/**
* Check if upload exceeds maximum file size
*
* @param \phpbb\files\filespec $file Filespec object
*
* @return \phpbb\files\filespec Returns same filespec instance
*/
public function check_upload_size($file)
{
// PHP Upload filesize exceeded
if ($file->get('filename') == 'none') {
$max_filesize = $this->php_ini->getString('upload_max_filesize');
$unit = 'MB';
if (!empty($max_filesize)) {
$unit = strtolower(substr($max_filesize, -1, 1));
$max_filesize = (int) $max_filesize;
$unit = $unit == 'k' ? 'KB' : ($unit == 'g' ? 'GB' : 'MB');
}
$file->error[] = empty($max_filesize) ? $this->language->lang($this->upload->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->upload->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit));
}
return $file;
}
protected function temporary_filepath($file_name)
{
// Must preserve the extension for plupload to work.
return sprintf('%s/%s_%s%s', $this->temporary_directory, $this->config['plupload_salt'], md5($file_name), \phpbb\files\filespec::get_extension($file_name));
}
/**
* Check for bad content (IE mime-sniffing)
*
* @param filespec $file Instance of filespec class
*
* @return bool True if content is valid, false if not
*/
public function valid_content(&$file)
{
return $file->check_content($this->disallowed_content);
}
/**
* {@inheritdoc}
*/
public function process_form($request, $template, $user, $row, &$error)
{
$url = $request->variable('avatar_remote_url', '');
$width = $request->variable('avatar_remote_width', 0);
$height = $request->variable('avatar_remote_height', 0);
if (empty($url)) {
return false;
}
if (!preg_match('#^(http|https|ftp)://#i', $url)) {
$url = 'http://' . $url;
}
if (!function_exists('validate_data')) {
require $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext;
}
$validate_array = validate_data(array('url' => $url), array('url' => array('string', true, 5, 255)));
$error = array_merge($error, $validate_array);
if (!empty($error)) {
return false;
}
// Check if this url looks alright
// This isn't perfect, but it's what phpBB 3.0 did, and might as well make sure everything is compatible
if (!preg_match('#^(http|https|ftp)://(?:(.*?\\.)*?[a-z0-9\\-]+?\\.[a-z]{2,4}|(?:\\d{1,3}\\.){3,5}\\d{1,3}):?([0-9]*?).*?\\.(' . implode('|', $this->allowed_extensions) . ')$#i', $url)) {
$error[] = 'AVATAR_URL_INVALID';
return false;
}
// Get image dimensions
if (($width <= 0 || $height <= 0) && ($image_data = $this->imagesize->getImageSize($url)) === false) {
$error[] = 'UNABLE_GET_IMAGE_SIZE';
return false;
}
if (!empty($image_data) && ($image_data['width'] <= 0 || $image_data['height'] <= 0)) {
$error[] = 'AVATAR_NO_SIZE';
return false;
}
$width = $width && $height ? $width : $image_data['width'];
$height = $width && $height ? $height : $image_data['height'];
if ($width <= 0 || $height <= 0) {
$error[] = 'AVATAR_NO_SIZE';
return false;
}
$types = \phpbb\files\upload::image_types();
$extension = strtolower(\phpbb\files\filespec::get_extension($url));
// Check if this is actually an image
if ($file_stream = @fopen($url, 'r')) {
// Timeout after 1 second
stream_set_timeout($file_stream, 1);
// read some data to ensure headers are present
fread($file_stream, 1024);
$meta = stream_get_meta_data($file_stream);
if (isset($meta['wrapper_data']['headers']) && is_array($meta['wrapper_data']['headers'])) {
$headers = $meta['wrapper_data']['headers'];
} else {
if (isset($meta['wrapper_data']) && is_array($meta['wrapper_data'])) {
$headers = $meta['wrapper_data'];
} else {
$headers = array();
}
}
foreach ($headers as $header) {
$header = preg_split('/ /', $header, 2);
if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type') {
if (strpos($header[1], 'image/') !== 0) {
$error[] = 'AVATAR_URL_INVALID';
fclose($file_stream);
return false;
} else {
fclose($file_stream);
break;
}
}
}
} else {
$error[] = 'AVATAR_URL_INVALID';
return false;
}
if (!empty($image_data) && (!isset($types[$image_data['type']]) || !in_array($extension, $types[$image_data['type']]))) {
if (!isset($types[$image_data['type']])) {
$error[] = 'UNABLE_GET_IMAGE_SIZE';
} else {
$error[] = array('IMAGE_FILETYPE_MISMATCH', $types[$image_data['type']][0], $extension);
}
return false;
}
if ($this->config['avatar_max_width'] || $this->config['avatar_max_height']) {
if ($width > $this->config['avatar_max_width'] || $height > $this->config['avatar_max_height']) {
$error[] = array('AVATAR_WRONG_SIZE', $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], $width, $height);
return false;
}
}
if ($this->config['avatar_min_width'] || $this->config['avatar_min_height']) {
if ($width < $this->config['avatar_min_width'] || $height < $this->config['avatar_min_height']) {
$error[] = array('AVATAR_WRONG_SIZE', $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], $width, $height);
return false;
}
}
return array('avatar' => $url, 'avatar_width' => $width, 'avatar_height' => $height);
}
/**
* @dataProvider get_extension_variables
*/
public function test_get_extension($filename, $expected)
{
$this->assertEquals($expected, \phpbb\files\filespec::get_extension($filename));
}
