/** * Show bbcodes and smilies in the quickreply * Template data for Ajax submit * * @param object $event The event object * @return null * @access public */ public function viewtopic_modify_data($event) { $forum_id = $event['forum_id']; $topic_data = $event['topic_data']; $post_list = $event['post_list']; $topic_id = $topic_data['topic_id']; $s_quick_reply = false; if (($this->user->data['is_registered'] || $this->config['qr_allow_for_guests']) && $this->config['allow_quick_reply'] && $topic_data['forum_flags'] & FORUM_FLAG_QUICK_REPLY && $this->auth->acl_get('f_reply', $forum_id)) { // Quick reply enabled forum $s_quick_reply = $topic_data['forum_status'] == ITEM_UNLOCKED && $topic_data['topic_status'] == ITEM_UNLOCKED || $this->auth->acl_get('m_edit', $forum_id) ? true : false; } if (!$this->user->data['is_registered'] && $s_quick_reply) { add_form_key('posting'); $s_attach_sig = $this->config['allow_sig'] && $this->user->optionget('attachsig') && $this->auth->acl_get('f_sigs', $forum_id) && $this->auth->acl_get('u_sig'); $s_smilies = $this->config['allow_smilies'] && $this->user->optionget('smilies') && $this->auth->acl_get('f_smilies', $forum_id); $s_bbcode = $this->config['allow_bbcode'] && $this->user->optionget('bbcode') && $this->auth->acl_get('f_bbcode', $forum_id); $s_notify = false; $qr_hidden_fields = array('topic_cur_post_id' => (int) $topic_data['topic_last_post_id'], 'lastclick' => (int) time(), 'topic_id' => (int) $topic_data['topic_id'], 'forum_id' => (int) $forum_id); // Originally we use checkboxes and check with isset(), so we only provide them if they would be checked !$s_bbcode ? $qr_hidden_fields['disable_bbcode'] = 1 : true; !$s_smilies ? $qr_hidden_fields['disable_smilies'] = 1 : true; !$this->config['allow_post_links'] ? $qr_hidden_fields['disable_magic_url'] = 1 : true; $s_attach_sig ? $qr_hidden_fields['attach_sig'] = 1 : true; $s_notify ? $qr_hidden_fields['notify'] = 1 : true; $topic_data['topic_status'] == ITEM_LOCKED ? $qr_hidden_fields['lock_topic'] = 1 : true; $this->template->assign_vars(array('S_QUICK_REPLY' => true, 'U_QR_ACTION' => append_sid("{$this->phpbb_root_path}posting.{$this->php_ext}", "mode=reply&f={$forum_id}&t={$topic_id}"), 'QR_HIDDEN_FIELDS' => build_hidden_fields($qr_hidden_fields), 'USERNAME' => $this->request->variable('username', '', true))); if ($this->config['enable_post_confirm']) { $captcha = $this->captcha->get_instance($this->config['captcha_plugin']); $captcha->init(CONFIRM_POST); } if ($this->config['enable_post_confirm'] && (isset($captcha) && $captcha->is_solved() === false)) { $this->template->assign_vars(array('S_CONFIRM_CODE' => true, 'CAPTCHA_TEMPLATE' => $captcha->get_template())); } // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview if (isset($captcha) && $captcha->is_solved() !== false) { $this->template->append_var('QR_HIDDEN_FIELDS', build_hidden_fields($captcha->get_hidden_fields())); } } // Ajaxify viewtopic data if ($this->request->is_ajax() && $this->request->is_set('qr_request')) { if (!$this->user->data['is_registered'] && $this->config['enable_post_confirm']) { $captcha = $this->captcha->get_instance($this->config['captcha_plugin']); $captcha->init(CONFIRM_POST); // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview if (isset($captcha) && $captcha->is_solved() !== false) { $this->template->append_var('QR_HIDDEN_FIELDS', build_hidden_fields($captcha->get_hidden_fields())); } } // Fix issues if the inserted post is not the first. if ($this->qr_insert && !$this->qr_first) { $this->template->alter_block_array('postrow', array('S_FIRST_ROW' => false), false, 'change'); } $page_title = $event['page_title']; $this->template->assign_vars(array('S_QUICKREPLY_REQUEST' => true, 'S_QR_NO_FIRST_POST' => $this->qr_insert, 'S_QR_FULL_QUOTE' => $this->config['qr_full_quote'])); $this->template->append_var('QR_HIDDEN_FIELDS', build_hidden_fields(array('qr' => 1, 'qr_cur_post_id' => (int) max($post_list)))); // Output the page page_header($page_title, false, $forum_id); page_footer(false, false, false); $json_response = new \phpbb\json_response(); $json_response->send(array('success' => true, 'result' => $this->template->assign_display('@tatiana5_quickreply/quickreply_template.html', '', true), 'insert' => $this->qr_insert)); } if ($s_quick_reply) { include_once $this->phpbb_root_path . 