function fetch_body_request($url, $maxsize = 0, $dieonmaxsize = false, $returnheaders = false)
{
global $vbulletin;
require_once DIR . '/includes/class_vurl.php';
$vurl = new vB_vURL($vbulletin);
return $vurl->fetch_body($url, $maxsize, $dieonmaxsize, $returnheaders);
}
/** Upload an image based on the url
*
* @param int user ID
* @param string remote url
* @param bool save as attachment
*
* @return mixed array of data, includes filesize, dateline, htmltype, filename, extension, and filedataid
**/
public function uploadUrl($userid, $url, $attachment = false, $uploadfrom = '')
{
//Leave for consistency with admincp
if (!defined('ATTACH_AS_FILES_NEW')) {
define('ATTACH_AS_FILES_NEW', 2);
}
//Did we get a valid url?
if (empty($url)) {
// throw the same exception to mitigate SSRF (VBV-13082)
throw new vB_Exception_Api('upload_invalid_image');
}
if (!preg_match('#^https?://#i', $url)) {
// throw the same exception to mitigate SSRF (VBV-13082)
throw new vB_Exception_Api('upload_invalid_image');
}
// Retrieve the image
$vurl = new vB_vURL();
$fileResult = $vurl->fetch_body($url, 0, false, true);
if (empty($fileResult['body'])) {
// throw the same exception to mitigate SSRF (VBV-13082)
throw new vB_Exception_Api('upload_invalid_image');
}
$pathinfo = pathinfo($url);
if (empty($pathinfo)) {
// throw the same exception to mitigate SSRF (VBV-13082)
throw new vB_Exception_Api('upload_invalid_image');
}
// if there's no extension here try get one from elsewhere
$extension_map = $this->imageHandler->getExtensionMap();
if (empty($pathinfo['extension']) or !array_key_exists(strtolower($pathinfo['extension']), $extension_map)) {
// try to get an extension from the content type header
if (!empty($fileResult['headers']['content-type'])) {
// should be something like image/jpeg
$typeData = explode('/', $fileResult['headers']['content-type']);
if (count($typeData) == 2 and array_key_exists(trim($typeData[1]), $extension_map)) {
$extension = strtolower($extension_map[trim($typeData[1])]);
}
}
$name = $pathinfo['basename'] . '.' . $extension;
} else {
$extension = $pathinfo['extension'];
$name = $pathinfo['basename'];
}
$extension = strtolower($extension);
$filename = vB_Utilities::getTmpFileName($userid, 'vbattach', ".{$extension}");
file_put_contents($filename, $fileResult['body']);
$filesize = strlen($fileResult['body']);
//Make a local copy
$filearray = array('name' => $name, 'size' => $filesize, 'type' => 'image/' . $extension_map[$extension], 'tmp_name' => $filename);
if (!empty($uploadfrom)) {
$filearray['uploadFrom'] = $uploadfrom;
}
if ($attachment) {
return $this->uploadAttachment($userid, $filearray);
}
$result = $this->saveUpload($userid, $filearray, $fileResult['body'], $filesize, $extension, true);
if (file_exists($filearray['tmp_name'])) {
@unlink($filearray['tmp_name']);
}
return $result;
}
/**
* Get information from video's URL.
* This method makes use of bbcode_video table to get provider information
* @param $url
* @return array|bool Video data. False if the url is not supported or invalid
*/
public function getVideoFromUrl($url)
{
static $scraped = 0;
$vboptions = vB::getDatastore()->get_value('options');
if (!$this->providers) {
$bbcodes = $this->assertor->assertQuery("video_fetchproviders", array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED));
foreach ($bbcodes as $bbcode) {
$this->providers["{$bbcode['tagoption']}"] = $bbcode;
}
}
if (!empty($this->providers)) {
$match = false;
foreach ($this->providers as $provider) {
$addcaret = $provider['regex_url'][0] != '^' ? '^' : '';
if (preg_match('#' . $addcaret . $provider['regex_url'] . '#si', $url, $match)) {
break;
}
}
if ($match) {
if (!$provider['regex_scrape'] and $match[1]) {
$data = array('provider' => $provider['tagoption'], 'code' => $match[1], 'url' => $url);
} else {
if ($provider['regex_scrape'] and $vboptions['bbcode_video_scrape'] > 0 and $scraped < $vboptions['bbcode_video_scrape']) {
$vurl = new vB_vURL();
$result = $vurl->fetch_body($url);
if (preg_match('#' . $provider['regex_scrape'] . '#si', $result, $scrapematch)) {
$data = array('provider' => $provider['tagoption'], 'code' => $scrapematch[1], 'url' => $url);
}
$scraped++;
}
}
}
if (!empty($data)) {
return $data;
} else {
return false;
}
}
return false;
}
/**
* Upload an avatar from a URL and set it to be this user's custom avatar
*
* @param string The URL to retrieve the image from
* @param array An array containing the 'crop' element which contains the info to crop the image
*
* @return mixed an array- which can have $errors or avatarpath- the path from baseurl_core
*/
public function uploadUrl($url, $data = array())
{
if (!defined('ATTACH_AS_FILES_NEW')) {
//Leave for consistency with admincp
define('ATTACH_AS_FILES_NEW', 2);
}
$imageHandler = vB_Image::instance();
$usercontext = vB::getUserContext();
//Only logged-in-users can upload files
if (!$usercontext->fetchUserId() or !$usercontext->hasPermission('genericpermissions', 'canuseavatar') or !$usercontext->hasPermission('genericpermissions', 'canmodifyprofile')) {
throw new vB_Exception_Api('no_permission_use_avatar');
}
//Did we get a valid url?
if (empty($url)) {
// throw the same exception to mitigate SSRF (VBV-13082)
throw new vB_Exception_Api('upload_invalid_image');
}
if (!preg_match('#^https?://#i', $url)) {
// throw the same exception to mitigate SSRF (VBV-13082)
throw new vB_Exception_Api('upload_invalid_image');
}
// Retrieve the image
$vurl = new vB_vURL();
$fileResult = $vurl->fetch_body($url, 0, false, true);
if (empty($fileResult['body'])) {
// throw the same exception to mitigate SSRF (VBV-13082)
throw new vB_Exception_Api('upload_invalid_image');
}
$pathinfo = pathinfo($url);
$data['crop']['org_file_info'] = $pathinfo;
if (!empty($fileResult['body']) and !empty($pathinfo)) {
$extension_map = $imageHandler->getExtensionMap();
if (empty($pathinfo['extension']) or !array_key_exists(strtolower($pathinfo['extension']), $extension_map)) {
// try to get an extension from the content type header
if (!empty($fileResult['headers']['content-type'])) {
// should be something like image/jpeg
$typeData = explode('/', $fileResult['headers']['content-type']);
if (count($typeData) == 2 and array_key_exists(trim($typeData[1]), $extension_map)) {
$extension = strtolower($extension_map[trim($typeData[1])]);
}
}
} else {
$extension = $pathinfo['extension'];
}
//did we get an extension?
if (empty($extension)) {
// throw the same exception to mitigate SSRF (VBV-13082)
throw new vB_Exception_Api('upload_invalid_image');
}
//Make a local copy
$filename = vB_Utilities::getTmpFileName('', 'vbprofile', ".{$extension}");
file_put_contents($filename, $fileResult['body']);
return vB_Library::instance('user')->uploadAvatar($filename, empty($data['crop']) ? array() : $data['crop']);
}
}
