4 files changed, 989 insertions, 0 deletions
diff --git a/phpBB/phpbb/attachment/delete.php b/phpBB/phpbb/attachment/delete.php
new file mode 100644
index 0000000000..e093da8865
--- /dev/null
+++ b/phpBB/phpbb/attachment/delete.php
@@ -0,0 +1,432 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\attachment;
+
+use \phpbb\config\config;
+use \phpbb\db\driver\driver_interface;
+use \phpbb\event\dispatcher;
+use \phpbb\filesystem\filesystem;
+
+/**
+ * Attachment delete class
+ */
+class delete
+{
+	/** @var config */
+	protected $config;
+
+	/** @var driver_interface */
+	protected $db;
+
+	/** @var \phpbb\event\dispatcher */
+	protected $dispatcher;
+
+	/** @var filesystem  */
+	protected $filesystem;
+
+	/** @var resync */
+	protected $resync;
+
+	/** @var string phpBB root path */
+	protected $phpbb_root_path;
+
+	/** @var array Attachement IDs */
+	protected $ids;
+
+	/** @var string SQL ID string */
+	private $sql_id;
+
+	/** @var string SQL where string */
+	private $sql_where = '';
+
+	/** @var int Number of deleted items */
+	private $num_deleted;
+
+	/** @var array Post IDs */
+	private $post_ids = array();
+
+	/** @var array Message IDs */
+	private $message_ids = array();
+
+	/** @var array Topic IDs */
+	private $topic_ids = array();
+
+	/** @var array Info of physical file */
+	private $physical = array();
+
+	/**
+	 * Attachment delete class constructor
+	 *
+	 * @param config $config
+	 * @param driver_interface $db
+	 * @param dispatcher $dispatcher
+	 * @param filesystem $filesystem
+	 * @param resync $resync
+	 * @param string $phpbb_root_path
+	 */
+	public function __construct(config $config, driver_interface $db, dispatcher $dispatcher, filesystem $filesystem, resync $resync, $phpbb_root_path)
+	{
+		$this->config = $config;
+		$this->db = $db;
+		$this->dispatcher = $dispatcher;
+		$this->filesystem = $filesystem;
+		$this->resync = $resync;
+		$this->phpbb_root_path = $phpbb_root_path;
+	}
+
+	/**
+	 * Delete Attachments
+	 *
+	 * @param string $mode can be: post|message|topic|attach|user
+	 * @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids
+	 * @param bool $resync set this to false if you are deleting posts or topics
+	 *
+	 * @return int|bool Number of deleted attachments or false if something
+	 *			went wrong during attachment deletion
+	 */
+	public function delete($mode, $ids, $resync = true)
+	{
+		if (!$this->set_attachment_ids($ids))
+		{
+			return false;
+		}
+
+		$this->set_sql_constraints($mode);
+
+		/**
+		 * Perform additional actions before collecting data for attachment(s) deletion
+		 *
+		 * @event core.delete_attachments_collect_data_before
+		 * @var	string	mode			Variable containing attachments deletion mode, can be: post|message|topic|attach|user
+		 * @var	mixed	ids				Array or comma separated list of ids corresponding to the mode
+		 * @var	bool	resync			Flag indicating if posts/messages/topics should be synchronized
+		 * @var	string	sql_id			The field name to collect/delete data for depending on the mode
+		 * @since 3.1.7-RC1
+		 */
+		$vars = array(
+			'mode',
+			'ids',
+			'resync',
+			'sql_id',
+		);
+		extract($this->dispatcher->trigger_event('core.delete_attachments_collect_data_before', compact($vars)));
+
+		// Collect post and topic ids for later use if we need to touch remaining entries (if resync is enabled)
+		$this->collect_attachment_info($resync);
+
+		// Delete attachments from database
+		$this->delete_attachments_from_db();
+
+		/**
+		 * Perform additional actions after attachment(s) deletion from the database
+		 *
+		 * @event core.delete_attachments_from_database_after
+		 * @var	string	mode			Variable containing attachments deletion mode, can be: post|message|topic|attach|user
+		 * @var	mixed	ids				Array or comma separated list of ids corresponding to the mode
+		 * @var	bool	resync			Flag indicating if posts/messages/topics should be synchronized
+		 * @var	string	sql_id			The field name to collect/delete data for depending on the mode
+		 * @var	array	post_ids		Array with post ids for deleted attachment(s)
