public function main($id, $mode) { global $config, $user, $template, $request, $phpbb_container, $phpbb_root_path, $phpEx; $user->add_lang_ext('tas2580/mobilenotifier', 'common'); $wa = $phpbb_container->get('tas2580.mobilenotifier.src.helper'); $this->tpl_name = 'acp_mobilenotifier_body'; $this->page_title = $user->lang('ACP_MOBILENOTIFIER_TITLE'); add_form_key('acp_mobilenotifier'); // Form is submitted if ($request->is_set_post('submit')) { if (!check_form_key('acp_mobilenotifier')) { trigger_error($user->lang('FORM_INVALID') . adm_back_link($this->u_action), E_USER_WARNING); } $config->set('whatsapp_sender', $request->variable('sender', '')); $config->set('whatsapp_password', $request->variable('password', '')); $config->set('whatsapp_status', $request->variable('status', '')); $config->set('whatsapp_default_cc', $request->variable('default_cc', '')); $wa->update_status($config['whatsapp_status']); if ($request->file('image')) { include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new \fileupload(); $upload->set_allowed_extensions(array('jpg', 'png', 'gif')); $file = $upload->form_upload('image'); if ($file->filename) { $wa->update_picture($file->filename); } } trigger_error($user->lang('ACP_SAVED') . adm_back_link($this->u_action)); } $template->assign_vars(array('WA_VERSION' => WA_VER, 'U_ACTION' => $this->u_action, 'SENDER' => isset($config['whatsapp_sender']) ? $config['whatsapp_sender'] : '', 'PASSWORD' => isset($config['whatsapp_password']) ? $config['whatsapp_password'] : '', 'STATUS' => isset($config['whatsapp_status']) ? $config['whatsapp_status'] : '', 'CC_SELECT' => $wa->cc_select(isset($config['whatsapp_default_cc']) ? $config['whatsapp_default_cc'] : ''))); }
/** * {@inheritdoc} */ public function process_form($request, $template, $user, $row, &$error) { if (!$this->can_upload()) { return false; } if (!class_exists('fileupload')) { include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; } $upload = new \fileupload($this->filesystem, 'AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false); $url = $request->variable('avatar_upload_url', ''); $upload_file = $request->file('avatar_upload_file'); if (!empty($upload_file['name'])) { $file = $upload->form_upload('avatar_upload_file', $this->mimetype_guesser); } else { if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) { if (!preg_match('#^(http|https|ftp)://#i', $url)) { $url = 'http://' . $url; } if (!function_exists('validate_data')) { require $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext; } $validate_array = validate_data(array('url' => $url), array('url' => array('string', true, 5, 255))); $error = array_merge($error, $validate_array); if (!empty($error)) { return false; } $file = $upload->remote_upload($url, $this->mimetype_guesser); } else { return false; } } $prefix = $this->config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $row['id']); $destination = $this->config['avatar_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) { $destination = ''; } // Move file and overwrite any existing image $file->move_file($destination, true); if (sizeof($file->error)) { $file->remove(); $error = array_merge($error, $file->error); return false; } // Delete current avatar if not overwritten $ext = substr(strrchr($row['avatar'], '.'), 1); if ($ext && $ext !== $file->get('extension')) { $this->delete($row); } return array('avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), 'avatar_width' => $file->get('width'), 'avatar_height' => $file->get('height')); }
public function avatar_upload_resize($row) { if (!class_exists('fileupload')) { include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; } $upload = new \fileupload('AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_upload_max_width'], $this->config['avatar_upload_max_height'], isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false); $file = $upload->form_upload('avatar_upload_file', $this->mimetype_guesser); $prefix = $this->config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $row['id']); // If there was an error during upload, then abort operation if (sizeof($file->error)) { $file->remove(); $error = $file->error; return false; } // Calculate new destination $destination = $this->config['avatar_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) { $destination = ''; } $destination_file = $this->phpbb_root_path . $destination . '/' . $prefix . $row['id'] . '.' . $file->get('extension'); $file->move_file($destination, true); if (sizeof($file->error)) { $file->remove(); trigger_error(implode('<br />', $file->error)); } // Delete current avatar if not overwritten $ext = substr(strrchr($row['avatar'], '.'), 1); if ($ext && $ext !== $file->get('extension')) { $this->delete($row); } if ($file->width > $this->max_size || $file->height > $this->max_size) { $avatar_info = $this->resize(array('w' => $file->width, 'h' => $file->height, 'ext' => $file->extension), $destination, $destination_file); /** New file width & height */ $file->width = $avatar_info['avatar_width']; $file->height = $avatar_info['avatar_height']; } if ($file->width > $this->config['avatar_max_width'] || $file->height > $this->config['avatar_max_height']) { $destination_edit_file = $this->phpbb_root_path . $this->d_edit . '/' . $row['id'] . '.' . $file->get('extension'); rename($destination_file, $destination_edit_file); phpbb_chmod($destination_edit_file, CHMOD_READ); chmod($destination_edit_file, 0666); redirect($this->helper->route("bb3mobi_AvatarUpload_crop", array('avatar_id' => $row['id'], 'ext' => $file->extension)), false, true); } return array('avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), 'avatar_width' => $file->width, 'avatar_height' => $file->height); }
public function main($id, $mode) { global $config, $user, $template, $request, $phpbb_container, $phpbb_root_path, $phpEx; $user->add_lang_ext('tas2580/mobilenotifier', 'common'); $wa = $phpbb_container->get('tas2580.mobilenotifier.src.helper'); switch ($mode) { case 'settings': $this->tpl_name = 'acp_mobilenotifier_settings'; $this->page_title = $user->lang('ACP_MOBILENOTIFIER_SETTINGS'); $data_foler = $phpbb_root_path . 'ext/tas2580/mobilenotifier/vendor/Chat-API/wadata'; add_form_key('acp_mobilenotifier'); // Form is submitted if ($request->is_set_post('submit')) { if (!check_form_key('acp_mobilenotifier')) { trigger_error($user->lang('FORM_INVALID') . adm_back_link($this->u_action), E_USER_WARNING); } $sender = $request->variable('sender', ''); $password = $request->variable('password', ''); $status = $request->variable('status', ''); if (!empty($sender) && !empty($password)) { if ($status != $config['whatsapp_status']) { $wa->update_status($status); } if ($request->file('image')) { include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new \fileupload(); $upload->set_allowed_extensions(array('jpg', 'png', 'gif')); $file = $upload->form_upload('image'); if ($file->filename) { $wa->update_picture($file->filename); } } } $config->set('whatsapp_sender', $sender); $config->set('whatsapp_password', $password); $config->set('whatsapp_status', $status); $config->set('whatsapp_default_cc', $request->variable('default_cc', '')); trigger_error($user->lang('ACP_SAVED') . adm_back_link($this->u_action)); } $template->assign_vars(array('DATA_WRITABLE' => is_writable($data_foler), 'DATA_FOLDER_NOT_WRITABLE' => $user->lang('DATA_FOLDER_NOT_WRITABLE', $data_foler), 'WA_VERSION' => \Constants::WHATSAPP_VER, 'U_ACTION' => $this->u_action, 'SENDER' => isset($config['whatsapp_sender']) ? $config['whatsapp_sender'] : '', 'PASSWORD' => isset($config['whatsapp_password']) ? $config['whatsapp_password'] : '', 'STATUS' => isset($config['whatsapp_status']) ? $config['whatsapp_status'] : '', 'CC_SELECT' => $wa->cc_select(isset($config['whatsapp_default_cc']) ? $config['whatsapp_default_cc'] : ''))); break; case 'debug': $this->tpl_name = 'acp_mobilenotifier_debug'; $this->page_title = $user->lang('ACP_MOBILENOTIFIER_DEBUG'); if ($request->is_set_post('get_code')) { $method = $request->variable('method', 'sms'); $response = $wa->register('', $method); trigger_error($user->lang('CODE_REQUEST_SEND', $method) . adm_back_link($this->u_action)); } if ($request->is_set_post('get_pw')) { $code = $request->variable('code', ''); $response = $wa->register($code); $config->set('whatsapp_password', $response); trigger_error($user->lang('PASSWORD_REQUEST_SEND') . adm_back_link($this->u_action)); } if ($request->is_set_post('test')) { $nr = $request->variable('nr', ''); $response = $wa->send_test($nr, $user->lang('TEST_MESSAGE', generate_board_url())); trigger_error($user->lang('TEST_MESSAGE_SEND', $nr) . adm_back_link($this->u_action)); } $template->assign_vars(array('REQUEST_CODE_FOR' => $user->lang('REQUEST_CODE_FOR', $config['whatsapp_sender']), 'S_EMPTY_SENDER' => empty($config['whatsapp_sender']))); break; } }