'includes/functions_posting.' . $this->php_ext; // HTML, BBCode, Smilies, Images and Flash status $bbcode_status = $this->config['allow_bbcode'] && $this->config['qr_bbcode'] && $this->auth->acl_get('f_bbcode', $forum_id) ? true : false; $smilies_status = $this->config['allow_smilies'] && $this->config['qr_smilies'] && $this->auth->acl_get('f_smilies', $forum_id) ? true : false; $img_status = $bbcode_status && $this->auth->acl_get('f_img', $forum_id) ? true : false; $url_status = $this->config['allow_post_links'] ? true : false; $flash_status = $bbcode_status && $this->auth->acl_get('f_flash', $forum_id) && $this->config['allow_post_flash'] ? true : false; $quote_status = true; // Build custom bbcodes array if ($bbcode_status) { display_custom_bbcodes(); } // Generate smiley listing if ($smilies_status) { generate_smilies('inline', $forum_id); } // Show attachment box for adding attachments if true $form_enctype = @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$this->config['allow_attachments'] || !$this->auth->acl_get('u_attach') || !$this->auth->acl_get('f_attach', $forum_id) ? '' : '" enctype="multipart/form-data'; $allowed = $this->auth->acl_get('f_attach', $forum_id) && $this->auth->acl_get('u_attach') && $this->config['allow_attachments'] && $form_enctype; $attachment_data = false; if ($bbcode_status || $smilies_status || $this->config['qr_attach'] && $allowed) { $this->user->add_lang('posting'); } if ($this->config['qr_attach'] && $allowed) { $this->template->assign_vars(array('U_QR_ACTION' => append_sid("{$this->phpbb_root_path}posting.{$this->php_ext}", "mode=reply&f={$forum_id}&t={$topic_id}") . $form_enctype)); include_once $this->phpbb_root_path . 'includes/message_parser.' . $this->php_ext; $message_parser = new \parse_message(); $message_parser->set_plupload($this->plupload); $message_parser->set_mimetype_guesser($this->mimetype_guesser); $message_parser->get_submitted_attachment_data($this->user->data['user_id']); $attachment_data = $message_parser->attachment_data; $filename_data = $message_parser->filename_data; posting_gen_inline_attachments($attachment_data); $max_files = $this->auth->acl_get('a_') || $this->auth->acl_get('m_', $forum_id) ? 0 : (int) $this->config['max_attachments']; $topic_id = $topic_data['topic_id']; $s_action = append_sid("{$this->phpbb_root_path}posting.{$this->php_ext}", "mode=reply&f={$forum_id}&t={$topic_id}"); $this->plupload->configure($this->cache, $this->template, $s_action, $forum_id, $max_files); posting_gen_attachment_entry($attachment_data, $filename_data, $allowed); } $this->template->append_var('QR_HIDDEN_FIELDS', build_hidden_fields(array('qr' => 1, 'qr_cur_post_id' => (int) max($post_list)))); if ($this->phpbb_extension_manager->is_enabled('rxu/PostsMerging') && $this->user->data['is_registered'] && $this->config['merge_interval']) { // Always show the checkbox if PostsMerging extension is installed. $this->user->add_lang_ext('rxu/PostsMerging', 'posts_merging'); $this->template->assign_var('POSTS_MERGING_OPTION', true); } $this->template->assign_vars(array('S_QR_COLOUR_NICKNAME' => $this->config['qr_color_nickname'], 'S_QR_NOT_CHANGE_SUBJECT' => $this->auth->acl_get('f_qr_change_subject', $forum_id) ? false : true, 'S_QR_COMMA_ENABLE' => $this->config['qr_comma'], 'S_QR_QUICKNICK_ENABLE' => $this->config['qr_quicknick'], 'S_QR_QUICKNICK_REF' => $this->config['qr_quicknick_ref'], 'S_QR_QUICKNICK_PM' => $this->config['qr_quicknick_pm'], 'S_QR_QUICKQUOTE_ENABLE' => $this->config['qr_quickquote'], 'S_QR_QUICKQUOTE_LINK' => $this->config['qr_quickquote_link'], 'S_QR_FULL_QUOTE' => $this->config['qr_full_quote'], 'S_QR_CE_ENABLE' => $this->config['qr_ctrlenter'], 'QR_SOURCE_POST' => $this->config['qr_source_post'], 'S_DISPLAY_USERNAME' => !$this->user->data['is_registered'], 'S_BBCODE_ALLOWED' => $bbcode_status ? 1 : 0, 'S_SMILIES_ALLOWED' => $smilies_status, 'S_BBCODE_IMG' => $img_status, 'S_LINKS_ALLOWED' => $url_status, 'S_BBCODE_FLASH' => $flash_status, 'S_BBCODE_QUOTE' => $quote_status, 'MESSAGE' => $this->request->variable('message', '', true), 'READ_POST_IMG' => $this->user->img('icon_post_target', 'POST'), 'S_QR_CAPS_ENABLE' => $this->config['qr_capslock_transfer'], 'S_QR_SHOW_BUTTON_TRANSLIT' => $this->config['qr_show_button_translit'], 'L_FULL_EDITOR' => $this->config['qr_ajax_submit'] ? $this->user->lang['PREVIEW'] : $this->user->lang['FULL_EDITOR'], 'S_QR_AJAX_SUBMIT' => $this->config['qr_ajax_submit'], 'S_QR_AJAX_PAGINATION' => $this->config['qr_ajax_pagination'] && $this->user->data['ajax_pagination'], 'S_QR_ENABLE_SCROLL' => $this->user->data['qr_enable_scroll'], 'S_QR_SCROLL_INTERVAL' => $this->config['qr_scroll_time'], 'S_QR_SOFT_SCROLL' => $this->config['qr_scroll_time'] && $this->user->data['qr_soft_scroll'], 'S_QR_ALLOWED_GUEST' => $this->config['qr_allow_for_guests'] && $this->user->data['user_id'] == ANONYMOUS, 'S_ABBC3_INSTALLED' => $this->phpbb_extension_manager->is_enabled('vse/abbc3'), 'S_QR_SHOW_ATTACH_BOX' => $this->config['qr_attach'] && $allowed, 'S_ATTACH_DATA' => $attachment_data ? json_encode($attachment_data) : '[]')); $add_re = $this->config['qr_enable_re'] ? 