/** * Check if the file got correctly uploaded * * @return true if it is a valid upload, false if not */ function is_uploaded() { $is_plupload = $this->plupload && $this->plupload->is_active(); if (!$this->local && !$is_plupload && !is_uploaded_file($this->filename)) { return false; } if (($this->local || $is_plupload) && !file_exists($this->filename)) { return false; } return true; }
/** * Upload Attachment - filedata is generated here * Uses upload class * * @param string $form_name The form name of the file upload input * @param int $forum_id The id of the forum * @param bool $local Whether the file is local or not * @param string $local_storage The path to the local file * @param bool $is_message Whether it is a PM or not * @param \filespec $local_filedata A filespec object created for the local file * @param \phpbb\mimetype\guesser $mimetype_guesser The mimetype guesser object if used * @param \phpbb\plupload\plupload $plupload The plupload object if one is being used * * @return object filespec */ function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null) { global $auth, $user, $config, $db, $cache; global $phpbb_root_path, $phpEx, $phpbb_dispatcher, $phpbb_container; $filedata = array('error' => array()); $upload = $phpbb_container->get('files.upload'); if ($config['check_attachment_content'] && isset($config['mime_triggers'])) { $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); } else { if (!$config['check_attachment_content']) { $upload->set_disallowed_content(array()); } } $filedata['post_attach'] = $local || $upload->is_valid($form_name); if (!$filedata['post_attach']) { $filedata['error'][] = $user->lang['NO_UPLOAD_FORM_FOUND']; return $filedata; } $extensions = $cache->obtain_attach_extensions($is_message ? false : (int) $forum_id); $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); /** @var \phpbb\files\filespec $file */ $file = $local ? $upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $upload->handle_upload('files.types.form', $form_name); if ($file->init_error()) { $filedata['post_attach'] = false; return $filedata; } // Whether the uploaded file is in the image category $is_image = isset($extensions[$file->get('extension')]['display_cat']) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id)) { // Check Image Size, if it is an image if ($is_image) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } // Admins and mods are allowed to exceed the allowed filesize if (!empty($extensions[$file->get('extension')]['max_filesize'])) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize']; } else { $allowed_filesize = $is_message ? $config['max_filesize_pm'] : $config['max_filesize']; } $file->upload->set_max_filesize($allowed_filesize); } $file->clean_filename('unique', $user->data['user_id'] . '_'); // Are we uploading an image *and* this image being within the image category? // Only then perform additional image checks. $file->move_file($config['upload_path'], false, !$is_image); // Do we have to create a thumbnail? $filedata['thumbnail'] = $is_image && $config['img_create_thumbnail'] ? 1 : 0; if (sizeof($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } // Make sure the image category only holds valid images... if ($is_image && !$file->is_image()) { $file->remove(); if ($plupload && $plupload->is_active()) { $plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE'); } // If this error occurs a user tried to exploit an IE Bug by renaming extensions // Since the image category is displaying content inline we need to catch this. trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']); } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); /** * Event to modify uploaded file before submit to the post * * @event core.modify_uploaded_file * @var array filedata Array containing uploaded file data * @var bool is_image Flag indicating if the file is an image * @since 3.1.0-RC3 */ $vars = array('filedata', 'is_image'); extract($phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars))); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path'])) { if ($free_space <= $file->get('filesize')) { if ($auth->acl_get('a_')) { $filedata['error'][] = $user->lang['ATTACH_DISK_FULL']; } else { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; } $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($filedata['thumbnail']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } return $filedata; }
/** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { global $config, $auth, $user, $phpbb_root_path, $phpEx, $db, $request; global $phpbb_container; $error = array(); $num_attachments = sizeof($this->attachment_data); $this->filename_data['filecomment'] = $request->variable('filecomment', '', true); $upload = $request->file($form_name); $upload_file = !empty($upload) && $upload['name'] !== 'none' && trim($upload['name']); $add_file = isset($_POST['add_file']) ? true : false; $delete_file = isset($_POST['delete_file']) ? true : false; // First of all adjust comments if changed $actual_comment_list = $request->variable('comment_list', array(''), true); foreach ($actual_comment_list as $comment_key => $comment) { if (!isset($this->attachment_data[$comment_key])) { continue; } if ($this->attachment_data[$comment_key]['attach_comment'] != $actual_comment_list[$comment_key]) { $this->attachment_data[$comment_key]['attach_comment'] = $actual_comment_list[$comment_key]; } } $cfg = array(); $cfg['max_attachments'] = $is_message ? $config['max_attachments_pm'] : $config['max_attachments']; $forum_id = $is_message ? 