/** * {@inheritdoc} */ public function process_form($request, $template, $user, $row, &$error) { if (!$this->can_upload()) { return false; } if (!class_exists('fileupload')) { include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; } $upload = new \fileupload('AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false); $url = $request->variable('avatar_upload_url', ''); $upload_file = $request->file('avatar_upload_file'); if (!empty($upload_file['name'])) { $file = $upload->form_upload('avatar_upload_file', $this->mimetype_guesser); } else { if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) { if (!preg_match('#^(http|https|ftp)://#i', $url)) { $url = 'http://' . $url; } if (!function_exists('validate_data')) { require $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext; } $validate_array = validate_data(array('url' => $url), array('url' => array('string', true, 5, 255))); $error = array_merge($error, $validate_array); if (!empty($error)) { return false; } $file = $upload->remote_upload($url, $this->mimetype_guesser); } else { return false; } } $prefix = $this->config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $row['id']); // If there was an error during upload, then abort operation if (sizeof($file->error)) { $file->remove(); $error = $file->error; return false; } // Calculate new destination $destination = $this->config['avatar_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) { $destination = ''; } /** * Before moving new file in place (and eventually overwriting the existing avatar with the newly uploaded avatar) * * @event core.avatar_driver_upload_move_file_before * @var string destination Destination directory where the file is going to be moved * @var string prefix Prefix for the avatar filename * @var array row Array with avatar row data * @var array error Array of errors, if filled in by this event file will not be moved * @since 3.1.6-RC1 */ $vars = array('destination', 'prefix', 'row', 'error'); extract($this->dispatcher->trigger_event('core.avatar_driver_upload_move_file_before', compact($vars))); if (!sizeof($error)) { // Move file and overwrite any existing image $file->move_file($destination, true); } // If there was an error during move, then clean up leftovers $error = array_merge($error, $file->error); if (sizeof($error)) { $file->remove(); return false; } // Delete current avatar if not overwritten $ext = substr(strrchr($row['avatar'], '.'), 1); if ($ext && $ext !== $file->get('extension')) { $this->delete($row); } return array('avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), 'avatar_width' => $file->get('width'), 'avatar_height' => $file->get('height')); }
/** * Upload Attachment - filedata is generated here * Uses upload class * * @param string $form_name The form name of the file upload input * @param int $forum_id The id of the forum * @param bool $local Whether the file is local or not * @param string $local_storage The path to the local file * @param bool $is_message Whether it is a PM or not * @param \filespec $local_filedata A filespec object created for the local file * @param \phpbb\mimetype\guesser $mimetype_guesser The mimetype guesser object if used * @param \phpbb\plupload\plupload $plupload The plupload object if one is being used * * @return object filespec */ function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null) { global $auth, $user, $config, $db, $cache; global $phpbb_root_path, $phpEx, $phpbb_dispatcher; $filedata = array('error' => array()); include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload(); if ($config['check_attachment_content'] && isset($config['mime_triggers'])) { $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); } else { if (!$config['check_attachment_content']) { $upload->set_disallowed_content(array()); } } $filedata['post_attach'] = $local || $upload->is_valid($form_name); if (!$filedata['post_attach']) { $filedata['error'][] = $user->lang['NO_UPLOAD_FORM_FOUND']; return $filedata; } $extensions = $cache->obtain_attach_extensions($is_message ? false : (int) $forum_id); $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); $file = $local ? $upload->local_upload($local_storage, $local_filedata, $mimetype_guesser) : $upload->form_upload($form_name, $mimetype_guesser, $plupload); if ($file->init_error) { $filedata['post_attach'] = false; return $filedata; } // Whether the uploaded file is in the image category $is_image = isset($extensions[$file->get('extension')]['display_cat']) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id)) { // Check Image Size, if it is an image if ($is_image) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } // Admins and mods are allowed to exceed the allowed filesize if (!empty($extensions[$file->get('extension')]['max_filesize'])) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize']; } else { $allowed_filesize = $is_message ? $config['max_filesize_pm'] : $config['max_filesize']; } $file->upload->set_max_filesize($allowed_filesize); } $file->clean_filename('unique', $user->data['user_id'] . '_'); // Are we uploading an image *and* this image being within the image category? // Only then perform additional image checks. $file->move_file($config['upload_path'], false, !$is_image); // Do we have to create a thumbnail? $filedata['thumbnail'] = $is_image && $config['img_create_thumbnail'] ? 1 : 0; if (sizeof($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } // Make sure the image category only holds valid images... if ($is_image && !$file->is_image()) { $file->remove(); if ($plupload && $plupload->is_active()) { $plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE'); } // If this error occurs a user tried to exploit an IE Bug by renaming extensions // Since the image category is displaying content inline we need to catch this. trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']); } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); /** * Event to modify uploaded file before submit to the post * * @event core.modify_uploaded_file * @var array filedata Array containing uploaded file data * @var bool is_image Flag indicating if the file is an image * @since 3.1.0-RC3 */ $vars = array('filedata', 'is_image'); extract($phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars))); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path'])) { if ($free_space <= $file->get('filesize')) { if ($auth->acl_get('a_')) { $filedata['error'][] = $user->lang['ATTACH_DISK_FULL']; } else { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; } $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($filedata['thumbnail']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } return $filedata; }
