diff options
| author | Maat <maat-pub@mageia.biz> | 2020-05-08 21:52:11 +0200 |
|---|---|---|
| committer | Maat <maat-pub@mageia.biz> | 2020-05-08 21:52:11 +0200 |
| commit | 8ea437e30605e0f66b5220bf904a61d7c1d11ddd (patch) | |
| tree | e0db2bb4a012d5b06a633160b19f62f4868ecd28 /phpBB/phpbb/avatar | |
| parent | 36bc1870f21fac04736a1049c1d5b8e127d729f4 (diff) | |
| parent | 2fdd46b36431ae0f58bb2e78e42553168db9a0ff (diff) | |
| download | forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.gz forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.bz2 forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.xz forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.zip | |
Merge remote-tracking branch 'upstream/prep-release-3.2.9'
Diffstat (limited to 'phpBB/phpbb/avatar')
| -rw-r--r-- | phpBB/phpbb/avatar/driver/driver.php | 7 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/gravatar.php | 12 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/local.php | 14 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/remote.php | 60 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/upload.php | 70 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/manager.php | 25 |
6 files changed, 126 insertions, 62 deletions
diff --git a/phpBB/phpbb/avatar/driver/driver.php b/phpBB/phpbb/avatar/driver/driver.php index ad186635f2..45681f3e59 100644 --- a/phpBB/phpbb/avatar/driver/driver.php +++ b/phpBB/phpbb/avatar/driver/driver.php @@ -30,6 +30,9 @@ abstract class driver implements \phpbb\avatar\driver\driver_interface */ protected $config; + /** @var \FastImageSize\FastImageSize */ + protected $imagesize; + /** * Current $phpbb_root_path * @var string @@ -73,14 +76,16 @@ abstract class driver implements \phpbb\avatar\driver\driver_interface * Construct a driver object * * @param \phpbb\config\config $config phpBB configuration + * @param \FastImageSize\FastImageSize $imagesize FastImageSize class * @param string $phpbb_root_path Path to the phpBB root * @param string $php_ext PHP file extension * @param \phpbb\path_helper $path_helper phpBB path helper * @param \phpbb\cache\driver\driver_interface $cache Cache driver */ - public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\path_helper $path_helper, \phpbb\cache\driver\driver_interface $cache = null) + public function __construct(\phpbb\config\config $config, \FastImageSize\FastImageSize $imagesize, $phpbb_root_path, $php_ext, \phpbb\path_helper $path_helper, \phpbb\cache\driver\driver_interface $cache = null) { $this->config = $config; + $this->imagesize = $imagesize; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; $this->path_helper = $path_helper; diff --git a/phpBB/phpbb/avatar/driver/gravatar.php b/phpBB/phpbb/avatar/driver/gravatar.php index 7a43b55852..3e4e7ff98b 100644 --- a/phpBB/phpbb/avatar/driver/gravatar.php +++ b/phpBB/phpbb/avatar/driver/gravatar.php @@ -98,8 +98,8 @@ class gravatar extends \phpbb\avatar\driver\driver return false; } - // Make sure getimagesize works... - if (function_exists('getimagesize') && ($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0)) + // Get image dimensions if they are not set + if ($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0) { /** * default to the minimum of the maximum allowed avatar size if the size @@ -108,20 +108,20 @@ class gravatar extends \phpbb\avatar\driver\driver $row['avatar_width'] = $row['avatar_height'] = min($this->config['avatar_max_width'], $this->config['avatar_max_height']); $url = $this->get_gravatar_url($row); - if (($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0) && (($image_data = getimagesize($url)) === false)) + if (($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0) && (($image_data = $this->imagesize->getImageSize($url)) === false)) { $error[] = 'UNABLE_GET_IMAGE_SIZE'; return false; } - if (!empty($image_data) && ($image_data[0] <= 0 || $image_data[1] <= 0)) + if (!empty($image_data) && ($image_data['width'] <= 0 || $image_data['width'] <= 0)) { $error[] = 'AVATAR_NO_SIZE'; return false; } - $row['avatar_width'] = ($row['avatar_width'] && $row['avatar_height']) ? $row['avatar_width'] : $image_data[0]; - $row['avatar_height'] = ($row['avatar_width'] && $row['avatar_height']) ? $row['avatar_height'] : $image_data[1]; + $row['avatar_width'] = ($row['avatar_width'] && $row['avatar_height']) ? $row['avatar_width'] : $image_data['width']; + $row['avatar_height'] = ($row['avatar_width'] && $row['avatar_height']) ? $row['avatar_height'] : $image_data['height']; } if ($row['avatar_width'] <= 0 || $row['avatar_height'] <= 0) diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php index 75c384f31e..4b84e4201c 100644 --- a/phpBB/phpbb/avatar/driver/local.php +++ b/phpBB/phpbb/avatar/driver/local.php @@ -64,7 +64,7 @@ class local extends \phpbb\avatar\driver\driver $table_cols = isset($row['avatar_gallery_cols']) ? $row['avatar_gallery_cols'] : 4; $row_count = $col_count = $avatar_pos = 0; - $avatar_count = sizeof($avatar_list[$category]); + $avatar_count = count($avatar_list[$category]); reset($avatar_list[$category]); @@ -158,7 +158,7 @@ class local extends \phpbb\avatar\driver\driver */ protected function get_avatar_list($user) { - $avatar_list = ($this->cache == null) ? false : $this->cache->get('_avatar_local_list'); + $avatar_list = ($this->cache == null) ? false : $this->cache->get('_avatar_local_list_' . $user->data['user_lang']); if ($avatar_list === false) { @@ -174,13 +174,15 @@ class local extends \phpbb\avatar\driver\driver // Match all images in the gallery folder if (preg_match('#^[^&\'"<>]+\.(?:' . implode('|', $this->allowed_extensions) . ')$#i', $image) && is_file($file_path . '/' . $image)) { - if (function_exists('getimagesize')) + $dims = $this->imagesize->getImageSize($file_path . '/' . $image); + + if ($dims === false) { - $dims = getimagesize($file_path . '/' . $image); + $dims = array(0, 0); } else { - $dims = array(0, 0); + $dims = array($dims['width'], $dims['height']); } $cat = ($path == $file_path) ? $user->lang['NO_AVATAR_CATEGORY'] : str_replace("$path/", '', $file_path); $avatar_list[$cat][$image] = array( @@ -196,7 +198,7 @@ class local extends \phpbb\avatar\driver\driver if ($this->cache != null) { - $this->cache->put('_avatar_local_list', $avatar_list, 86400); + $this->cache->put('_avatar_local_list_' . $user->data['user_lang'], $avatar_list, 86400); } } diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php index 2811cc2389..b16549ffb7 100644 --- a/phpBB/phpbb/avatar/driver/remote.php +++ b/phpBB/phpbb/avatar/driver/remote.php @@ -49,6 +49,8 @@ class remote extends \phpbb\avatar\driver\driver */ public function process_form($request, $template, $user, $row, &$error) { + global $phpbb_dispatcher; + $url = $request->variable('avatar_remote_url', ''); $width = $request->variable('avatar_remote_width', 0); $height = $request->variable('avatar_remote_height', 0); @@ -84,6 +86,24 @@ class remote extends \phpbb\avatar\driver\driver return false; } + /** + * Event to make custom validation of avatar upload + * + * @event core.ucp_profile_avatar_upload_validation + * @var string url Image url + * @var string width Image width + * @var string height Image height + * @var array error Error message array + * @since 3.2.9-RC1 + */ + $vars = array('url', 'width', 'height', 'error'); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_upload_validation', compact($vars))); + + if (!empty($error)) + { + return false; + } + // Check if this url looks alright // Do not allow specifying the port (see RFC 3986) or IP addresses if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || @@ -95,38 +115,30 @@ class remote extends \phpbb\avatar\driver\driver return false; } - // Make sure getimagesize works... - if (function_exists('getimagesize')) + // Get image dimensions + if (($width <= 0 || $height <= 0) && (($image_data = $this->imagesize->getImageSize($url)) === false)) { - if (($width <= 0 || $height <= 0) && (($image_data = @getimagesize($url)) === false)) - { - $error[] = 'UNABLE_GET_IMAGE_SIZE'; - return false; - } - - if (!empty($image_data) && ($image_data[0] <= 0 || $image_data[1] <= 0)) - { - $error[] = 'AVATAR_NO_SIZE'; - return false; - } - - $width = ($width && $height) ? $width : $image_data[0]; - $height = ($width && $height) ? $height : $image_data[1]; + $error[] = 'UNABLE_GET_IMAGE_SIZE'; + return false; } - if ($width <= 0 || $height <= 0) + if (!empty($image_data) && ($image_data['width'] <= 0 || $image_data['height'] <= 0)) { $error[] = 'AVATAR_NO_SIZE'; return false; } - if (!class_exists('fileupload')) + $width = ($width && $height) ? $width : $image_data['width']; + $height = ($width && $height) ? $height : $image_data['height']; + + if ($width <= 0 || $height <= 0) { - include($this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext); + $error[] = 'AVATAR_NO_SIZE'; + return false; } - $types = \fileupload::image_types(); - $extension = strtolower(\filespec::get_extension($url)); + $types = \phpbb\files\upload::image_types(); + $extension = strtolower(\phpbb\files\filespec::get_extension($url)); // Check if this is actually an image if ($file_stream = @fopen($url, 'r')) @@ -175,15 +187,15 @@ class remote extends \phpbb\avatar\driver\driver return false; } - if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))) + if (!empty($image_data) && (!isset($types[$image_data['type']]) || !in_array($extension, $types[$image_data['type']]))) { - if (!isset($types[$image_data[2]])) + if (!isset($types[$image_data['type']])) { $error[] = 'UNABLE_GET_IMAGE_SIZE'; } else { - $error[] = array('IMAGE_FILETYPE_MISMATCH', $types[$image_data[2]][0], $extension); + $error[] = array('IMAGE_FILETYPE_MISMATCH', $types[$image_data['type']][0], $extension); } return false; diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index 0dae5607f6..a012bb15b6 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -19,9 +19,9 @@ namespace phpbb\avatar\driver; class upload extends \phpbb\avatar\driver\driver { /** - * @var \phpbb\mimetype\guesser - */ - protected $mimetype_guesser; + * @var \phpbb\filesystem\filesystem_interface + */ + protected $filesystem; /** * @var \phpbb\event\dispatcher_interface @@ -29,24 +29,31 @@ class upload extends \phpbb\avatar\driver\driver protected $dispatcher; /** + * @var \phpbb\files\factory + */ + protected $files_factory; + + /** * Construct a driver object * * @param \phpbb\config\config $config phpBB configuration * @param string $phpbb_root_path Path to the phpBB root * @param string $php_ext PHP file extension - * @param \phpbb_path_helper $path_helper phpBB path helper - * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser + * @param \phpbb\filesystem\filesystem_interface $filesystem phpBB filesystem helper + * @param \phpbb\path_helper $path_helper phpBB path helper * @param \phpbb\event\dispatcher_interface $dispatcher phpBB Event dispatcher object + * @param \phpbb\files\factory $files_factory File classes factory * @param \phpbb\cache\driver\driver_interface $cache Cache driver */ - public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\path_helper $path_helper, \phpbb\mimetype\guesser $mimetype_guesser, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\cache\driver\driver_interface $cache = null) + public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\filesystem\filesystem_interface $filesystem, \phpbb\path_helper $path_helper, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\files\factory $files_factory, \phpbb\cache\driver\driver_interface $cache = null) { $this->config = $config; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; + $this->filesystem = $filesystem; $this->path_helper = $path_helper; - $this->mimetype_guesser = $mimetype_guesser; $this->dispatcher = $dispatcher; + $this->files_factory = $files_factory; $this->cache = $cache; } @@ -92,19 +99,24 @@ class upload extends \phpbb\avatar\driver\driver return false; } - if (!class_exists('fileupload')) - { - include($this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext); - } - - $upload = new \fileupload('AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], (isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false)); + /** @var \phpbb\files\upload $upload */ + $upload = $this->files_factory->get('upload') + ->set_error_prefix('AVATAR_') + ->set_allowed_extensions($this->allowed_extensions) + ->set_max_filesize($this->config['avatar_filesize']) + ->set_allowed_dimensions( + $this->config['avatar_min_width'], + $this->config['avatar_min_height'], + $this->config['avatar_max_width'], + $this->config['avatar_max_height']) + ->set_disallowed_content((isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false)); $url = $request->variable('avatar_upload_url', ''); $upload_file = $request->file('avatar_upload_file'); if (!empty($upload_file['name'])) { - $file = $upload->form_upload('avatar_upload_file', $this->mimetype_guesser); + $file = $upload->handle_upload('files.types.form', 'avatar_upload_file'); } else if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) { @@ -136,7 +148,8 @@ class upload extends \phpbb\avatar\driver\driver // Do not allow specifying the port (see RFC 3986) or IP addresses // remote_upload() will do its own check for allowed filetypes - if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || + if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || + preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) { @@ -144,7 +157,7 @@ class upload extends \phpbb\avatar\driver\driver return false; } - $file = $upload->remote_upload($url, $this->mimetype_guesser); + $file = $upload->handle_upload('files.types.remote', $url); } else { @@ -155,7 +168,7 @@ class upload extends \phpbb\avatar\driver\driver $file->clean_filename('avatar', $prefix, $row['id']); // If there was an error during upload, then abort operation - if (sizeof($file->error)) + if (count($file->error)) { $file->remove(); $error = $file->error; @@ -191,15 +204,18 @@ class upload extends \phpbb\avatar\driver\driver * * @event core.avatar_driver_upload_move_file_before * @var array filedata Array containing uploaded file data + * @var \phpbb\files\filespec file Instance of filespec class * @var string destination Destination directory where the file is going to be moved * @var string prefix Prefix for the avatar filename * @var array row Array with avatar row data * @var array error Array of errors, if filled in by this event file will not be moved * @since 3.1.6-RC1 * @changed 3.1.9-RC1 Added filedata + * @changed 3.2.3-RC1 Added file */ $vars = array( 'filedata', + 'file', 'destination', 'prefix', 'row', @@ -209,7 +225,7 @@ class upload extends \phpbb\avatar\driver\driver unset($filedata); - if (!sizeof($error)) + if (!count($error)) { // Move file and overwrite any existing image $file->move_file($destination, true); @@ -217,7 +233,7 @@ class upload extends \phpbb\avatar\driver\driver // If there was an error during move, then clean up leftovers $error = array_merge($error, $file->error); - if (sizeof($error)) + if (count($error)) { $file->remove(); return false; @@ -279,12 +295,20 @@ class upload extends \phpbb\avatar\driver\driver ); extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars))); - if (!sizeof($error) && file_exists($filename)) + if (!count($error) && $this->filesystem->exists($filename)) { - @unlink($filename); + try + { + $this->filesystem->remove($filename); + return true; + } + catch (\phpbb\filesystem\exception\filesystem_exception $e) + { + // Fail is covered by return statement below + } } - return true; + return false; } /** @@ -302,6 +326,6 @@ class upload extends \phpbb\avatar\driver\driver */ protected function can_upload() { - return (file_exists($this->phpbb_root_path . $this->config['avatar_path']) && phpbb_is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')); + return ($this->filesystem->exists($this->phpbb_root_path . $this->config['avatar_path']) && $this->filesystem->is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')); } } diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 26eb17c265..a909a91042 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -22,6 +22,12 @@ class manager protected $config; /** + * phpBB event dispatcher + * @var \phpbb\event\dispatcher_interface + */ + protected $phpbb_dispatcher; + + /** * Array that contains a list of enabled drivers * @var array */ @@ -49,11 +55,13 @@ class manager * Construct an avatar manager object * * @param \phpbb\config\config $config phpBB configuration + * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher phpBB event dispatcher * @param array $avatar_drivers Avatar drivers passed via the service container */ - public function __construct(\phpbb\config\config $config, $avatar_drivers) + public function __construct(\phpbb\config\config $config, \phpbb\event\dispatcher_interface $phpbb_dispatcher, $avatar_drivers) { $this->config = $config; + $this->phpbb_dispatcher = $phpbb_dispatcher; $this->register_avatar_drivers($avatar_drivers); } @@ -263,7 +271,7 @@ class manager $config_name = $driver->get_config_name(); return array( - 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), ); } @@ -331,6 +339,19 @@ class manager WHERE user_avatar = '" . $db->sql_escape($avatar_data['avatar']) . "'"; $db->sql_query($sql); } + + /** + * Event is triggered after user avatar has been deleted + * + * @event core.avatar_manager_avatar_delete_after + * @var \phpbb\user user phpBB user object + * @var array avatar_data Normalised avatar-related user data + * @var string table Table to delete avatar from + * @var string prefix Column prefix to delete avatar from + * @since 3.2.4-RC1 + */ + $vars = array('user', 'avatar_data', 'table', 'prefix'); + extract($this->phpbb_dispatcher->trigger_event('core.avatar_manager_avatar_delete_after', compact($vars))); } /** |