diff options
| author | Nils Adermann <naderman@naderman.de> | 2010-11-20 17:00:05 +0100 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2010-11-20 17:00:05 +0100 |
| commit | 7f21a5f46156660d7ea6a4bdb59166ac553e2be8 (patch) | |
| tree | 3963b4075f58c43ffc01fe290b04a800668bc53c /phpBB/includes/functions_upload.php | |
| parent | c4e02a191628b4b9f7b6340f2876607663baeb5a (diff) | |
| parent | af4c2a3eb15fc4318b23dcb7794c230cf3ec2a0f (diff) | |
| download | forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.tar forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.tar.gz forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.tar.bz2 forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.tar.xz forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.zip | |
Merge commit 'release-3.0.8'
* commit 'release-3.0.8': (393 commits)
[prep-release-3.0.8] Incrementing version number to 3.0.8 and update changelog
[ticket/9903] Script for detecting potentially malicious flash bbcodes
[ticket/9904] Update WebPI Parameters.xml to work with WebMatrix.
[ticket/9899] Change recaptcha theme from default to 'clean' in the ACP.
[ticket/9509] Fix a typo and wrong period placement
[ticket/9903] Fix XSS in BBcode-parser's Flash-BBcode.
[develop-olympus] Updating changelog for last minute 3.0.8-RC1 fixes.
[ticket/9140] Check current board version in incremental update packages
[ticket/9891] Updater drops language-selection after database-update
[develop-olympus] Updating changelog with latest changes for 3.0.8-RC1
[ticket/9884] Reduce queue interval to 60 seconds, email package size to 20
[ticket/9886] Update fails on PostgreSQL because of an error in _add_module
[ticket/9888] Update fails when Bing [Bot] was already added to the users table
[develop-olympus] Bumping version number for 3.0.8-RC1.
[ticket/9885] Fix extension group name updater. Loop through all languages.
[ticket/9847] Fix typo in search synonyms. Use british english for 'judgement'.
[ticket/9883] Change an American English spelling to British English.
[task/phing-build] Correct the path for update package patch files.
[ticket/9880] Change "antibot" to "anti-spambot".
[ticket/9696] Surpress is_dir() notice when using SQLite with open_basedir.
...
Diffstat (limited to 'phpBB/includes/functions_upload.php')
| -rw-r--r-- | phpBB/includes/functions_upload.php | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 054af29045..7f09cc1640 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -58,8 +58,9 @@ class filespec $this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size']; - $name = trim(utf8_htmlspecialchars(utf8_basename($upload_ary['name']))); - $this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name; + $name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name']; + $name = trim(utf8_htmlspecialchars(utf8_basename($name))); + $this->realname = $this->uploadname = $name; $this->mimetype = $upload_ary['type']; // Opera adds the name to the mime type @@ -775,7 +776,18 @@ class fileupload { if ($get_info) { - $data .= @fread($fsock, 1024); + $block = @fread($fsock, 1024); + $filesize += strlen($block); + + if ($this->max_filesize && $filesize > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + + $data .= $block; } else { @@ -791,6 +803,18 @@ class fileupload { $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); } + else if ($this->max_filesize && stripos($line, 'content-length: ') !== false) + { + $length = (int) str_replace('content-length: ', '', strtolower($line)); + + if ($length && $length > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + } else if (stripos($line, '404 not found') !== false) { $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); |