/** * Original copyright information for the function from AutoMOD. * The function was almost totally changed by the authors of Upload Extensions. * @package automod * @copyright (c) 2008 phpBB Group * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License * * @param string $action Requested action. * @return \filespec|bool */ public function proceed_upload($action) { global $phpbb_root_path, $phpEx, $user, $request; //$can_upload = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !@extension_loaded('zlib')) ? false : true; $user->add_lang('posting'); // For error messages if (!class_exists('\\fileupload')) { include $phpbb_root_path . 'includes/functions_upload.' . $phpEx; } $upload = new \fileupload(); $upload->set_allowed_extensions(array('zip')); // Only allow ZIP files // Make sure the ext/ directory exists and if it doesn't, create it if (!is_dir($phpbb_root_path . 'ext')) { if (!files::catch_errors(files::recursive_mkdir($phpbb_root_path . 'ext'))) { return false; } } if (!is_writable($phpbb_root_path . 'ext')) { files::catch_errors($user->lang['EXT_NOT_WRITABLE']); return false; } if (!is_dir(objects::$zip_dir)) { if (!files::catch_errors(files::recursive_mkdir(objects::$zip_dir))) { return false; } } if (!is_writable($phpbb_root_path . 'ext/' . objects::$upload_ext_name . '/tmp')) { if (!phpbb_chmod($phpbb_root_path . 'ext/' . objects::$upload_ext_name . '/tmp', CHMOD_READ | CHMOD_WRITE)) { files::catch_errors($user->lang['EXT_TMP_NOT_WRITABLE']); return false; } } $file = false; // Proceed with the upload if ($action == 'upload') { if (!$request->is_set("extupload", \phpbb\request\request_interface::FILES)) { files::catch_errors($user->lang['NO_UPLOAD_FILE']); return false; } $file = $upload->form_upload('extupload'); } else { if ($action == 'upload_remote') { $php_ini = new \phpbb\php\ini(); if (!$php_ini->get_bool('allow_url_fopen')) { files::catch_errors($user->lang['EXT_ALLOW_URL_FOPEN_DISABLED']); return false; } $remote_url = $request->variable('remote_upload', ''); if (!extension_loaded('openssl') && 'https' === substr($remote_url, 0, 5)) { files::catch_errors($user->lang['EXT_OPENSSL_DISABLED']); return false; } $file = files::remote_upload($upload, $user, $remote_url); } } return $file; }
if (phpbb_gallery_config::get('allow_png')) { $allowed_extensions[] = 'png'; } if (!class_exists('fileupload')) { phpbb_gallery_url::_include('functions_upload', 'phpbb'); } $fileupload = new fileupload(); $fileupload->fileupload('', $allowed_extensions, 4 * phpbb_gallery_config::get('max_filesize')); $upload_image_files = phpbb_gallery::$auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id']) ? phpbb_gallery_config::get('num_uploads') : min(phpbb_gallery::$auth->acl_check('i_count', $album_id, $album_data['album_user_id']) - $own_images, phpbb_gallery_config::get('num_uploads')); // Get File Upload Info $image_id_ary = array(); $loop = request_var('image_num', 0); $rotate = request_var('rotate', array(0)); $loop = $loop != 0 ? $loop - 1 : $loop; for ($i = 0; $i < $upload_image_files; $i++) { $image_file = $fileupload->form_upload('image_file_' . $i); if (!$image_file->uploadname) { continue; } $image_file->clean_filename('unique_ext'); $image_file->move_file(substr(phpbb_gallery_url::path('upload_noroot'), 0, -1), false, false, CHMOD_ALL); if (sizeof($image_file->error) && $image_file->uploadname) { $image_file->remove(); trigger_error(implode('<br />', $image_file->error)); } @chmod($image_file->destination_file, 0777); $image_data = array(); if (1 == 1) { $loop = $loop + 1; $images = $images + 1; switch ($image_file->mimetype) {
/** * Upload Attachment - filedata is generated here * Uses upload class */ function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false) { global $auth, $user, $config, $db, $cache; global $phpbb_root_path, $phpEx; $filedata = array('error' => array()); include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload(); if ($config['check_attachment_content'] && isset($config['mime_triggers'])) { $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); } if (!$local) { $filedata['post_attach'] = $upload->is_valid($form_name) ? true : false; } else { $filedata['post_attach'] = true; } if (!$filedata['post_attach']) { $filedata['error'][] = $user->lang['NO_UPLOAD_FORM_FOUND']; return $filedata; } $extensions = $cache->obtain_attach_extensions($is_message ? false : (int) $forum_id); $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); $file = $local ? $upload->local_upload($local_storage, $local_filedata) : $upload->form_upload($form_name); if ($file->init_error) { $filedata['post_attach'] = false; return $filedata; } $cat_id = isset($extensions[$file->get('extension')]['display_cat']) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE; // Make sure the image category only holds valid images... if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image()) { $file->remove(); // If this error occurs a user tried to exploit an IE Bug by renaming extensions // Since the image category is displaying content inline we need to catch this. trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']); } // Do we have to create a thumbnail? $filedata['thumbnail'] = $cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail'] ? 1 : 0; // Check Image Size, if it is an image if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id) && $cat_id == ATTACHMENT_CATEGORY_IMAGE) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } // Admins and mods are allowed to exceed the allowed filesize if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id)) { if (!empty($extensions[$file->get('extension')]['max_filesize'])) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize']; } else { $allowed_filesize = $is_message ? $config['max_filesize_pm'] : $config['max_filesize']; } $file->upload->set_max_filesize($allowed_filesize); } $file->clean_filename('unique', $user->data['user_id'] . '_'); // Are we uploading an image *and* this image being within the image category? Only then perform additional image checks. $no_image = $cat_id == ATTACHMENT_CATEGORY_IMAGE ? false : true; $file->move_file($config['upload_path'], false, $no_image); if (sizeof($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path'])) { if ($free_space <= $file->get('filesize')) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($filedata['thumbnail']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } return $filedata; }
if (!utf8_clean_string($mod_data['mod_hu_title'])) { $error[] = 'NO_MOD_TITLE'; } if (!utf8_clean_string($mod_data['mod_desc'])) { $error[] = 'NO_MOD_DESC'; } // File upload $upload = new fileupload('', array('zip')); if ($upload->is_valid('mod_loc_pack')) { $file = $upload->form_upload('mod_loc_pack'); if (!empty($file->error)) { $error += $file->error; } } // if ($mode == 'add' && !preg_match('#^(?:http\://www\.phpbb\.com/mods/db/index\.php\?i\=misc&mode\=display&contrib_id\=)?([0-9]+)$#', $mod_data['mod_com_url'], $match)) { $error[] = 'NO_COM_URL_FORMAT'; } else { try