'Re: ' : ''; $this->template->assign_var('SUBJECT', $this->request->variable('subject', $add_re . censor_text($topic_data['topic_title']), true)); } $this->template->assign_vars(array('QR_HIDE_POSTS_SUBJECT' => $this->config['qr_show_subjects'] ? false : true)); }
protected function setUp() { global $phpbb_root_path, $phpEx; $this->request = $this->getMock('\\phpbb\\request\\request'); $this->request->expects($this->any())->method('file')->willReturn(array()); $this->filesystem = new \phpbb\filesystem\filesystem(); $this->language = new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)); $this->php_ini = new \bantu\IniGetWrapper\IniGetWrapper(); $this->container = new phpbb_mock_container_builder($phpbb_root_path, $phpEx); $this->container->set('files.filespec', new \phpbb\files\filespec($this->filesystem, $this->language, $this->php_ini, new \FastImageSize\FastImageSize(), $phpbb_root_path, new \phpbb\mimetype\guesser(array('mimetype.extension_guesser' => new \phpbb\mimetype\extension_guesser())))); $this->factory = new \phpbb\files\factory($this->container); $this->plupload = $this->getMockBuilder('\\phpbb\\plupload\\plupload')->disableOriginalConstructor()->getMock(); $this->plupload->expects($this->any())->method('handle_upload')->willReturn(array()); $this->path = __DIR__ . '/fixture/'; $this->phpbb_root_path = $phpbb_root_path; }
/** * @dataProvider data_upload_form */ public function test_upload_form($upload, $expected, $plupload = array()) { $this->request = $this->getMock('\\phpbb\\request\\request'); $this->request->expects($this->any())->method('file')->willReturn($upload); $filespec = new \phpbb\files\filespec($this->filesystem, $this->language, $this->php_ini, new \FastImageSize\FastImageSize(), $this->phpbb_root_path, new \phpbb\mimetype\guesser(array('mimetype.extension_guesser' => new \phpbb\mimetype\extension_guesser()))); $this->container->set('files.filespec', $filespec); $this->factory = new \phpbb\files\factory($this->container); $this->plupload = $this->getMockBuilder('\\phpbb\\plupload\\plupload')->disableOriginalConstructor()->getMock(); $this->plupload->expects($this->any())->method('handle_upload')->willReturn($plupload); $type_form = new \phpbb\files\types\form($this->factory, $this->language, $this->php_ini, $this->plupload, $this->request); $upload = new \phpbb\files\upload($this->filesystem, $this->factory, $this->language, $this->php_ini, $this->request, $this->phpbb_root_path); $upload->set_allowed_extensions(array('png')); $type_form->set_upload($upload); $file = $type_form->upload('foobar'); $this->assertSame($expected, $file->error); $this->assertInstanceOf('\\phpbb\\files\\filespec', $file); }
/** * Form upload method * Upload file from users harddisk * * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified) * * @return filespec $file Object "filespec" is returned, all further operations can be done with this object * @access public */ protected function form_upload($form_name) { $upload = $this->request->file($form_name); unset($upload['local_mode']); $result = $this->plupload->handle_upload($form_name); if (is_array($result)) { $upload = array_merge($upload, $result); } /** @var filespec $file */ $file = $this->factory->get('filespec')->set_upload_ary($upload)->set_upload_namespace($this->upload); if ($file->init_error()) { $file->error[] = ''; return $file; } // Error array filled? if (isset($upload['error'])) { $error = $this->upload->assign_internal_error($upload['error']); if ($error !== false) { $file->error[] = $error; return $file; } } // Check if empty file got uploaded (not catched by is_uploaded_file) if (isset($upload['size']) && $upload['size'] == 0) { $file->error[] = $this->language->lang($this->upload->error_prefix . 'EMPTY_FILEUPLOAD'); return $file; } // PHP Upload file size check $file = $this->check_upload_size($file); if (sizeof($file->error)) { return $file; } // Not correctly uploaded if (!$file->is_uploaded()) { $file->error[] = $this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED'); return $file; } $this->upload->common_checks($file); return $file; }