+		 * @var	array	topic_ids		Array with topic ids for deleted attachment(s)
+		 * @var	array	message_ids		Array with private message ids for deleted attachment(s)
+		 * @var	array	physical		Array with deleted attachment(s) physical file(s) data
+		 * @var	int		num_deleted		The number of deleted attachment(s) from the database
+		 * @since 3.1.7-RC1
+		 */
+		$vars = array(
+			'mode',
+			'ids',
+			'resync',
+			'sql_id',
+			'post_ids',
+			'topic_ids',
+			'message_ids',
+			'physical',
+			'num_deleted',
+		);
+		extract($this->dispatcher->trigger_event('core.delete_attachments_from_database_after', compact($vars)));
+
+		if (!$this->num_deleted)
+		{
+			return 0;
+		}
+
+		// Delete attachments from filesystem
+		$this->remove_from_filesystem();
+
+		// If we do not resync, we do not need to adjust any message, post, topic or user entries
+		if (!$resync)
+		{
+			return $this->num_deleted;
+		}
+
+		// No more use for the original ids
+		unset($ids);
+
+		// Update post indicators for posts now no longer having attachments
+		$this->resync->resync('post', $this->post_ids);
+
+		// Update message table if messages are affected
+		$this->resync->resync('message', $this->message_ids);
+
+		// Now update the topics. This is a bit trickier, because there could be posts still having attachments within the topic
+		$this->resync->resync('topic', $this->topic_ids);
+
+		return $this->num_deleted;
+	}
+
+	/**
+	 * Set attachment IDs
+	 *
+	 * @param mixed $ids ID or array of IDs
+	 *
+	 * @return bool True if attachment IDs were set, false if not
+	 */
+	protected function set_attachment_ids($ids)
+	{
+		// 0 is as bad as an empty array
+		if (empty($ids))
+		{
+			return false;
+		}
+
+		if (is_array($ids))
+		{
+			$ids = array_unique($ids);
+			$this->ids = array_map('intval', $ids);
+		}
+		else
+		{
+			$this->ids = array((int) $ids);
+		}
+
+		return true;
+	}
+
+	/**
+	 * Set SQL constraints based on mode
+	 *
+	 * @param string $mode Delete mode; can be: post|message|topic|attach|user
+	 */
+	private function set_sql_constraints($mode)
+	{
+		switch ($mode)
+		{
+			case 'post':
+			case 'message':
+				$this->sql_id = 'post_msg_id';
+				$this->sql_where = ' AND in_message = ' . ($mode == 'message' ? 1 : 0);
+			break;
+
+			case 'topic':
+				$this->sql_id = 'topic_id';
+			break;
+
+			case 'user':
+				$this->sql_id = 'poster_id';
+			break;
+
+			case 'attach':
+			default:
+				$this->sql_id = 'attach_id';
+			break;
+		}
+	}
+
+	/**
+	 * Collect info about attachment IDs
+	 *
+	 * @param bool $resync Whether topics/posts should be resynced after delete
+	 */
+	protected function collect_attachment_info($resync)
+	{
+		// Collect post and topic ids for later use if we need to touch remaining entries (if resync is enabled)
+		$sql = 'SELECT post_msg_id, topic_id, in_message, physical_filename, thumbnail, filesize, is_orphan
+			FROM ' . ATTACHMENTS_TABLE . '
+			WHERE ' . $this->db->sql_in_set($this->sql_id, $this->ids);
+
+		$sql .= $this->sql_where;
+
+		$result = $this->db->sql_query($sql);
+
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			// We only need to store post/message/topic ids if resync is enabled and the file is not orphaned
+			if ($resync && !$row['is_orphan'])
+			{
+				if (!$row['in_message'])
+				{
+					$this->post_ids[] = $row['post_msg_id'];
+					$this->topic_ids[] = $row['topic_id'];
+				}
+				else
+				{
+					$this->message_ids[] = $row['post_msg_id'];
+				}
+			}
+
+			$this->physical[] = array('filename' => $row['physical_filename'], 'thumbnail' => $row['thumbnail'], 'filesize' => $row['filesize'], 'is_orphan' => $row['is_orphan']);
+		}
+		$this->db->sql_freeresult($result);
+
+		// IDs should be unique
+		$this->post_ids = array_unique($this->post_ids);
+		$this->message_ids = array_unique($this->message_ids);
+		$this->topic_ids = array_unique($this->topic_ids);
+	}
+
+	/**
+	 * Delete attachments from database table
+	 */
+	protected function delete_attachments_from_db()
+	{
+		/**
