Ejemplo n.º 1
0
function processAttachments()
{
    global $context, $modSettings, $smcFunc, $txt, $user_info;
    // Make sure we're uploading to the right place.
    if (!empty($modSettings['automanage_attachments'])) {
        automanage_attachments_check_directory();
    }
    if (!is_array($modSettings['attachmentUploadDir'])) {
        $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
    }
    $context['attach_dir'] = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
    // Is the attachments folder actualy there?
    if (!empty($context['dir_creation_error'])) {
        $initial_error = $context['dir_creation_error'];
    } elseif (!is_dir($context['attach_dir'])) {
        $initial_error = 'attach_folder_warning';
        log_error(sprintf($txt['attach_folder_admin_warning'], $context['attach_dir']), 'critical');
    }
    if (!isset($initial_error) && !isset($context['attachments'])) {
        // If this isn't a new post, check the current attachments.
        if (isset($_REQUEST['msg'])) {
            $request = $smcFunc['db_query']('', '
				SELECT COUNT(*), SUM(size)
				FROM {db_prefix}attachments
				WHERE id_msg = {int:id_msg}
					AND attachment_type = {int:attachment_type}', array('id_msg' => (int) $_REQUEST['msg'], 'attachment_type' => 0));
            list($context['attachments']['quantity'], $context['attachments']['total_size']) = $smcFunc['db_fetch_row']($request);
            $smcFunc['db_free_result']($request);
        } else {
            $context['attachments'] = array('quantity' => 0, 'total_size' => 0);
        }
    }
    // Hmm. There are still files in session.
    $ignore_temp = false;
    if (!empty($_SESSION['temp_attachments']['post']['files']) && count($_SESSION['temp_attachments']) > 1) {
        // Let's try to keep them. But...
        $ignore_temp = true;
        // If new files are being added. We can't ignore those
        foreach ($_FILES['attachment']['tmp_name'] as $dummy) {
            if (!empty($dummy)) {
                $ignore_temp = false;
                break;
            }
        }
        // Need to make space for the new files. So, bye bye.
        if (!$ignore_temp) {
            foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) {
                if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) {
                    unlink($attachment['tmp_name']);
                }
            }
            $context['we_are_history'] = $txt['error_temp_attachments_flushed'];
            $_SESSION['temp_attachments'] = array();
        }
    }
    if (!isset($_FILES['attachment']['name'])) {
        $_FILES['attachment']['tmp_name'] = array();
    }
    if (!isset($_SESSION['temp_attachments'])) {
        $_SESSION['temp_attachments'] = array();
    }
    // Remember where we are at. If it's anywhere at all.
    if (!$ignore_temp) {
        $_SESSION['temp_attachments']['post'] = array('msg' => !empty($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'last_msg' => !empty($_REQUEST['last_msg']) ? $_REQUEST['last_msg'] : 0, 'topic' => !empty($topic) ? $topic : 0, 'board' => !empty($board) ? $board : 0);
    }
    // If we have an itital error, lets just display it.
    if (!empty($initial_error)) {
        $_SESSION['temp_attachments']['initial_error'] = $initial_error;
        // And delete the files 'cos they ain't going nowhere.
        foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
            if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
                unlink($_FILES['attachment']['tmp_name'][$n]);
            }
        }
        $_FILES['attachment']['tmp_name'] = array();
    }
    // Loop through $_FILES['attachment'] array and move each file to the current attachments folder.
    foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
        if ($_FILES['attachment']['name'][$n] == '') {
            continue;
        }
        // First, let's first check for PHP upload errors.
        $errors = array();
        if (!empty($_FILES['attachment']['error'][$n])) {
            if ($_FILES['attachment']['error'][$n] == 2) {
                $errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit']));
            } elseif ($_FILES['attachment']['error'][$n] == 6) {
                log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical');
            } else {
                log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]);
            }
            if (empty($errors)) {
                $errors[] = 'attach_php_error';
            }
        }
        // Try to move and rename the file before doing any more checks on it.
