public function test_too_large() { $upload = new fileupload($this->filesystem, '', array('gif'), 100); $file = $upload->remote_upload(self::$root_url . 'styles/prosilver/theme/images/forum_read.gif'); $this->assertEquals(1, sizeof($file->error)); $this->assertEquals('WRONG_FILESIZE', $file->error[0]); }
/** * {@inheritdoc} */ public function process_form($request, $template, $user, $row, &$error) { if ($user->data['user_character_id'] == 0) { return false; } if (!class_exists('fileupload')) { include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; } $upload = new \fileupload('AVATAR_', $this->allowed_extensions, 100000, 64, 64, 256, 256, isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false); $url = $this->get_eveapi_url($user->data['user_character_id'], $this->config['eveapi_portrait_size']); $file = $upload->remote_upload($url, $this->mimetype_guesser); $prefix = $this->config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $row['id']); $destination = $this->config['avatar_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) { $destination = ''; } // Move file and overwrite any existing image $file->move_file($destination, true); if (sizeof($file->error)) { $file->remove(); $error = array_merge($error, $file->error); return false; } return array('avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), 'avatar_width' => $file->get('width'), 'avatar_height' => $file->get('height')); }
public function main($id, $mode) { global $config, $user, $template, $request, $phpbb_container, $phpbb_root_path, $phpEx; $user->add_lang_ext('tas2580/mobilenotifier', 'common'); $wa = $phpbb_container->get('tas2580.mobilenotifier.src.helper'); $this->tpl_name = 'acp_mobilenotifier_body'; $this->page_title = $user->lang('ACP_MOBILENOTIFIER_TITLE'); add_form_key('acp_mobilenotifier'); // Form is submitted if ($request->is_set_post('submit')) { if (!check_form_key('acp_mobilenotifier')) { trigger_error($user->lang('FORM_INVALID') . adm_back_link($this->u_action), E_USER_WARNING); } $config->set('whatsapp_sender', $request->variable('sender', '')); $config->set('whatsapp_password', $request->variable('password', '')); $config->set('whatsapp_status', $request->variable('status', '')); $config->set('whatsapp_default_cc', $request->variable('default_cc', '')); $wa->update_status($config['whatsapp_status']); if ($request->file('image')) { include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new \fileupload(); $upload->set_allowed_extensions(array('jpg', 'png', 'gif')); $file = $upload->form_upload('image'); if ($file->filename) { $wa->update_picture($file->filename); } } trigger_error($user->lang('ACP_SAVED') . adm_back_link($this->u_action)); } $template->assign_vars(array('WA_VERSION' => WA_VER, 'U_ACTION' => $this->u_action, 'SENDER' => isset($config['whatsapp_sender']) ? $config['whatsapp_sender'] : '', 'PASSWORD' => isset($config['whatsapp_password']) ? $config['whatsapp_password'] : '', 'STATUS' => isset($config['whatsapp_status']) ? $config['whatsapp_status'] : '', 'CC_SELECT' => $wa->cc_select(isset($config['whatsapp_default_cc']) ? $config['whatsapp_default_cc'] : ''))); }
/** * {@inheritdoc} */ public function process_form($request, $template, $user, $row, &$error) { if (!$this->can_upload()) { return false; } if (!class_exists('fileupload')) { include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; } $upload = new \fileupload($this->filesystem, 'AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false); $url = $request->variable('avatar_upload_url', ''); $upload_file = $request->file('avatar_upload_file'); if (!empty($upload_file['name'])) { $file = $upload->form_upload('avatar_upload_file', $this->mimetype_guesser); } else { if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) { if (!preg_match('#^(http|https|ftp)://#i', $url)) { $url = 'http://' . $url; } if (!function_exists('validate_data')) { require $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext; } $validate_array = validate_data(array('url' => $url), array('url' => array('string', true, 5, 255))); $error = array_merge($error, $validate_array); if (!empty($error)) { return false; } $file = $upload->remote_upload($url, $this->mimetype_guesser); } else { return false; } } $prefix = $this->config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $row['id']); $destination = $this->config['avatar_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) { $destination = ''; } // Move file and overwrite any existing image $file->move_file($destination, true); if (sizeof($file->error)) { $file->remove(); $error = array_merge($error, $file->error); return false; } // Delete current avatar if not overwritten $ext = substr(strrchr($row['avatar'], '.'), 1); if ($ext && $ext !== $file->get('extension')) { $this->delete($row); } return array('avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), 'avatar_width' => $file->get('width'), 'avatar_height' => $file->get('height')); }
public function avatar_upload_resize($row) { if (!class_exists('fileupload')) { include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; } $upload = new \fileupload('AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_upload_max_width'], $this->config['avatar_upload_max_height'], isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false); $file = $upload->form_upload('avatar_upload_file', $this->mimetype_guesser); $prefix = $this->config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $row['id']); // If there was an error during upload, then abort operation if (sizeof($file->error)) { $file->remove(); $error = $file->error; return false; } // Calculate new destination $destination = $this->config['avatar_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) { $destination = ''; } $destination_file = $this->phpbb_root_path . $destination . '/' . $prefix . $row['id'] . '.' . $file->get('extension'); $file->move_file($destination, true); if (sizeof($file->error)) { $file->remove(); trigger_error(implode('<br />', $file->error)); } // Delete current avatar if not overwritten $ext = substr(strrchr($row['avatar'], '.'), 1); if ($ext && $ext !== $file->get('extension')) { $this->delete($row); } if ($file->width > $this->max_size || $file->height > $this->max_size) { $avatar_info = $this->resize(array('w' => $file->width, 'h' => $file->height, 'ext' => $file->extension), $destination, $destination_file); /** New file width & height */ $file->width = $avatar_info['avatar_width']; $file->height = $avatar_info['avatar_height']; } if ($file->width > $this->config['avatar_max_width'] || $file->height > $this->config['avatar_max_height']) { $destination_edit_file = $this->phpbb_root_path . $this->d_edit . '/' . $row['id'] . '.' . $file->get('extension'); rename($destination_file, $destination_edit_file); phpbb_chmod($destination_edit_file, CHMOD_READ); chmod($destination_edit_file, 0666); redirect($this->helper->route("bb3mobi_AvatarUpload_crop", array('avatar_id' => $row['id'], 'ext' => $file->extension)), false, true); } return array('avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), 'avatar_width' => $file->width, 'avatar_height' => $file->height); }
public function regsiter() { self::setdata(); $reg = self::wirteData(); //创建用户目录 global $usdir; $dir = ROOT . DS . US . DS . self::$data[name]; if (!is_dir($dir)) { for ($i = 0; $i < count($usdir); $i++) { $newdir = $dir . DS . "{$usdir[$i]}"; fileupload::create_folders($newdir); } } return $reg; }
/** * 上传图片的方法 * @return [type] [description] */ public function upload() { $up = new fileupload(); //设置属性(上传的位置, 大小, 类型, 名是是否要随机生成) $up->set("path", $this->imagedir); $up->set("maxsize", 2000000); $up->set("allowtype", array("gif", "png", "jpg", "jpeg")); $up->set("israndname", true); //使用对象中的upload方法, 就可以上传文件, 方法需要传一个上传表单的名子 pic, 如果成功返回true, 失败返回false if ($up->upload("pic")) { $data['imagename'] = $up->getoriginname(); $data['imageid'] = $up->getFileName(); $data['imageurl'] = $this->imagebaseurl . $data['imageid']; $this->res->setdata($data); $this->res->echores(); } else { //获取上传失败以后的错误提示 $this->res->seterr("4001", $up->getErrorMsg()); $this->res->echores(); ///Users/baidu/data/devtools/imagetmp } }