/** * Parse and display attachments * * @param int $forum_id Forum ID * @param int $topic_id Topic ID * @param bool $show_attach_box Whether we need to display the attachment box */ public function handle_attachments($forum_id, $topic_id, $show_attach_box) { if (!class_exists('parse_message')) { include $this->phpbb_root_path . 'includes/message_parser.' . $this->php_ext; } $message_parser = new \parse_message(); $message_parser->set_plupload($this->plupload); $message_parser->set_mimetype_guesser($this->mimetype_guesser); $message_parser->get_submitted_attachment_data($this->user->data['user_id']); $attachment_data = $message_parser->attachment_data; $filename_data = $message_parser->filename_data; posting_gen_inline_attachments($attachment_data); $max_files = $this->auth->acl_get('a_') || $this->auth->acl_get('m_', $forum_id) ? 0 : (int) $this->config['max_attachments']; $s_action = append_sid("{$this->phpbb_root_path}posting.{$this->php_ext}", "mode=reply&f={$forum_id}&t={$topic_id}"); $this->plupload->configure($this->cache, $this->template, $s_action, $forum_id, $max_files); posting_gen_attachment_entry($attachment_data, $filename_data, $show_attach_box); $this->template->assign_vars(array('S_QR_SHOW_ATTACH_BOX' => $this->config['qr_attach'] && $show_attach_box, 'S_ATTACH_DATA' => $attachment_data ? json_encode($attachment_data) : '[]')); }
/** * Upload Attachment - filedata is generated here * Uses upload class * * @param string $form_name The form name of the file upload input * @param int $forum_id The id of the forum * @param bool $local Whether the file is local or not * @param string $local_storage The path to the local file * @param bool $is_message Whether it is a PM or not * @param \filespec $local_filedata A filespec object created for the local file * @param \phpbb\mimetype\guesser $mimetype_guesser The mimetype guesser object if used * @param \phpbb\plupload\plupload $plupload The plupload object if one is being used * * @return object filespec */ function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null) { global $auth, $user, $config, $db, $cache; global $phpbb_root_path, $phpEx, $phpbb_dispatcher, $phpbb_container; $filedata = array('error' => array()); $upload = $phpbb_container->get('files.upload'); if ($config['check_attachment_content'] && isset($config['mime_triggers'])) { $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); } else { if (!$config['check_attachment_content']) { $upload->set_disallowed_content(array()); } } $filedata['post_attach'] = $local || $upload->is_valid($form_name); if (!$filedata['post_attach']) { $filedata['error'][] = $user->lang['NO_UPLOAD_FORM_FOUND']; return $filedata; } $extensions = $cache->obtain_attach_extensions($is_message ? false : (int) $forum_id); $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); /** @var \phpbb\files\filespec $file */ $file = $local ? $upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $upload->handle_upload('files.types.form', $form_name); if ($file->init_error()) { $filedata['post_attach'] = false; return $filedata; } // Whether the uploaded file is in the image category $is_image = isset($extensions[$file->get('extension')]['display_cat']) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id)) { // Check Image Size, if it is an image if ($is_image) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } // Admins and mods are allowed to exceed the allowed filesize if (!empty($extensions[$file->get('extension')]['max_filesize'])) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize']; } else { $allowed_filesize = $is_message ? $config['max_filesize_pm'] : $config['max_filesize']; } $file->upload->set_max_filesize($allowed_filesize); } $file->clean_filename('unique', $user->data['user_id'] . '_'); // Are we uploading an image *and* this image being within the image category? // Only then perform additional image checks. $file->move_file($config['upload_path'], false, !$is_image); // Do we have to create a thumbnail? $filedata['thumbnail'] = $is_image && $config['img_create_thumbnail'] ? 1 : 0; if (sizeof($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } // Make sure the image category only holds valid images... if ($is_image && !