystem * @param factory $factory Files factory - * @param \phpbb\php\ini $php_ini ini_get() wrapper * @param language $language Language class + * @param \phpbb\php\ini $php_ini ini_get() wrapper * @param request_interface $request Request class * @param string $phpbb_root_path phpBB root path */ - public function __construct(filesystem_interface $filesystem, factory $factory, \phpbb\php\ini $php_ini, language $language, request_interface $request, $phpbb_root_path) + public function __construct(filesystem_interface $filesystem, factory $factory, language $language, \phpbb\php\ini $php_ini, request_interface $request, $phpbb_root_path) { $this->filesystem = $filesystem; $this->factory = $factory; - $this->php_ini = $php_ini; $this->language = $language; + $this->php_ini = $php_ini; $this->request = $request; $this->phpbb_root_path = $phpbb_root_path; } -- cgit v1.2.1 From 16f3b8c2b9de388223cbe8ace9e1d9bcf0ba5e11 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 27 Aug 2015 10:51:10 +0200 Subject: [ticket/13904] Modify files for changes in ini wrapper PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 036f216d22..328dd49a06 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -56,7 +56,7 @@ class upload /** @var \phpbb\files\factory Files factory */ protected $factory; - /** @var \phpbb\php\ini ini_get() wrapper */ + /** @var \bantu\IniGetWrapper\IniGetWrapper ini_get() wrapper */ protected $php_ini; /** @var \phpbb\language\language Language class */ @@ -74,11 +74,11 @@ class upload * @param filesystem_interface $filesystem * @param factory $factory Files factory * @param language $language Language class - * @param \phpbb\php\ini $php_ini ini_get() wrapper + * @param \bantu\IniGetWrapper\IniGetWrapper $php_ini ini_get() wrapper * @param request_interface $request Request class * @param string $phpbb_root_path phpBB root path */ - public function __construct(filesystem_interface $filesystem, factory $factory, language $language, \phpbb\php\ini $php_ini, request_interface $request, $phpbb_root_path) + public function __construct(filesystem_interface $filesystem, factory $factory, language $language, \bantu\IniGetWrapper\IniGetWrapper $php_ini, request_interface $request, $phpbb_root_path) { $this->filesystem = $filesystem; $this->factory = $factory; @@ -216,7 +216,7 @@ class upload switch ($errorcode) { case UPLOAD_ERR_INI_SIZE: - $max_filesize = $this->php_ini->get_string('upload_max_filesize'); + $max_filesize = $this->php_ini->getString('upload_max_filesize'); $unit = 'MB'; if (!empty($max_filesize)) -- cgit v1.2.1 From 70ad0c6a8f7d16b767aa78cde2acc9a3b3512e6f Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 9 Sep 2015 10:43:12 +0200 Subject: [ticket/13904] Add language entries for error messages in upload class PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 328dd49a06..bd379924e7 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -245,15 +245,12 @@ class upload break; case UPLOAD_ERR_NO_TMP_DIR: - $error = 'Temporary folder could not be found. Please check your PHP installation.'; - break; - case UPLOAD_ERR_CANT_WRITE: - $error = 'Can’t write to temporary folder.'; + $error = $this->language->lang($this->error_prefix . 'NO_TEMP_DIR'); break; case UPLOAD_ERR_EXTENSION: - $error = 'A PHP extension has stopped the file upload.'; + $error = $this->language->lang($this->error_prefix . 'PHP_UPLOAD_STOPPED'); break; default: -- cgit v1.2.1 From 5f91f1cad85eaf7f8dc62a1a140605a46431496f Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 9 Sep 2015 10:46:14 +0200 Subject: [ticket/13904] Minor coding style fixes PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index bd379924e7..45ff1c372f 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -13,9 +13,9 @@ namespace phpbb\files; -use \phpbb\filesystem\filesystem_interface; -use \phpbb\language\language; -use \phpbb\request\request_interface; +use phpbb\filesystem\filesystem_interface; +use phpbb\language\language; +use phpbb\request\request_interface; /** * File upload class -- cgit v1.2.1 From 40e614f56436447dffd272351e23b79c2da9fa3f Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 9 Sep 2015 12:58:22 +0200 Subject: [ticket/13904] Fix tests after changes to factory PHPBB3-13904 --- phpBB/phpbb/files/upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index 45ff1c372f..e011e714e5 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -197,7 +197,7 @@ class upload { $args = func_get_args(); array_shift($args); - $type_class = $this->factory->get('types.' . $type) + $type_class = $this->factory->get($type) ->set_upload($this); return (is_object($type_class)) ? call_user_func_array(array($type_class, 'upload'), $args) : false; -- cgit v1.2.1 From a92083169a181a6524e383de657c78af1bff2887 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Thu, 5 Nov 2015 13:52:04 -0800 Subject: [ticket/14273] Remove unused core.root_path dependency in files.upload service PHPBB3-14273 --- phpBB/phpbb/files/upload.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'phpBB/phpbb/files/upload.php') diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index e011e714e5..a9bf74094d 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -65,9 +65,6 @@ class upload /** @var request_interface Request class */ protected $request; - /** @var string phpBB root path */ - protected $phpbb_root_path; - /** * Init file upload class. * @@ -76,16 +73,14 @@ class upload * @param language $language Language class * @param \bantu\IniGetWrapper\IniGetWrapper $php_ini ini_get() wrapper * @param request_interface $request Request class - * @param string $phpbb_root_path phpBB root path */ - public function __construct(filesystem_interface $filesystem, factory $factory, language $language, \bantu\IniGetWrapper\IniGetWrapper $php_ini, request_interface $request, $phpbb_root_path) + public function __construct(filesystem_interface $filesystem, factory $factory, language $language, \bantu\IniGetWrapper\IniGetWrapper $php_ini, request_interface $request) { $this->filesystem = $filesystem; $this->factory = $factory; $this->language = $language; $this->php_ini = $php_ini; $this->request = $request; - $this->phpbb_root_path = $phpbb_root_path; } /** -- cgit v1.2.1