/** * Acts in place of the standard avatar processing function. */ function gravatar_process($data, $error) { global $config, $db, $user, $phpbb_root_path, $phpEx; // Make sure getimagesize works... if (($image_data = @getimagesize($data['gravatar'])) === false && (empty($data['width']) || empty($data['height']))) { $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; return false; } if (!empty($image_data) && ($image_data[0] < 2 || $image_data[1] < 2)) { $error[] = $user->lang['AVATAR_NO_SIZE']; return false; } $width = $data['width'] && $data['height'] ? $data['width'] : $image_data[0]; $height = $data['width'] && $data['height'] ? $data['height'] : $image_data[1]; if ($width < 2 || $height < 2) { $error[] = $user->lang['AVATAR_NO_SIZE']; return false; } // Check image type include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $types = fileupload::image_types(); if (!isset($types[$image_data[2]])) { $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; } if ($config['avatar_max_width'] || $config['avatar_max_height']) { if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height']) { $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height); return false; } } if ($config['avatar_min_width'] || $config['avatar_min_height']) { if ($width < $config['avatar_min_width'] || $height < $config['avatar_min_height']) { $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height); return false; } } return array(AVATAR_REMOTE, $data['gravatar'], $width, $height); }
/** * Upload Attachment - filedata is generated here * Uses upload class * * @param string $form_name The form name of the file upload input * @param int $forum_id The id of the forum * @param bool $local Whether the file is local or not * @param string $local_storage The path to the local file * @param bool $is_message Whether it is a PM or not * @param \filespec $local_filedata A filespec object created for the local file * @param \phpbb\mimetype\guesser $mimetype_guesser The mimetype guesser object if used * @param \phpbb\plupload\plupload $plupload The plupload object if one is being used * * @return object filespec */ function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null) { global $auth, $user, $config, $db, $cache; global $phpbb_root_path, $phpEx, $phpbb_dispatcher; $filedata = array('error' => array()); include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload(); if ($config['check_attachment_content'] && isset($config['mime_triggers'])) { $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); } else { if (!$config['check_attachment_content']) { $upload->set_disallowed_content(array()); } } $filedata['post_attach'] = $local || $upload->is_valid($form_name); if (!$filedata['post_attach']) { $filedata['error'][] = $user->lang['NO_UPLOAD_FORM_FOUND']; return $filedata; } $extensions = $cache->obtain_attach_extensions($is_message ? false : (int) $forum_id); $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); $file = $local ? $upload->local_upload($local_storage, $local_filedata, $mimetype_guesser) : $upload->form_upload($form_name, $mimetype_guesser, $plupload); if ($file->init_error) { $filedata['post_attach'] = false; return $filedata; } // Whether the uploaded file is in the image category $is_image = isset($extensions[$file->get('extension')]['display_cat']) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id)) { // Check Image Size, if it is an image if ($is_image) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } // Admins and mods are allowed to exceed the allowed filesize if (!empty($extensions[$file->get('extension')]['max_filesize'])) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize']; } else { $allowed_filesize = $is_message ? $config['max_filesize_pm'] : $config['max_filesize']; } $file->upload->set_max_filesize($allowed_filesize); } $file->clean_filename('unique', $user->data['user_id'] . '_'); // Are we uploading an image *and* this image being within the image category? // Only then perform additional image checks. $file->move_file($config['upload_path'], false, !$is_image); // Do we have to create a thumbnail? $filedata['thumbnail'] = $is_image && $config['img_create_thumbnail'] ? 1 : 0; if (sizeof($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } // Make sure the image category only holds valid images... if ($is_image && !$file->is_image()) { $file->remove(); if ($plupload && $plupload->is_active()) { $plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE'); } // If this error occurs a user tried to exploit an IE Bug by renaming extensions // Since the image category is displaying content inline we need to catch this. trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']); } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); /** * Event to modify uploaded file before submit to the post * * @event core.modify_uploaded_file * @var array filedata Array containing uploaded file data * @var bool is_image Flag indicating if the file is an image * @since 3.1.0-RC3 */ $vars = array('filedata', 'is_image'); extract($phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars))); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path'])) { if ($free_space <= $file->get('filesize')) { if ($auth->acl_get('a_')) { $filedata['error'][] = $user->lang['ATTACH_DISK_FULL']; } else { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; } $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($filedata['thumbnail']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } return $filedata; }
/** * Move file to destination folder * The phpbb_root_path variable will be applied to the destination path * * @param string $destination Destination path, for example $config['avatar_path'] * @param bool $overwrite If set to true, an already existing file will be overwritten * @param bool $skip_image_check If set to true, the check for the file to be a valid image is skipped * @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here reflects the mode defined by {@link phpbb_chmod()} * * @access public */ function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false) { global $user, $phpbb_root_path; if (sizeof($this->error)) { return false; } $chmod = $chmod === false ? CHMOD_READ | CHMOD_WRITE : $chmod; // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... $this->destination_path = $phpbb_root_path . $destination; // Check if the destination path exist... if (!file_exists($this->destination_path)) { @unlink($this->filename); return false; } $upload_mode = @ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on' ? 'move' : 'copy'; $upload_mode = $this->local ? 'local' : $upload_mode; $this->destination_file = $this->destination_path . '/' . utf8_basename($this->realname); // Check if the file already exist, else there is something wrong... if (file_exists($this->destination_file) && !$overwrite) { @unlink($this->filename); $this->error[] = $user->lang($this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR', $this->destination_file); $this->file_moved = false; return false; } else { if (file_exists($this->destination_file)) { @unlink($this->destination_file); } switch ($upload_mode) { case 'copy': if (!@copy($this->filename, $this->destination_file)) { if (!@move_uploaded_file($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file); } } break; case 'move': if (!@move_uploaded_file($this->filename, $this->destination_file)) { if (!@copy($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file); } } break; case 'local': if (!@copy($this->filename, $this->destination_file)) { $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file); } break; } // Remove temporary filename @unlink($this->filename); if (sizeof($this->error)) { return false; } phpbb_chmod($this->destination_file, $chmod); } // Try to get real filesize from destination folder $this->filesize = @filesize($this->destination_file) ? @filesize($this->destination_file) : $this->filesize; // Get mimetype of supplied file $this->mimetype = $this->get_mimetype($this->destination_file); if ($this->is_image() && !$skip_image_check) { $this->width = $this->height = 0; if (($this->image_info = @getimagesize($this->destination_file)) !== false) { $this->width = $this->image_info[0]; $this->height = $this->image_info[1]; if (!empty($this->image_info['mime'])) { $this->mimetype = $this->image_info['mime']; } // Check image type $types = fileupload::image_types(); if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]])) { if (!isset($types[$this->image_info[2]])) { $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype); } else { $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension); } } // Make sure the dimensions match a valid image if (empty($this->width) || empty($this->height)) { $this->error[] = $user->lang['ATTACHED_IMAGE_NOT_IMAGE']; } } else { $this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; } } $this->file_moved = true; $this->additional_checks(); unset($this->upload); return true; }
public function test_valid_dimensions() { $upload = new fileupload($this->filesystem, '', false, false, 1, 1, 100, 100); $file1 = $this->gen_valid_filespec(); $file2 = $this->gen_valid_filespec(); $file2->height = 101; $file3 = $this->gen_valid_filespec(); $file3->width = 0; $this->assertTrue($upload->valid_dimensions($file1)); $this->assertFalse($upload->valid_dimensions($file2)); $this->assertFalse($upload->valid_dimensions($file3)); }
