/** * This function accepts a file via URL or from $_FILES, verifies it, and places it in a temporary location for processing * * @param mixed Valid options are: (a) a URL to a file to retrieve or (b) a pointer to a file in the $_FILES array */ function accept_upload(&$upload) { $this->error = ''; if (!is_array($upload) and strval($upload) != '') { $this->upload['extension'] = strtolower(file_extension($upload)); // Check extension here so we can save grabbing a large file that we aren't going to use if (!$this->is_valid_extension($this->upload['extension'])) { $this->set_error('upload_invalid_file'); return false; } // Admins can upload any size file if ($this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']) { $this->maxuploadsize = 0; } else { $this->maxuploadsize = $this->fetch_max_uploadsize($this->upload['extension']); if (!$this->maxuploadsize) { $newmem = 20971520; } } if (!preg_match('#^((http|ftp)s?):\\/\\/#i', $upload)) { $upload = 'http://' . $upload; } if (ini_get('allow_url_fopen') == 0 and !function_exists('curl_init')) { $this->set_error('upload_fopen_disabled'); return false; } else { if ($filesize = $this->fetch_remote_filesize($upload)) { if ($this->maxuploadsize and $filesize > $this->maxuploadsize) { $this->set_error('upload_remoteimage_toolarge'); return false; } else { if (function_exists('memory_get_usage') and $memory_limit = @ini_get('memory_limit') and $memory_limit != -1) { // Make sure we have enough memory to process this file $memorylimit = vb_number_format($memory_limit, 0, false, null, ''); $memoryusage = memory_get_usage(); $freemem = $memorylimit - $memoryusage; $newmemlimit = !empty($newmem) ? $freemem + $newmem : $freemem + $filesize; if (($current_memory_limit = ini_size_to_bytes(@ini_get('memory_limit'))) < $newmemlimit and $current_memory_limit > 0) { @ini_set('memory_limit', $newmemlimit); } } require_once DIR . '/includes/class_vurl.php'; $vurl = new vB_vURL($this->registry); $vurl->set_option(VURL_URL, $upload); $vurl->set_option(VURL_HEADER, true); $vurl->set_option(VURL_MAXSIZE, $this->maxuploadsize); $vurl->set_option(VURL_RETURNTRANSFER, true); if ($result = $vurl->exec2()) { } else { switch ($vurl->fetch_error()) { case VURL_ERROR_MAXSIZE: $this->set_error('upload_remoteimage_toolarge'); break; case VURL_ERROR_NOLIB: // this condition isn't reachable $this->set_error('upload_fopen_disabled'); break; case VURL_ERROR_SSL: case VURL_URL_URL: default: $this->set_error('retrieval_of_remote_file_failed'); } return false; } unset($vurl); } } else { $this->set_error('upload_invalid_url'); return false; } } // write file to temporary directory... if ($this->registry->options['safeupload']) { // ... in safe mode $this->upload['location'] = $this->registry->options['tmppath'] . '/vbupload' . $this->userinfo['userid'] . substr(TIMENOW, -4); } else { // ... in normal mode $this->upload['location'] = $this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'] ? tempnam(ini_get('upload_tmp_dir'), 'vbupload') : @tempnam(ini_get('upload_tmp_dir'), 'vbupload'); } $attachment_write_failed = true; if (!empty($result['body'])) { $fp = $this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'] ? fopen($this->upload['location'], 'wb') : @fopen($this->upload['location'], 'wb'); if ($fp and $this->upload['location']) { @fwrite($fp, $result['body']); @fclose($fp); $attachment_write_failed = false; } } else { if (file_exists($result['body_file'])) { if (rename($result['body_file'], $this->upload['location'])) { $mask = 0777 & ~umask(); @chmod($this->upload['location'], $mask); $attachment_write_failed = false; } } } if ($attachment_write_failed) { $this->set_error('upload_writefile_failed'); return false; } $this->upload['filesize'] = @filesize($this->upload['location']); $this->upload['filename'] = basename($upload); $this->upload['extension'] = strtolower(file_extension($this->upload['filename'])); $this->upload['thumbnail'] = ''; $this->upload['filestuff'] = ''; $this->upload['url'] = true; } else { $this->upload['filename'] = trim($upload['name']); $this->upload['filesize'] = intval($upload['size']); $this->upload['location'] = trim($upload['tmp_name']); $this->upload['extension'] = strtolower(file_extension($this->upload['filename'])); $this->upload['thumbnail'] = ''; $this->upload['filestuff'] = ''; if ($this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'] and $this->upload['error']) { // Encountered PHP upload error if (!($maxupload = @ini_get('upload_max_filesize'))) { $maxupload = 10485760; } $maxattachsize = vb_number_format($maxupload, 1, true); switch ($this->upload['error']) { case '1': // UPLOAD_ERR_INI_SIZE // UPLOAD_ERR_INI_SIZE case '2': // UPLOAD_ERR_FORM_SIZE $this->set_error('upload_file_exceeds_php_limit', $maxattachsize); break; case '3': // UPLOAD_ERR_PARTIAL $this->set_error('upload_file_partially_uploaded'); break; case '4': $this->set_error('upload_file_failed'); break; case '6': $this->set_error('missing_temporary_folder'); break; case '7': $this->set_error('upload_writefile_failed'); break; case '8': $this->set_error('upload_stopped_by_extension'); break; default: $this->set_error('upload_invalid_file'); } return false; } else { if ($this->upload['error'] or $this->upload['location'] == 'none' or $this->upload['location'] == '' or $this->upload['filename'] == '' or !$this->upload['filesize'] or !is_uploaded_file($this->upload['location'])) { if ($this->emptyfile or $this->upload['filename'] != '') { $this->set_error('upload_file_failed'); } return false; } } if ($this->registry->options['safeupload']) { $temppath = $this->registry->options['tmppath'] . '/' . $this->registry->session->fetch_sessionhash(); $moveresult = $this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'] ? move_uploaded_file($this->upload['location'], $temppath) : @move_uploaded_file($this->upload['location'], $temppath); if (!$moveresult) { $this->set_error('upload_unable_move'); return false; } $this->upload['location'] = $temppath; } } $return_value = true; ($hook = vBulletinHook::fetch_hook('upload_accept')) ? eval($hook) : false; return $return_value; }