+		 * Perform additional actions before attachment(s) deletion
+		 *
+		 * @event core.delete_attachments_before
+		 * @var	string	mode			Variable containing attachments deletion mode, can be: post|message|topic|attach|user
+		 * @var	mixed	ids				Array or comma separated list of ids corresponding to the mode
+		 * @var	bool	resync			Flag indicating if posts/messages/topics should be synchronized
+		 * @var	string	sql_id			The field name to collect/delete data for depending on the mode
+		 * @var	array	post_ids		Array with post ids for deleted attachment(s)
+		 * @var	array	topic_ids		Array with topic ids for deleted attachment(s)
+		 * @var	array	message_ids		Array with private message ids for deleted attachment(s)
+		 * @var	array	physical		Array with deleted attachment(s) physical file(s) data
+		 * @since 3.1.7-RC1
+		 */
+		$vars = array(
+			'mode',
+			'ids',
+			'resync',
+			'sql_id',
+			'post_ids',
+			'topic_ids',
+			'message_ids',
+			'physical',
+		);
+		extract($this->dispatcher->trigger_event('core.delete_attachments_before', compact($vars)));
+
+		// Delete attachments
+		$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
+			WHERE ' . $this->db->sql_in_set($this->sql_id, $this->ids);
+
+		$sql .= $this->sql_where;
+
+		$this->db->sql_query($sql);
+		$this->num_deleted = $this->db->sql_affectedrows();
+	}
+
+	/**
+	 * Delete attachments from filesystem
+	 */
+	protected function remove_from_filesystem()
+	{
+		$space_removed = $files_removed = 0;
+
+		foreach ($this->physical as $file_ary)
+		{
+			if ($this->unlink_attachment($file_ary['filename'], 'file', true) && !$file_ary['is_orphan'])
+			{
+				// Only non-orphaned files count to the file size
+				$space_removed += $file_ary['filesize'];
+				$files_removed++;
+			}
+
+			if ($file_ary['thumbnail'])
+			{
+				$this->unlink_attachment($file_ary['filename'], 'thumbnail', true);
+			}
+		}
+
+		/**
+		 * Perform additional actions after attachment(s) deletion from the filesystem
+		 *
+		 * @event core.delete_attachments_from_filesystem_after
+		 * @var	string	mode			Variable containing attachments deletion mode, can be: post|message|topic|attach|user
+		 * @var	mixed	ids				Array or comma separated list of ids corresponding to the mode
+		 * @var	bool	resync			Flag indicating if posts/messages/topics should be synchronized
+		 * @var	string	sql_id			The field name to collect/delete data for depending on the mode
+		 * @var	array	post_ids		Array with post ids for deleted attachment(s)
+		 * @var	array	topic_ids		Array with topic ids for deleted attachment(s)
+		 * @var	array	message_ids		Array with private message ids for deleted attachment(s)
+		 * @var	array	physical		Array with deleted attachment(s) physical file(s) data
+		 * @var	int		num_deleted		The number of deleted attachment(s) from the database
+		 * @var	int		space_removed	The size of deleted files(s) from the filesystem
+		 * @var	int		files_removed	The number of deleted file(s) from the filesystem
+		 * @since 3.1.7-RC1
+		 */
+		$vars = array(
+			'mode',
+			'ids',
+			'resync',
+			'sql_id',
+			'post_ids',
+			'topic_ids',
+			'message_ids',
+			'physical',
+			'num_deleted',
+			'space_removed',
+			'files_removed',
+		);
+		extract($this->dispatcher->trigger_event('core.delete_attachments_from_filesystem_after', compact($vars)));
+
+		if ($space_removed || $files_removed)
+		{
+			$this->config->increment('upload_dir_size', $space_removed * (-1), false);
+			$this->config->increment('num_files', $files_removed * (-1), false);
+		}
+	}
+
+	/**
+	 * Delete attachment from filesystem
+	 *
+	 * @param string $filename Filename of attachment
+	 * @param string $mode Delete mode
+	 * @param bool $entry_removed Whether entry was removed. Defaults to false
+	 * @return bool True if file was removed, false if not
+	 */
+	public function unlink_attachment($filename, $mode = 'file', $entry_removed = false)
+	{
+		// Because of copying topics or modifications a physical filename could be assigned more than once. If so, do not remove the file itself.
