| [ Index ] |
PHP Cross Reference of phpBB-3.2.11-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 namespace phpbb\avatar\driver; 15 16 /** 17 * Handles avatars uploaded to the board 18 */ 19 class upload extends \phpbb\avatar\driver\driver 20 { 21 /** 22 * @var \phpbb\filesystem\filesystem_interface 23 */ 24 protected $filesystem; 25 26 /** 27 * @var \phpbb\event\dispatcher_interface 28 */ 29 protected $dispatcher; 30 31 /** 32 * @var \phpbb\files\factory 33 */ 34 protected $files_factory; 35 36 /** 37 * Construct a driver object 38 * 39 * @param \phpbb\config\config $config phpBB configuration 40 * @param string $phpbb_root_path Path to the phpBB root 41 * @param string $php_ext PHP file extension 42 * @param \phpbb\filesystem\filesystem_interface $filesystem phpBB filesystem helper 43 * @param \phpbb\path_helper $path_helper phpBB path helper 44 * @param \phpbb\event\dispatcher_interface $dispatcher phpBB Event dispatcher object 45 * @param \phpbb\files\factory $files_factory File classes factory 46 * @param \phpbb\cache\driver\driver_interface $cache Cache driver 47 */ 48 public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\filesystem\filesystem_interface $filesystem, \phpbb\path_helper $path_helper, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\files\factory $files_factory, \phpbb\cache\driver\driver_interface $cache = null) 49 { 50 $this->config = $config; 51 $this->phpbb_root_path = $phpbb_root_path; 52 $this->php_ext = $php_ext; 53 $this->filesystem = $filesystem; 54 $this->path_helper = $path_helper; 55 $this->dispatcher = $dispatcher; 56 $this->files_factory = $files_factory; 57 $this->cache = $cache; 58 } 59 60 /** 61 * {@inheritdoc} 62 */ 63 public function get_data($row) 64 { 65 $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path(); 66 67 return array( 68 'src' => $root_path . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'], 69 'width' => $row['avatar_width'], 70 'height' => $row['avatar_height'], 71 ); 72 } 73 74 /** 75 * {@inheritdoc} 76 */ 77 public function prepare_form($request, $template, $user, $row, &$error) 78 { 79 if (!$this->can_upload()) 80 { 81 return false; 82 } 83 84 $template->assign_vars(array( 85 'S_UPLOAD_AVATAR_URL' => ($this->config['allow_avatar_remote_upload']) ? true : false, 86 'AVATAR_UPLOAD_SIZE' => $this->config['avatar_filesize'], 87 )); 88 89 return true; 90 } 91 92 /** 93 * {@inheritdoc} 94 */ 95 public function process_form($request, $template, $user, $row, &$error) 96 { 97 if (!$this->can_upload()) 98 { 99 return false; 100 } 101 102 /** @var \phpbb\files\upload $upload */ 103 $upload = $this->files_factory->get('upload') 104 ->set_error_prefix('AVATAR_') 105 ->set_allowed_extensions($this->allowed_extensions) 106 ->set_max_filesize($this->config['avatar_filesize']) 107 ->set_allowed_dimensions( 108 $this->config['avatar_min_width'], 109 $this->config['avatar_min_height'], 110 $this->config['avatar_max_width'], 111 $this->config['avatar_max_height']) 112 ->set_disallowed_content((isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false)); 113 114 $url = $request->variable('avatar_upload_url', ''); 115 $upload_file = $request->file('avatar_upload_file'); 116 117 if (!empty($upload_file['name'])) 118 { 119 $file = $upload->handle_upload('files.types.form', 'avatar_upload_file'); 120 } 121 else if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) 122 { 123 if (!preg_match('#^(http|https|ftp)://#i', $url)) 124 { 125 $url = 'http://' . $url; 126 } 127 128 if (!function_exists('validate_data')) 129 { 130 require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); 131 } 132 133 $validate_array = validate_data( 134 array( 135 'url' => $url, 136 ), 137 array( 138 'url' => array('string', true, 5, 255), 139 ) 140 ); 141 142 $error = array_merge($error, $validate_array); 143 144 if (!empty($error)) 145 { 146 return false; 147 } 148 149 // Do not allow specifying the port (see RFC 3986) or IP addresses 150 // remote_upload() will do its own check for allowed filetypes 151 if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || 152 preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || 153 preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || 154 preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) 155 { 156 $error[] = 'AVATAR_URL_INVALID'; 157 return false; 158 } 159 160 $file = $upload->handle_upload('files.types.remote', $url); 161 } 162 else 163 { 164 return false; 165 } 166 167 $prefix = $this->config['avatar_salt'] . '_'; 168 $file->clean_filename('avatar', $prefix, $row['id']); 169 170 // If there was an error during upload, then abort operation 171 if (count($file->error)) 172 { 173 $file->remove(); 174 $error = $file->error; 175 return false; 176 } 177 178 // Calculate new destination 179 $destination = $this->config['avatar_path']; 180 181 // Adjust destination path (no trailing slash) 182 if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') 183 { 184 $destination = substr($destination, 0, -1); 185 } 186 187 $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); 188 if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) 189 { 190 $destination = ''; 191 } 192 193 $filedata = array( 194 'filename' => $file->get('filename'), 195 'filesize' => $file->get('filesize'), 196 'mimetype' => $file->get('mimetype'), 197 'extension' => $file->get('extension'), 198 'physical_filename' => $file->get('realname'), 199 'real_filename' => $file->get('uploadname'), 200 ); 201 202 /** 203 * Before moving new file in place (and eventually overwriting the existing avatar with the newly uploaded avatar) 204 * 205 * @event core.avatar_driver_upload_move_file_before 206 * @var array filedata Array containing uploaded file data 207 * @var \phpbb\files\filespec file Instance of filespec class 208 * @var string destination Destination directory where the file is going to be moved 209 * @var string prefix Prefix for the avatar filename 210 * @var array row Array with avatar row data 211 * @var array error Array of errors, if filled in by this event file will not be moved 212 * @since 3.1.6-RC1 213 * @changed 3.1.9-RC1 Added filedata 214 * @changed 3.2.3-RC1 Added file 215 */ 216 $vars = array( 217 'filedata', 218 'file', 219 'destination', 220 'prefix', 221 'row', 222 'error', 223 ); 224 extract($this->dispatcher->trigger_event('core.avatar_driver_upload_move_file_before', compact($vars))); 225 226 unset($filedata); 227 228 if (!count($error)) 229 { 230 // Move file and overwrite any existing image 231 $file->move_file($destination, true); 232 } 233 234 // If there was an error during move, then clean up leftovers 235 $error = array_merge($error, $file->error); 236 if (count($error)) 237 { 238 $file->remove(); 239 return false; 240 } 241 242 // Delete current avatar if not overwritten 243 $ext = substr(strrchr($row['avatar'], '.'), 1); 244 if ($ext && $ext !== $file->get('extension')) 245 { 246 $this->delete($row); 247 } 248 249 return array( 250 'avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'), 251 'avatar_width' => $file->get('width'), 252 'avatar_height' => $file->get('height'), 253 ); 254 } 255 256 /** 257 * {@inheritdoc} 258 */ 259 public function prepare_form_acp($user) 260 { 261 return array( 262 'allow_avatar_remote_upload'=> array('lang' => 'ALLOW_REMOTE_UPLOAD', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 263 'avatar_filesize' => array('lang' => 'MAX_FILESIZE', 'validate' => 'int:0', 'type' => 'number:0', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), 264 'avatar_path' => array('lang' => 'AVATAR_STORAGE_PATH', 'validate' => 'rpath', 'type' => 'text:20:255', 'explain' => true), 265 ); 266 } 267 268 /** 269 * {@inheritdoc} 270 */ 271 public function delete($row) 272 { 273 274 $error = array(); 275 $destination = $this->config['avatar_path']; 276 $prefix = $this->config['avatar_salt'] . '_'; 277 $ext = substr(strrchr($row['avatar'], '.'), 1); 278 $filename = $this->phpbb_root_path . $destination . '/' . $prefix . $row['id'] . '.' . $ext; 279 280 /** 281 * Before deleting an existing avatar 282 * 283 * @event core.avatar_driver_upload_delete_before 284 * @var string destination Destination directory where the file is going to be deleted 285 * @var string prefix Prefix for the avatar filename 286 * @var array row Array with avatar row data 287 * @var array error Array of errors, if filled in by this event file will not be deleted 288 * @since 3.1.6-RC1 289 */ 290 $vars = array( 291 'destination', 292 'prefix', 293 'row', 294 'error', 295 ); 296 extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars))); 297 298 if (!count($error) && $this->filesystem->exists($filename)) 299 { 300 try 301 { 302 $this->filesystem->remove($filename); 303 return true; 304 } 305 catch (\phpbb\filesystem\exception\filesystem_exception $e) 306 { 307 // Fail is covered by return statement below 308 } 309 } 310 311 return false; 312 } 313 314 /** 315 * {@inheritdoc} 316 */ 317 public function get_template_name() 318 { 319 return 'ucp_avatar_options_upload.html'; 320 } 321 322 /** 323 * Check if user is able to upload an avatar 324 * 325 * @return bool True if user can upload, false if not 326 */ 327 protected function can_upload() 328 { 329 return ($this->filesystem->exists($this->phpbb_root_path . $this->config['avatar_path']) && $this->filesystem->is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')); 330 } 331 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 11 20:33:01 2020 | Cross-referenced by PHPXref 0.7.1 |