From 1d42d1b9817050974c8bc8b91bc34a6c3cfbfef8 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 22 Aug 2006 21:26:06 +0000 Subject: some updates. Also adjusted the utf tools and normalizer more to our coding guidelines. git-svn-id: file:///svn/phpbb/trunk@6312 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_upload.php') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 28701339e4..ca2618c96a 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -38,7 +38,7 @@ class filespec /** * File Class - * @access: private + * @access private */ function filespec($upload_ary, $upload_namespace) { -- cgit v1.2.1 From 504eef65c5fe128c86cd2f122cda53cf4df04347 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 5 Sep 2006 15:17:45 +0000 Subject: check file type git-svn-id: file:///svn/phpbb/trunk@6354 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_upload.php | 44 +++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'phpBB/includes/functions_upload.php') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index ca2618c96a..9f02c5f74e 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -305,6 +305,25 @@ class filespec { $this->mimetype = $this->image_info['mime']; } + + // Check image type + $types = $this->upload->image_types(); + + if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]])) + { + if (!isset($types[$this->image_info[2]])) + { + $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype); + } + else + { + $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension); + } + } + } + else + { + $this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; } } @@ -790,6 +809,31 @@ class fileupload { return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false; } + + /** + * Return image type/extension mapping + */ + function image_types() + { + return array( + 1 => array('gif'), + 2 => array('jpg', 'jpeg'), + 3 => array('png'), + 4 => array('swf'), + 5 => array('psd'), + 6 => array('bmp'), + 7 => array('tif', 'tiff'), + 8 => array('tif', 'tiff'), + 9 => array('jpg', 'jpeg'), + 10 => array('jpg', 'jpeg'), + 11 => array('jpg', 'jpeg'), + 12 => array('jpg', 'jpeg'), + 13 => array('swc'), + 14 => array('iff'), + 15 => array('wbmp'), + 16 => array('xbm'), + ); + } } ?> \ No newline at end of file -- cgit v1.2.1 From b76222cb6e9ed69ee8ed0c09f0196eaaafd33fad Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Wed, 13 Sep 2006 16:08:36 +0000 Subject: - fixed some bugs - changed attachment handling a bit - tried to remove target tags out of the code - do not add session ids to urls for bots as well as not creating a new session on each page view for them I bet i introduced some bugs too. ;) git-svn-id: file:///svn/phpbb/trunk@6364 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_upload.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'phpBB/includes/functions_upload.php') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 9f02c5f74e..cd35254b28 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -221,6 +221,8 @@ class filespec return false; } + +/* // Adjust destination path (no trailing slash) if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\') { @@ -232,13 +234,29 @@ class filespec { $destination = ''; } +*/ + // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... $this->destination_path = $phpbb_root_path . $destination; + // Check if the destination path exist... + if (!file_exists($this->destination_path)) + { + @unlink($this->filename); + return false; + } + $upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy'; $upload_mode = ($this->local) ? 'local' : $upload_mode; $this->destination_file = $this->destination_path . '/' . basename($this->realname); + // Check if the file already exist, else there is something wrong... + if (file_exists($this->destination_file)) + { + @unlink($this->filename); + return false; + } + switch ($upload_mode) { case 'copy': -- cgit v1.2.1 From 26befa094147b542e48e36867eb41eaf424225f7 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 28 Sep 2006 15:04:59 +0000 Subject: - added confirmation to removing bbcodes - added optional MX and DNSBL checks - added backtrace (triggering sql error) on error within sql_in_set as well as making sure it is handling an array - let users having f_list access to a forum actually see the forum without a topic list and not displaying an error message - this allows for giving people access to subforums but not the parent forum without the need to add the (sub-)forum to the index. - some additional bugfixes git-svn-id: file:///svn/phpbb/trunk@6414 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_upload.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_upload.php') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index cd35254b28..6b5d043bae 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -138,7 +138,7 @@ class filespec /** * Check if the file got correctly uploaded * - * @return true if it is a valid upload and the file exist, false if not + * @return true if it is a valid upload, false if not */ function is_uploaded() { @@ -147,7 +147,12 @@ class filespec return false; } - return (file_exists($this->filename)) ? true : false; + if ($this->local && !file_exists($this->filename)) + { + return false; + } + + return true; } /** -- cgit v1.2.1 From 485935e1f1a3a773260cda0b7ac3f3800dca990e Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 7 Oct 2006 17:40:07 +0000 Subject: he braces style is deprecated as of PHP 6 git-svn-id: file:///svn/phpbb/trunk@6459 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_upload.php | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'phpBB/includes/functions_upload.php') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 6b5d043bae..a7a76cf526 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -226,21 +226,6 @@ class filespec return false; } - -/* - // Adjust destination path (no trailing slash) - if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\') - { - $destination = substr($destination, 0, sizeof($destination)-2); - } - - $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); - if ($destination && ($destination{0} == '/' || $destination{0} == "\\")) - { - $destination = ''; - } -*/ - // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... $this->destination_path = $phpbb_root_path . $destination; -- cgit v1.2.1