/** * Filter an image's URL to enforce restrictions on its dimensions * * @see bbcode_firstpass::bbcode_img() * * @param string $url Original URL * @param array $url_config Config used by the URL filter * @param Logger $logger * @param integer $max_height Maximum height allowed * @param integer $max_width Maximum width allowed * @return string|bool Original value if valid, FALSE otherwise */ public static function filter_img_url($url, array $url_config, Logger $logger, $max_height, $max_width) { // Validate the URL $url = BuiltInFilters::filterUrl($url, $url_config, $logger); if ($url === false) { return false; } if ($max_height || $max_width) { $imagesize = new \fastImageSize\fastImageSize(); $size_info = $imagesize->getImageSize($url); if ($size_info === false) { $logger->err('UNABLE_GET_IMAGE_SIZE'); return false; } if ($max_height && $max_height < $size_info['height']) { $logger->err('MAX_IMG_HEIGHT_EXCEEDED', array('max_height' => $max_height)); return false; } if ($max_width && $max_width < $size_info['width']) { $logger->err('MAX_IMG_WIDTH_EXCEEDED', array('max_width' => $max_width)); return false; } } return $url; }
/** * Parse img tag */ function bbcode_img($in) { global $user, $config; if (!$this->check_bbcode('img', $in)) { return $in; } $in = trim($in); $error = false; $in = str_replace(' ', '%20', $in); // Checking urls if (!preg_match('#^' . get_preg_expression('url') . '$#iu', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $in)) { return '[img]' . $in . '[/img]'; } // Try to cope with a common user error... not specifying a protocol but only a subdomain if (!preg_match('#^[a-z0-9]+://#i', $in)) { $in = 'http://' . $in; } if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width']) { $imagesize = new \fastImageSize\fastImageSize(); $size_info = $imagesize->getImageSize(htmlspecialchars_decode($in)); if ($size_info === false) { $error = true; $this->warn_msg[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; } else { if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $size_info['height']) { $error = true; $this->warn_msg[] = $user->lang('MAX_IMG_HEIGHT_EXCEEDED', (int) $config['max_' . $this->mode . '_img_height']); } if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $size_info['width']) { $error = true; $this->warn_msg[] = $user->lang('MAX_IMG_WIDTH_EXCEEDED', (int) $config['max_' . $this->mode . '_img_width']); } } } if ($error || $this->path_in_domain($in)) { return '[img]' . $in . '[/img]'; } return '[img:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($in) . '[/img:' . $this->bbcode_uid . ']'; }
/** * Move file to destination folder * The phpbb_root_path variable will be applied to the destination path * * @param string $destination Destination path, for example $config['avatar_path'] * @param bool $overwrite If set to true, an already existing file will be overwritten * @param bool $skip_image_check If set to true, the check for the file to be a valid image is skipped * @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here reflects the mode defined by {@link phpbb_chmod()} * * @access public */ function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false) { global $user, $phpbb_root_path; if (sizeof($this->error)) { return false; } $chmod = $chmod === false ? CHMOD_READ | CHMOD_WRITE : $chmod; // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... $this->destination_path = $phpbb_root_path . $destination; // Check if the destination path exist... if (!file_exists($this->destination_path)) { @unlink($this->filename); return false; } $upload_mode = @ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on' ? 'move' : 'copy'; $upload_mode = $this->local ? 'local' : $upload_mode; $this->destination_file = $this->destination_path . '/' . utf8_basename($this->realname); // Check if the file already exist, else there is something wrong... if (file_exists($this->destination_file) && !$overwrite) { @unlink($this->filename); $this->error[] = $user->lang($this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR', $this->destination_file); $this->file_moved = false; return false; } else { if (file_exists($this->destination_file)) { @unlink($this->destination_file); } switch ($upload_mode) { case 'copy': if (!@copy($this->filename, $this->destination_file)) { if (!@move_uploaded_file($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file); } } break; case 'move': if (!@move_uploaded_file($this->filename, $this->destination_file)) { if (!@copy($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file); } } break; case 'local': if (!@copy($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file); } break; } // Remove temporary filename @unlink($this->filename); if (sizeof($this->error)) { return false; } try { $this->filesystem->phpbb_chmod($this->destination_file, $chmod); } catch (\phpbb\filesystem\exception\filesystem_exception $e) { // Do nothing } } // Try to get real filesize from destination folder $this->filesize = @filesize($this->destination_file) ? @filesize($this->destination_file) : $this->filesize; // Get mimetype of supplied file $this->mimetype = $this->get_mimetype($this->destination_file); if ($this->is_image() && !$skip_image_check) { $this->width = $this->height = 0; // Get imagesize class $imagesize = new \fastImageSize\fastImageSize(); $this->image_info = $imagesize->getImageSize($this->destination_file, $this->mimetype); if ($this->image_info !== false) { $this->width = $this->image_info['width']; $this->height = $this->image_info['height']; // Check image type $types = fileupload::image_types(); if (!isset($types[$this->image_info['type']]) || !in_array($this->extension, $types[$this->image_info['type']])) { if (!isset($types[$this->image_info['type']])) { $this->error[] = $user->lang('IMAGE_FILETYPE_INVALID', $this->image_info['type'], $this->mimetype); } else { $this->error[] = $user->lang('IMAGE_FILETYPE_MISMATCH', $types[$this->image_info['type']][0], $this->extension); } } // Make sure the dimensions match a valid image if (empty($this->width) || empty($this->height)) { $this->error[] = $user->lang['ATTACHED_IMAGE_NOT_IMAGE']; } } else { $this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; } } $this->file_moved = true; $this->additional_checks(); unset($this->upload); return true; }