[ Index ]

PHP Cross Reference of phpBB-3.3.0-deutsch

title

Body

[close]

/phpbb/attachment/ -> upload.php (source)

   1  <?php
   2  /**
   3   *
   4   * This file is part of the phpBB Forum Software package.
   5   *
   6   * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7   * @license GNU General Public License, version 2 (GPL-2.0)
   8   *
   9   * For full copyright and license information, please see
  10   * the docs/CREDITS.txt file.
  11   *
  12   */
  13  
  14  namespace phpbb\attachment;
  15  
  16  use phpbb\auth\auth;
  17  use \phpbb\cache\service;
  18  use \phpbb\config\config;
  19  use \phpbb\event\dispatcher;
  20  use \phpbb\language\language;
  21  use \phpbb\mimetype\guesser;
  22  use \phpbb\plupload\plupload;
  23  use \phpbb\user;
  24  
  25  /**
  26   * Attachment upload class
  27   */
  28  class upload
  29  {
  30      /** @var auth */
  31      protected $auth;
  32  
  33      /** @var service */
  34      protected $cache;
  35  
  36      /** @var config */
  37      protected $config;
  38  
  39      /** @var \phpbb\files\upload Upload class */
  40      protected $files_upload;
  41  
  42      /** @var language */
  43      protected $language;
  44  
  45      /** @var guesser Mimetype guesser */
  46      protected $mimetype_guesser;
  47  
  48      /** @var dispatcher */
  49      protected $phpbb_dispatcher;
  50  
  51      /** @var plupload Plupload */
  52      protected $plupload;
  53  
  54      /** @var user */
  55      protected $user;
  56  
  57      /** @var \phpbb\files\filespec Current filespec instance */
  58      private $file;
  59  
  60      /** @var array File data */
  61      private $file_data = array(
  62          'error'    => array()
  63      );
  64  
  65      /** @var array Extensions array */
  66      private $extensions;
  67  
  68      /**
  69       * Constructor for attachments upload class
  70       *
  71       * @param auth $auth
  72       * @param service $cache
  73       * @param config $config
  74       * @param \phpbb\files\upload $files_upload
  75       * @param language $language
  76       * @param guesser $mimetype_guesser
  77       * @param dispatcher $phpbb_dispatcher
  78       * @param plupload $plupload
  79       * @param user $user
  80       * @param $phpbb_root_path
  81       */
  82  	public function __construct(auth $auth, service $cache, config $config, \phpbb\files\upload $files_upload, language $language, guesser $mimetype_guesser, dispatcher $phpbb_dispatcher, plupload $plupload, user $user, $phpbb_root_path)
  83      {
  84          $this->auth = $auth;
  85          $this->cache = $cache;
  86          $this->config = $config;
  87          $this->files_upload = $files_upload;
  88          $this->language = $language;
  89          $this->mimetype_guesser = $mimetype_guesser;
  90          $this->phpbb_dispatcher = $phpbb_dispatcher;
  91          $this->plupload = $plupload;
  92          $this->user = $user;
  93          $this->phpbb_root_path = $phpbb_root_path;
  94      }
  95  
  96      /**
  97       * Upload Attachment - filedata is generated here
  98       * Uses upload class
  99       *
 100       * @param string            $form_name        The form name of the file upload input
 101       * @param int            $forum_id        The id of the forum
 102       * @param bool            $local            Whether the file is local or not
 103       * @param string            $local_storage    The path to the local file
 104       * @param bool            $is_message        Whether it is a PM or not
 105       * @param array        $local_filedata    An file data object created for the local file
 106       *
 107       * @return array File data array
 108       */
 109  	public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = array())
 110      {
 111          $this->init_files_upload($forum_id, $is_message);
 112  
 113          $this->file_data['post_attach'] = $local || $this->files_upload->is_valid($form_name);
 114  
 115          if (!$this->file_data['post_attach'])
 116          {
 117              $this->file_data['error'][] = $this->language->lang('NO_UPLOAD_FORM_FOUND');
 118              return $this->file_data;
 119          }
 120  
 121          $this->file = ($local) ? $this->files_upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $this->files_upload->handle_upload('files.types.form', $form_name);
 122  
 123          if ($this->file->init_error())
 124          {
 125              $this->file_data['post_attach'] = false;
 126              return $this->file_data;
 127          }
 128  
 129          // Whether the uploaded file is in the image category
 130          $is_image = (isset($this->extensions[$this->file->get('extension')]['display_cat'])) ? $this->extensions[$this->file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false;
 131  
 132          if (!$this->auth->acl_get('a_') && !$this->auth->acl_get('m_', $forum_id))
 133          {
 134              // Check Image Size, if it is an image
 135              if ($is_image)
 136              {
 137                  $this->file->upload->set_allowed_dimensions(0, 0, $this->config['img_max_width'], $this->config['img_max_height']);
 138              }
 139  
 140              // Admins and mods are allowed to exceed the allowed filesize
 141              if (!empty($this->extensions[$this->file->get('extension')]['max_filesize']))
 142              {
 143                  $allowed_filesize = $this->extensions[$this->file->get('extension')]['max_filesize'];
 144              }
 145              else
 146              {
 147                  $allowed_filesize = ($is_message) ? $this->config['max_filesize_pm'] : $this->config['max_filesize'];
 148              }
 149  
 150              $this->file->upload->set_max_filesize($allowed_filesize);
 151          }
 152  
 153          $this->file->clean_filename('unique', $this->user->data['user_id'] . '_');
 154  
 155          // Are we uploading an image *and* this image being within the image category?
 156          // Only then perform additional image checks.
 157          $this->file->move_file($this->config['upload_path'], false, !$is_image);
 158  
 159          // Do we have to create a thumbnail?
 160          $this->file_data['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0;
 161  
 162          // Make sure the image category only holds valid images...
 163          $this->check_image($is_image);
 164  