$file->is_image()) { $file->remove(); if ($plupload && $plupload->is_active()) { $plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE'); } // If this error occurs a user tried to exploit an IE Bug by renaming extensions // Since the image category is displaying content inline we need to catch this. trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']); } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); /** * Event to modify uploaded file before submit to the post * * @event core.modify_uploaded_file * @var array filedata Array containing uploaded file data * @var bool is_image Flag indicating if the file is an image * @since 3.1.0-RC3 */ $vars = array('filedata', 'is_image'); extract($phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars))); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path'])) { if ($free_space <= $file->get('filesize')) { if ($auth->acl_get('a_')) { $filedata['error'][] = $user->lang['ATTACH_DISK_FULL']; } else { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; } $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($filedata['thumbnail']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } return $filedata; }
/** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { global $config, $auth, $user, $phpbb_root_path, $phpEx, $db, $request; global $phpbb_container; $error = array(); $num_attachments = sizeof($this->attachment_data); $this->filename_data['filecomment'] = $request->variable('filecomment', '', true); $upload = $request->file($form_name); $upload_file = !empty($upload) && $upload['name'] !== 'none' && trim($upload['name']); $add_file = isset($_POST['add_file']) ? true : false; $delete_file = isset($_POST['delete_file']) ? true : false; // First of all adjust comments if changed $actual_comment_list = $request->variable('comment_list', array(''), true); foreach ($actual_comment_list as $comment_key => $comment) { if (!isset($this->attachment_data[$comment_key])) { continue; } if ($this->attachment_data[$comment_key]['attach_comment'] != $actual_comment_list[$comment_key]) { $this->attachment_data[$comment_key]['attach_comment'] = $actual_comment_list[$comment_key]; } } $cfg = array(); $cfg['max_attachments'] = $is_message ? $config['max_attachments_pm'] : $config['max_attachments']; $forum_id = $is_message ? 0 : $forum_id; if ($submit && in_array($mode, array('post', 'reply', 'quote', 'edit')) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) { /** @var \phpbb\attachment\manager $attachment_manager */ $attachment_manager = $phpbb_container->get('attachment.manager'); $filedata = $attachment_manager->upload($form_name, $forum_id, false, '', $is_message); $error = $filedata['error']; if ($filedata['post_attach'] && !sizeof($error)) { $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']); $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'filesize' => $filedata['filesize']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace_callback('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#', function ($match) { return '[attachment=' . ($match[1] + 1) . ']' . $match[2] . '[/attachment]'; }, $this->message); $this->filename_data['filecomment'] = ''; // This Variable is set to false here, because Attachments are entered into the // Database in two modes, one if the id_list is 0 and the second one if post_attach is true // Since post_attach is automatically switched to true if an Attachment got added to the filesystem, // but we are assigning an id of 0 here, we have to reset the post_attach variable to false. // // This is very relevant, because it could happen that the post got not submitted, but we do not // know this circumstance here. We could be at the posting page or we could be redirected to the entered // post. :) $filedata['post_attach'] = false; } } else { $error[] = $user->lang('TOO_MANY_ATTACHMENTS', (int) $cfg['max_attachments']); } } if ($preview || $refresh || sizeof($error)) { if (isset($this->plupload) && $this->plupload->is_active()) { $json_response = new \phpbb\json_response(); } // Perform actions on temporary attachments if ($delete_file) { include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx; $index = array_keys($request->variable('delete_file', array(0 => 0))); $index = !empty($index) ? $index[0] : false; if ($index !