function upload_mod() { global $phpbb_root_path, $phpEx, $template, $user; if (!isset($_POST['submit'])) { return false; } if (check_form_key('acp_mods_upload') && isset($_FILES['modupload'])) { $user->add_lang('posting'); // For error messages include $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload(); // Only allow ZIP files $upload->set_allowed_extensions(array('zip')); // Let's make sure the mods directory exists and if it doesn't then create it if (!is_dir($this->mods_dir)) { mkdir($this->mods_dir, octdec($config['am_dir_perms'])); } $file = $upload->form_upload('modupload'); if (empty($file->filename)) { trigger_error($user->lang['NO_UPLOAD_FILE'] . adm_back_link($this->u_action), E_USER_WARNING); } else { if (!$file->init_error && !sizeof($file->error)) { $file->clean_filename('real'); $file->move_file(str_replace($phpbb_root_path, '', $this->mods_dir), true, true); if (!sizeof($file->error)) { include $phpbb_root_path . 'includes/functions_compress.' . $phpEx; $mod_dir = $this->mods_dir . '/' . str_replace('.zip', '', $file->get('realname')); $compress = new compress_zip('r', $file->destination_file); $compress->extract($mod_dir . '_tmp/'); $compress->close(); $folder_contents = scandir($mod_dir . '_tmp/', 1); // This ensures dir is at index 0 // We need to check if there's a main directory inside the temp MOD directory if (sizeof($folder_contents) == 3) { // We need to move that directory then $this->directory_move($mod_dir . '_tmp/' . $folder_contents[0], $this->mods_dir . '/' . $folder_contents[0]); } else { if (!is_dir($mod_dir)) { // Change the name of the directory by moving to directory without _tmp in it $this->directory_move($mod_dir . '_tmp/', $mod_dir); } } $this->directory_delete($mod_dir . '_tmp/'); if (!sizeof($file->error)) { $template->assign_vars(array('S_MOD_SUCCESSBOX' => true, 'MESSAGE' => $user->lang['MOD_UPLOAD_SUCCESS'], 'U_RETURN' => $this->u_action)); } } } $file->remove(); if ($file->init_error || sizeof($file->error)) { trigger_error((sizeof($file->error) ? implode('<br />', $file->error) : $user->lang['MOD_UPLOAD_INIT_FAIL']) . adm_back_link($this->u_action), E_USER_WARNING); } } } else { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } return true; }
/** * * @package automod * @copyright (c) 2008 phpBB Group * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License * */ function upload_ext($action) { global $phpbb_root_path, $phpEx, $phpbb_log, $phpbb_extension_manager, $template, $user, $request; //$can_upload = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !@extension_loaded('zlib')) ? false : true; $user->add_lang('posting'); // For error messages if (!class_exists('\\fileupload')) { include $phpbb_root_path . 'includes/functions_upload.' . $phpEx; } $upload = new \fileupload(); $upload->set_allowed_extensions(array('zip')); // Only allow ZIP files $upload_dir = $this->zip_dir; // Make sure the ext/ directory exists and if it doesn't, create it if (!is_dir($phpbb_root_path . 'ext')) { $this->recursive_mkdir($phpbb_root_path . 'ext'); } if (!is_writable($phpbb_root_path . 'ext')) { $this->trigger_error($user->lang['EXT_NOT_WRITABLE'], E_USER_WARNING); return false; } if (!is_dir($this->zip_dir)) { $this->recursive_mkdir($this->zip_dir); } // Proceed with the upload if ($action == 'upload') { $file = $upload->form_upload('extupload'); } else { if ($action == 'upload_remote') { $file = $this->remote_upload($upload, $request->variable('remote_upload', '')); } else { if ($action == 'upload_from_phpbb') { $file = $this->remote_upload($upload, $request->variable('valid_phpbb_ext', '')); } else { if ($action == 'upload_self') { $this->self_update = $request->variable('self_update', ''); if ($this->self_update !== false && preg_match($this->phpbb_link_template, $this->self_update)) { $file = $this->remote_upload($upload, $this->self_update); } else { $this->trigger_error($user->lang['EXT_UPLOAD_ERROR'], E_USER_WARNING); return false; } } } } } // What is a safe limit of execution time? Half the max execution time should be safe. $safe_time_limit = ini_get('max_execution_time') / 2; $start_time = time(); // We skip working with a zip file if we are enabling/restarting the extension. if ($action != 'force_update' && $action != 'upload_self_update') { if ($action != 'upload_local') { if (empty($file->filename)) { $this->trigger_error(sizeof($file->error) ? implode('<br />', $file->error) : $user->lang['NO_UPLOAD_FILE'], E_USER_WARNING); return false; } else { if ($file->init_error || sizeof($file->error)) { $file->remove(); $this->trigger_error(sizeof($file->error) ? implode('<br />', $file->error) : $user->lang['EXT_UPLOAD_INIT_FAIL'], E_USER_WARNING); return false; } } $file->clean_filename('real'); $file->move_file(str_replace($phpbb_root_path, '', $upload_dir), true, true); if (sizeof($file->error)) { $file->remove(); $this->trigger_error(implode('<br />', $file->error), E_USER_WARNING); return false; } $dest_file = $file->destination_file; } else { $dest_file = $upload_dir . '/' . $request->variable('local_upload', ''); } if (!class_exists('\\compress_zip')) { include $phpbb_root_path . 'includes/functions_compress.' . $phpEx; } // We need to use the user ID and the time to escape from problems with simultaneous uploads. // We suppose that one user can upload only one extension per session. $ext_tmp = 'tmp/' . (int) $user->data['user_id']; // Ensure that we don't have any previous files in the working directory. if (is_dir($phpbb_root_path . 'ext/' . $ext_tmp)) { if (!$this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp)) { if ($action != 'upload_local') { $file->remove(); } return false; } } $zip = new \compress_zip('r', $dest_file); $zip->extract($phpbb_root_path . 'ext/' . $ext_tmp . '/'); $zip->close(); $composery = $this->getComposer($phpbb_root_path . 'ext/' . $ext_tmp); if (!$composery) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $file->remove(); $this->trigger_error($user->lang['ACP_UPLOAD_EXT_ERROR_COMP'], E_USER_WARNING); return false; } $string = @file_get_contents($composery); if ($string === false) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $file->remove(); $this->trigger_error($user->lang['EXT_UPLOAD_ERROR'], E_USER_WARNING); return false; } $json_a = json_decode($string, true); $destination = isset($json_a['name']) ? $json_a['name'] : ''; $ext_version = isset($json_a['version']) ? $json_a['version'] : '0.0.0'; if (strpos($destination, '/') === false) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $file->remove(); $this->trigger_error($user->lang['ACP_UPLOAD_EXT_ERROR_DEST'], E_USER_WARNING); return false; } else { if (strpos($destination, $this->upload_ext_name) !== false && $action != 'upload_self') { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $file->remove(); $this->trigger_error($user->lang['EXT_UPLOAD_ERROR'], E_USER_WARNING); return false; } } $display_name = isset($json_a['extra']['display-name']) ? $json_a['extra']['display-name'] : 'Unknown extension'; if (!isset($json_a['type']) || $json_a['type'] != "phpbb-extension") { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); if ($action != 'upload_local') { $file->remove(); } $this->trigger_error($user->lang['NOT_AN_EXTENSION'], E_USER_WARNING); return false; } $source = substr($composery, 0, -14); if ($action != 'upload_self') { $source_for_check = $ext_tmp . '/' . $destination; } else { $source_for_check = 'boardtools/new_upload/' . $destination; } // At first we need to change the directory structure to something like ext/tmp/vendor/extension. // We need it to escape from problems with dots on validation. if ($source != $phpbb_root_path . 'ext/' . $source_for_check) { if (!$this->rcopy($source, $phpbb_root_path . 'ext/' . $source_for_check)) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); if ($action != 'upload_local') { $file->remove(); } return false; } $source = $phpbb_root_path . 