+		$sql = 'SELECT COUNT(attach_id) AS num_entries
+		FROM ' . ATTACHMENTS_TABLE . "
+		WHERE physical_filename = '" . $this->db->sql_escape(utf8_basename($filename)) . "'";
+		$result = $this->db->sql_query($sql);
+		$num_entries = (int) $this->db->sql_fetchfield('num_entries');
+		$this->db->sql_freeresult($result);
+
+		// Do not remove file if at least one additional entry with the same name exist.
+		if (($entry_removed && $num_entries > 0) || (!$entry_removed && $num_entries > 1))
+		{
+			return false;
+		}
+
+		$filename = ($mode == 'thumbnail') ? 'thumb_' . utf8_basename($filename) : utf8_basename($filename);
+		$filepath = $this->phpbb_root_path . $this->config['upload_path'] . '/' . $filename;
+
+		try
+		{
+			if ($this->filesystem->exists($filepath))
+			{
+				$this->filesystem->remove($this->phpbb_root_path . $this->config['upload_path'] . '/' . $filename);
+				return true;
+			}
+		}
+		catch (\phpbb\filesystem\exception\filesystem_exception $exception)
+		{
+			// Fail is covered by return statement below
+		}
+
+		return false;
+	}
+}
diff --git a/phpBB/phpbb/attachment/manager.php b/phpBB/phpbb/attachment/manager.php
new file mode 100644
index 0000000000..3c47171b2f
--- /dev/null
+++ b/phpBB/phpbb/attachment/manager.php
@@ -0,0 +1,99 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\attachment;
+
+/**
+ * Attachment manager
+ */
+class manager
+{
+	/** @var delete Attachment delete class */
+	protected $delete;
+
+	/** @var resync Attachment resync class */
+	protected $resync;
+
+	/** @var upload Attachment upload class */
+	protected $upload;
+
+	/**
+	 * Constructor for attachment manager
+	 *
+	 * @param delete $delete Attachment delete class
+	 * @param resync $resync Attachment resync class
+	 * @param upload $upload Attachment upload class
+	 */
+	public function __construct(delete $delete, resync $resync, upload $upload)
+	{
+		$this->delete = $delete;
+		$this->resync = $resync;
+		$this->upload = $upload;
+	}
+
+	/**
+	 * Wrapper method for deleting attachments
+	 *
+	 * @param string $mode can be: post|message|topic|attach|user
+	 * @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids
+	 * @param bool $resync set this to false if you are deleting posts or topics
+	 *
+	 * @return int|bool Number of deleted attachments or false if something
+	 *			went wrong during attachment deletion
+	 */
+	public function delete($mode, $ids, $resync = true)
+	{
+		return $this->delete->delete($mode, $ids, $resync);
+	}
+
+	/**
+	 * Wrapper method for deleting attachments from filesystem
+	 *
+	 * @param string $filename Filename of attachment
+	 * @param string $mode Delete mode
+	 * @param bool $entry_removed Whether entry was removed. Defaults to false
+	 * @return bool True if file was removed, false if not
+	 */
+	public function unlink($filename, $mode = 'file', $entry_removed = false)
+	{
+		return $this->delete->unlink_attachment($filename, $mode, $entry_removed);
+	}
+
+	/**
+	 * Wrapper method for resyncing specified type
+	 *
+	 * @param string $type Type of resync
+	 * @param array $ids IDs to resync
+	 */
+	public function resync($type, $ids)
+	{
+		$this->resync->resync($type, $ids);
+	}
+
+	/**
+	 * Wrapper method for uploading attachment
+	 *
+	 * @param string			$form_name		The form name of the file upload input
+	 * @param int			$forum_id		The id of the forum
+	 * @param bool			$local			Whether the file is local or not
+	 * @param string			$local_storage	The path to the local file
+	 * @param bool			$is_message		Whether it is a PM or not
+	 * @param array		$local_filedata	An file data object created for the local file
+	 *
+	 * @return array File data array
+	 */
+	public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = [])
+	{
+		return $this->upload->upload($form_name, $forum_id, $local, $local_storage, $is_message, $local_filedata);
+	}
+}