== false && !empty($this->attachment_data[$index])) { /** @var \phpbb\attachment\manager $attachment_manager */ $attachment_manager = $phpbb_container->get('attachment.manager'); // delete selected attachment if ($this->attachment_data[$index]['is_orphan']) { $sql = 'SELECT attach_id, physical_filename, thumbnail FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id'] . ' AND is_orphan = 1 AND poster_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { $attachment_manager->unlink($row['physical_filename'], 'file'); if ($row['thumbnail']) { $attachment_manager->unlink($row['physical_filename'], 'thumbnail'); } $db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id']); } } else { $attachment_manager->delete('attach', $this->attachment_data[$index]['attach_id']); } unset($this->attachment_data[$index]); $this->message = preg_replace_callback('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#', function ($match) use($index) { return $match[1] == $index ? '' : ($match[1] > $index ? '[attachment=' . ($match[1] - 1) . ']' . $match[2] . '[/attachment]' : $match[0]); }, $this->message); // Reindex Array $this->attachment_data = array_values($this->attachment_data); if (isset($this->plupload) && $this->plupload->is_active()) { $json_response->send($this->attachment_data); } } } else { if (($add_file || $preview) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_gets('m_', 'a_', $forum_id)) { /** @var \phpbb\attachment\manager $attachment_manager */ $attachment_manager = $phpbb_container->get('attachment.manager'); $filedata = $attachment_manager->upload($form_name, $forum_id, false, '', $is_message); $error = array_merge($error, $filedata['error']); if (!sizeof($error)) { $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']); $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'filesize' => $filedata['filesize']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace_callback('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#', function ($match) { return '[attachment=' . ($match[1] + 1) . ']' . $match[2] . '[/attachment]'; }, $this->message); $this->filename_data['filecomment'] = ''; if (isset($this->plupload) && $this->plupload->is_active()) { $download_url = append_sid("{$phpbb_root_path}download/file.{$phpEx}", 'mode=view&id=' . $new_entry['attach_id']); // Send the client the attachment data to maintain state $json_response->send(array('data' => $this->attachment_data, 'download_url' => $download_url)); } } } else { $error[] = $user->lang('TOO_MANY_ATTACHMENTS', (int) $cfg['max_attachments']); } if (!empty($error) && isset($this->plupload) && $this->plupload->is_active()) { // If this is a plupload (and thus ajax) request, give the // client the first error we have $json_response->send(array('jsonrpc' => '2.0', 'id' => 'id', 'error' => array('code' => 105, 'message' => current($error)))); } } } } foreach ($error as $error_msg) { $this->warn_msg[] = $error_msg; } }
/** * Form upload method * Upload file from users harddisk * * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified) * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser * @param \phpbb\plupload\plupload $plupload The plupload object * * @return object $file Object "filespec" is returned, all further operations can be done with this object * @access public */ function form_upload($form_name, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null) { global $user, $request; $upload = $request->file($form_name); unset($upload['local_mode']); if ($plupload) { $result = $plupload->handle_upload($form_name); if (is_array($result)) { $upload = array_merge($upload, $result); } } $file = new filespec($upload, $this, $mimetype_guesser, $plupload); if ($file->init_error) { $file->error[] = ''; return $file; } // Error array filled? if (isset($upload['error'])) { $error = $this->assign_internal_error($upload['error']); if ($error !== false) { $file->error[] = $error; return $file; } } // Check if empty file got uploaded (not catched by is_uploaded_file) if (isset($upload['size']) && $upload['size'] == 0) { $file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD']; return $file; } // PHP Upload filesize exceeded if ($file->get('filename') == 'none') { $max_filesize = @ini_get('upload_max_filesize'); $unit = 'MB'; if (!empty($max_filesize)) { $unit = strtolower(substr($max_filesize, -1, 1)); $max_filesize = (int) $max_filesize; $unit = $unit == 'k' ? 'KB' : ($unit == 'g' ? 'GB' : 'MB'); } $file->error[] = empty($max_filesize) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); return $file; } // Not correctly uploaded if (!$file->is_uploaded()) { $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; return $file; } $this->common_checks($file); return $file; }