* $Revision: 2331 $ * $Id: send_file.php 2331 2009-01-13 00:16:13Z ipso $ * $Date: 2009-01-12 16:16:13 -0800 (Mon, 12 Jan 2009) $ */ require_once '../includes/global.inc.php'; $skip_message_check = TRUE; require_once Environment::getBasePath() . 'includes/Interface.inc.php'; require_once Environment::getBasePath() . 'classes/upload/fileupload.class.php'; //PHP must have the upload and POST max sizes set to handle the largest file upload. If these are too low //it errors out with a non-helpful error, so set these large and restrict the size in the Upload class. ini_set('upload_max_filesize', '128M'); ini_set('post_max_size', '128M'); extract(FormVariables::GetVariables(array('action', 'object_type', 'object_id', 'parent_id', 'SessionID'))); $object_type = trim(strtolower($object_type)); Debug::Text('Object Type: ' . $object_type . ' ID: ' . $object_id . ' Parent ID: ' . $parent_id . ' POST SessionID: ' . $SessionID, __FILE__, __LINE__, __METHOD__, 10); $upload = new fileupload(); switch ($object_type) { case 'invoice_config': if ($permission->Check('invoice_config', 'add') or $permission->Check('invoice_config', 'edit') or $permission->Check('invoice_config', 'edit_child') or $permission->Check('invoice_config', 'edit_own')) { $upload->set_max_filesize(1000000); //1mb or less //$upload->set_acceptable_types( array('image/jpg', 'image/jpeg', 'image/pjpeg', 'image/png') ); // comma separated string, or array //$upload->set_max_image_size(600, 600); $upload->set_overwrite_mode(1); $icf = TTnew('InvoiceConfigFactory'); $icf->cleanStoragePath($current_company->getId()); $dir = $icf->getStoragePath($current_company->getId()); if (isset($dir)) { @mkdir($dir, 0700, TRUE); $upload_result = $upload->upload("filedata", $dir); //var_dump($upload ); //file data
/** * run - display template and edit data * * @access public * */ public function run() { $tpl = new template(); $helper = new helper(); $projectObj = new projects(); $user = new users(); $language = new language(); $language->setModule('tickets'); $lang = $language->readIni(); $projects = $projectObj->getUserProjects("open"); $msgKey = ''; if (isset($_POST['save'])) { $values = array('headline' => $_POST['headline'], 'type' => $_POST['type'], 'description' => $_POST['description'], 'priority' => $_POST['priority'], 'projectId' => $_POST['project'], 'editorId' => implode(',', $_POST['editorId']), 'userId' => $_SESSION['userdata']['id'], 'date' => $helper->timestamp2date(date("Y-m-d H:i:s"), 2), 'dateToFinish' => $_POST['dateToFinish'], 'status' => 3, 'browser' => $_POST['browser'], 'os' => $_POST['os'], 'resolution' => $_POST['resolution'], 'version' => $_POST['version'], 'url' => $_POST['url'], 'editFrom' => $_POST['editFrom'], 'editTo' => $_POST['editTo']); if ($values['headline'] === '') { $tpl->setNotification('ERROR_NO_HEADLINE', 'error'); } elseif ($values['description'] === '') { $tpl->setNotification('ERROR_NO_DESCRIPTION', 'error'); } elseif ($values['projectId'] === '') { $tpl->setNotification('ERROR_NO_PROJECT', 'error'); } else { $values['date'] = $helper->timestamp2date($values['date'], 4); $values['dateToFinish'] = $helper->timestamp2date($values['dateToFinish'], 4); $values['editFrom'] = $helper->timestamp2date($values['editFrom'], 4); $values['editTo'] = $helper->timestamp2date($values['editTo'], 4); // returns last inserted id $id = $this->addTicket($values); //Take the old value to avoid nl character $values['description'] = $_POST['description']; $values['date'] = $helper->timestamp2date($values['date'], 2); $values['dateToFinish'] = $helper->timestamp2date($values['dateToFinish'], 2); $values['editFrom'] = $helper->timestamp2date($values['editFrom'], 2); $values['editTo'] = $helper->timestamp2date($values['editTo'], 2); $msgKey = 'TICKET_ADDED'; $tpl->setNotification('TICKET_ADDED', 'success'); //Fileupload if (htmlspecialchars($_FILES['file']['name']) != '') { $upload = new fileupload(); $upload->initFile($_FILES['file']); if ($upload->error == '') { // hash name on server for security reasons $newname = md5($id . time()); //Encrypt filename on server $upload->renameFile($newname); if ($upload->upload() === true) { $fileValues = array('encName' => $upload->file_name, 'realName' => $upload->real_name, 'date' => date("Y-m-d H:i:s"), 'ticketId' => $id, 'userId' => $_SESSION['userdata']['id']); $this->addFile($fileValues); } else { $msgKey = 'ERROR_FILEUPLOAD_' . $upload->error . ''; } } else { $msgKey = 'ERROR_FILEUPLOAD_' . $upload->error . ''; } } /* //Send mail $mail = new mailer(); $row = $projectObj->getProject($values['projectId']); $mail->setSubject(''.$lang['ZYPRO_NEW_TICKET'].' "'.$row['name'].'" '); $username = $user->getUser($_SESSION['userdata']['id']); $url = 'http://'.$_SERVER['HTTP_HOST'].'/index.php?act=tickets.showTicket&id='.$id.''; $mailMsg = "".$lang['NEW_TICKET_MAIL_1']." ".$id." ".$lang['NEW_TICKET_MAIL_2']." ".$username['lastname']." ".$username['firstname']." ".$lang['NEW_TICKET_MAIL_3']." ".$row['name']." ".$lang['NEW_TICKET_MAIL_4']." ".$url." ".$lang['NEW_TICKET_MAIL_5'].""; $mail->setText($mailMsg); if(is_numeric($values['editorId']) === false ){ $mails = $user->getMailRecipients($values['projectId']); }else{ $mails = $user->getSpecificMailRecipients($id); } $to = array(); foreach($mails as $row){ array_push($to, $row['user']); } $mail->sendMail($to); */ } $tpl->assign('values', $values); } $tpl->assign('role', $_SESSION['userdata']['role']); $tpl->assign('availableUsers', $this->getAvailableUsersForTicket()); $tpl->assign('type', $this->getType()); // var_dump($tpl->get)'getAll') $tpl->assign('info', $msgKey); $tpl->assign('projects', $projects); $tpl->assign('objTickets', $this); $tpl->assign('employees', $user->getEmployees()); $tpl->display('tickets.newTicket'); }
function upload_mod() { global $phpbb_root_path, $phpEx, $template, $user; if (!isset($_POST['submit'])) { return false; } if (check_form_key('acp_mods_upload') && isset($_FILES['modupload'])) { $user->add_lang('posting'); // For error messages include $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload(); // Only allow ZIP files $upload->set_allowed_extensions(array('zip')); // Let's make sure the mods directory exists and if it doesn't then create it if (!is_dir($this->mods_dir)) { mkdir($this->mods_dir, octdec($config['am_dir_perms'])); } $file = $upload->form_upload('modupload'); if (empty($file->filename)) { trigger_error($user->lang['NO_UPLOAD_FILE'] . adm_back_link($this->u_action), E_USER_WARNING); } else { if (!$file->init_error && !sizeof($file->error)) { $file->clean_filename('real'); $file->move_file(str_replace($phpbb_root_path, '', $this->mods_dir), true, true); if (!sizeof($file->error)) { include $phpbb_root_path . 'includes/functions_compress.' . $phpEx; $mod_dir = $this->mods_dir . '/' . str_replace('.zip', '', $file->get('realname')); $compress = new compress_zip('r', $file->destination_file); $compress->extract($mod_dir . '_tmp/'); $compress->close(); $folder_contents = scandir($mod_dir . '_tmp/', 1); // This ensures dir is at index 0 // We need to check if there's a main directory inside the temp MOD directory if (sizeof($folder_contents) == 3) { // We need to move that directory then $this->directory_move($mod_dir . '_tmp/' . $folder_contents[0], $this->mods_dir . '/' . $folder_contents[0]); } else { if (!is_dir($mod_dir)) { // Change the name of the directory by moving to directory without _tmp in it $this->directory_move($mod_dir . '_tmp/', $mod_dir); } } $this->directory_delete($mod_dir . '_tmp/'); if (!sizeof($file->error)) { $template->assign_vars(array('S_MOD_SUCCESSBOX' => true, 'MESSAGE' => $user->lang['MOD_UPLOAD_SUCCESS'], 'U_RETURN' => $this->u_action)); } } } $file->remove(); if ($file->init_error || sizeof($file->error)) { trigger_error((sizeof($file->error) ? implode('<br />', $file->error) : $user->lang['MOD_UPLOAD_INIT_FAIL']) . adm_back_link($this->u_action), E_USER_WARNING); } } } else { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } return true; }
/** * Avatar upload using the upload class */ function avatar_upload($data, &$error) { global $phpbb_root_path, $config, $db, $user, $phpEx; // Init upload class include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers'])); if (!empty($_FILES['uploadfile']['name'])) { $file = $upload->form_upload('uploadfile'); } else { $file = $upload->remote_upload($data['uploadurl']); } $prefix = $config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $data['user_id']); $destination = $config['avatar_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) { $destination = ''; } // Move file and overwrite any existing image $file->move_file($destination, true); if (sizeof($file->error)) { $file->remove(); $error = array_merge($error, $file->error); } return array(AVATAR_UPLOAD, $data['user_id'] . '_' . time() . '.' . $file->get('extension'), $file->get('width'), $file->get('height')); }