diff --git a/phpBB/phpbb/attachment/resync.php b/phpBB/phpbb/attachment/resync.php
new file mode 100644
index 0000000000..6c2e0a8b0d
--- /dev/null
+++ b/phpBB/phpbb/attachment/resync.php
@@ -0,0 +1,124 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\attachment;
+
+use \phpbb\db\driver\driver_interface;
+
+/**
+ * Attachment resync class
+ */
+class resync
+{
+	/** @var driver_interface */
+	protected $db;
+
+	/** @var string Attachment table SQL ID */
+	private $attach_sql_id;
+
+	/** @var string Resync table SQL ID  */
+	private $resync_sql_id;
+
+	/** @var string Resync SQL table */
+	private $resync_table;
+
+	/** @var string SQL where statement */
+	private $sql_where;
+
+	/**
+	 * Constructor for attachment resync class
+	 *
+	 * @param driver_interface $db Database driver
+	 */
+	public function __construct(driver_interface $db)
+	{
+		$this->db = $db;
+	}
+
+	/**
+	 * Set type constraints for attachment resync
+	 *
+	 * @param string $type Type of resync; can be: message|post|topic
+	 */
+	protected function set_type_constraints($type)
+	{
+		switch ($type)
+		{
+			case 'message':
+				$this->attach_sql_id = 'post_msg_id';
+				$this->sql_where = ' AND in_message = 1
+					AND is_orphan = 0';
+				$this->resync_table = PRIVMSGS_TABLE;
+				$this->resync_sql_id = 'msg_id';
+			break;
+
+			case 'post':
+				$this->attach_sql_id = 'post_msg_id';
+				$this->sql_where = ' AND in_message = 0
+					AND is_orphan = 0';
+				$this->resync_table = POSTS_TABLE;
+				$this->resync_sql_id = 'post_id';
+			break;
+
+			case 'topic':
+				$this->attach_sql_id = 'topic_id';
+				$this->sql_where = ' AND is_orphan = 0';
+				$this->resync_table = TOPICS_TABLE;
+				$this->resync_sql_id = 'topic_id';
+			break;
+		}
+	}
+
+	/**
+	 * Resync specified type
+	 *
+	 * @param string $type Type of resync
+	 * @param array $ids IDs to resync
+	 */
+	public function resync($type, $ids)
+	{
+		if (empty($type) || !is_array($ids) || !sizeof($ids) || !in_array($type, array('post', 'topic', 'message')))
+		{
+			return;
+		}
+
+		$this->set_type_constraints($type);
+
+		// Just check which elements are still having an assigned attachment
+		// not orphaned by querying the attachments table
+		$sql = 'SELECT ' . $this->attach_sql_id . '
+			FROM ' . ATTACHMENTS_TABLE . '
+			WHERE ' . $this->db->sql_in_set($this->attach_sql_id, $ids)
+				. $this->sql_where;
+		$result = $this->db->sql_query($sql);
+
+		$remaining_ids = array();
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			$remaining_ids[] = $row[$this->attach_sql_id];
+		}
+		$this->db->sql_freeresult($result);
+
+		// Now only unset those ids remaining
+		$ids = array_diff($ids, $remaining_ids);
+
+		if (sizeof($ids))
+		{
+			$sql = 'UPDATE ' . $this->resync_table . '
+				SET ' . $type . '_attachment = 0
+				WHERE ' . $this->db->sql_in_set($this->resync_sql_id, $ids);
+			$this->db->sql_query($sql);
+		}
+	}
+
+}
diff --git a/phpBB/phpbb/attachment/upload.php b/phpBB/phpbb/attachment/upload.php
new file mode 100644
index 0000000000..957558768b
--- /dev/null
+++ b/phpBB/phpbb/attachment/upload.php
@@ -0,0 +1,334 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\attachment;
+
+use phpbb\auth\auth;
+use \phpbb\cache\service;
+use \phpbb\config\config;
+use \phpbb\event\dispatcher;
+use \phpbb\language\language;
+use \phpbb\mimetype\guesser;
+use \phpbb\plupload\plupload;
+use \phpbb\user;
+
+/**
+ * Attachment upload class
+ */
+class upload
+{
+	/** @var auth */
+	protected $auth;
+
+	/** @var service */
+	protected $cache;
+
+	/** @var config */
+	protected $config;
+
+	/** @var \phpbb\files\upload Upload class */
+	protected $files_upload;
+
+	/** @var \phpbb\language\language */
+	protected $language;
+
+	/** @var guesser Mimetype guesser */
+	protected $mimetype_guesser;
+
+	/** @var dispatcher */
+	protected $phpbb_dispatcher;
+
+	/** @var plupload Plupload */
+	protected $plupload;