        $attachID = 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand());
        $destName = $context['attach_dir'] . '/' . $attachID;
        if (empty($errors)) {
            $_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n])), 'tmp_name' => $destName, 'size' => $_FILES['attachment']['size'][$n], 'type' => $_FILES['attachment']['type'][$n], 'id_folder' => $modSettings['currentAttachmentUploadDir'], 'errors' => array());
            // Move the file to the attachments folder with a temp name for now.
            if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName)) {
                @chmod($destName, 0644);
            } else {
                $_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout';
                if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
                    unlink($_FILES['attachment']['tmp_name'][$n]);
                }
            }
        } else {
            $_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n])), 'tmp_name' => $destName, 'errors' => $errors);
            if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
                unlink($_FILES['attachment']['tmp_name'][$n]);
            }
        }
        // If there's no errors to this pont. We still do need to apply some addtional checks before we are finished.
        if (empty($_SESSION['temp_attachments'][$attachID]['errors'])) {
            attachmentChecks($attachID);
        }
    }
    // Mod authors, finally a hook to hang an alternate attachment upload system upon
    // Upload to the current attachment folder with the file name $attachID or 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand())
    // Populate $_SESSION['temp_attachments'][$attachID] with the following:
    //   name => The file name
    //   tmp_name => Path to the temp file ($context['attach_dir'] . '/' . $attachID).
    //   size => File size (required).
    //   type => MIME type (optional if not available on upload).
    //   id_folder => $modSettings['currentAttachmentUploadDir']
    //   errors => An array of errors (use the index of the $txt variable for that error).
    // Template changes can be done using "integrate_upload_template".
    call_integration_hook('integrate_attachment_upload', array());
}
Ejemplo n.º 2
0
/**
 * Handles the actual saving of attachments to a directory.
 *
 * What it does:
 * - Loops through $_FILES['attachment'] array and saves each file to the current attachments folder.
 * - Validates the save location actually exists.
 *
 * @package Attachments
 * @param int|null $id_msg = null or id of the message with attachments, if any.
 *                  If null, this is an upload in progress for a new post.
 */
function processAttachments($id_msg = null)
{
    global $context, $modSettings, $txt, $user_info, $ignore_temp, $topic, $board;
    $attach_errors = Attachment_Error_Context::context();
    // Make sure we're uploading to the right place.
    if (!empty($modSettings['automanage_attachments'])) {
        automanage_attachments_check_directory();
    }
    if (!is_array($modSettings['attachmentUploadDir'])) {
        $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
    }
    $context['attach_dir'] = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
    // Is the attachments folder actualy there?
    if (!empty($context['dir_creation_error'])) {
        $initial_error = $context['dir_creation_error'];
    } elseif (!is_dir($context['attach_dir'])) {
        $initial_error = 'attach_folder_warning';
        log_error(sprintf($txt['attach_folder_admin_warning'], $context['attach_dir']), 'critical');
    }
    if (!isset($initial_error) && !isset($context['attachments']['quantity'])) {
        // If this isn't a new post, check the current attachments.
        if (!empty($id_msg)) {
            list($context['attachments']['quantity'], $context['attachments']['total_size']) = attachmentsSizeForMessage($id_msg);
        } else {
            $context['attachments']['quantity'] = 0;
            $context['attachments']['total_size'] = 0;
        }
    }
    // Hmm. There are still files in session.
    $ignore_temp = false;
    if (!empty($_SESSION['temp_attachments']['post']['files']) && count($_SESSION['temp_attachments']) > 1) {
        // Let's try to keep them. But...