} elseif ($_POST["mulu"] == 'busios') { $topass = BUSIOS; } elseif ($_POST["mulu"] == 'trainandroid') { $topass = TRAINANDROID; } elseif ($_POST["mulu"] == 'trainios') { $topass = TRAINIOS; } elseif ($_POST["mulu"] == 'documentsbus') { $topass = DOCUMENTSBUS; } elseif ($_POST["mulu"] == 'documentstrain') { $topass = DOCUMENTSTRAIN; } elseif ($_POST["mulu"] == 'documentsother') { $topass = DOCUMENTSOTHER; } else { $topass = LAJI; } $up = new fileupload(); //设置属性(上传的位置, 大小, 类型, 名是是否要随机生成) $up->set("path", $topass); $up->set("maxsize", 100000000); $up->set("allowtype", array("apk", "APK", "ipa", "IPA", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "txt", "pdf", "jpg", "bmp", "png", "gif", "rb", "zip")); $up->set("israndname", false); //使用对象中的upload方法, 就可以上传文件, 方法需要传一个上传表单的名子 pic, 如果成功返回true, 失败返回false if ($up->upload("file")) { //获取上传后文件名子 echo "恭喜!" . $up->getFileName() . "上传成功<br/>"; echo '<br/><input type="button" value="继续上传" name="name" onclick="javascript: window.history.back(-1);"/>'; } else { //获取上传失败以后的错误提示 echo $up->getErrorMsg(); echo '<br/><input type="button" value="继续上传" name="name" onclick="javascript: window.history.back(-1);"/>'; }
/** * * @package automod * @copyright (c) 2008 phpBB Group * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License * */ function upload_ext($action) { $this->listzip(); $this->user->add_lang('posting'); // For error messages include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; $upload = new \fileupload(); $upload->set_allowed_extensions(array('zip')); // Only allow ZIP files if (!is_writable($this->ext_dir)) { $this->trigger_error($this->user->lang['EXT_NOT_WRITABLE'] . $this->back_link, E_USER_WARNING); return false; } $upload_dir = $this->ext_dir; // Make sure the ext/ directory exists and if it doesn't, create it if (!is_dir($this->ext_dir)) { $this->recursive_mkdir($this->ext_dir); } // Proceed with the upload if ($action == 'upload') { $file = $upload->form_upload('extupload'); } else { if ($action == 'upload_remote') { $file = $this->remote_upload($upload, $this->request->variable('remote_upload', '')); } } if ($action != 'upload_local') { if (empty($file->filename)) { $this->trigger_error((sizeof($file->error) ? implode('<br />', $file->error) : $this->user->lang['NO_UPLOAD_FILE']) . $this->back_link, E_USER_WARNING); return false; } else { if ($file->init_error || sizeof($file->error)) { $file->remove(); $this->trigger_error((sizeof($file->error) ? implode('<br />', $file->error) : $this->user->lang['EXT_UPLOAD_INIT_FAIL']) . $this->back_link, E_USER_WARNING); return false; } } $file->clean_filename('real'); $file->move_file(str_replace($this->phpbb_root_path, '', $upload_dir), true, true); if (sizeof($file->error)) { $file->remove(); $this->trigger_error(implode('<br />', $file->error) . $this->back_link, E_USER_WARNING); return false; } $dest_file = $file->destination_file; } else { $dest_file = $this->phpbb_root_path . 'ext/' . $this->request->variable('local_upload', ''); } include $this->phpbb_root_path . 'includes/functions_compress.' . $this->php_ext; $zip = new \ZipArchive(); $res = $zip->open($dest_file); if ($res !== true) { $this->trigger_error($this->user->lang['ziperror'][$res] . $this->back_link, E_USER_WARNING); return false; } $zip->extractTo($this->phpbb_root_path . 'ext/tmp'); $zip->close(); $style_path = $this->get_style_path($this->phpbb_root_path . 'ext/tmp'); if (!$style_path) { $this->trigger_error($this->user->lang['ACP_UPLOAD_STYLE_ERROR_COMP'] . $this->back_link, E_USER_WARNING); return false; } $style_cfg = $this->read_style_cfg($style_path); $destination = str_replace(' ', '_', $style_cfg['name']); if ($style_cfg['phpbb_version'] != $this->config['version']) { $this->trigger_error($this->user->lang['ACP_UPLOAD_STYLE_ERROR_DEST'] . $this->back_link, E_USER_WARNING); return false; } $display_name = $style_cfg['name']; if (!isset($style_cfg['name'])) { $this->rrmdir($this->phpbb_root_path . 'ext/tmp'); if ($action != 'upload_local') { $file->remove(); } $this->trigger_error($this->user->lang['NOT_AN_STYLE'] . $this->back_link, E_USER_WARNING); return false; } $source = substr($style_path, 0, -10); /* Delete the previous version of style files - we're able to update them. */ if (is_dir($this->phpbb_root_path . 'styles/' . $destination)) { $this->rrmdir($this->phpbb_root_path . 'styles/' . $destination); } $this->rcopy($source, $this->phpbb_root_path . 'styles/' . $destination); $this->rrmdir($this->phpbb_root_path . 'ext/tmp'); $this->template->assign_block_vars('authors', array('AUTHOR' => $style_cfg['copyright'])); $string = @file_get_contents($this->phpbb_root_path . 'styles/' . $destination . '/style.cfg'); if ($string !== false) { $readme = highlight_string($string, true); } else { $readme = false; } $this->template->assign_vars(array('S_UPLOADED' => $display_name, 'FILETREE' => \filetree::php_file_tree($this->phpbb_root_path . 'styles/' . $destination, $display_name, $this->main_link), 'S_ACTION' => $this->phpbb_root_path . '/adm/index.php?i=acp_styles&sid=' . $this->user->session_id . '&mode=install&action=install&hash=' . generate_link_hash('install') . '&dir=' . urlencode($destination), 'S_ACTION_BACK' => $this->main_link, 'U_ACTION' => $this->u_action, 'README_MARKDOWN' => $readme, 'FILENAME' => $string !== false ? 'style.cfg' : '', 'CONTENT' => $string !== false ? highlight_string($string, true) : '')); // Remove the uploaded archive file if ($this->request->variable('keepext', false) == false) { $file->remove(); } return true; }
function avatar_upload($data, &$error) { global $config, $_CLASS; // Init upload class require_once SITE_FILE_ROOT . 'includes/forums/functions_upload.php'; $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); if (!empty($_FILES['uploadfile']['name'])) { $file = $upload->form_upload('uploadfile'); } else { $file = $upload->remote_upload($data['uploadurl']); } $file->clean_filename('real', $_CLASS['core_user']->data['user_id'] . '_'); $file->move_file($config['avatar_path']); if (sizeof($file->error)) { $file->remove(); $error = array_merge($error, $file->error); } return array(AVATAR_UPLOAD, $file->get('realname'), $file->get('width'), $file->get('height')); }
$permission->Redirect( FALSE ); //Redirect } */ $smarty->assign('title', TTi18n::gettext($title = 'File Upload')); // See index.php /* * Get FORM variables */ extract(FormVariables::GetVariables(array('action', 'object_type', 'object_id', 'data', 'userfile'))); $ulf = new UserListFactory(); $action = Misc::findSubmitButton(); switch ($action) { case 'upload': Debug::Text('Upload... Object Type: ' . $object_type, __FILE__, __LINE__, __METHOD__, 10); $upload = new fileupload(); $object_type = strtolower($object_type); switch ($object_type) { case 'invoice_config': $upload->set_max_filesize(1000000); //1mb or less $upload->set_acceptable_types(array('image/jpg', 'image/jpeg', 'image/pjpeg', 'image/png')); // comma separated string, or array //$upload->set_max_image_size(600, 600); $upload->set_overwrite_mode(1); $icf = new InvoiceConfigFactory(); $icf->cleanStoragePath($current_company->getId()); $dir = $icf->getStoragePath($current_company->getId()); break; case 'company_logo': $upload->set_max_filesize(1000000);
{ trigger_error('FORM_INVALID'); } if (!utf8_clean_string($mod_data['mod_hu_title'])) { $error[] = 'NO_MOD_TITLE'; } if (!utf8_clean_string($mod_data['mod_desc'])) { $error[] = 'NO_MOD_DESC'; } // File upload $upload = new fileupload('', array('zip')); if ($upload->is_valid('mod_loc_pack')) { $file = $upload->form_upload('mod_loc_pack'); if (!empty($file->error)) { $error += $file->error; } } // if ($mode == 'add' && !preg_match('#^(?:http\://www\.phpbb\.com/mods/db/index\.php\?i\=misc&mode\=display&contrib_id\=)?([0-9]+)$#', $mod_data['mod_com_url'], $match)) { $error[] = 'NO_COM_URL_FORMAT'; }
