function fetch_body_request($url, $maxsize = 0, $dieonmaxsize = false, $returnheaders = false) { global $vbulletin; require_once DIR . '/includes/class_vurl.php'; $vurl = new vB_vURL($vbulletin); return $vurl->fetch_body($url, $maxsize, $dieonmaxsize, $returnheaders); }
/** Upload an image based on the url * * @param int user ID * @param string remote url * @param bool save as attachment * * @return mixed array of data, includes filesize, dateline, htmltype, filename, extension, and filedataid **/ public function uploadUrl($userid, $url, $attachment = false, $uploadfrom = '') { //Leave for consistency with admincp if (!defined('ATTACH_AS_FILES_NEW')) { define('ATTACH_AS_FILES_NEW', 2); } //Did we get a valid url? if (empty($url)) { // throw the same exception to mitigate SSRF (VBV-13082) throw new vB_Exception_Api('upload_invalid_image'); } if (!preg_match('#^https?://#i', $url)) { // throw the same exception to mitigate SSRF (VBV-13082) throw new vB_Exception_Api('upload_invalid_image'); } // Retrieve the image $vurl = new vB_vURL(); $fileResult = $vurl->fetch_body($url, 0, false, true); if (empty($fileResult['body'])) { // throw the same exception to mitigate SSRF (VBV-13082) throw new vB_Exception_Api('upload_invalid_image'); } $pathinfo = pathinfo($url); if (empty($pathinfo)) { // throw the same exception to mitigate SSRF (VBV-13082) throw new vB_Exception_Api('upload_invalid_image'); } // if there's no extension here try get one from elsewhere $extension_map = $this->imageHandler->getExtensionMap(); if (empty($pathinfo['extension']) or !array_key_exists(strtolower($pathinfo['extension']), $extension_map)) { // try to get an extension from the content type header if (!empty($fileResult['headers']['content-type'])) { // should be something like image/jpeg $typeData = explode('/', $fileResult['headers']['content-type']); if (count($typeData) == 2 and array_key_exists(trim($typeData[1]), $extension_map)) { $extension = strtolower($extension_map[trim($typeData[1])]); } } $name = $pathinfo['basename'] . '.' . $extension; } else { $extension = $pathinfo['extension']; $name = $pathinfo['basename']; } $extension = strtolower($extension); $filename = vB_Utilities::getTmpFileName($userid, 'vbattach', ".{$extension}"); file_put_contents($filename, $fileResult['body']); $filesize = strlen($fileResult['body']); //Make a local copy $filearray = array('name' => $name, 'size' => $filesize, 'type' => 'image/' . $extension_map[$extension], 'tmp_name' => $filename); if (!empty($uploadfrom)) { $filearray['uploadFrom'] = $uploadfrom; } if ($attachment) { return $this->uploadAttachment($userid, $filearray); } $result = $this->saveUpload($userid, $filearray, $fileResult['body'], $filesize, $extension, true); if (file_exists($filearray['tmp_name'])) { @unlink($filearray['tmp_name']); } return $result; }
/** * Get information from video's URL. * This method makes use of bbcode_video table to get provider information * @param $url * @return array|bool Video data. False if the url is not supported or invalid */ public function getVideoFromUrl($url) { static $scraped = 0; $vboptions = vB::getDatastore()->get_value('options'); if (!$this->providers) { $bbcodes = $this->assertor->assertQuery("video_fetchproviders", array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED)); foreach ($bbcodes as $bbcode) { $this->providers["{$bbcode['tagoption']}"] = $bbcode; } } if (!empty($this->providers)) { $match = false; foreach ($this->providers as $provider) { $addcaret = $provider['regex_url'][0] != '^' ? '^' : ''; if (preg_match('#' . $addcaret . $provider['regex_url'] . '#si', $url, $match)) { break; } } if ($match) { if (!$provider['regex_scrape'] and $match[1]) { $data = array('provider' => $provider['tagoption'], 'code' => $match[1], 'url' => $url); } else { if ($provider['regex_scrape'] and $vboptions['bbcode_video_scrape'] > 0 and $scraped < $vboptions['bbcode_video_scrape']) { $vurl = new vB_vURL(); $result = $vurl->fetch_body($url); if (preg_match('#' . $provider['regex_scrape'] . '#si', $result, $scrapematch)) { $data = array('provider' => $provider['tagoption'], 'code' => $scrapematch[1], 'url' => $url); } $scraped++; } } } if (!empty($data)) { return $data; } else { return false; } } return false; }
/** * Upload an avatar from a URL and set it to be this user's custom avatar * * @param string The URL to retrieve the image from * @param array An array containing the 'crop' element which contains the info to crop the image * * @return mixed an array- which can have $errors or avatarpath- the path from baseurl_core */ public function uploadUrl($url, $data = array()) { if (!defined('ATTACH_AS_FILES_NEW')) { //Leave for consistency with admincp define('ATTACH_AS_FILES_NEW', 2); } $imageHandler = vB_Image::instance(); $usercontext = vB::getUserContext(); //Only logged-in-users can upload files if (!$usercontext->fetchUserId() or !$usercontext->hasPermission('genericpermissions', 'canuseavatar') or !$usercontext->hasPermission('genericpermissions', 'canmodifyprofile')) { throw new vB_Exception_Api('no_permission_use_avatar'); } //Did we get a valid url? if (empty($url)) { // throw the same exception to mitigate SSRF (VBV-13082) throw new vB_Exception_Api('upload_invalid_image'); } if (!preg_match('#^https?://#i', $url)) { // throw the same exception to mitigate SSRF (VBV-13082) throw new vB_Exception_Api('upload_invalid_image'); } // Retrieve the image $vurl = new vB_vURL(); $fileResult = $vurl->fetch_body($url, 0, false, true); if (empty($fileResult['body'])) { // throw the same exception to mitigate SSRF (VBV-13082) throw new vB_Exception_Api('upload_invalid_image'); } $pathinfo = pathinfo($url); $data['crop']['org_file_info'] = $pathinfo; if (!empty($fileResult['body']) and !empty($pathinfo)) { $extension_map = $imageHandler->getExtensionMap(); if (empty($pathinfo['extension']) or !array_key_exists(strtolower($pathinfo['extension']), $extension_map)) { // try to get an extension from the content type header if (!empty($fileResult['headers']['content-type'])) { // should be something like image/jpeg $typeData = explode('/', $fileResult['headers']['content-type']); if (count($typeData) == 2 and array_key_exists(trim($typeData[1]), $extension_map)) { $extension = strtolower($extension_map[trim($typeData[1])]); } } } else { $extension = $pathinfo['extension']; } //did we get an extension? if (empty($extension)) { // throw the same exception to mitigate SSRF (VBV-13082) throw new vB_Exception_Api('upload_invalid_image'); } //Make a local copy $filename = vB_Utilities::getTmpFileName('', 'vbprofile', ".{$extension}"); file_put_contents($filename, $fileResult['body']); return vB_Library::instance('user')->uploadAvatar($filename, empty($data['crop']) ? array() : $data['crop']); } }