        $ignore_temp = true;
        // If new files are being added. We can't ignore those
        foreach ($_FILES['attachment']['tmp_name'] as $dummy) {
            if (!empty($dummy)) {
                $ignore_temp = false;
                break;
            }
        }
        // Need to make space for the new files. So, bye bye.
        if (!$ignore_temp) {
            foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) {
                if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) {
                    @unlink($attachment['tmp_name']);
                }
            }
            $attach_errors->activate()->addError('temp_attachments_flushed');
            $_SESSION['temp_attachments'] = array();
        }
    }
    if (!isset($_FILES['attachment']['name'])) {
        $_FILES['attachment']['tmp_name'] = array();
    }
    if (!isset($_SESSION['temp_attachments'])) {
        $_SESSION['temp_attachments'] = array();
    }
    // Remember where we are at. If it's anywhere at all.
    if (!$ignore_temp) {
        $_SESSION['temp_attachments']['post'] = array('msg' => !empty($id_msg) ? $id_msg : 0, 'last_msg' => !empty($_REQUEST['last_msg']) ? $_REQUEST['last_msg'] : 0, 'topic' => !empty($topic) ? $topic : 0, 'board' => !empty($board) ? $board : 0);
    }
    // If we have an initial error, lets just display it.
    if (!empty($initial_error)) {
        $_SESSION['temp_attachments']['initial_error'] = $initial_error;
        // This is a generic error
        $attach_errors->activate();
        $attach_errors->addError('attach_no_upload');
        $attach_errors->addError(is_array($attachment) ? array($attachment[0], $attachment[1]) : $attachment);
        // And delete the files 'cos they ain't going nowhere.
        foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
            if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
                unlink($_FILES['attachment']['tmp_name'][$n]);
            }
        }
        $_FILES['attachment']['tmp_name'] = array();
    }
    // Loop through $_FILES['attachment'] array and move each file to the current attachments folder.
    foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
        if ($_FILES['attachment']['name'][$n] == '') {
            continue;
        }
        // First, let's first check for PHP upload errors.
        $errors = attachmentUploadChecks($n);
        // Set the names and destination for this file
        $attachID = 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand());
        $destName = $context['attach_dir'] . '/' . $attachID;
        // If we are error free, Try to move and rename the file before doing more checks on it.
        if (empty($errors)) {
            $_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n]), ENT_COMPAT, 'UTF-8'), 'tmp_name' => $destName, 'attachid' => $attachID, 'size' => $_FILES['attachment']['size'][$n], 'type' => $_FILES['attachment']['type'][$n], 'id_folder' => $modSettings['currentAttachmentUploadDir'], 'errors' => array());
            // Move the file to the attachments folder with a temp name for now.
            if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName)) {
                @chmod($destName, 0644);
            } else {
                $_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout';
                if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
                    unlink($_FILES['attachment']['tmp_name'][$n]);
                }
            }
        } else {
            $_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n]), ENT_COMPAT, 'UTF-8'), 'tmp_name' => $destName, 'errors' => $errors);
            if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
                unlink($_FILES['attachment']['tmp_name'][$n]);
            }
        }
        // If there were no errors to this pont, we apply some addtional checks
        if (empty($_SESSION['temp_attachments'][$attachID]['errors'])) {
            attachmentChecks($attachID);
        }
        // Sort out the errors for display and delete any associated files.
        if (!empty($_SESSION['temp_attachments'][$attachID]['errors'])) {
            $attach_errors->addAttach($attachID, $_SESSION['temp_attachments'][$attachID]['name']);
            $log_these = array('attachments_no_create', 'attachments_no_write', 'attach_timeout', 'ran_out_of_space', 'cant_access_upload_path', 'attach_0_byte_file');
            foreach ($_SESSION['temp_attachments'][$attachID]['errors'] as $error) {
                if (!is_array($error)) {
                    $attach_errors->addError($error);
                    if (in_array($error, $log_these)) {
                        log_error($_SESSION['temp_attachments'][$attachID]['name'] . ': ' . $txt[$error], 'critical');
                    }
                } else {
                    $attach_errors->addError(array($error[0], $error[1]));
                }
            }
        }
    }
    // Mod authors, finally a hook to hang an alternate attachment upload system upon
    // Upload to the current attachment folder with the file name $attachID or 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand())
    // Populate $_SESSION['temp_attachments'][$attachID] with the following:
    //   name => The file name
    //   tmp_name => Path to the temp file ($context['attach_dir'] . '/' . $attachID).