/** * Remote upload method * Uploads file from given url * * @param \fileupload $files Files object * @param \phpbb\user $user User object * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser * @return object $file Object "filespec" is returned, all further operations can be done with this object * @access public */ public static function remote_upload($files, $user, $upload_url, \phpbb\mimetype\guesser $mimetype_guesser = null) { $phpbb_root_path = objects::$phpbb_root_path; $upload_ary = array(); $upload_ary['local_mode'] = true; $upload_from_phpbb = preg_match(objects::$phpbb_link_template, $upload_url, $match_phpbb); if (!preg_match('#^(https?://).*?\\.(' . implode('|', $files->allowed_extensions) . ')$#i', $upload_url, $match) && !$upload_from_phpbb) { $file = new \fileerror($user->lang[$files->error_prefix . 'URL_INVALID']); return $file; } if (empty($match[2]) && empty($match_phpbb[2])) { $file = new \fileerror($user->lang[$files->error_prefix . 'URL_INVALID']); return $file; } $url = parse_url($upload_url); $host = $url['host']; $path = $url['path']; $port = !empty($url['port']) ? (int) $url['port'] : 80; $upload_ary['type'] = 'application/octet-stream'; $url['path'] = explode('.', $url['path']); $ext = array_pop($url['path']); $url['path'] = implode('', $url['path']); $upload_ary['name'] = utf8_basename($url['path']) . ($ext ? '.' . $ext : ''); $filename = $url['path']; $filesize = 0; $remote_max_filesize = $files->max_filesize; if (!$remote_max_filesize) { $max_filesize = @ini_get('upload_max_filesize'); if (!empty($max_filesize)) { $unit = strtolower(substr($max_filesize, -1, 1)); $remote_max_filesize = (int) $max_filesize; switch ($unit) { case 'g': $remote_max_filesize *= 1024; // no break // no break case 'm': $remote_max_filesize *= 1024; // no break // no break case 'k': $remote_max_filesize *= 1024; // no break } } } $errno = 0; $errstr = ''; if (!($fsock = @fopen($upload_url, "r"))) { $file = new \fileerror($user->lang[$files->error_prefix . 'NOT_UPLOADED']); return $file; } // Make sure $path not beginning with / if (strpos($path, '/') === 0) { $path = substr($path, 1); } $get_info = false; $data = ''; $length = false; $timer_stop = time() + $files->upload_timeout; while (!@feof($fsock)) { if ($length) { // Don't attempt to read past end of file if server indicated length $block = @fread($fsock, min($length - $filesize, 1024)); } else { $block = @fread($fsock, 1024); } $filesize += strlen($block); if ($remote_max_filesize && $filesize > $remote_max_filesize) { $max_filesize = get_formatted_filesize($remote_max_filesize, false); $file = new \fileerror(sprintf($user->lang[$files->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); return $file; } $data .= $block; // Cancel upload if we exceed timeout if (time() >= $timer_stop) { $file = new \fileerror($user->lang[$files->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']); return $file; } } @fclose($fsock); if (empty($data)) { $file = new \fileerror($user->lang[$files->error_prefix . 'EMPTY_REMOTE_DATA']); return $file; } $tmp_path = @is_writable('/tmp/') ? '/tmp/' : $phpbb_root_path . 'cache/'; $filename = tempnam($tmp_path, unique_id() . '-'); if (!($fp = @fopen($filename, 'wb'))) { $file = new \fileerror($user->lang[$files->error_prefix . 'NOT_UPLOADED']); return $file; } $upload_ary['size'] = fwrite($fp, $data); fclose($fp); unset($data); $upload_ary['tmp_name'] = $filename; $file = new \filespec($upload_ary, $files, $mimetype_guesser); if ($upload_from_phpbb) { $file->extension = 'zip'; } $files->common_checks($file); return $file; }
/** * {@inheritdoc} */ public function process_form($request, $template, $user, $row, &$error) { if (!$this->can_upload()) { return false; } if (!class_exists('fileupload')) { include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; } $upload = new \fileupload('AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false); $url = $request->variable('avatar_upload_url', ''); $upload_file = $request->file('avatar_upload_file'); if (!empty($upload_file['name'])) { $file = $upload->form_upload('avatar_upload_file', $this->mimetype_guesser); } else { if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) { if (!preg_match('#^(http|https|ftp)://#i', $url)) { $url = 'http://' . $url; } if (!function_exists('validate_data')) { require $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext; } $validate_array = validate_data(array('url' => $url), array('url' => array('string', true, 5, 255))); $error = array_merge($error, $validate_array); if (!empty($error)) { return false; } $file = $upload->remote_upload($url, $this->mimetype_guesser); } else { return false; } } $prefix = $this->config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $row['id']); // If there was an error during upload, then abort operation if (sizeof($file->error)) { $file->remove(); $error = $file->error; return false; } // Calculate new destination $destination = $this->config['avatar_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) { $destination = ''; } /** * Before moving new file in place (and eventually overwriting the existing avatar with the newly uploaded avatar) * * @event core.avatar_driver_upload_move_file_before * @var string destination Destination directory where the file is going to be moved * @var string prefix Prefix for the avatar filename * @var array row Array with avatar row data * @var array error Array of errors, if filled in by this event file will not be moved * @since 3.1.6-RC1 */ $vars = array('destination', 'prefix', 'row', 'error'); extract($this->dispatcher->trigger_event('core.avatar_driver_upload_move_file_before', compact($vars))); if (!sizeof($error)) { // Move file and overwrite any existing image $file->move_file($destination, true); } // If there was an error during move, then clean up leftovers $error = array_merge($error, $file->error); if (sizeof($error)) { $file->remove(); return false; } // Delete current avatar if not overwritten $ext = substr(strrchr($row['avatar'], '.'), 1); if ($ext && $ext !== $file->get('extension')) { $this->delete($row); } return array('avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), 'avatar_width' => $file->get('width'), 'avatar_height' => $file->get('height')); }
public function main($id, $mode) { global $config, $user, $template, $request, $phpbb_container, $phpbb_root_path, $phpEx; $user->add_lang_ext('tas2580/mobilenotifier', 'common'); $wa = $phpbb_container->get('tas2580.mobilenotifier.src.helper'); switch ($mode) { case 'settings': $this->tpl_name = 'acp_mobilenotifier_settings'; $this->page_title = $user->lang('ACP_MOBILENOTIFIER_SETTINGS'); $data_foler = $phpbb_root_path . 'ext/tas2580/mobilenotifier/vendor/Chat-API/wadata'; add_form_key('acp_mobilenotifier'); // Form is submitted if ($request->is_set_post('submit')) { if (!check_form_key('acp_mobilenotifier')) { trigger_error($user->lang('FORM_INVALID') . adm_back_link($this->u_action), E_USER_WARNING); } $sender = $request->variable('sender', ''); $password = $request->variable('password', ''); $status = $request->variable('status', ''); if (!empty($sender) && !empty($password)) { if ($status != $config['whatsapp_status']) { $wa->update_status($status); } if ($request->file('image')) { include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new \fileupload(); $upload->set_allowed_extensions(array('jpg', 'png', 'gif')); $file = $upload->form_upload('image'); if ($file->filename) { $wa->update_picture($file->filename); } } } $config->set('whatsapp_sender', $sender); $config->set('whatsapp_password', $password); $config->set('whatsapp_status', $status); $config->set('whatsapp_default_cc', $request->variable('default_cc', '')); trigger_error($user->lang('ACP_SAVED') . adm_back_link($this->u_action)); } $template->assign_vars(array('DATA_WRITABLE' => is_writable($data_foler), 'DATA_FOLDER_NOT_WRITABLE' => $user->lang('DATA_FOLDER_NOT_WRITABLE', $data_foler), 'WA_VERSION' => \Constants::WHATSAPP_VER, 'U_ACTION' => $this->u_action, 'SENDER' => isset($config['whatsapp_sender']) ? $config['whatsapp_sender'] : '', 'PASSWORD' => isset($config['whatsapp_password']) ? $config['whatsapp_password'] : '', 'STATUS' => isset($config['whatsapp_status']) ? $config['whatsapp_status'] : '', 'CC_SELECT' => $wa->cc_select(isset($config['whatsapp_default_cc']) ? $config['whatsapp_default_cc'] : ''))); break; case 'debug': $this->tpl_name = 'acp_mobilenotifier_debug'; $this->page_title = $user->lang('ACP_MOBILENOTIFIER_DEBUG'); if ($request->is_set_post('get_code')) { $method = $request->variable('method', 'sms'); $response = $wa->register('', $method); trigger_error($user->lang('CODE_REQUEST_SEND', $method) . adm_back_link($this->u_action)); } if ($request->is_set_post('get_pw')) { $code = $request->variable('code', ''); $response = $wa->register($code); $config->set('whatsapp_password', $response); trigger_error($user->lang('PASSWORD_REQUEST_SEND') . adm_back_link($this->u_action)); } if ($request->is_set_post('test')) { $nr = $request->variable('nr', ''); $response = $wa->send_test($nr, $user->lang('TEST_MESSAGE', generate_board_url())); trigger_error($user->lang('TEST_MESSAGE_SEND', $nr) . adm_back_link($this->u_action)); } $template->assign_vars(array('REQUEST_CODE_FOR' => $user->lang('REQUEST_CODE_FOR', $config['whatsapp_sender']), 'S_EMPTY_SENDER' => empty($config['whatsapp_sender']))); break; } }
