/** * Uploads a file to server * * @return array filedata */ public function upload_file() { $this->filedata = array('error' => array(), 'post_attach' => $this->upload->is_valid($this->form_name)); if (!$this->filedata['post_attach']) { $this->filedata['error'][] = $this->user->lang['NO_UPLOAD_FORM_FOUND']; return false; } if (!isset($this->ext_config->upload_allowed_extensions[$this->object_type])) { $this->filedata['error'][] = $this->user->lang['NO_UPLOAD_FORM_FOUND']; return false; } $this->upload->set_allowed_extensions($this->ext_config->upload_allowed_extensions[$this->object_type]); $file = $this->upload->handle_upload('phpbb.titania.attachment.files.types.form', $this->form_name); if ($file->init_error()) { $this->filedata['post_attach'] = false; return false; } // Set max file size for anyone but team members. if (!$this->access->is_team()) { $this->upload->set_max_filesize($this->get_max_filesize()); } $file->clean_filename('unique', $this->user->data['user_id'] . '_'); // Move files into their own directory depending on the extension group assigned. Should keep at least some of it organized. if (!isset($this->ext_config->upload_directory[$this->object_type])) { $this->filedata['error'][] = $this->user->lang('NO_UPLOAD_FORM_FOUND'); return false; } $move_dir = $this->ext_config->upload_directory[$this->object_type]; if (!file_exists($this->ext_config->upload_path . $move_dir)) { @mkdir($this->ext_config->upload_path . $move_dir); phpbb_chmod($this->ext_config->upload_path . $move_dir, CHMOD_ALL); } $file->move_file($this->ext_config->upload_path . $move_dir, false, true); if (!empty($file->error)) { $file->remove(); $this->filedata['error'] = array_merge($this->filedata['error'], $file->error); $this->filedata['post_attach'] = false; return false; } $this->filedata['filesize'] = $file->get('filesize'); $this->filedata['mimetype'] = $file->get('mimetype'); $this->filedata['extension'] = $file->get('extension'); $this->filedata['is_image'] = $file->is_image(); $this->filedata['physical_filename'] = $file->get('realname'); $this->filedata['attachment_directory'] = $move_dir; $this->filedata['real_filename'] = $file->get('uploadname'); $this->filedata['filetime'] = time(); $this->filedata['md5_checksum'] = md5_file($file->get('destination_file')); // Check free disk space if ($free_space = @disk_free_space($this->ext_config->upload_path)) { if ($free_space <= $file->get('filesize')) { $this->filedata['error'][] = $this->user->lang['ATTACH_QUOTA_REACHED']; $this->filedata['post_attach'] = false; $file->remove(); return false; } } // Yippe!! File uploaded with no problems... return true; }
/** * Form upload method * Upload file from users harddisk * * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified) * * @return filespec $file Object "filespec" is returned, all further operations can be done with this object * @access public */ protected function form_upload($form_name) { $upload = $this->request->file($form_name); unset($upload['local_mode']); $result = $this->plupload->handle_upload($form_name); if (is_array($result)) { $upload = array_merge($upload, $result); } /** @var filespec $file */ $file = $this->factory->get('filespec')->set_upload_ary($upload)->set_upload_namespace($this->upload); if ($file->init_error()) { $file->error[] = ''; return $file; } // Error array filled? if (isset($upload['error'])) { $error = $this->upload->assign_internal_error($upload['error']); if ($error !== false) { $file->error[] = $error; return $file; } } // Check if empty file got uploaded (not catched by is_uploaded_file) if (isset($upload['size']) && $upload['size'] == 0) { $file->error[] = $this->language->lang($this->upload->error_prefix . 'EMPTY_FILEUPLOAD'); return $file; } // PHP Upload file size check $file = $this->check_upload_size($file); if (sizeof($file->error)) { return $file; } // Not correctly uploaded if (!$file->is_uploaded()) { $file->error[] = $this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED'); return $file; } $this->upload->common_checks($file); return $file; }
