[ Index ]

PHP Cross Reference of phpBB-3.3.0-deutsch

title

Body

[close]

/phpbb/avatar/driver/ -> upload.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  namespace phpbb\avatar\driver;
  15  
  16  /**
  17  * Handles avatars uploaded to the board
  18  */
  19  class upload extends \phpbb\avatar\driver\driver
  20  {
  21      /**
  22       * @var \phpbb\filesystem\filesystem_interface
  23       */
  24      protected $filesystem;
  25  
  26      /**
  27      * @var \phpbb\event\dispatcher_interface
  28      */
  29      protected $dispatcher;
  30  
  31      /**
  32       * @var \phpbb\files\factory
  33       */
  34      protected $files_factory;
  35  
  36      /**
  37      * Construct a driver object
  38      *
  39      * @param \phpbb\config\config $config phpBB configuration
  40      * @param string $phpbb_root_path Path to the phpBB root
  41      * @param string $php_ext PHP file extension
  42      * @param \phpbb\filesystem\filesystem_interface $filesystem phpBB filesystem helper
  43      * @param \phpbb\path_helper $path_helper phpBB path helper
  44      * @param \phpbb\event\dispatcher_interface $dispatcher phpBB Event dispatcher object
  45      * @param \phpbb\files\factory $files_factory File classes factory
  46      * @param \phpbb\cache\driver\driver_interface $cache Cache driver
  47      */
  48  	public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\filesystem\filesystem_interface $filesystem, \phpbb\path_helper $path_helper, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\files\factory $files_factory, \phpbb\cache\driver\driver_interface $cache = null)
  49      {
  50          $this->config = $config;
  51          $this->phpbb_root_path = $phpbb_root_path;
  52          $this->php_ext = $php_ext;
  53          $this->filesystem = $filesystem;
  54          $this->path_helper = $path_helper;
  55          $this->dispatcher = $dispatcher;
  56          $this->files_factory = $files_factory;
  57          $this->cache = $cache;
  58      }
  59  
  60      /**
  61      * {@inheritdoc}
  62      */
  63  	public function get_data($row)
  64      {
  65          $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path();
  66  
  67          return array(
  68              'src' => $root_path . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'],
  69              'width' => $row['avatar_width'],
  70              'height' => $row['avatar_height'],
  71          );
  72      }
  73  
  74      /**
  75      * {@inheritdoc}
  76      */
  77  	public function prepare_form($request, $template, $user, $row, &$error)
  78      {
  79          if (!$this->can_upload())
  80          {
  81              return false;
  82          }
  83  
  84          $template->assign_vars(array(
  85              'S_UPLOAD_AVATAR_URL' => ($this->config['allow_avatar_remote_upload']) ? true : false,
  86              'AVATAR_UPLOAD_SIZE' => $this->config['avatar_filesize'],
  87              'AVATAR_ALLOWED_EXTENSIONS' => implode(',', preg_replace('/^/', '.', $this->allowed_extensions)),
  88          ));
  89  
  90          return true;
  91      }
  92  
  93      /**
  94      * {@inheritdoc}
  95      */
  96  	public function process_form($request, $template, $user, $row, &$error)
  97      {
  98          if (!$this->can_upload())
  99          {
 100              return false;
 101          }
 102  
 103          /** @var \phpbb\files\upload $upload */
 104          $upload = $this->files_factory->get('upload')
 105              ->set_error_prefix('AVATAR_')
 106              ->set_allowed_extensions($this->allowed_extensions)
 107              ->set_max_filesize($this->config['avatar_filesize'])
 108              ->set_allowed_dimensions(
 109                  $this->config['avatar_min_width'],
 110                  $this->config['avatar_min_height'],
 111                  $this->config['avatar_max_width'],
 112                  $this->config['avatar_max_height'])
 113              ->set_disallowed_content((isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false));
 114  
 115          $url = $request->variable('avatar_upload_url', '');
 116          $upload_file = $request->file('avatar_upload_file');
 117  
 118          if (!empty($upload_file['name']))
 119          {
 120              $file = $upload->handle_upload('files.types.form', 'avatar_upload_file');
 121          }
 122          else if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url))
 123          {
 124              if (!preg_match('#^(http|https|ftp)://#i', $url))
 125              {
 126                  $url = 'http://' . $url;
 127              }
 128  
 129              if (!function_exists('validate_data'))
 130              {
 131                  require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
 132              }
 133  
 134              $validate_array = validate_data(
 135                  array(
 136                      'url' => $url,
 137                  ),
 138                  array(
 139                      'url' => array('string', true, 5, 255),
 140                  )
 141              );
 142  
 143              $error = array_merge($error, $validate_array);
 144  
 145              if (!empty($error))
 146              {
 147                  return false;
 148              }
 149  
 150              // Do not allow specifying the port (see RFC 3986) or IP addresses
 151              // remote_upload() will do its own check for allowed filetypes
 152              if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) ||
 153                  preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
 154                  preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) ||
 155                  preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url))
 156              {
 157                  $error[] = 'AVATAR_URL_INVALID';
 158                  return false;
 159              }
 160  
 161              $file = $upload->handle_upload('files.types.remote', $url);
 162          }
 163          else
 164          {
 165              return false;
 166          }
 167  
 168          $prefix = $this->config['avatar_salt'] . '_';
 169          $file->clean_filename('avatar', $prefix, $row['id']);
 170  
 171          // If there was an error during upload, then abort operation
 172          if (count($file->error))
 173          {
 174              $file->remove();
 175              $error = $file->error;
