$can_upload = false; if ($panther_user['is_admin']) { $can_upload = true; } else { $data = array(':id' => $id); $ps = $db->select('attachments', 'COUNT(id)', $data, 'post_id=:id GROUP BY post_id', 1); $num_attachments = $ps->fetchColumn(); $can_upload = $panther_user['g_attach_files'] == '1' && ($cur_post['upload'] == '1' || $cur_post['upload'] == '') ? true : false; if ($can_upload && $num_attachments == $panther_user['g_max_attachments']) { $can_upload = false; } $max_size = $panther_user['g_max_size'] == '0' && $panther_user['g_attach_files'] == '1' ? $panther_config['o_max_upload_size'] : $panther_user['g_max_size']; if ($can_upload && $_FILES['attached_file']['size'] > $max_size) { $can_upload = false; } if (!check_file_extension($_FILES['attached_file']['name'])) { $can_upload = false; } } if ($can_upload) { if (!create_attachment($_FILES['attached_file']['name'], $_FILES['attached_file']['type'], $_FILES['attached_file']['size'], $_FILES['attached_file']['tmp_name'], $id, strlen($message))) { message($lang_post['Attachment error']); } } else { // Remove file as it's either dangerous or they've attempted to URL hack. Either way, there's no need for it. unlink($_FILES['attached_file']['tmp_name']); } } } ($hook = get_extensions('edit_after_edit')) ? eval($hook) : null; if ($add_poll) {
$tmpl->set("{$k}.name", h($v['name'])); $files[$k] = array('tmp_name' => h($v['tmp_name']), 'name' => h($v['name'])); } } } } // ファイルのアップロード if (isset($_FILES)) { foreach ($_FILES as $k => $v) { $file_error = array(); $tmpl->set("file.{$k}", false); if (!is_array($v['name'])) { // singleの場合 if (!empty($v['name'])) { // 拡張子のチェック if (FILE_ALLOW_EXTENSION !== '' && !check_file_extension($v['name'])) { $file_error[] = h($k . ERROR_FILE_EXTENSION); $global_error[] = h($k . ERROR_FILE_EXTENSION); $global_error_flag = true; } // 空ファイルのチェック if ($v['size'] === 0) { $file_error[] = h($k . ERROR_FILE_EMPTY); $global_error[] = h($k . ERROR_FILE_EMPTY); $global_error_flag = true; } // ファイルサイズのチェック if ($v['size'] > FILE_MAX_SIZE) { $file_error[] = h($k . str_replace('{ファイルサイズ}', format_bytes(FILE_MAX_SIZE), ERROR_FILE_MAX_SIZE)); $global_error[] = h($k . str_replace('{ファイルサイズ}', format_bytes(FILE_MAX_SIZE), ERROR_FILE_MAX_SIZE)); $global_error_flag = true;