/** * * @package automod * @copyright (c) 2008 phpBB Group * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License * */ function upload_ext($action) { global $phpbb_root_path, $phpEx, $phpbb_log, $phpbb_extension_manager, $template, $user, $request; //$can_upload = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !@extension_loaded('zlib')) ? false : true; $user->add_lang('posting'); // For error messages if (!class_exists('\\fileupload')) { include $phpbb_root_path . 'includes/functions_upload.' . $phpEx; } $upload = new \fileupload(); $upload->set_allowed_extensions(array('zip')); // Only allow ZIP files $upload_dir = $this->zip_dir; // Make sure the ext/ directory exists and if it doesn't, create it if (!is_dir($phpbb_root_path . 'ext')) { $this->recursive_mkdir($phpbb_root_path . 'ext'); } if (!is_writable($phpbb_root_path . 'ext')) { $this->trigger_error($user->lang['EXT_NOT_WRITABLE'], E_USER_WARNING); return false; } if (!is_dir($this->zip_dir)) { $this->recursive_mkdir($this->zip_dir); } // Proceed with the upload if ($action == 'upload') { $file = $upload->form_upload('extupload'); } else { if ($action == 'upload_remote') { $file = $this->remote_upload($upload, $request->variable('remote_upload', '')); } else { if ($action == 'upload_from_phpbb') { $file = $this->remote_upload($upload, $request->variable('valid_phpbb_ext', '')); } else { if ($action == 'upload_self') { $this->self_update = $request->variable('self_update', ''); if ($this->self_update !== false && preg_match($this->phpbb_link_template, $this->self_update)) { $file = $this->remote_upload($upload, $this->self_update); } else { $this->trigger_error($user->lang['EXT_UPLOAD_ERROR'], E_USER_WARNING); return false; } } } } } // What is a safe limit of execution time? Half the max execution time should be safe. $safe_time_limit = ini_get('max_execution_time') / 2; $start_time = time(); // We skip working with a zip file if we are enabling/restarting the extension. if ($action != 'force_update' && $action != 'upload_self_update') { if ($action != 'upload_local') { if (empty($file->filename)) { $this->trigger_error(sizeof($file->error) ? implode('<br />', $file->error) : $user->lang['NO_UPLOAD_FILE'], E_USER_WARNING); return false; } else { if ($file->init_error || sizeof($file->error)) { $file->remove(); $this->trigger_error(sizeof($file->error) ? implode('<br />', $file->error) : $user->lang['EXT_UPLOAD_INIT_FAIL'], E_USER_WARNING); return false; } } $file->clean_filename('real'); $file->move_file(str_replace($phpbb_root_path, '', $upload_dir), true, true); if (sizeof($file->error)) { $file->remove(); $this->trigger_error(implode('<br />', $file->error), E_USER_WARNING); return false; } $dest_file = $file->destination_file; } else { $dest_file = $upload_dir . '/' . $request->variable('local_upload', ''); } if (!class_exists('\\compress_zip')) { include $phpbb_root_path . 'includes/functions_compress.' . $phpEx; } // We need to use the user ID and the time to escape from problems with simultaneous uploads. // We suppose that one user can upload only one extension per session. $ext_tmp = 'tmp/' . (int) $user->data['user_id']; // Ensure that we don't have any previous files in the working directory. if (is_dir($phpbb_root_path . 'ext/' . $ext_tmp)) { if (!$this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp)) { if ($action != 'upload_local') { $file->remove(); } return false; } } $zip = new \compress_zip('r', $dest_file); $zip->extract($phpbb_root_path . 'ext/' . $ext_tmp . '/'); $zip->close(); $composery = $this->getComposer($phpbb_root_path . 'ext/' . $ext_tmp); if (!$composery) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $file->remove(); $this->trigger_error($user->lang['ACP_UPLOAD_EXT_ERROR_COMP'], E_USER_WARNING); return false; } $string = @file_get_contents($composery); if ($string === false) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $file->remove(); $this->trigger_error($user->lang['EXT_UPLOAD_ERROR'], E_USER_WARNING); return false; } $json_a = json_decode($string, true); $destination = isset($json_a['name']) ? $json_a['name'] : ''; $ext_version = isset($json_a['version']) ? $json_a['version'] : '0.0.0'; if (strpos($destination, '/') === false) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $file->remove(); $this->trigger_error($user->lang['ACP_UPLOAD_EXT_ERROR_DEST'], E_USER_WARNING); return false; } else { if (strpos($destination, $this->upload_ext_name) !== false && $action != 'upload_self') { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $file->remove(); $this->trigger_error($user->lang['EXT_UPLOAD_ERROR'], E_USER_WARNING); return false; } } $display_name = isset($json_a['extra']['display-name']) ? $json_a['extra']['display-name'] : 'Unknown extension'; if (!isset($json_a['type']) || $json_a['type'] != "phpbb-extension") { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); if ($action != 'upload_local') { $file->remove(); } $this->trigger_error($user->lang['NOT_AN_EXTENSION'], E_USER_WARNING); return false; } $source = substr($composery, 0, -14); if ($action != 'upload_self') { $source_for_check = $ext_tmp . '/' . $destination; } else { $source_for_check = 'boardtools/new_upload/' . $destination; } // At first we need to change the directory structure to something like ext/tmp/vendor/extension. // We need it to escape from problems with dots on validation. if ($source != $phpbb_root_path . 'ext/' . $source_for_check) { if (!$this->rcopy($source, $phpbb_root_path . 'ext/' . $source_for_check)) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); if ($action != 'upload_local') { $file->remove(); } return false; } $source = $phpbb_root_path . 'ext/' . $source_for_check; } // Validate the extension to check if it can be used on the board. $md_manager = $phpbb_extension_manager->create_extension_metadata_manager($source_for_check, $template); try { if ($md_manager->get_metadata() === false || $md_manager->validate_require_phpbb() === false || $md_manager->validate_require_php() === false) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); if ($action != 'upload_local') { $file->remove(); } $this->trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'], E_USER_WARNING); return false; } } catch (\phpbb\extension\exception $e) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); if ($action != 'upload_local') { $file->remove(); } $this->trigger_error($e . ' ' . $user->lang['ACP_UPLOAD_EXT_ERROR_NOT_SAVED'], E_USER_WARNING); return false; } // Save/remove the uploaded archive file. if ($action != 'upload_local') { if ($request->variable('keepext', false) == false) { $file->remove(); } else { $display_name = str_replace(array('/', '\\'), '_', $display_name); $ext_version = str_replace(array('/', '\\'), '_', $ext_version); // Save this file and any other files that were uploaded with the same name. if (@file_exists(substr($dest_file, 0, strrpos($dest_file, '/') + 1) . $display_name . "_" . $ext_version . ".zip")) { $finder = 1; while (@file_exists(substr($dest_file, 0, strrpos($dest_file, '/') + 1) . $display_name . "_" . $ext_version . "(" . $finder . ").zip")) { $finder++; } @rename($dest_file, substr($dest_file, 0, strrpos($dest_file, '/') + 1) . $display_name . "_" . $ext_version . "(" . $finder . ").zip"); } else { @rename($dest_file, substr($dest_file, 0, strrpos($dest_file, '/') + 1) . $display_name . "_" . $ext_version . ".zip"); } } } // Here we can assume that all checks are done. // Now we are able to install the uploaded extension to the correct path. } else { if ($action != 'upload_self_update') { // All checks were done previously. Now we only need to restore the variables. // We try to restore the data of the current upload. $ext_tmp = 'tmp/' . (int) $user->data['user_id']; if (!is_dir($phpbb_root_path . 'ext/' . $ext_tmp) || !($composery = $this->getComposer($phpbb_root_path . 'ext/' . $ext_tmp)) || !($string = @file_get_contents($composery))) { $this->trigger_error($user->lang['ACP_UPLOAD_EXT_WRONG_RESTORE'], E_USER_WARNING); return false; } $json_a = json_decode($string, true); $destination = isset($json_a['name']) ? $json_a['name'] : ''; if (strpos($destination, '/') === false) { $this->trigger_error($user->lang['ACP_UPLOAD_EXT_WRONG_RESTORE'], E_USER_WARNING); return false; } $source = substr($composery, 0, -14); $display_name = isset($json_a['extra']['display-name']) ? $json_a['extra']['display-name'] : 'Unknown extension'; } else { // All checks were done previously. Now we only need to restore the variables. // We try to restore the data of the current upload. $ext_tmp = 'boardtools/new_upload'; if (!is_dir($phpbb_root_path . 'ext/' . $ext_tmp) || !($composery = $this->getComposer($phpbb_root_path . 'ext/' . $ext_tmp)) || !($string = @file_get_contents($composery))) { $this->trigger_error($user->lang['ACP_UPLOAD_EXT_WRONG_RESTORE'], E_USER_WARNING); return false; } $json_a = json_decode($string, true); $destination = isset($json_a['name']) ? $json_a['name'] : ''; if (strpos($destination, 'boardtools/') === false) { $this->trigger_error($user->lang['ACP_UPLOAD_EXT_WRONG_RESTORE'], E_USER_WARNING); return false; } $source = substr($composery, 0, -14); $display_name = isset($json_a['extra']['display-name']) ? $json_a['extra']['display-name'] : 'Unknown extension'; } } $made_update = false; if ($action != 'upload_self' && $action != 'upload_self_update') { // Delete the previous version of extension files - we're able to update them. if (is_dir($phpbb_root_path . 