+
+	/** @var user */
+	protected $user;
+
+	/** @var \phpbb\files\filespec Current filespec instance */
+	private $file;
+
+	/** @var array File data */
+	private $file_data = array(
+		'error'	=> array()
+	);
+
+	/** @var array Extensions array */
+	private $extensions;
+
+	/**
+	 * Constructor for attachments upload class
+	 *
+	 * @param auth $auth
+	 * @param service $cache
+	 * @param config $config
+	 * @param \phpbb\files\upload $files_upload
+	 * @param language $language
+	 * @param guesser $mimetype_guesser
+	 * @param dispatcher $phpbb_dispatcher
+	 * @param plupload $plupload
+	 * @param user $user
+	 * @param $phpbb_root_path
+	 */
+	public function __construct(auth $auth, service $cache, config $config, \phpbb\files\upload $files_upload, language $language, guesser $mimetype_guesser, dispatcher $phpbb_dispatcher, plupload $plupload, user $user, $phpbb_root_path)
+	{
+		$this->auth = $auth;
+		$this->cache = $cache;
+		$this->config = $config;
+		$this->files_upload = $files_upload;
+		$this->language = $language;
+		$this->mimetype_guesser = $mimetype_guesser;
+		$this->phpbb_dispatcher = $phpbb_dispatcher;
+		$this->plupload = $plupload;
+		$this->user = $user;
+		$this->phpbb_root_path = $phpbb_root_path;
+	}
+
+	/**
+	 * Upload Attachment - filedata is generated here
+	 * Uses upload class
+	 *
+	 * @param string			$form_name		The form name of the file upload input
+	 * @param int			$forum_id		The id of the forum
+	 * @param bool			$local			Whether the file is local or not
+	 * @param string			$local_storage	The path to the local file
+	 * @param bool			$is_message		Whether it is a PM or not
+	 * @param array		$local_filedata	An file data object created for the local file
+	 *
+	 * @return array File data array
+	 */
+	public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = array())
+	{
+		$this->init_files_upload($forum_id, $is_message);
+
+		$this->file_data['post_attach'] = $local || $this->files_upload->is_valid($form_name);
+
+		if (!$this->file_data['post_attach'])
+		{
+			$this->file_data['error'][] = $this->language->lang('NO_UPLOAD_FORM_FOUND');
+			return $this->file_data;
+		}
+
+		$this->file = ($local) ? $this->files_upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $this->files_upload->handle_upload('files.types.form', $form_name);
+
+		if ($this->file->init_error())
+		{
+			$this->file_data['post_attach'] = false;
+			return $this->file_data;
+		}
+
+		// Whether the uploaded file is in the image category
+		$is_image = (isset($this->extensions[$this->file->get('extension')]['display_cat'])) ? $this->extensions[$this->file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false;
+
+		if (!$this->auth->acl_get('a_') && !$this->auth->acl_get('m_', $forum_id))
+		{
+			// Check Image Size, if it is an image
+			if ($is_image)
+			{
+				$this->file->upload->set_allowed_dimensions(0, 0, $this->config['img_max_width'], $this->config['img_max_height']);
+			}
+
+			// Admins and mods are allowed to exceed the allowed filesize
+			if (!empty($this->extensions[$this->file->get('extension')]['max_filesize']))
+			{
+				$allowed_filesize = $this->extensions[$this->file->get('extension')]['max_filesize'];
+			}
+			else
+			{
+				$allowed_filesize = ($is_message) ? $this->config['max_filesize_pm'] : $this->config['max_filesize'];
+			}
+
+			$this->file->upload->set_max_filesize($allowed_filesize);
+		}
+
+		$this->file->clean_filename('unique', $this->user->data['user_id'] . '_');
+
+		// Are we uploading an image *and* this image being within the image category?
+		// Only then perform additional image checks.
+		$this->file->move_file($this->config['upload_path'], false, !$is_image);
+
+		// Do we have to create a thumbnail?
+		$this->file_data['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0;
+
+		// Make sure the image category only holds valid images...