 165          if (count($this->file->error))
 166          {
 167              $this->file->remove();
 168              $this->file_data['error'] = array_merge($this->file_data['error'], $this->file->error);
 169              $this->file_data['post_attach'] = false;
 170  
 171              return $this->file_data;
 172          }
 173  
 174          $this->fill_file_data();
 175  
 176          $filedata = $this->file_data;
 177  
 178          /**
 179           * Event to modify uploaded file before submit to the post
 180           *
 181           * @event core.modify_uploaded_file
 182           * @var    array    filedata    Array containing uploaded file data
 183           * @var    bool    is_image    Flag indicating if the file is an image
 184           * @since 3.1.0-RC3
 185           */
 186          $vars = array(
 187              'filedata',
 188              'is_image',
 189          );
 190          extract($this->phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars)));
 191          $this->file_data = $filedata;
 192          unset($filedata);
 193  
 194          // Check for attachment quota and free space
 195          if (!$this->check_attach_quota() || !$this->check_disk_space())
 196          {
 197              return $this->file_data;
 198          }
 199  
 200          // Create Thumbnail
 201          $this->create_thumbnail();
 202  
 203          return $this->file_data;
 204      }
 205  
 206      /**
 207       * Create thumbnail for file if necessary
 208       *
 209       * @return array Updated $filedata
 210       */
 211  	protected function create_thumbnail()
 212      {
 213          if ($this->file_data['thumbnail'])
 214          {
 215              $source = $this->file->get('destination_file');
 216              $destination = $this->file->get('destination_path') . '/thumb_' . $this->file->get('realname');
 217  
 218              if (!create_thumbnail($source, $destination, $this->file->get('mimetype')))
 219              {
 220                  $this->file_data['thumbnail'] = 0;
 221              }
 222          }
 223      }
 224  
 225      /**
 226       * Init files upload class
 227       *
 228       * @param int $forum_id Forum ID
 229       * @param bool $is_message Whether attachment is inside PM or not
 230       */
 231  	protected function init_files_upload($forum_id, $is_message)
 232      {
 233          if ($this->config['check_attachment_content'] && isset($this->config['mime_triggers']))
 234          {
 235              $this->files_upload->set_disallowed_content(explode('|', $this->config['mime_triggers']));
 236          }
 237          else if (!$this->config['check_attachment_content'])
 238          {
 239              $this->files_upload->set_disallowed_content(array());
 240          }
 241  
 242          $this->extensions = $this->cache->obtain_attach_extensions((($is_message) ? false : (int) $forum_id));
 243          $this->files_upload->set_allowed_extensions(array_keys($this->extensions['_allowed_']));
 244      }
 245  
 246      /**
 247       * Check if uploaded file is really an image
 248       *
 249       * @param bool $is_image Whether file is image
 250       */
 251  	protected function check_image($is_image)
 252      {
 253          // Make sure the image category only holds valid images...
 254          if ($is_image && !$this->file->is_image())
 255          {
 256              $this->file->remove();
 257  
 258              if ($this->plupload && $this->plupload->is_active())
 259              {
 260                  $this->plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE');
 261              }
 262  
 263              // If this error occurs a user tried to exploit an IE Bug by renaming extensions
 264              // Since the image category is displaying content inline we need to catch this.
 265              $this->file->set_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE'));
 266          }
 267      }
 268  
 269      /**
 270       * Check if attachment quota was reached
 271       *
 272       * @return bool False if attachment quota was reached, true if not
 273       */
 274  	protected function check_attach_quota()
 275      {
 276          if ($this->config['attachment_quota'])
 277          {
 278              if (intval($this->config['upload_dir_size']) + $this->file->get('filesize') > $this->config['attachment_quota'])
 279              {
 280                  $this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED');
 281                  $this->file_data['post_attach'] = false;
 282  
 283                  $this->file->remove();
 284  
 285                  return false;
 286              }
 287          }
 288  
 289          return true;
 290      }
 291  
 292      /**
 293       * Check if there is enough free space available on disk
 294       *
 295       * @return bool True if disk space is available, false if not
 296       */
 297  	protected function check_disk_space()
 298      {
 299          if ($free_space = @disk_free_space($this->phpbb_root_path . $this->config['upload_path']))
 300          {
 301              if ($free_space <= $this->file->get('filesize'))
 302              {
 303                  if ($this->auth->acl_get('a_'))
 304                  {
 305                      $this->file_data['error'][] = $this->language->lang('ATTACH_DISK_FULL');
 306                  }
 307                  else
 308                  {
 309                      $this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED');
 310                  }
 311                  $this->file_data['post_attach'] = false;
 312  
 313                  $this->file->remove();
 314  
 315                  return false;
 316              }
 317          }
 318  
 319          return true;
 320      }
 321  
 322      /**
 323       * Fills file data with file information and current time as filetime
 324       */
 325  	protected function fill_file_data()
 326      {
 327          $this->file_data['filesize'] = $this->file->get('filesize');
 328          $this->file_data['mimetype'] = $this->file->get('mimetype');
 329          $this->file_data['extension'] = $this->file->get('extension');
 330          $this->file_data['physical_filename'] = $this->file->get('realname');
 331          $this->file_data['real_filename'] = $this->file->get('uploadname');
 332          $this->file_data['filetime'] = time();
 333      }
 334  }


Generated: Tue Apr 7 19:44:41 2020 Cross-referenced by PHPXref 0.7.1