function bb_attachments_process_post($post_id = 0, $display = 0)
{
global $bbdb, $bb_attachments;
if (!$post_id) {
$post_id = intval($_GET['bb_attachments']);
}
// only can upload if user is allowed to edit post
$user_id = bb_get_current_user_info('id');
if (!isset($_FILES['bb_attachments']) || !is_array($_FILES['bb_attachments']) || !$user_id || !$post_id || !bb_current_user_can('edit_post', $post_id) || !bb_current_user_can($bb_attachments['role']['upload'])) {
return;
}
$user_ip = $_SERVER["REMOTE_ADDR"];
// $GLOBALS["HTTP_SERVER_VARS"]["REMOTE_ADDR"];
$time = time();
$inject = "";
$bb_post = bb_get_post($post_id);
$topic_id = $bb_post->topic_id;
// fetch related topic
$topic_attachments = intval(bb_get_topicmeta($topic_id, "bb_attachments"));
// generally how many on topic (may be off if post moved)
$count = intval($bbdb->get_var("SELECT COUNT(*) FROM " . $bb_attachments['db'] . " WHERE post_id = {$post_id} AND status = 0"));
// how many currently on post
$offset = 0;
// counter for this pass
$strip = array(' ', '`', '"', '\'', '\\', '/', '..', '__');
// filter for filenames
$maxlength = bb_attachments_lookup($bb_attachments['max']['filename']);
reset($_FILES);
$output = "<h3>" . __("Uploads") . "</h3><ol>";
// start output
while (list($key, $value) = each($_FILES['bb_attachments']['name'])) {
if (!empty($value)) {
// don't trust these, check after upload $_FILES['bb_attachments']['type'] $_FILES['bb_attachments']['size']
$filename = trim(str_replace($strip, '_', stripslashes($value)));
// sanitize filename further ???
if (empty($filename)) {
$filename = "unknown";
}
if (intval($_FILES['bb_attachments']['error'][$key]) == 0 && $_FILES['bb_attachments']['size'][$key] > 0) {
$ext = strrpos($filename, '.') === false ? "" : trim(strtolower(substr($filename, strrpos($filename, '.') + 1)));
if (strlen($filename) > $maxlength) {
$filename = substr($filename, 0, $maxlength - strlen($ext) + 1) . "." . $ext;
}
// fix filename length
$tmp = $bb_attachments['path'] . md5(rand(0, 99999) . time() . $_FILES['bb_attachments']['tmp_name'][$key]);
// make random temp name that can't be guessed
if (@is_uploaded_file($_FILES['bb_attachments']['tmp_name'][$key]) && @move_uploaded_file($_FILES['bb_attachments']['tmp_name'][$key], $tmp)) {
$size = filesize($tmp);
$mime = bb_attachments_mime_type($tmp);
$status = 0;
$id = 0;
} else {
$status = 2;
// file move to temp name failed for some unknown reason
$size = $_FILES['bb_attachments']['size'][$key];
// we'll trust the upload sequence for the size since it doesn't matter, it failed
$mime = "";
$id = 0;
}
if ($status == 0 && !in_array($ext, bb_attachments_lookup($bb_attachments['allowed']['extensions']))) {
$status = 3;
}
// disallowed extension
if ($status == 0 && !in_array($mime, bb_attachments_lookup($bb_attachments['allowed']['mime_types']))) {
$status = 4;
}
// disallowed mime
if ($status == 0 && $size > bb_attachments_lookup($bb_attachments['max']['size'], $ext)) {
$status = 5;
}
// disallowed size
if ($status == 0 && $count + 1 > bb_attachments_lookup($bb_attachments['max']['per_post'])) {
$status = 6;
}
// disallowed attachment count
if ($size > 0 && $filename) {
// we still save the status code if any but don't copy file until status = 0
$failed = $bbdb->get_var("\n\t\t\t\tINSERT INTO " . $bb_attachments['db'] . " ( time , post_id , user_id, user_ip, status , size , ext , mime , filename )\n\t\t\t\tVALUES ('{$time}', '{$post_id}' , '{$user_id}' , inet_aton('{$user_ip}') , {$status}, '{$size}', '" . addslashes($ext) . "', '{$mime}', '" . addslashes($filename) . "')\t\t\t\t\n\t\t\t\t");
if ($status == 0 && !$failed) {
$id = intval($bbdb->get_var("SELECT LAST_INSERT_ID()"));
}
// fetch the assigned unique id #
if ($failed || !$id) {
$status = 2;
}
// db failure ?