'ext/' . $source_for_check; } // Validate the extension to check if it can be used on the board. $md_manager = $phpbb_extension_manager->create_extension_metadata_manager($source_for_check, $template); try { if ($md_manager->get_metadata() === false || $md_manager->validate_require_phpbb() === false || $md_manager->validate_require_php() === false) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); if ($action != 'upload_local') { $file->remove(); } $this->trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'], E_USER_WARNING); return false; } } catch (\phpbb\extension\exception $e) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); if ($action != 'upload_local') { $file->remove(); } $this->trigger_error($e . ' ' . $user->lang['ACP_UPLOAD_EXT_ERROR_NOT_SAVED'], E_USER_WARNING); return false; } // Save/remove the uploaded archive file. if ($action != 'upload_local') { if ($request->variable('keepext', false) == false) { $file->remove(); } else { $display_name = str_replace(array('/', '\\'), '_', $display_name); $ext_version = str_replace(array('/', '\\'), '_', $ext_version); // Save this file and any other files that were uploaded with the same name. if (@file_exists(substr($dest_file, 0, strrpos($dest_file, '/') + 1) . $display_name . "_" . $ext_version . ".zip")) { $finder = 1; while (@file_exists(substr($dest_file, 0, strrpos($dest_file, '/') + 1) . $display_name . "_" . $ext_version . "(" . $finder . ").zip")) { $finder++; } @rename($dest_file, substr($dest_file, 0, strrpos($dest_file, '/') + 1) . $display_name . "_" . $ext_version . "(" . $finder . ").zip"); } else { @rename($dest_file, substr($dest_file, 0, strrpos($dest_file, '/') + 1) . $display_name . "_" . $ext_version . ".zip"); } } } // Here we can assume that all checks are done. // Now we are able to install the uploaded extension to the correct path. } else { if ($action != 'upload_self_update') { // All checks were done previously. Now we only need to restore the variables. // We try to restore the data of the current upload. $ext_tmp = 'tmp/' . (int) $user->data['user_id']; if (!is_dir($phpbb_root_path . 'ext/' . $ext_tmp) || !($composery = $this->getComposer($phpbb_root_path . 'ext/' . $ext_tmp)) || !($string = @file_get_contents($composery))) { $this->trigger_error($user->lang['ACP_UPLOAD_EXT_WRONG_RESTORE'], E_USER_WARNING); return false; } $json_a = json_decode($string, true); $destination = isset($json_a['name']) ? $json_a['name'] : ''; if (strpos($destination, '/') === false) { $this->trigger_error($user->lang['ACP_UPLOAD_EXT_WRONG_RESTORE'], E_USER_WARNING); return false; } $source = substr($composery, 0, -14); $display_name = isset($json_a['extra']['display-name']) ? $json_a['extra']['display-name'] : 'Unknown extension'; } else { // All checks were done previously. Now we only need to restore the variables. // We try to restore the data of the current upload. $ext_tmp = 'boardtools/new_upload'; if (!is_dir($phpbb_root_path . 'ext/' . $ext_tmp) || !($composery = $this->getComposer($phpbb_root_path . 'ext/' . $ext_tmp)) || !($string = @file_get_contents($composery))) { $this->trigger_error($user->lang['ACP_UPLOAD_EXT_WRONG_RESTORE'], E_USER_WARNING); return false; } $json_a = json_decode($string, true); $destination = isset($json_a['name']) ? $json_a['name'] : ''; if (strpos($destination, 'boardtools/') === false) { $this->trigger_error($user->lang['ACP_UPLOAD_EXT_WRONG_RESTORE'], E_USER_WARNING); return false; } $source = substr($composery, 0, -14); $display_name = isset($json_a['extra']['display-name']) ? $json_a['extra']['display-name'] : 'Unknown extension'; } } $made_update = false; if ($action != 'upload_self' && $action != 'upload_self_update') { // Delete the previous version of extension files - we're able to update them. if (is_dir($phpbb_root_path . 'ext/' . $destination)) { // At first we need to disable the extension if it is enabled. if ($phpbb_extension_manager->is_enabled($destination)) { while ($phpbb_extension_manager->disable_step($destination)) { // Are we approaching the time limit? If so, we want to pause the update and continue after refreshing. if (time() - $start_time >= $safe_time_limit) { $template->assign_var('S_NEXT_STEP', true); // No need to specify the name of the extension. We suppose that it is the one in ext/tmp/USER_ID folder. meta_refresh(0, $this->main_link . '&action=force_update'); return false; } } $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_DISABLE', time(), array($destination)); $made_update = true; } $old_ext_name = $destination; if ($old_composery = $this->getComposer($phpbb_root_path . 'ext/' . $destination)) { if (!($old_string = @file_get_contents($old_composery))) { $old_ext_name = $old_ext_name . '_0.0.0'; } else { $old_json_a = json_decode($old_string, true); $old_display_name = isset($old_json_a['extra']['display-name']) ? $old_json_a['extra']['display-name'] : $old_ext_name; $old_ext_version = isset($old_json_a['version']) ? $old_json_a['version'] : '0.0.0'; $old_ext_name = $old_display_name . '_' . $old_ext_version; } } $this->save_zip_archive('ext/' . $destination . '/', str_replace(array('/', '\\'), '_', $old_ext_name) . '_old'); if (!$this->rrmdir($phpbb_root_path . 'ext/' . $destination)) { return false; } } if (!$this->rcopy($source, $phpbb_root_path . 'ext/' . $destination)) { $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); return false; } // No enabling at this stage. Admins should have a chance to revise the uploaded scripts. if (!$this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp)) { return false; } } else { if ($action == 'upload_self') { // No enabling at this stage. Admins should have a chance to revise the uploaded scripts. if (!$this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp)) { return false; } $destination = 'boardtools/new_upload/' . $destination; } else { // Now Upload Extensions will update itself. We suppose that it will be fast and without errors. // Otherwise users will need to use FTP. $phpbb_extension_manager->disable($destination); $this->rcopy($source, $phpbb_root_path . 'ext/' . $destination); $phpbb_extension_manager->enable($destination); $this->rrmdir($phpbb_root_path . 'ext/' . $ext_tmp); $template->assign_vars(array('S_UPDATED_SELF' => $display_name)); return true; } } foreach ($json_a['authors'] as $author) { $template->assign_block_vars('authors', array('AUTHOR' => $author['name'])); } $string = @file_get_contents($phpbb_root_path . 'ext/' . $destination . '/README.md'); if ($string !== false) { $readme = \Michelf\MarkdownExtra::defaultTransform($string); } else { $readme = false; } $template->assign_vars(array('S_UPLOADED' => $display_name, 'S_UPLOADED_SELF' => $action == 'upload_self', 'EXT_UPDATED' => $made_update, 'FILETREE' => \boardtools\upload\filetree\filetree::php_file_tree($phpbb_root_path . 'ext/' . $destination, $display_name, $this->main_link), 'S_ACTION' => $action != 'upload_self' ? $phpbb_root_path . 'adm/index.' . $phpEx . '?i=acp_extensions&sid=' . $user->session_id . '&mode=main&action=enable_pre&ext_name=' . urlencode($destination) : $this->main_link . '&action=upload_self_update', 'S_ACTION_BACK' => $this->main_link, 'U_ACTION' => $this->u_action, 'README_MARKDOWN' => $readme, 'FILENAME' => $string !== false ? 'README.md' : 'composer.json', 'CONTENT' => $string !== false ? highlight_string($string, true) : highlight_string(@file_get_contents($phpbb_root_path . 'ext/' . $destination . '/composer.json'), true))); return true; }