0 : $forum_id; if ($submit && in_array($mode, array('post', 'reply', 'quote', 'edit')) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) { /** @var \phpbb\attachment\manager $attachment_manager */ $attachment_manager = $phpbb_container->get('attachment.manager'); $filedata = $attachment_manager->upload($form_name, $forum_id, false, '', $is_message); $error = $filedata['error']; if ($filedata['post_attach'] && !sizeof($error)) { $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']); $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'filesize' => $filedata['filesize']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace_callback('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#', function ($match) { return '[attachment=' . ($match[1] + 1) . ']' . $match[2] . '[/attachment]'; }, $this->message); $this->filename_data['filecomment'] = ''; // This Variable is set to false here, because Attachments are entered into the // Database in two modes, one if the id_list is 0 and the second one if post_attach is true // Since post_attach is automatically switched to true if an Attachment got added to the filesystem, // but we are assigning an id of 0 here, we have to reset the post_attach variable to false. // // This is very relevant, because it could happen that the post got not submitted, but we do not // know this circumstance here. We could be at the posting page or we could be redirected to the entered // post. :) $filedata['post_attach'] = false; } } else { $error[] = $user->lang('TOO_MANY_ATTACHMENTS', (int) $cfg['max_attachments']); } } if ($preview || $refresh || sizeof($error)) { if (isset($this->plupload) && $this->plupload->is_active()) { $json_response = new \phpbb\json_response(); } // Perform actions on temporary attachments if ($delete_file) { include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx; $index = array_keys($request->variable('delete_file', array(0 => 0))); $index = !empty($index) ? $index[0] : false; if ($index !== false && !empty($this->attachment_data[$index])) { /** @var \phpbb\attachment\manager $attachment_manager */ $attachment_manager = $phpbb_container->get('attachment.manager'); // delete selected attachment if ($this->attachment_data[$index]['is_orphan']) { $sql = 'SELECT attach_id, physical_filename, thumbnail FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id'] . ' AND is_orphan = 1 AND poster_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { $attachment_manager->unlink($row['physical_filename'], 'file'); if ($row['thumbnail']) { $attachment_manager->unlink($row['physical_filename'], 'thumbnail'); } $db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id']); } } else { $attachment_manager->delete('attach', $this->attachment_data[$index]['attach_id']); } unset($this->attachment_data[$index]); $this->message = preg_replace_callback('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#', function ($match) use($index) { return $match[1] == $index ? '' : ($match[1] > $index ? '[attachment=' . ($match[1] - 1) . ']' . $match[2] . '[/attachment]' : $match[0]); }, $this->message); // Reindex Array $this->attachment_data = array_values($this->attachment_data); if (isset($this->plupload) && $this->plupload->is_active()) { $json_response->send($this->attachment_data); } } } else { if (($add_file || $preview) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_gets('m_', 'a_', $forum_id)) { /** @var \phpbb\attachment\manager $attachment_manager */ $attachment_manager = $phpbb_container->get('attachment.manager'); $filedata = $attachment_manager->upload($form_name, $forum_id, false, '', $is_message); $error = array_merge($error, $filedata['error']); if (!sizeof($error)) { $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']); $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'filesize' => $filedata['filesize']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace_callback('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#', function ($match) { return '[attachment=' . ($match[1] + 1) . ']' . $match[2] . '[/attachment]'; }, $this->message); $this->filename_data['filecomment'] = ''; if (isset($this->plupload) && $this->plupload->is_active()) { $download_url = append_sid("{$phpbb_root_path}download/file.{$phpEx}", 'mode=view&id=' . $new_entry['attach_id']); // Send the client the attachment data to maintain state $json_response->send(array('data' => $this->attachment_data, 'download_url' => $download_url)); } } } else { $error[] = $user->lang('TOO_MANY_ATTACHMENTS', (int) $cfg['max_attachments']); } if (!empty($error) && isset($this->plupload) && $this->plupload->is_active()) { // If this is a plupload (and thus ajax) request, give the // client the first error we have $json_response->send(array('jsonrpc' => '2.0', 'id' => 'id', 'error' => array('code' => 105, 'message' => current($error)))); } } } } foreach ($error as $error_msg) { $this->warn_msg[] = $error_msg; } }