if ($status == 0) {
// successful db insert - bbdb returns NULL on success so that !NULL is it's wierd way
$dir = $bb_attachments['path'] . floor($id / 1000);
if (function_exists('get_current_user') && function_exists('posix_setuid')) {
// try to set user's id so file/dir creation is under their account
$current = get_current_user();
if (!($current && !in_array($current, array("nobody", "httpd", "apache", "root")) && strpos(__FILE__, $current))) {
$current = "";
}
$x = posix_getuid();
if (0 == $x && $current) {
$org_uid = posix_getuid();
$pw_info = posix_getpwnam($current);
$uid = $pw_info["uid"];
posix_setuid($uid);
}
}
if (!file_exists($dir)) {
// check for sub-directory based on file number 0,1,2,3,4 etc.
$oldumask = umask(0);
@mkdir($dir, 0755);
// I've found that as long as the PARENT is 777, the children don't have to be
umask($oldumask);
}
$file = $dir . "/" . $id . "." . $filename;
// file is commited here
if (!$failed && $id > 0 && file_exists($tmp)) {
@rename($tmp, $file);
// now it's officially named
@chmod($file, 0777);
// make accessable via ftp for ease of management
if ($bb_attachments['aws']['enable']) {
bb_attachments_aws("{$dir}/", "{$id}.{$filename}", $mime);
}
// copy to S3
$count++;
$offset++;
// count how many successfully uploaded this time
} else {
$status = 2;
// failed - not necessarily user's fault, could be filesystem
}
if (isset($org_uid) && $org_uid > 0 && function_exists('posix_setuid')) {
posix_setuid($org_uid);
}
} else {
if ($status == 0) {
$status = 2;
}
// failed for db?
}
}
} else {
$status = 2;
}
if (!empty($tmp) && file_exists($tmp)) {
@unlink($tmp);
}
// never, ever, leave temporary file behind for security
if ($status > 0) {
if ($id > 0) {
$bbdb->query("UPDATE " . $bb_attachments['db'] . " SET 'status' = {$status} WHERE 'id' = {$id}");
}
$error = "";
if ($_FILES['bb_attachments']['error'][$key] > 0) {
$error = " (" . $bb_attachments['errors'][$_FILES['bb_attachments']['error'][$key]] . ") ";
}
$output .= "<li><span style='color:red'><strong>{$filename} " . " <span class='num'>(" . round($size / 1024, 1) . " KB)</span> " . __('error:') . " " . $bb_attachments['status'][$status] . "</strong>{$error}</span></li>";
} else {
$output .= "<li><span style='color:green'><strong>{$filename} " . " <span class='num'>(" . round($size / 1024, 1) . " KB)</span> " . __('successful') . "</strong></span></li>";
if ($bb_attachments['inline']['auto'] && (list($width, $height, $type) = getimagesize($file))) {
if ($display) {
$location = bb_attachments_location();
$can_inline = true;
if (!($bb_attachments['role']['inline'] == "read" || bb_current_user_can($bb_attachments['role']['inline']))) {
$can_inline = false;
}
if ($location == "edit.php" && $can_inline) {
$output .= '<scr' . 'ipt type="text/javascript" defer="defer">
bbat_field = document.getElementsByTagName("textarea")[0];
bbat_value=" [attachment="+' . $post_id . '+","+' . $id . '+"] ";
bbat_field.value += bbat_value;</script>';
}
// above auto-injects newly uploaded attachment if edit form present
} else {
$inject .= " [attachment={$post_id},{$id}]";
}
}
}
}
// end !$empty
}
// end while
$output .= "</ol>";
if ($display) {
echo $output;
} elseif (!empty($inject) && $bb_attachments['inline']['auto']) {
$bb_post->post_text = apply_filters('edit_text', $bb_post->post_text . $inject);
bb_insert_post($bb_post);
}
// auto-inject
bb_update_topicmeta($topic_id, 'bb_attachments', $topic_attachments + $offset);
}
function socialit_insert_in_post($post_content)
{
global $socialit_plugopts, $bbdb;
// decide whether or not to generate the bookmarks.