 176              return false;
 177          }
 178  
 179          // Calculate new destination
 180          $destination = $this->config['avatar_path'];
 181  
 182          // Adjust destination path (no trailing slash)
 183          if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\')
 184          {
 185              $destination = substr($destination, 0, -1);
 186          }
 187  
 188          $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
 189          if ($destination && ($destination[0] == '/' || $destination[0] == "\\"))
 190          {
 191              $destination = '';
 192          }
 193  
 194          $filedata = array(
 195              'filename'            => $file->get('filename'),
 196              'filesize'            => $file->get('filesize'),
 197              'mimetype'            => $file->get('mimetype'),
 198              'extension'            => $file->get('extension'),
 199              'physical_filename'    => $file->get('realname'),
 200              'real_filename'        => $file->get('uploadname'),
 201          );
 202  
 203          /**
 204          * Before moving new file in place (and eventually overwriting the existing avatar with the newly uploaded avatar)
 205          *
 206          * @event core.avatar_driver_upload_move_file_before
 207          * @var    array    filedata            Array containing uploaded file data
 208          * @var    \phpbb\files\filespec file    Instance of filespec class
 209          * @var    string    destination            Destination directory where the file is going to be moved
 210          * @var    string    prefix                Prefix for the avatar filename
 211          * @var    array    row                    Array with avatar row data
 212          * @var    array    error                Array of errors, if filled in by this event file will not be moved
 213          * @since 3.1.6-RC1
 214          * @changed 3.1.9-RC1 Added filedata
 215          * @changed 3.2.3-RC1 Added file
 216          */
 217          $vars = array(
 218              'filedata',
 219              'file',
 220              'destination',
 221              'prefix',
 222              'row',
 223              'error',
 224          );
 225          extract($this->dispatcher->trigger_event('core.avatar_driver_upload_move_file_before', compact($vars)));
 226  
 227          unset($filedata);
 228  
 229          if (!count($error))
 230          {
 231              // Move file and overwrite any existing image
 232              $file->move_file($destination, true);
 233          }
 234  
 235          // If there was an error during move, then clean up leftovers
 236          $error = array_merge($error, $file->error);
 237          if (count($error))
 238          {
 239              $file->remove();
 240              return false;
 241          }
 242  
 243          // Delete current avatar if not overwritten
 244          $ext = substr(strrchr($row['avatar'], '.'), 1);
 245          if ($ext && $ext !== $file->get('extension'))
 246          {
 247              $this->delete($row);
 248          }
 249  
 250          return array(
 251              'avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'),
 252              'avatar_width' => $file->get('width'),
 253              'avatar_height' => $file->get('height'),
 254          );
 255      }
 256  
 257      /**
 258      * {@inheritdoc}
 259      */
 260  	public function prepare_form_acp($user)
 261      {
 262          return array(
 263              'allow_avatar_remote_upload'=> array('lang' => 'ALLOW_REMOTE_UPLOAD', 'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
 264              'avatar_filesize'        => array('lang' => 'MAX_FILESIZE',            'validate' => 'int:0',    'type' => 'number:0', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
 265              'avatar_path'            => array('lang' => 'AVATAR_STORAGE_PATH',    'validate' => 'rpath',    'type' => 'text:20:255', 'explain' => true),
 266          );
 267      }
 268  
 269      /**
 270      * {@inheritdoc}
 271      */
 272  	public function delete($row)
 273      {
 274  
 275          $error = array();
 276          $destination = $this->config['avatar_path'];
 277          $prefix = $this->config['avatar_salt'] . '_';
 278          $ext = substr(strrchr($row['avatar'], '.'), 1);
 279          $filename = $this->phpbb_root_path . $destination . '/' . $prefix . $row['id'] . '.' . $ext;
 280  
 281          /**
 282          * Before deleting an existing avatar
 283          *
 284          * @event core.avatar_driver_upload_delete_before
 285          * @var    string    destination            Destination directory where the file is going to be deleted
 286          * @var    string    prefix                Prefix for the avatar filename
 287          * @var    array    row                    Array with avatar row data
 288          * @var    array    error                Array of errors, if filled in by this event file will not be deleted
 289          * @since 3.1.6-RC1
 290          */
 291          $vars = array(
 292              'destination',
 293              'prefix',
 294              'row',
 295              'error',
 296          );
 297          extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars)));
 298  
 299          if (!count($error) && $this->filesystem->exists($filename))
 300          {
 301              try
 302              {
 303                  $this->filesystem->remove($filename);
 304                  return true;
 305              }
 306              catch (\phpbb\filesystem\exception\filesystem_exception $e)
 307              {
 308                  // Fail is covered by return statement below
 309              }
 310          }
 311  
 312          return false;
 313      }
 314  
 315      /**
 316      * {@inheritdoc}
 317      */
 318  	public function get_template_name()
 319      {
 320          return 'ucp_avatar_options_upload.html';
 321      }
 322  
 323      /**
 324      * Check if user is able to upload an avatar
 325      *
 326      * @return bool True if user can upload, false if not
 327      */
 328  	protected function can_upload()
 329      {
 330          return ($this->filesystem->exists($this->phpbb_root_path . $this->config['avatar_path']) && $this->filesystem->is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on'));
 331      }
 332  }


Generated: Tue Apr 7 19:44:41 2020 Cross-referenced by PHPXref 0.7.1