'ext/' . $destination)) { // At first we need to disable the extension if it is enabled. if ($phpbb_extension_manager->is_enabled($destination)) { while ($phpbb_extension_manager->disable_step($destination)) { // Are we approaching the time limit? If so, we want to pause the update and continue after refreshing. if (time() - $start_time >= $safe_time_limit) { $template->assign_var('S_NEXT_STEP', true); // No need to specify the name of the extension. We suppose that it is the one in ext/tmp/USER_ID folder. meta_refresh(0, $this->main_link . '&action=force_update'); return false; } } $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_DISABLE', time(), array($destination)); $made_update = true; } $old_ext_name = $destination; if ($old_composery = $this->getComposer($phpbb_root_path . 'ext/' . $destination)) { if (!($old_string = @file_get_contents($old_composery))) { $old_ext_name = $old_ext_name . '_0.0.0'; } else { $old_json_a = json_decode($old_string, true); $old_display_name = isset($old_json_a['extra']['display-name']) ? $old_json_a['extra']['display-name'] : $old_ext_name; $old_ext_version = isset($old_json_a['version']) ? $old_json_a['version'] : '0.0.0'; $old_ext_name = $old_display_name . '_' . $old_ext_version; } } $this->save_zip_archive('ext/' . $destination . '/', str_replace(array('/', '\\'), '_', $old_ext_name) . '_old'); if (!$this->rrmdir($phpbb_root_path . 'ext/' . $destination)) { return false; } } if (!$this->rcopy($source, $phpbb_root_path . 'ext/' . $destination)) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); return false; } // No enabling at this stage. Admins should have a chance to revise the uploaded scripts. if (!$this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp)) { return false; } } else { if ($action == 'upload_self') { // No enabling at this stage. Admins should have a chance to revise the uploaded scripts. if (!$this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp)) { return false; } $destination = 'boardtools/new_upload/' . $destination; } else { // Now Upload Extensions will update itself. We suppose that it will be fast and without errors. // Otherwise users will need to use FTP. $phpbb_extension_manager->disable($destination); $this->rcopy($source, $phpbb_root_path . 'ext/' . $destination); $phpbb_extension_manager->enable($destination); $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $template->assign_vars(array('S_UPDATED_SELF' => $display_name)); return true; } } foreach ($json_a['authors'] as $author) { $template->assign_block_vars('authors', array('AUTHOR' => $author['name'])); } $string = @file_get_contents($phpbb_root_path . 'ext/' . $destination . '/README.md'); if ($string !== false) { $readme = \Michelf\MarkdownExtra::defaultTransform($string); } else { $readme = false; } $template->assign_vars(array('S_UPLOADED' => $display_name, 'S_UPLOADED_SELF' => $action == 'upload_self', 'EXT_UPDATED' => $made_update, 'FILETREE' => \boardtools\upload\filetree\filetree::php_file_tree($phpbb_root_path . 'ext/' . $destination, $display_name, $this->main_link), 'S_ACTION' => $action != 'upload_self' ? $phpbb_root_path . 'adm/index.' . $phpEx . '?i=acp_extensions&sid=' . $user->session_id . '&mode=main&action=enable_pre&ext_name=' . urlencode($destination) : $this->main_link . '&action=upload_self_update', 'S_ACTION_BACK' => $this->main_link, 'U_ACTION' => $this->u_action, 'README_MARKDOWN' => $readme, 'FILENAME' => $string !== false ? 'README.md' : 'composer.json', 'CONTENT' => $string !== false ? highlight_string($string, true) : highlight_string(@file_get_contents($phpbb_root_path . 'ext/' . $destination . '/composer.json'), true))); return true; }
function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false) { global $_CLASS, $config; $filedata = array(); $filedata['error'] = array(); include_once SITE_FILE_ROOT . 'includes/forums/functions_upload.php'; $upload = new fileupload(); if (!$local) { $filedata['post_attach'] = $upload->is_valid($form_name) ? true : false; } else { $filedata['post_attach'] = true; } if (!$filedata['post_attach']) { $filedata['error'][] = 'No filedata found'; return $filedata; } $extensions = obtain_attach_extensions($forum_id); if (!empty($extensions['_allowed_'])) { $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); } if ($local) { $file = $upload->local_upload($local_storage); } else { $file = $upload->form_upload($form_name); } if ($file->init_error) { $filedata['post_attach'] = false; return $filedata; } $cat_id = isset($extensions[$file->get('extension')]['display_cat']) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE; // Do we have to create a thumbnail? $filedata['thumbnail'] = $cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail'] ? 1 : 0; // Check Image Size, if it is an image if (!$_CLASS['auth']->acl_gets('m_', 'a_') && $cat_id == ATTACHMENT_CATEGORY_IMAGE) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } if (!$_CLASS['auth']->acl_gets('a_', 'm_')) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize'] != 0 ? $extensions[$file->get('extension')]['max_filesize'] : ($is_message ? $config['max_filesize_pm'] : $config['max_filesize']); $file->upload->set_max_filesize($allowed_filesize); } $file->clean_filename('unique', $_CLASS['core_user']->data['user_id'] . '_'); $file->move_file($config['upload_path']); if (!empty($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $_CLASS['core_user']->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($config['upload_path'])) { if ($free_space <= $file->get('filesize')) { $filedata['error'][] = $_CLASS['core_user']->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($filedata['thumbnail']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } return $filedata; }
/** * run - display template and edit data * * @access public * */ public function run() { $tpl = new template(); //Only admins if ($_SESSION['userdata']['role'] == 'admin') { if (isset($_GET['id']) === true) { $id = (int) $_GET['id']; $row = $this->getProject($id); $msgKey = ''; $values = array('name' => $row['name'], 'details' => $row['details'], 'clientId' => $row['clientId'], 'state' => $row['state'], 'hourBudget' => $row['hourBudget'], 'assignedUsers' => $this->getProjectUserRelation($id), 'dollarBudget' => $row['dollarBudget']); //Edit project if (isset($_POST['save']) === true) { if (isset($_POST['editorId']) && count($_POST['editorId'])) { $assignedUsers = $_POST['editorId']; } else { $assignedUsers = array(); } $values = array('name' => $_POST['name'], 'details' => $_POST['details'], 'clientId' => $_POST['clientId'], 'state' => $_POST['projectState'], 'hourBudget' => $_POST['hourBudget'], 'assignedUsers' => $assignedUsers, 'dollarBudget' => $_POST['dollarBudget']); if ($values['name'] !== '') { if ($this->hasTickets($id) && $values['state'] == 1) { $tpl->setNotification('PROJECT_HAS_TICKETS', 'error'); } else { $this->editProject($values, $id); //Take the old value to avoid nl character $values['details'] = $_POST['details']; $tpl->setNotification('PROJECT_EDITED', 'success'); } } else { $tpl->setNotification('NO_PROJECTTNAME', 'error'); } } //Add Account if (isset($_POST['accountSubmit']) === true) { $accountValues = array('name' => $_POST['accountName'], 'kind' => $_POST['kind'], 'username' => $_POST['username'], 'password' => $_POST['password'], 'host' => $_POST['host'], 'projectId' => $id); if ($accountValues['name'] !== '') { $this->addProjectAccount($accountValues); $tpl->setNotification('ACCOUNT_ADDED', 'sucess'); } else { $tpl->setNotification('NO_ACCOUNT_NAME', 'error'); } $tpl->assign('accountValues', $accountValues); } //Upload file if (isset($_POST['upload']) === true) { if ($_FILES['file']['name'] !== '') { $upload = new fileupload(); $upload->initFile($_FILES['file']); if ($upload->error == '') { //Name on Server is encoded $newname = md5($id . time()); $upload->renameFile($newname); if ($upload->upload() === true) { $fileValues = array('encName' => $upload->file_name, 'realName' => $upload->real_name, 'date' => date("Y-m-d H:i:s"), 'ticketId' => $id, 'userId' => $_SESSION['userdata']['id']); $this->addFile($fileValues); $tpl->setNotification('FILE_UPLOADED', 'success'); } else { $tpl->setNotification('ERROR_FILEUPLOAD', 'error'); } } else { $tpl->setNotification('ERROR_FILEUPLOAD', 'error'); } } else { $tpl->setNotification('NO_FILE', 'error'); } } $helper = new helper(); $clients = new clients(); $user = new users(); $tpl->assign('availableUsers', $user->getAll()); //Assign vars $tpl->assign('info', $msgKey); $tpl->assign('clients', $clients->getAll()); $tpl->assign('values', $values); $tpl->assign('files', $this->getFiles($id)); $tpl->assign('helper', $helper); $tpl->assign('accounts', $this->getProjectAccounts($id)); $tpl->display('projects.editProject'); } else { $tpl->display('general.error'); } } else { $tpl->display('general.error'); } }