/** * Remote upload method * Uploads file from given url * * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif * @return filespec $file Object "filespec" is returned, all further operations can be done with this object * @access public */ protected function remote_upload($upload_url) { $upload_ary = array(); $upload_ary['local_mode'] = true; if (!preg_match('#^(https?://).*?\\.(' . implode('|', $this->upload->allowed_extensions) . ')$#i', $upload_url, $match)) { return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'URL_INVALID')); } $url = parse_url($upload_url); $upload_ary['type'] = 'application/octet-stream'; $url['path'] = explode('.', $url['path']); $ext = array_pop($url['path']); $url['path'] = implode('', $url['path']); $upload_ary['name'] = utf8_basename($url['path']) . ($ext ? '.' . $ext : ''); $remote_max_filesize = $this->get_max_file_size(); $guzzle_options = ['timeout' => $this->upload->upload_timeout, 'connect_timeout' => $this->upload->upload_timeout, 'verify' => !empty($this->config['remote_upload_verify']) ? (bool) $this->config['remote_upload_verify'] : false]; $client = new \GuzzleHttp\Client($guzzle_options); try { $response = $client->get($upload_url, $guzzle_options); } catch (\GuzzleHttp\Exception\ClientException $clientException) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'URL_NOT_FOUND'); } catch (\GuzzleHttp\Exception\RequestException $requestException) { if (strpos($requestException->getMessage(), 'cURL error 28') !== false || preg_match('/408|504/', $requestException->getCode())) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'REMOTE_UPLOAD_TIMEOUT'); } else { return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED')); } } catch (\Exception $e) { return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED')); } $content_length = $response->getBody()->getSize(); if ($remote_max_filesize && $content_length > $remote_max_filesize) { $max_filesize = get_formatted_filesize($remote_max_filesize, false); return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); } if ($content_length == 0) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'EMPTY_REMOTE_DATA'); } $data = $response->getBody(); $filename = tempnam(sys_get_temp_dir(), unique_id() . '-'); if (!($fp = @fopen($filename, 'wb'))) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'NOT_UPLOADED'); } $upload_ary['size'] = fwrite($fp, $data); fclose($fp); unset($data); $upload_ary['tmp_name'] = $filename; /** @var filespec $file */ $file = $this->factory->get('filespec')->set_upload_ary($upload_ary)->set_upload_namespace($this->upload); $this->upload->common_checks($file); return $file; }
/** * Move file from another location to phpBB * * @param string $source_file Filename of source file * @param array|bool $filedata Array with filedata or false * * @return filespec Object "filespec" is returned, all further operations can be done with this object */ protected function local_upload($source_file, $filedata = false) { $upload = $this->get_upload_ary($source_file, $filedata); /** @var filespec $file */ $file = $this->factory->get('filespec')->set_upload_ary($upload)->set_upload_namespace($this->upload); if ($file->init_error()) { $file->error[] = ''; return $file; } // PHP Upload file size check $file = $this->check_upload_size($file); if (sizeof($file->error)) { return $file; } // Not correctly uploaded if (!$file->is_uploaded()) { $file->error[] = $this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED'); return $file; } $this->upload->common_checks($file); $this->request->overwrite('local', $upload, request_interface::FILES); return $file; }
/** * Remote upload method * Uploads file from given url * * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif * @return filespec $file Object "filespec" is returned, all further operations can be done with this object * @access public */ protected function remote_upload($upload_url) { $upload_ary = array(); $upload_ary['local_mode'] = true; if (!preg_match('#^(https?://).*?\\.(' . implode('|', $this->upload->allowed_extensions) . ')$#i', $upload_url, $match)) { return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'URL_INVALID')); } $url = parse_url($upload_url); $host = $url['host']; $path = $url['path']; $port = !empty($url['port']) ? (int) $url['port'] : 80; $upload_ary['type'] = 'application/octet-stream'; $url['path'] = explode('.', $url['path']); $ext = array_pop($url['path']); $url['path'] = implode('', $url['path']); $upload_ary['name'] = utf8_basename($url['path']) . ($ext ? '.' . $ext : ''); $filename = $url['path']; $filesize = 0; $remote_max_filesize = $this->get_max_file_size(); $errno = 0; $errstr = ''; if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) { return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED')); } // Make sure $path not beginning with / if (strpos($path, '/') === 0) { $path = substr($path, 1); } fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n"); fputs($fsock, "HOST: " . $host . "\r\n"); fputs($fsock, "Connection: close\r\n\r\n"); // Set a proper timeout for the socket socket_set_timeout($fsock, $this->upload->upload_timeout); $get_info = false; $data = ''; $length = false; $timer_stop = time() + $this->upload->upload_timeout; while ((!$length || $filesize < $length) && !