/** * upload module zip */ private function upload_file() { global $user, $phpbb_root_path, $phpEx, $phpbb_admin_path, $template; // Upload part $user->add_lang('posting'); // For error messages include($phpbb_root_path . 'includes/functions_upload.' . $phpEx); $upload = new fileupload(); // Only allow ZIP files $upload->set_allowed_extensions(array('zip')); $file = $upload->form_upload('modupload'); // this is for module zips so don't allow anything else if (empty($file->filename) || !preg_match('.zip.', $file->get('realname'))) { trigger_error($user->lang['NO_FILE_B3P'] . adm_back_link($this->u_action), E_USER_WARNING); } else { if (!$file->init_error && !sizeof($file->error)) { $file->clean_filename('real'); $file->move_file(str_replace($phpbb_root_path, '', $this->upload_path), true, true); if (!sizeof($file->error)) { include($phpbb_root_path . 'includes/functions_compress.' . $phpEx); $mod_dir = $this->upload_path . str_replace('.zip', '', $file->get('realname')); // make sure we don't already have the new folder if(is_dir($mod_dir)) { $this->directory_delete($mod_dir); } $compress = new compress_zip('r', $file->destination_file); $compress->extract($mod_dir . '_tmp/'); $compress->close(); $folder_contents = $this->cut_folder(scandir($mod_dir . '_tmp/', 1)); // This ensures dir is at index 0 // We need to check if there's a main directory inside the temp MOD directory if (sizeof($folder_contents) == 1) { // We need to move that directory then $this->directory_move($mod_dir . '_tmp/' . $folder_contents[0], $this->upload_path . $folder_contents[0]); $new_mod_dir = $this->upload_path . $folder_contents[0]; } else if (!is_dir($mod_dir)) { // Change the name of the directory by moving to directory without _tmp in it $this->directory_move($mod_dir . '_tmp/', $mod_dir); $new_mod_dir = $mod_dir; } $this->directory_delete($mod_dir . '_tmp/'); // make sure we set $mod_dir to the correct folder after the above step $mod_dir = (isset($new_mod_dir)) ? $new_mod_dir : $mod_dir; // if we got until here set $actions['NEW_FILES'] $actions['NEW_FILES'] = array(); // Now we need to get the files inside the folders //$folder_contents = $this->cut_folder(scandir($mod_dir)); $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($mod_dir)); // requires PHP 5 foreach($iterator as $cur_file) { $cur_path = $cur_file->getPathname(); $cur_path = str_replace('\\', '/', $cur_path); // we want unix-like paths $cur_path = str_replace($mod_dir . '/', '', $cur_path); $cut_pos = strpos($cur_path, '/'); /* * We only copy files. The recursive iterator might grab paths depending on * the PHP version. This will trigger our error handle with trigger_error() * though. If we are trying to copy a directory just move on. */ if (is_dir($cur_path)) { continue; } // Only allow files in adm, language, portal and styles folder and a license.txt if(!in_array(substr($cur_path, 0, $cut_pos), array('adm', 'language', 'portal', 'styles')) && $cur_file->getFilename() != 'license.txt') { $file->remove(); $this->directory_delete($mod_dir); trigger_error($user->lang['MODULE_CORRUPTED'] . adm_back_link(append_sid("{$phpbb_admin_path}index.$phpEx", 'i=portal&mode=modules')), E_USER_WARNING); } else { $actions['NEW_FILES'][$mod_dir . '/' . $cur_path] = $phpbb_root_path . $cur_path; } } if (!sizeof($file->error)) { // Let's start moving our files where they belong foreach ($actions['NEW_FILES'] as $source => $target) { /* * make sure we don't try to copy folders * folders will be created if necessary in copy_content */ if(is_dir($source)) { continue; } $status = $this->copy_content($source, $target); if ($status !== true && !is_null($status)) { $module_installed = false; } $template->assign_block_vars('new_files', array( 'S_SUCCESS' => ($status === true) ? true : false, 'S_NO_COPY_ATTEMPT' => (is_null($status)) ? true : false, 'SOURCE' => $source, 'TARGET' => $target, )); } $template->assign_vars(array( 'S_MOD_SUCCESSBOX' => true, 'MESSAGE' => $user->lang['MODULE_UPLOADED'], 'U_RETURN' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=portal&mode=modules'), 'S_INSTALL' => true, )); } } } $file->remove(); $this->directory_delete($mod_dir); if ($file->init_error || sizeof($file->error)) { trigger_error((sizeof($file->error) ? implode('<br />', $file->error) : $user->lang['MOD_UPLOAD_INIT_FAIL']) . adm_back_link($this->u_action), E_USER_WARNING); } $this->tpl_name = 'portal/acp_portal_upload_module'; $this->page_title = $user->lang['ACP_PORTAL_UPLOAD']; $template->assign_vars(array( 'L_TITLE' => $user->lang['ACP_PORTAL_UPLOAD'], 'L_TITLE_EXPLAIN' => '', 'S_ERROR' => false, // if we get here, there was no error or we can ignore it 'ERROR_MSG' => '', 'U_ACTION' => $this->u_action, )); } }
function upload_mod($action) { global $phpbb_root_path, $phpEx, $template, $user; $can_upload = @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !@extension_loaded('zlib') ? false : true; // get FTP information if we need it $hidden_ary = get_connection_info(false); if (!isset($_FILES['modupload']) || $action != 'upload_mod') { $template->assign_vars(array('S_FRONTEND' => true, 'S_MOD_UPLOAD' => $can_upload ? true : false, 'U_UPLOAD' => $this->u_action . '&action=upload_mod', 'S_FORM_ENCTYPE' => $can_upload ? ' enctype="multipart/form-data"' : '', 'S_HIDDEN_FIELDS' => build_hidden_fields($hidden_ary))); add_form_key('acp_mods_upload'); return false; } // end pre_upload_mod if (!check_form_key('acp_mods_upload')) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $user->add_lang('posting'); // For error messages include $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload(); $upload->set_allowed_extensions(array('zip')); // Only allow ZIP files $write_method = 'editor_' . determine_write_method(false); // For Direct & Manual write methods, make sure store/mods/ directory is writable if ($write_method == 'editor_direct' || $write_method == 'editor_manual') { if (!is_writable($this->mods_dir)) { trigger_error($user->lang['MODS_NOT_WRITABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } $write_method = 'editor_direct'; // Force Direct method, in the case of manual $upload_dir = $this->mods_dir; } else { if (is_writable($this->store_dir)) { $upload_dir = $this->store_dir; } else { trigger_error($user->lang['STORE_NOT_WRITABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } } $editor = new $write_method(); // Make sure the store/mods/ directory exists and if it doesn't, create it if (!is_dir($this->mods_dir)) { $editor->recursive_mkdir($this->mods_dir); } // Proceed with the upload $file = $upload->form_upload('modupload'); if (empty($file->filename)) { trigger_error($user->lang['NO_UPLOAD_FILE'] . adm_back_link($this->u_action), E_USER_WARNING); } else { if ($file->init_error || sizeof($file->error)) { $file->remove(); trigger_error((sizeof($file->error) ? implode('<br />', $file->error) : $user->lang['MOD_UPLOAD_INIT_FAIL']) . adm_back_link($this->u_action), E_USER_WARNING); } } $file->clean_filename('real'); $file->move_file(str_replace($phpbb_root_path, '', $upload_dir), true, true); if (sizeof($file->error)) { $file->remove(); trigger_error(implode('<br />', $file->error) . adm_back_link($this->u_action), E_USER_WARNING); } include $phpbb_root_path . 'includes/functions_compress.' . $phpEx; $mod_dir = $upload_dir . '/' . str_replace('.zip', '', $file->get('realname')); $compress = new compress_zip('r', $file->destination_file); $compress->extract($mod_dir . '_tmp/'); $compress->close(); $folder_contents = scandir($mod_dir . '_tmp/', 1); // This ensures dir is at index 0 $folder_contents = array_diff($folder_contents, array('.', '..')); // We need to check if there's only one (main) directory inside the temp MOD directory if (sizeof($folder_contents) == 1) { $folder_contents = implode(null, $folder_contents); $from_dir = $mod_dir . '_tmp/' . $folder_contents; $to_dir = $this->mods_dir . '/' . $folder_contents; } else { if (!is_dir($mod_dir)) { $from_dir = $mod_dir . '_tmp/'; $to_dir = $mod_dir . '/'; } else { trigger_error($user->lang['MOD_UPLOAD_UNRECOGNIZED'] . adm_back_link($this->u_action), E_USER_WARNING); } } // Copy that directory to the new path $editor->copy_content($from_dir, $to_dir); // Finally remove the main tmp extraction directory, directly, just like we created it recursive_unlink($mod_dir . '_tmp/'); $template->assign_vars(array('S_MOD_SUCCESSBOX' => true, 'MESSAGE' => $user->lang['MOD_UPLOAD_SUCCESS'], 'U_RETURN' => $this->u_action)); // Remove the uploaded archive file $file->remove(); return true; }