/** * Upload Attachment - filedata is generated here * Uses upload class */ function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false) { global $auth, $user, $config, $db, $cache; global $phpbb_root_path, $phpEx; $filedata = array('error' => array()); include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload(); if ($config['check_attachment_content'] && isset($config['mime_triggers'])) { $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); } if (!$local) { $filedata['post_attach'] = $upload->is_valid($form_name) ? true : false; } else { $filedata['post_attach'] = true; } if (!$filedata['post_attach']) { $filedata['error'][] = $user->lang['NO_UPLOAD_FORM_FOUND']; return $filedata; } $extensions = $cache->obtain_attach_extensions($is_message ? false : (int) $forum_id); $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); $file = $local ? $upload->local_upload($local_storage, $local_filedata) : $upload->form_upload($form_name); if ($file->init_error) { $filedata['post_attach'] = false; return $filedata; } $cat_id = isset($extensions[$file->get('extension')]['display_cat']) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE; // Make sure the image category only holds valid images... if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image()) { $file->remove(); // If this error occurs a user tried to exploit an IE Bug by renaming extensions // Since the image category is displaying content inline we need to catch this. trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']); } // Do we have to create a thumbnail? $filedata['thumbnail'] = $cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail'] ? 1 : 0; // Check Image Size, if it is an image if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id) && $cat_id == ATTACHMENT_CATEGORY_IMAGE) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } // Admins and mods are allowed to exceed the allowed filesize if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id)) { if (!empty($extensions[$file->get('extension')]['max_filesize'])) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize']; } else { $allowed_filesize = $is_message ? $config['max_filesize_pm'] : $config['max_filesize']; } $file->upload->set_max_filesize($allowed_filesize); } $file->clean_filename('unique', $user->data['user_id'] . '_'); // Are we uploading an image *and* this image being within the image category? Only then perform additional image checks. $no_image = $cat_id == ATTACHMENT_CATEGORY_IMAGE ? false : true; $file->move_file($config['upload_path'], false, $no_image); if (sizeof($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path'])) { if ($free_space <= $file->get('filesize')) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($filedata['thumbnail']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } return $filedata; }
/** * {@inheritdoc} */ public function process_form($request, $template, $user, $row, &$error) { $url = $request->variable('avatar_remote_url', ''); $width = $request->variable('avatar_remote_width', 0); $height = $request->variable('avatar_remote_height', 0); if (empty($url)) { return false; } if (!preg_match('#^(http|https|ftp)://#i', $url)) { $url = 'http://' . $url; } if (!function_exists('validate_data')) { require $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext; } $validate_array = validate_data(array('url' => $url), array('url' => array('string', true, 5, 255))); $error = array_merge($error, $validate_array); if (!empty($error)) { return false; } // Check if this url looks alright // This isn't perfect, but it's what phpBB 3.0 did, and might as well make sure everything is compatible if (!preg_match('#^(http|https|ftp)://(?:(.*?\\.)*?[a-z0-9\\-]+?\\.[a-z]{2,4}|(?:\\d{1,3}\\.){3,5}\\d{1,3}):?([0-9]*?).*?\\.(' . implode('|', $this->allowed_extensions) . ')$#i', $url)) { $error[] = 'AVATAR_URL_INVALID'; return false; } // Make sure getimagesize works... if (function_exists('getimagesize')) { if (($width <= 0 || $height <= 0) && ($image_data = @getimagesize($url)) === false) { $error[] = 'UNABLE_GET_IMAGE_SIZE'; return false; } if (!empty($image_data) && ($image_data[0] <= 0 || $image_data[1] <= 0)) { $error[] = 'AVATAR_NO_SIZE'; return false; } $width = $width && $height ? $width : $image_data[0]; $height = $width && $height ? $height : $image_data[1]; } if ($width <= 0 || $height <= 0) { $error[] = 'AVATAR_NO_SIZE'; return false; } if (!class_exists('fileupload')) { include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; } $types = \fileupload::image_types(); $extension = strtolower(\filespec::get_extension($url)); // Check if this is actually an image if ($file_stream = @fopen($url, 'r')) { // Timeout after 1 second stream_set_timeout($file_stream, 1); // read some data to ensure headers are present fread($file_stream, 1024); $meta = stream_get_meta_data($file_stream); if (isset($meta['wrapper_data']['headers']) && is_array($meta['wrapper_data']['headers'])) { $headers = $meta['wrapper_data']['headers']; } else { if (isset($meta['wrapper_data']) && is_array($meta['wrapper_data'])) { $headers = $meta['wrapper_data']; } else { $headers = array(); } } foreach ($headers as $header) { $header = preg_split('/ /', $header, 2); if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type') { if (strpos($header[1], 'image/') !== 0) { $error[] = 'AVATAR_URL_INVALID'; fclose($file_stream); return false; } else { fclose($file_stream); break; } } } } else { $error[] = 'AVATAR_URL_INVALID'; return false; } if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))) { if (!isset($types[$image_data[2]])) { $error[] = 'UNABLE_GET_IMAGE_SIZE'; } else { $error[] = array('IMAGE_FILETYPE_MISMATCH', $types[$image_data[2]][0], $extension); } return false; } if ($this->config['avatar_max_width'] || $this->config['avatar_max_height']) { if ($width > $this->config['avatar_max_width'] || $height > $this->config['avatar_max_height']) { $error[] = array('AVATAR_WRONG_SIZE', $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], $width, $height); return false; } } if ($this->config['avatar_min_width'] || $this->config['avatar_min_height']) { if ($width < $this->config['avatar_min_width'] || $height < $this->config['avatar_min_height']) { $error[] = array('AVATAR_WRONG_SIZE', $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], $width, $height); return false; } } return array('avatar' => $url, 'avatar_width' => $width, 'avatar_height' => $height); }
/** * deleteAllFiles - delete the whole list and the files on the server * * @access public * @param $id * */ public function deleteAllFiles($id) { $upload = new fileupload(); $query1 = "SELECT encName FROM zp_ticketFiles WHERE ticketId = '" . $id . "'"; foreach ($this->db->dbQuery($query1)->dbFetchResults() as $row) { $upload->deleteFile($row['encName']); } }
/** * Original copyright information for the function from AutoMOD. * The function was almost totally changed by the authors of Upload Extensions. * @package automod * @copyright (c) 2008 phpBB Group * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License * * @param string $action Requested action. * @return \filespec|bool */ public function proceed_upload($action) { global $phpbb_root_path, $phpEx, $user, $request; //$can_upload = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !@extension_loaded('zlib')) ? false : true; $user->add_lang('posting'); // For error messages if (!class_exists('\\fileupload')) { include $phpbb_root_path . 'includes/functions_upload.' . $phpEx; } $upload = new \fileupload(); $upload->set_allowed_extensions(array('zip')); // Only allow ZIP files // Make sure the ext/ directory exists and if it doesn't, create it if (!is_dir($phpbb_root_path . 'ext')) { if (!files::catch_errors(files::recursive_mkdir($phpbb_root_path . 'ext'))) { return false; } } if (!is_writable($phpbb_root_path . 'ext')) { files::catch_errors($user->lang['EXT_NOT_WRITABLE']); return false; } if (!is_dir(objects::$zip_dir)) { if (!files::catch_errors(files::recursive_mkdir(objects::$zip_dir))) { return false; } } if (!is_writable($phpbb_root_path . 'ext/' . objects::$upload_ext_name . '/tmp')) { if (!phpbb_chmod($phpbb_root_path . 'ext/' . objects::$upload_ext_name . '/tmp', CHMOD_READ | CHMOD_WRITE)) { files::catch_errors($user->lang['EXT_TMP_NOT_WRITABLE']); return false; } } $file = false; // Proceed with the upload if ($action == 'upload') { if (!$request->is_set("extupload", \phpbb\request\request_interface::FILES)) { files::catch_errors($user->lang['NO_UPLOAD_FILE']); return false; } $file = $upload->form_upload('extupload'); } else { if ($action == 'upload_remote') { $php_ini = new \phpbb\php\ini(); if (!$php_ini->get_bool('allow_url_fopen')) { files::catch_errors($user->lang['EXT_ALLOW_URL_FOPEN_DISABLED']); return false; } $remote_url = $request->variable('remote_upload', ''); if (!extension_loaded('openssl') && 'https' === substr($remote_url, 0, 5)) { files::catch_errors($user->lang['EXT_OPENSSL_DISABLED']); return false; } $file = files::remote_upload($upload, $user, $remote_url); } } return $file; }