    //   size => File size (required).
    //   type => MIME type (optional if not available on upload).
    //   id_folder => $modSettings['currentAttachmentUploadDir']
    //   errors => An array of errors (use the index of the $txt variable for that error).
    // Template changes can be done using "integrate_upload_template".
    call_integration_hook('integrate_attachment_upload');
}
Ejemplo n.º 3
0
/**
 * Writes email attachments as temp names in the proper attachment directory
 *
 * - populates $_SESSION['temp_attachments'] with the email attachments
 * - calls attachmentChecks to validate them
 * - skips ones flagged with errors
 * - adds valid ones to attachmentOptions
 * - calls createAttachment to store them
 *
 * @package Maillist
 * @param mixed[] $pbe
 * @param Email_Parse $email_message
 */
function pbe_email_attachments($pbe, $email_message)
{
    // Trying to attach a file with this post ....
    global $modSettings, $context;
    // Init
    $attachment_count = 0;
    $attachIDs = array();
    // Make sure we're uploading the files to the right place.
    if (!empty($modSettings['currentAttachmentUploadDir'])) {
        if (!is_array($modSettings['attachmentUploadDir'])) {
            $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
        }
        // The current directory, of course!
        $current_attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
    } else {
        $current_attach_dir = $modSettings['attachmentUploadDir'];
    }
    // For attachmentChecks function
    require_once SUBSDIR . '/Attachments.subs.php';
    $context['attachments'] = array('quantity' => 0, 'total_size' => 0);
    $context['attach_dir'] = $current_attach_dir;
    // Create the file(s) with a temp name so we can validate its contents/type
    foreach ($email_message->attachments as $name => $attachment) {
        // Write the contents to an actual file
        $attachID = 'post_tmp_' . $pbe['profile']['id_member'] . '_' . md5(mt_rand()) . $attachment_count;
        $destName = $current_attach_dir . '/' . $attachID;
        if (file_put_contents($destName, $attachment) !== false) {
            @chmod($destName, 0644);
            // Place them in session since that's where attachmentChecks looks
            $_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($name), ENT_COMPAT, 'UTF-8'), 'tmp_name' => $destName, 'size' => strlen($attachment), 'id_folder' => $modSettings['currentAttachmentUploadDir'], 'errors' => array(), 'approved' => !$modSettings['postmod_active'] || in_array('post_unapproved_attachments', $pbe['user_info']['permissions']));
            // Make sure its valid
            attachmentChecks($attachID);
            $attachment_count++;
        }
    }
    // Get the results from attachmentChecks and see if its suitable for posting
    $attachments = $_SESSION['temp_attachments'];
    unset($_SESSION['temp_attachments']);
    foreach ($attachments as $attachID => $attachment) {
        // If there were any errors we just skip that file
        if ($attachID != 'initial_error' && strpos($attachID, 'post_tmp_' . $pbe['profile']['id_member']) === false || ($attachID == 'initial_error' || !empty($attachment['errors']))) {
            @unlink($attachment['tmp_name']);
            continue;
        }
        // Load the attachmentOptions array with the data needed to create an attachment
        $attachmentOptions = array('post' => !empty($email_message->message_id) ? $email_message->message_id : 0, 'poster' => $pbe['profile']['id_member'], 'name' => $attachment['name'], 'tmp_name' => $attachment['tmp_name'], 'size' => isset($attachment['size']) ? $attachment['size'] : 0, 'mime_type' => isset($attachment['type']) ? $attachment['type'] : '', 'id_folder' => isset($attachment['id_folder']) ? $attachment['id_folder'] : 0, 'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment'), 'errors' => array());
        // Make it available to the forum/post
        if (createAttachment($attachmentOptions)) {
            $attachIDs[] = $attachmentOptions['id'];
            if (!empty($attachmentOptions['thumb'])) {
                $attachIDs[] = $attachmentOptions['thumb'];
            }
        } elseif (file_exists($attachment['tmp_name'])) {
            @unlink($attachment['tmp_name']);
        }
    }
    return $attachIDs;
}