/** * Upload Attachment - filedata is generated here * Uses upload class */ function upload_attachment($form_name = 'fileupload') { global $auth, $user, $config, $db, $cache; global $phpbb_root_path, $phpEx; $filedata = array( 'error' => array() ); $image_types = array( 'gif', 'jpg', 'jpeg', 'png', 'swf', 'psd', 'bmp', 'tif', 'tiff', 'jpg', 'jpeg', 'swc', 'iff', 'wbmp', 'xbm', ); $upload = new fileupload('GALLERY_', $image_types); $file = $upload->form_upload($form_name); if (!$file->is_image()) { $file->remove(); trigger_error('NO_IMAGE'); } $file->upload->set_allowed_dimensions(0, 0, $config['photo_upload_width'], $config['photo_upload_height']); $file->clean_filename('unique', "photo_{$user->data['user_id']}_", $user->data['user_id']); $file->move_file($config['upload_path'], false, false); if (sizeof($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path'])) { if ($free_space <= $file->get('filesize')) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($file->get('height') > $config['photo_thumb_height'] || $file->get('width') > $config['photo_thumb_width']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); $filedata['thumbnail'] = 1; if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } if (!sizeof($filedata['error'])) { //update the users gallery with 1 more image. This also allows us to create //the gallery if it doesn't exist $sql = 'UPDATE ' . GALLERY_TABLE . " SET gallery_photos = gallery_photos + 1 WHERE user_id = {$user->data['user_id']}"; $db->sql_query($sql); $update = $db->sql_affectedrows(); if ($update < 1) { $sql_ary = array( 'user_id' => $user->data['user_id'], 'parent_id' => $config['photo_user_galleries'], 'gallery_name' => $user->data['username'], 'gallery_photos' => 1, 'gallery_last_update_time' => time(), ); $sql = 'INSERT INTO ' . GALLERY_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); $gallery_id = $db->sql_nextid(); } else { $sql = 'SELECT gallery_id FROM ' . GALLERY_TABLE . " WHERE user_id = {$user->data['user_id']}"; $result = $db->sql_query($sql); $gallery_id = $db->sql_fetchfield('gallery_id'); $db->sql_freeresult($result); } $sql_ary = array( 'poster_id' => $user->data['user_id'], 'is_orphan' => 0, 'physical_filename' => $filedata['physical_filename'], 'real_filename' => $filedata['real_filename'], 'photo_comment' => utf8_normalize_nfc(request_var('filecomment', '', true)), 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'] ? $filedata['thumbnail'] : 0/*$filedata['physical_filename']*/, 'photo_name' => utf8_normalize_nfc(request_var('filename', '', true)), 'gallery_id' => $gallery_id, ); $sql = 'INSERT INTO ' . GALLERY_PHOTOS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); $filedata['photo_id'] = $db->sql_nextid(); } return $filedata; }
/** * * @package automod * @copyright (c) 2008 phpBB Group * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License * */ function upload_ext($action) { $this->listzip(); $this->user->add_lang('posting'); // For error messages include $this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext; $upload = new \fileupload(); $upload->set_allowed_extensions(array('zip')); // Only allow ZIP files if (!is_writable($this->ext_dir)) { $this->trigger_error($this->user->lang['EXT_NOT_WRITABLE'] . $this->back_link, E_USER_WARNING); return false; } $upload_dir = $this->ext_dir; // Make sure the ext/ directory exists and if it doesn't, create it if (!is_dir($this->ext_dir)) { $this->recursive_mkdir($this->ext_dir); } // Proceed with the upload if ($action == 'upload') { $file = $upload->form_upload('extupload'); } else { if ($action == 'upload_remote') { $file = $this->remote_upload($upload, $this->request->variable('remote_upload', '')); } } if ($action != 'upload_local') { if (empty($file->filename)) { $this->trigger_error((sizeof($file->error) ? implode('<br />', $file->error) : $this->user->lang['NO_UPLOAD_FILE']) . $this->back_link, E_USER_WARNING); return false; } else { if ($file->init_error || sizeof($file->error)) { $file->remove(); $this->trigger_error((sizeof($file->error) ? implode('<br />', $file->error) : $this->user->lang['EXT_UPLOAD_INIT_FAIL']) . $this->back_link, E_USER_WARNING); return false; } } $file->clean_filename('real'); $file->move_file(str_replace($this->phpbb_root_path, '', $upload_dir), true, true); if (sizeof($file->error)) { $file->remove(); $this->trigger_error(implode('<br />', $file->error) . $this->back_link, E_USER_WARNING); return false; } $dest_file = $file->destination_file; } else { $dest_file = $this->phpbb_root_path . 'ext/' . $this->request->variable('local_upload', ''); } include $this->phpbb_root_path . 'includes/functions_compress.' . $this->php_ext; $zip = new \ZipArchive(); $res = $zip->open($dest_file); if ($res !== true) { $this->trigger_error($this->user->lang['ziperror'][$res] . $this->back_link, E_USER_WARNING); return false; } $zip->extractTo($this->phpbb_root_path . 'ext/tmp'); $zip->close(); $style_path = $this->get_style_path($this->phpbb_root_path . 'ext/tmp'); if (!$style_path) { $this->trigger_error($this->user->lang['ACP_UPLOAD_STYLE_ERROR_COMP'] . $this->back_link, E_USER_WARNING); return false; } $style_cfg = $this->read_style_cfg($style_path); $destination = str_replace(' ', '_', $style_cfg['name']); if ($style_cfg['phpbb_version'] != $this->config['version']) { $this->trigger_error($this->user->lang['ACP_UPLOAD_STYLE_ERROR_DEST'] . $this->back_link, E_USER_WARNING); return false; } $display_name = $style_cfg['name']; if (!isset($style_cfg['name'])) { $this->rrmdir($this->phpbb_root_path . 'ext/tmp'); if ($action != 'upload_local') { $file->remove(); } $this->trigger_error($this->user->lang['NOT_AN_STYLE'] . $this->back_link, E_USER_WARNING); return false; } $source = substr($style_path, 0, -10); /* Delete the previous version of style files - we're able to update them. */ if (is_dir($this->phpbb_root_path . 'styles/' . $destination)) { $this->rrmdir($this->phpbb_root_path . 'styles/' . $destination); } $this->rcopy($source, $this->phpbb_root_path . 'styles/' . $destination); $this->rrmdir($this->phpbb_root_path . 'ext/tmp'); $this->template->assign_block_vars('authors', array('AUTHOR' => $style_cfg['copyright'])); $string = @file_get_contents($this->phpbb_root_path . 'styles/' . $destination . '/style.cfg'); if ($string !== false) { $readme = highlight_string($string, true); } else { $readme = false; } $this->template->assign_vars(array('S_UPLOADED' => $display_name, 'FILETREE' => \filetree::php_file_tree($this->phpbb_root_path . 'styles/' . $destination, $display_name, $this->main_link), 'S_ACTION' => $this->phpbb_root_path . '/adm/index.php?i=acp_styles&sid=' . $this->user->session_id . '&mode=install&action=install&hash=' . generate_link_hash('install') . '&dir=' . urlencode($destination), 'S_ACTION_BACK' => $this->main_link, 'U_ACTION' => $this->u_action, 'README_MARKDOWN' => $readme, 'FILENAME' => $string !== false ? 'style.cfg' : '', 'CONTENT' => $string !== false ? highlight_string($string, true) : '')); // Remove the uploaded archive file if ($this->request->variable('keepext', false) == false) { $file->remove(); } return true; }
