From 8191755cca418ad2124e11e4e93559b9cad7d8bd Mon Sep 17 00:00:00 2001 From: erangamapa Date: Sat, 25 May 2013 10:50:43 +0530 Subject: [ticket/11145] Wrong error thrown when uploading a bigger image. When attaching an image to a post with a size larger than maximum defined in php.ini, 'ATTACHED_IMAGE_NOT_IMAGE' error is thrown. $file->is_image() is returning false value when image size is too large. Therefore, moved not image test down after image size test. PHPBB3-11145 --- phpBB/includes/functions_posting.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'phpBB/includes/functions_posting.php') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index e5cbae0d71..2e5130c5b8 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -423,16 +423,6 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage $cat_id = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE; - // Make sure the image category only holds valid images... - if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image()) - { - $file->remove(); - - // If this error occurs a user tried to exploit an IE Bug by renaming extensions - // Since the image category is displaying content inline we need to catch this. - trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']); - } - // Do we have to create a thumbnail? $filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0; @@ -473,6 +463,16 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage return $filedata; } + // Make sure the image category only holds valid images... + if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image()) + { + $file->remove(); + + // If this error occurs a user tried to exploit an IE Bug by renaming extensions + // Since the image category is displaying content inline we need to catch this. + trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']); + } + $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); -- cgit v1.2.1 From cb54f56c3db0bedefaa76113f7491203962004ed Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 4 Mar 2013 02:39:44 +0100 Subject: [ticket/11586] Combine administrator/moderator checks together. PHPBB3-11586 --- phpBB/includes/functions_posting.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'phpBB/includes/functions_posting.php') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index e823f8be75..8b4a833d8e 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -434,15 +434,15 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage // Do we have to create a thumbnail? $filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0; - // Check Image Size, if it is an image - if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id) && $cat_id == ATTACHMENT_CATEGORY_IMAGE) - { - $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); - } - - // Admins and mods are allowed to exceed the allowed filesize if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id)) { + // Check Image Size, if it is an image + if ($cat_id == ATTACHMENT_CATEGORY_IMAGE) + { + $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); + } + + // Admins and mods are allowed to exceed the allowed filesize if (!empty($extensions[$file->get('extension')]['max_filesize'])) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize']; -- cgit v1.2.1 From 11c80c040243244757ea75ef4ab23a70a725254f Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 4 Mar 2013 02:43:48 +0100 Subject: [ticket/11586] Use a variable for $cat_id == ATTACHMENT_CATEGORY_IMAGE. PHPBB3-11586 --- phpBB/includes/functions_posting.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'phpBB/includes/functions_posting.php') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 8b4a833d8e..a31d3b5a3f 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -429,15 +429,16 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage return $filedata; } - $cat_id = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE; + // Whether the uploaded file is in the image category + $is_image = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; // Do we have to create a thumbnail? - $filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0; + $filedata['thumbnail'] = ($is_image && $config['img_create_thumbnail']) ? 1 : 0; if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id)) { // Check Image Size, if it is an image - if ($cat_id == ATTACHMENT_CATEGORY_IMAGE) + if ($is_image) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } @@ -457,10 +458,9 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage $file->clean_filename('unique', $user->data['user_id'] . '_'); - // Are we uploading an image *and* this image being within the image category? Only then perform additional image checks. - $no_image = ($cat_id == ATTACHMENT_CATEGORY_IMAGE) ? false : true; - - $file->move_file($config['upload_path'], false, $no_image); + // Are we uploading an image *and* this image being within the image category? + // Only then perform additional image checks. + $file->move_file($config['upload_path'], false, !$is_image); if (sizeof($file->error)) { @@ -472,7 +472,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage } // Make sure the image category only holds valid images... - if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image()) + if ($is_image && !$file->is_image()) { $file->remove(); -- cgit v1.2.1 From 50e3173e8c2f8304ad79e228df8526f9caf7b999 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 4 Mar 2013 02:46:12 +0100 Subject: [ticket/11586] Combine $filedata['post_attach'] assign into a single statement. PHPBB3-11586 --- phpBB/includes/functions_posting.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'phpBB/includes/functions_posting.php') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index a31d3b5a3f..d6f7c9bab4 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -403,14 +403,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); } - if (!$local) - { - $filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false; - } - else - { - $filedata['post_attach'] = true; - } + $filedata['post_attach'] = $local || $upload->is_valid($form_name); if (!$filedata['post_attach']) { -- cgit v1.2.1 From 5fa25880e23f1ad72321da2e04c574d99f5546a2 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 4 Mar 2013 02:49:48 +0100 Subject: [ticket/11586] Move $filedata['thumbnail'] to where it might be returned. PHPBB3-11586 --- phpBB/includes/functions_posting.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/includes/functions_posting.php') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index d6f7c9bab4..b9b518ad32 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -425,9 +425,6 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage // Whether the uploaded file is in the image category $is_image = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; - // Do we have to create a thumbnail? - $filedata['thumbnail'] = ($is_image && $config['img_create_thumbnail']) ? 1 : 0; - if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id)) { // Check Image Size, if it is an image @@ -455,6 +452,9 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage // Only then perform additional image checks. $file->move_file($config['upload_path'], false, !$is_image); + // Do we have to create a thumbnail? + $filedata['thumbnail'] = ($is_image && $config['img_create_thumbnail']) ? 1 : 0; + if (sizeof($file->error)) { $file->remove(); -- cgit v1.2.1