+		$this->check_image($is_image);
+
+		if (sizeof($this->file->error))
+		{
+			$this->file->remove();
+			$this->file_data['error'] = array_merge($this->file_data['error'], $this->file->error);
+			$this->file_data['post_attach'] = false;
+
+			return $this->file_data;
+		}
+
+		$this->fill_file_data();
+
+		$filedata = $this->file_data;
+
+		/**
+		 * Event to modify uploaded file before submit to the post
+		 *
+		 * @event core.modify_uploaded_file
+		 * @var	array	filedata	Array containing uploaded file data
+		 * @var	bool	is_image	Flag indicating if the file is an image
+		 * @since 3.1.0-RC3
+		 */
+		$vars = array(
+			'filedata',
+			'is_image',
+		);
+		extract($this->phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars)));
+		$this->file_data = $filedata;
+		unset($filedata);
+
+		// Check for attachment quota and free space
+		if (!$this->check_attach_quota() || !$this->check_disk_space())
+		{
+			return $this->file_data;
+		}
+
+		// Create Thumbnail
+		$this->create_thumbnail();
+
+		return $this->file_data;
+	}
+
+	/**
+	 * Create thumbnail for file if necessary
+	 *
+	 * @return array Updated $filedata
+	 */
+	protected function create_thumbnail()
+	{
+		if ($this->file_data['thumbnail'])
+		{
+			$source = $this->file->get('destination_file');
+			$destination = $this->file->get('destination_path') . '/thumb_' . $this->file->get('realname');
+
+			if (!create_thumbnail($source, $destination, $this->file->get('mimetype')))
+			{
+				$this->file_data['thumbnail'] = 0;
+			}
+		}
+	}
+
+	/**
+	 * Init files upload class
+	 *
+	 * @param int $forum_id Forum ID
+	 * @param bool $is_message Whether attachment is inside PM or not
+	 */
+	protected function init_files_upload($forum_id, $is_message)
+	{
+		if ($this->config['check_attachment_content'] && isset($this->config['mime_triggers']))
+		{
+			$this->files_upload->set_disallowed_content(explode('|', $this->config['mime_triggers']));
+		}
+		else if (!$this->config['check_attachment_content'])
+		{
+			$this->files_upload->set_disallowed_content(array());
+		}
+
+		$this->extensions = $this->cache->obtain_attach_extensions((($is_message) ? false : (int) $forum_id));
+		$this->files_upload->set_allowed_extensions(array_keys($this->extensions['_allowed_']));
+	}
+
+	/**
+	 * Check if uploaded file is really an image
+	 *
+	 * @param bool $is_image Whether file is image
+	 */
+	protected function check_image($is_image)
+	{
+		// Make sure the image category only holds valid images...
+		if ($is_image && !$this->file->is_image())
+		{
+			$this->file->remove();
+
+			if ($this->plupload && $this->plupload->is_active())
+			{
+				$this->plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE');
+			}
+
+			// If this error occurs a user tried to exploit an IE Bug by renaming extensions
+			// Since the image category is displaying content inline we need to catch this.
+			$this->file->set_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE'));
+		}
+	}
+
+	/**
+	 * Check if attachment quota was reached
+	 *
+	 * @return bool False if attachment quota was reached, true if not
+	 */
+	protected function check_attach_quota()
+	{
+		if ($this->config['attachment_quota'])
+		{
+			if (intval($this->config['upload_dir_size']) + $this->file->get('filesize') > $this->config['attachment_quota'])
+			{
+				$this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED');
+				$this->file_data['post_attach'] = false;
+
+				$this->file->remove();
+
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	/**
+	 * Check if there is enough free space available on disk
+	 *
+	 * @return bool True if disk space is available, false if not
+	 */
+	protected function check_disk_space()
+	{
+		if ($free_space = @disk_free_space($this->phpbb_root_path . $this->config['upload_path']))
+		{
+			if ($free_space <= $this->file->get('filesize'))
+			{
+				if ($this->auth->acl_get('a_'))
+				{
+					$this->file_data['error'][] = $this->language->lang('ATTACH_DISK_FULL');
+				}
+				else
+				{
+					$this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED');
+				}
+				$this->file_data['post_attach'] = false;
+
+				$this->file->remove();
+
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	/**
+	 * Fills file data with file information and current time as filetime
+	 */
+	protected function fill_file_data()
+	{
+		$this->file_data['filesize'] = $this->file->get('filesize');
+		$this->file_data['mimetype'] = $this->file->get('mimetype');
+		$this->file_data['extension'] = $this->file->get('extension');
+		$this->file_data['physical_filename'] = $this->file->get('realname');
+		$this->file_data['real_filename'] = $this->file->get('uploadname');
+		$this->file_data['filetime'] = time();
+	}
+}