コード例 #1
0
    /**
     * Parse Attachments
     */
    function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false)
    {
        global $config, $auth, $user, $src_root_path, $phpEx, $db, $request;
        $error = array();
        $num_attachments = sizeof($this->attachment_data);
        $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
        $upload = $request->file($form_name);
        $upload_file = !empty($upload) && $upload['name'] !== 'none' && trim($upload['name']);
        $add_file = isset($_POST['add_file']) ? true : false;
        $delete_file = isset($_POST['delete_file']) ? true : false;
        // First of all adjust comments if changed
        $actual_comment_list = utf8_normalize_nfc(request_var('comment_list', array(''), true));
        foreach ($actual_comment_list as $comment_key => $comment) {
            if (!isset($this->attachment_data[$comment_key])) {
                continue;
            }
            if ($this->attachment_data[$comment_key]['attach_comment'] != $actual_comment_list[$comment_key]) {
                $this->attachment_data[$comment_key]['attach_comment'] = $actual_comment_list[$comment_key];
            }
        }
        $cfg = array();
        $cfg['max_attachments'] = $is_message ? $config['max_attachments_pm'] : $config['max_attachments'];
        $forum_id = $is_message ? 0 : $forum_id;
        if ($submit && in_array($mode, array('post', 'reply', 'quote', 'edit')) && $upload_file) {
            if ($num_attachments < $cfg['max_attachments'] || $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) {
                $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message);
                $error = $filedata['error'];
                if ($filedata['post_attach'] && !sizeof($error)) {
                    $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']);
                    $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
                    $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'filesize' => $filedata['filesize']);
                    $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data);
                    $this->message = preg_replace('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#e', "'[attachment='.(\\1 + 1).']\\2[/attachment]'", $this->message);
                    $this->filename_data['filecomment'] = '';
                    // This Variable is set to false here, because Attachments are entered into the
                    // Database in two modes, one if the id_list is 0 and the second one if post_attach is true
                    // Since post_attach is automatically switched to true if an Attachment got added to the filesystem,
                    // but we are assigning an id of 0 here, we have to reset the post_attach variable to false.
                    //
                    // This is very relevant, because it could happen that the post got not submitted, but we do not
                    // know this circumstance here. We could be at the posting page or we could be redirected to the entered
                    // post. :)
                    $filedata['post_attach'] = false;
                }
            } else {
                $error[] = $user->lang('TOO_MANY_ATTACHMENTS', (int) $cfg['max_attachments']);
            }
        }
        if ($preview || $refresh || sizeof($error)) {
            if (isset($this->plupload) && $this->plupload->is_active()) {
                $json_response = new \src\json_response();
            }
            // Perform actions on temporary attachments
            if ($delete_file) {
                include_once $src_root_path . 'includes/functions_admin.' . $phpEx;
                $index = array_keys(request_var('delete_file', array(0 => 0)));
                $index = !empty($index) ? $index[0] : false;
                if ($index !== false && !empty($this->attachment_data[$index])) {
                    // delete selected attachment
                    if ($this->attachment_data[$index]['is_orphan']) {
                        $sql = 'SELECT attach_id, physical_filename, thumbnail
							FROM ' . ATTACHMENTS_TABLE . '
							WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id'] . '
								AND is_orphan = 1
								AND poster_id = ' . $user->data['user_id'];
                        $result = $db->sql_query($sql);
                        $row = $db->sql_fetchrow($result);
                        $db->sql_freeresult($result);
                        if ($row) {
                            src_unlink($row['physical_filename'], 'file');
                            if ($row['thumbnail']) {
                                src_unlink($row['physical_filename'], 'thumbnail');
                            }
                            $db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id']);
                        }
                    } else {
                        delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id'])));
                    }
                    unset($this->attachment_data[$index]);
                    $this->message = preg_replace('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message);
                    // Reindex Array
                    $this->attachment_data = array_values($this->attachment_data);
                    if (isset($this->plupload) && $this->plupload->is_active()) {
                        $json_response->send($this->attachment_data);
                    }
                }
            } else {
                if (($add_file || $preview) && $upload_file) {
                    if ($num_attachments < $cfg['max_attachments'] || $auth->acl_gets('m_', 'a_', $forum_id)) {
                        $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message, false, $this->mimetype_guesser, $this->plupload);
                        $error = array_merge($error, $filedata['error']);
                        if (!sizeof($error)) {
                            $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']);
                            $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
                            $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'filesize' => $filedata['filesize']);
                            $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data);
                            $this->message = preg_replace('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#e', "'[attachment='.(\\1 + 1).']\\2[/attachment]'", $this->message);
                            $this->filename_data['filecomment'] = '';
                            if (isset($this->plupload) && $this->plupload->is_active()) {
                                $download_url = append_sid("{$src_root_path}download/file.{$phpEx}", 'mode=view&amp;id=' . $new_entry['attach_id']);
                                // Send the client the attachment data to maintain state
                                $json_response->send(array('data' => $this->attachment_data, 'download_url' => $download_url));
                            }
                        }
                    } else {
                        $error[] = $user->lang('TOO_MANY_ATTACHMENTS', (int) $cfg['max_attachments']);
                    }
                    if (!empty($error) && isset($this->plupload) && $this->plupload->is_active()) {
                        // If this is a plupload (and thus ajax) request, give the
                        // client the first error we have
                        $json_response->send(array('jsonrpc' => '2.0', 'id' => 'id', 'error' => array('code' => 105, 'message' => current($error))));
                    }
                }
            }
        }
        foreach ($error as $error_msg) {
            $this->warn_msg[] = $error_msg;
        }
    }
コード例 #2
0
 /**
  * Form upload method
  * Upload file from users harddisk
  *
  * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified)
  * @param \src\mimetype\guesser $mimetype_guesser Mimetype guesser
  * @param \src\plupload\plupload $plupload The plupload object
  *
  * @return object $file Object "filespec" is returned, all further operations can be done with this object
  * @access public
  */
 function form_upload($form_name, \src\mimetype\guesser $mimetype_guesser = null, \src\plupload\plupload $plupload = null)
 {
     global $user, $request;
     $upload = $request->file($form_name);
     unset($upload['local_mode']);
     if ($plupload) {
         $result = $plupload->handle_upload($form_name);
         if (is_array($result)) {
             $upload = array_merge($upload, $result);
         }
     }
     $file = new filespec($upload, $this, $mimetype_guesser, $plupload);
     if ($file->init_error) {
         $file->error[] = '';
         return $file;
     }
     // Error array filled?
     if (isset($upload['error'])) {
         $error = $this->assign_internal_error($upload['error']);
         if ($error !== false) {
             $file->error[] = $error;
             return $file;
         }
     }
     // Check if empty file got uploaded (not catched by is_uploaded_file)
     if (isset($upload['size']) && $upload['size'] == 0) {
         $file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD'];
         return $file;
     }
     // PHP Upload filesize exceeded
     if ($file->get('filename') == 'none') {
         $max_filesize = @ini_get('upload_max_filesize');
         $unit = 'MB';
         if (!empty($max_filesize)) {
             $unit = strtolower(substr($max_filesize, -1, 1));
             $max_filesize = (int) $max_filesize;
             $unit = $unit == 'k' ? 'KB' : ($unit == 'g' ? 'GB' : 'MB');
         }
         $file->error[] = empty($max_filesize) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);
         return $file;
     }
     // Not correctly uploaded
     if (!$file->is_uploaded()) {
         $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
         return $file;
     }
     $this->common_checks($file);
     return $file;
 }