@feof($fsock)) { if ($get_info) { if ($length) { // Don't attempt to read past end of file if server indicated length $block = @fread($fsock, min($length - $filesize, 1024)); } else { $block = @fread($fsock, 1024); } $filesize += strlen($block); if ($remote_max_filesize && $filesize > $remote_max_filesize) { $max_filesize = get_formatted_filesize($remote_max_filesize, false); return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); } $data .= $block; } else { $line = @fgets($fsock, 1024); if ($line == "\r\n") { $get_info = true; } else { if (stripos($line, 'content-type: ') !== false) { $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); } else { if ($this->upload->max_filesize && stripos($line, 'content-length: ') !== false) { $length = (int) str_replace('content-length: ', '', strtolower($line)); if ($remote_max_filesize && $length && $length > $remote_max_filesize) { $max_filesize = get_formatted_filesize($remote_max_filesize, false); return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); } } else { if (stripos($line, '404 not found') !== false) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'URL_NOT_FOUND'); } } } } } $stream_meta_data = stream_get_meta_data($fsock); // Cancel upload if we exceed timeout if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'REMOTE_UPLOAD_TIMEOUT'); } } @fclose($fsock); if (empty($data)) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'EMPTY_REMOTE_DATA'); } $filename = tempnam(sys_get_temp_dir(), unique_id() . '-'); if (!($fp = @fopen($filename, 'wb'))) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'NOT_UPLOADED'); } $upload_ary['size'] = fwrite($fp, $data); fclose($fp); unset($data); $upload_ary['tmp_name'] = $filename; /** @var filespec $file */ $file = $this->factory->get('filespec')->set_upload_ary($upload_ary)->set_upload_namespace($this->upload); $this->upload->common_checks($file); return $file; }
/** * {@inheritdoc} */ public function process_form($request, $template, $user, $row, &$error) { $url = $request->variable('avatar_remote_url', ''); $width = $request->variable('avatar_remote_width', 0); $height = $request->variable('avatar_remote_height', 0); if (empty($url)) { return false; } if (!preg_match('#^(http|https|ftp)://#i', $url)) { $url = 'http://' . $url; } if (!function_exists('validate_data')) { require $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext; } $validate_array = validate_data(array('url' => $url), array('url' => array('string', true, 5, 255))); $error = array_merge($error, $validate_array); if (!empty($error)) { return false; } // Check if this url looks alright // This isn't perfect, but it's what phpBB 3.0 did, and might as well make sure everything is compatible if (!preg_match('#^(http|https|ftp)://(?:(.*?\\.)*?[a-z0-9\\-]+?\\.[a-z]{2,4}|(?:\\d{1,3}\\.){3,5}\\d{1,3}):?([0-9]*?).*?\\.(' . implode('|', $this->allowed_extensions) . ')$#i', $url)) { $error[] = 'AVATAR_URL_INVALID'; return false; } // Get image dimensions if (($width <= 0 || $height <= 0) && ($image_data = $this->imagesize->getImageSize($url)) === false) { $error[] = 'UNABLE_GET_IMAGE_SIZE'; return false; } if (!empty($image_data) && ($image_data['width'] <= 0 || $image_data['height'] <= 0)) { $error[] = 'AVATAR_NO_SIZE'; return false; } $width = $width && $height ? $width : $image_data['width']; $height = $width && $height ? $height : $image_data['height']; if ($width <= 0 || $height <= 0) { $error[] = 'AVATAR_NO_SIZE'; return false; } $types = \phpbb\files\upload::image_types(); $extension = strtolower(\phpbb\files\filespec::get_extension($url)); // Check if this is actually an image if ($file_stream = @fopen($url, 'r')) { // Timeout after 1 second stream_set_timeout($file_stream, 1); // read some data to ensure headers are present fread($file_stream, 1024); $meta = stream_get_meta_data($file_stream); if (isset($meta['wrapper_data']['headers']) && is_array($meta['wrapper_data']['headers'])) { $headers = $meta['wrapper_data']['headers']; } else { if (isset($meta['wrapper_data']) && is_array($meta['wrapper_data'])) { $headers = $meta['wrapper_data']; } else { $headers = array(); } } foreach ($headers as $header) { $header = preg_split('/ /', $header, 2); if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type') { if (strpos($header[1], 'image/') !== 0) { $error[] = 'AVATAR_URL_INVALID'; fclose($file_stream); return false; } else { fclose($file_stream); break; } } } } else { $error[] = 'AVATAR_URL_INVALID'; return false; } if (!empty($image_data) && (!isset($types[$image_data['type']]) || !in_array($extension, $types[$image_data['type']]))) { if (!isset($types[$image_data['type']])) { $error[] = 'UNABLE_GET_IMAGE_SIZE'; } else { $error[] = array('IMAGE_FILETYPE_MISMATCH', $types[$image_data['type']][0], $extension); } return false; } if ($this->config['avatar_max_width'] || $this->config['avatar_max_height']) { if ($width > $this->config['avatar_max_width'] || $height > $this->config['avatar_max_height']) { $error[] = array('AVATAR_WRONG_SIZE', $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], $width, $height); return false; } } if ($this->config['avatar_min_width'] || $this->config['avatar_min_height']) { if ($width < $this->config['avatar_min_width'] || $height < $this->config['avatar_min_height']) { $error[] = array('AVATAR_WRONG_SIZE', $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], $width, $height); return false; } } return array('avatar' => $url, 'avatar_width' => $width, 'avatar_height' => $height); }