$istopic = bb_is_topic();
if ($istopic && $socialit_plugopts['topic'] == 1 || bb_is_feed() && $socialit_plugopts['feed'] == 1 && bb_get_topicmeta(get_topic_id(), 'hide_socialit') != "true") {
//socials should be generated and added
$post_id_fc = get_post_id();
//post id for check
if (bb_is_first($post_id_fc)) {
$post_content .= get_socialit();
}
}
return $post_content;
}
/**
* Sends a single pingback if a link is found
*
* @return integer The number of pingbacks sent
*/
function send_pingback($topic_id, $post_text)
{
if (!$topic_id || !$post_text) {
return 0;
}
// Get all links in the text and add them to an array
if (!preg_match_all('@<a ([^>]+)>@im', make_clickable($post_text), $post_links)) {
return 0;
}
$_links = array();
foreach ($post_links[1] as $post_link_attributes) {
$post_link_attributes = preg_split('@\\s+@im', $post_link_attributes, -1, PREG_SPLIT_NO_EMPTY);
foreach ($post_link_attributes as $post_link_attribute) {
if (strpos($post_link_attribute, '=', 1) !== false) {
list($_key, $_value) = explode('=', $post_link_attribute, 2);
if (strtolower($_key) === 'href') {
$_links[] = trim($_value, "'\"");
}
}
}
}
// Get pingbacks which have already been performed from this topic
$past_pingbacks = bb_get_topicmeta($topic_id, 'pingback_performed');
$new_pingbacks = array();
foreach ($_links as $_link) {
// If it's already been pingbacked, then skip it
if ($past_pingbacks && in_array($_link, $past_pingbacks)) {
continue;
}
// If it's trying to ping itself, then skip it
if ($topic = bb_get_topic_from_uri($_link)) {
if ($topic->topic_id === $topic_id) {
continue;
}
}
// Make sure it's a page on a site and not the root
if (!($_url = parse_url($_link))) {
continue;
}
if (!isset($_url['query'])) {
if ($_url['path'] == '' || $_url['path'] == '/') {
continue;
}
}
// Add the URL to the array of those to be pingbacked
$new_pingbacks[] = $_link;
}
include_once BACKPRESS_PATH . '/class.ixr.php';
$count = 0;
foreach ($new_pingbacks as $pingback_to_url) {
if (!($pingback_endpoint_uri = BB_Pingbacks::get_endpoint_uri($pingback_to_url))) {
continue;
}
// Stop this nonsense after 60 seconds
@set_time_limit(60);
// Get the URL to pingback from
$pingback_from_url = get_topic_link($topic_id);
// Using a timeout of 3 seconds should be enough to cover slow servers
$client = new IXR_Client($pingback_endpoint_uri);
$client->timeout = 3;
$client->useragent .= ' -- bbPress/' . bb_get_option('version');
// When set to true, this outputs debug messages by itself
$client->debug = false;
// If successful or the ping already exists then add to the pingbacked list
if ($client->query('pingback.ping', $pingback_from_url, $pingback_to_url) || isset($client->error->code) && 48 == $client->error->code) {
$count++;
$past_pingbacks[] = $pingback_to_url;
}
}
bb_update_topicmeta($topic_id, 'pingback_performed', $past_pingbacks);
return $count;
}