function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false) { global $_CLASS, $config; $filedata = array(); $filedata['error'] = array(); include_once SITE_FILE_ROOT . 'includes/forums/functions_upload.php'; $upload = new fileupload(); if (!$local) { $filedata['post_attach'] = $upload->is_valid($form_name) ? true : false; } else { $filedata['post_attach'] = true; } if (!$filedata['post_attach']) { $filedata['error'][] = 'No filedata found'; return $filedata; } $extensions = obtain_attach_extensions($forum_id); if (!empty($extensions['_allowed_'])) { $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); } if ($local) { $file = $upload->local_upload($local_storage); } else { $file = $upload->form_upload($form_name); } if ($file->init_error) { $filedata['post_attach'] = false; return $filedata; } $cat_id = isset($extensions[$file->get('extension')]['display_cat']) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE; // Do we have to create a thumbnail? $filedata['thumbnail'] = $cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail'] ? 1 : 0; // Check Image Size, if it is an image if (!$_CLASS['auth']->acl_gets('m_', 'a_') && $cat_id == ATTACHMENT_CATEGORY_IMAGE) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } if (!$_CLASS['auth']->acl_gets('a_', 'm_')) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize'] != 0 ? $extensions[$file->get('extension')]['max_filesize'] : ($is_message ? $config['max_filesize_pm'] : $config['max_filesize']); $file->upload->set_max_filesize($allowed_filesize); } $file->clean_filename('unique', $_CLASS['core_user']->data['user_id'] . '_'); $file->move_file($config['upload_path']); if (!empty($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $_CLASS['core_user']->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($config['upload_path'])) { if ($free_space <= $file->get('filesize')) { $filedata['error'][] = $_CLASS['core_user']->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($filedata['thumbnail']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } return $filedata; }
function avatar_upload($data, &$error) { global $config, $_CLASS; // Init upload class require_once SITE_FILE_ROOT . 'includes/forums/functions_upload.php'; $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); if (!empty($_FILES['uploadfile']['name'])) { $file = $upload->form_upload('uploadfile'); } else { $file = $upload->remote_upload($data['uploadurl']); } $file->clean_filename('real', $_CLASS['core_user']->data['user_id'] . '_'); $file->move_file($config['avatar_path']); if (sizeof($file->error)) { $file->remove(); $error = array_merge($error, $file->error); } return array(AVATAR_UPLOAD, $file->get('realname'), $file->get('width'), $file->get('height')); }
/** * Avatar upload using the upload class */ function avatar_upload($data, &$error) { global $phpbb_root_path, $config, $db, $user, $phpEx; // Init upload class include_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers'])); if (!empty($_FILES['uploadfile']['name'])) { $file = $upload->form_upload('uploadfile'); } else { $file = $upload->remote_upload($data['uploadurl']); } $prefix = $config['avatar_salt'] . '_'; $file->clean_filename('avatar', $prefix, $data['user_id']); $destination = $config['avatar_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) { $destination = ''; } // Move file and overwrite any existing image $file->move_file($destination, true); if (sizeof($file->error)) { $file->remove(); $error = array_merge($error, $file->error); } return array(AVATAR_UPLOAD, $data['user_id'] . '_' . time() . '.' . $file->get('extension'), $file->get('width'), $file->get('height')); }
function main($id, $mode) { global $user, $template, $cache, $config, $phpbb_root_path, $phpEx, $phpbb_container, $request, $db; $this->config = $config; $this->phpbb_container = $phpbb_container; $this->config_text = $this->phpbb_container->get('config_text'); $this->log = $this->phpbb_container->get('log'); $this->db = $db; $this->request = $request; $this->template = $template; $this->user = $user; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $phpEx; $this->user->add_lang_ext('davidiq/ForumBanners', 'forumbanners_acp'); $this->tpl_name = 'forumbanners'; $this->page_title = 'ACP_FORUMBANNER_IMAGES'; $banners_dir = $this->phpbb_root_path . $this->config['forum_banners_path']; $form_name = 'acp_forumbanners'; add_form_key($form_name); $delete_banners = $this->request->variable('delete_banner', array(0)); $upload_banner = $request->file('upload_banner'); if ($this->request->is_set_post('submit')) { if (!check_form_key($form_name)) { trigger_error($this->user->lang('FORM_INVALID') . adm_back_link($this->u_action), E_USER_WARNING); } //Perform the requested action if (sizeof($delete_banners)) { foreach ($delete_banners as $delete_banner) { $file = glob($banners_dir . '/' . $delete_banner . '.*'); unlink($file[0]); $this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_FORUMBANNER_DELETED'); } trigger_error($user->lang['FORUMBANNER_IMAGE_DELETED'] . adm_back_link($this->u_action)); } if (!empty($upload_banner['name'])) { $rhea = version_compare(PHPBB_VERSION, '3.2', '>='); if (!$rhea) { global $phpbb_container; $upload = $phpbb_container->get('files.factory')->get('upload') ->set_allowed_extensions($this->allowed_extensions) ->set_disallowed_content((isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false)); $file = $upload->handle_upload('files.types.form', 'upload_banner'); } else { include($this->phpbb_root_path . 'includes/functions_upload.' . $this->php_ext); $upload = new \fileupload('FORUMBANNER_', $this->allowed_extensions); $file = $upload->form_upload('upload_banner'); } $destination = $this->config['forum_banners_path']; // Adjust destination path (no trailing slash) if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') { $destination = substr($destination, 0, -1); } // Move file and overwrite any existing image and check it is indeed an image $file->move_file($destination, true, true); if (sizeof($file->error)) { $file->remove(); trigger_error($file->error . adm_back_link($this->u_action), E_USER_WARNING); } $selected_forum = $this->request->variable('forumbanner_forum_list', 0); $destination_path = $file_extension = $destination_file = ''; if ($rhea) { $destination_path = $file->get('destination_path'); $file_extension = $file->get('extension'); $destination_file = $file->get('destination_file'); } else { $destination_path = $file->destination_path; $file_extension = $file->extension; $destination_file = $file->destination_file; } $new_destination_file = $destination_path . '/' . $selected_forum . '.' . $file_extension; if (rename($destination_file, $new_destination_file)) { phpbb_chmod($new_destination_file, CHMOD_READ | CHMOD_WRITE); $this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_FORUMBANNER_UPLOADED'); trigger_error($user->lang['FORUMBANNER_IMAGE_UPLOADED'] . adm_back_link($this->u_action)); } else { $file->remove(); trigger_error($this->user->lang('FORUMBANNER_UPLOAD_ERROR') . adm_back_link($this->u_action), E_USER_WARNING); } } } if (!file_exists($banners_dir)) { @mkdir($banners_dir, 0777); if (!file_exists($banners_dir)) { trigger_error(sprintf($this->user->lang('FORUMBANNER_DIRECTORY_NOT_EXISTS'), $banners_dir), E_USER_WARNING); } } $file_list = scandir($banners_dir); if (sizeof($file_list)) { $sql = 'SELECT forum_id, forum_name FROM ' . FORUMS_TABLE . " ORDER BY forum_id"; $result = $this->db->sql_query($sql); $forums_list = array(); while ($row = $db->sql_fetchrow($result)) { $forums_list[$row['forum_id']] = $row['forum_name']; } foreach ($file_list as $file) { $file = $banners_dir . '/' . $file; $file_info = pathinfo($file); if (isset($file_info['filename']) && isset($forums_list[(int)$file_info['filename']])) { $forum_id = (int)$file_info['filename']; $this->template->assign_block_vars('forumbanners', array( 'FORUMBANNER_SRC' => $file, 'FORUM_ID' => $forum_id, 'FORUM_NAME' => $forums_list[$forum_id]) ); } } } include($this->phpbb_root_path . 'includes/functions_display.' . $this->php_ext); $forum_box = make_forum_select(0, false, false, false, false); $template->assign_vars(array( 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 'S_FORUM_BOX' => $forum_box, 'U_ACTION' => $this->u_action, )); }