/** * Move file to destination folder * The phpbb_root_path variable will be applied to the destination path * * @param string $destination Destination path, for example $config['avatar_path'] * @param bool $overwrite If set to true, an already existing file will be overwritten * @param bool $skip_image_check If set to true, the check for the file to be a valid image is skipped * @param string|bool $chmod Permission mask for chmodding the file after a successful move. * The mode entered here reflects the mode defined by {@link phpbb_chmod()} * * @return bool True if file was moved, false if not * @access public */ public function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false) { if (sizeof($this->error)) { return false; } $chmod = $chmod === false ? CHMOD_READ | CHMOD_WRITE : $chmod; // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... $this->destination_path = $this->phpbb_root_path . $destination; // Check if the destination path exist... if (!file_exists($this->destination_path)) { @unlink($this->filename); return false; } $upload_mode = $this->php_ini->getBool('open_basedir') || $this->php_ini->getBool('safe_mode') ? 'move' : 'copy'; $upload_mode = $this->local ? 'local' : $upload_mode; $this->destination_file = $this->destination_path . '/' . utf8_basename($this->realname); // Check if the file already exist, else there is something wrong... if (file_exists($this->destination_file) && !$overwrite) { @unlink($this->filename); $this->error[] = $this->language->lang($this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR', $this->destination_file); $this->file_moved = false; return false; } else { if (file_exists($this->destination_file)) { @unlink($this->destination_file); } switch ($upload_mode) { case 'copy': if (!@copy($this->filename, $this->destination_file)) { if (!@move_uploaded_file($this->filename, $this->destination_file)) { $this->error[] = $this->language->lang($this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR', $this->destination_file); } } break; case 'move': if (!@move_uploaded_file($this->filename, $this->destination_file)) { if (!@copy($this->filename, $this->destination_file)) { $this->error[] = $this->language->lang($this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR', $this->destination_file); } } break; case 'local': if (!@copy($this->filename, $this->destination_file)) { $this->error[] = $this->language->lang($this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR', $this->destination_file); } break; } // Remove temporary filename @unlink($this->filename); if (sizeof($this->error)) { return false; } try { $this->filesystem->phpbb_chmod($this->destination_file, $chmod); } catch (\phpbb\filesystem\exception\filesystem_exception $e) { // Do nothing } } // Try to get real filesize from destination folder $this->filesize = $this->get_filesize($this->destination_file) ?: $this->filesize; // Get mimetype of supplied file $this->mimetype = $this->get_mimetype($this->destination_file); if ($this->is_image() && !$skip_image_check) { $this->width = $this->height = 0; $this->image_info = $this->imagesize->getImageSize($this->destination_file, $this->mimetype); if ($this->image_info !== false) { $this->width = $this->image_info['width']; $this->height = $this->image_info['height']; // Check image type $types = upload::image_types(); if (!isset($types[$this->image_info['type']]) || !in_array($this->extension, $types[$this->image_info['type']])) { if (!isset($types[$this->image_info['type']])) { $this->error[] = $this->language->lang('IMAGE_FILETYPE_INVALID', $this->image_info['type'], $this->mimetype); } else { $this->error[] = $this->language->lang('IMAGE_FILETYPE_MISMATCH', $types[$this->image_info['type']][0], $this->extension); } } // Make sure the dimensions match a valid image if (empty($this->width) || empty($this->height)) { $this->error[] = $this->language->lang('ATTACHED_IMAGE_NOT_IMAGE'); } } else { $this->error[] = $this->language->lang('UNABLE_GET_IMAGE_SIZE'); } } $this->file_moved = true; $this->additional_checks(); unset($this->upload); return true; }