makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/13904] Use language class instead of user global in upload

Browse source 
PHPBB3-13904
This commit is contained in:
Marc Alexander 2015-06-02 13:33:10 +02:00
parent e4546ad03c
commit 0121e60cd7
2 changed files with 30 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/config/default/container/services_files.yml
View file

@ -21,3 +21,4 @@ services:
arguments: arguments:
- @filesystem - @filesystem
- @files.factory - @files.factory
- @language

55
phpBB/phpbb/files/upload.php
View file

@ -13,6 +13,8 @@
namespace phpbb\files; namespace phpbb\files;
use \phpbb\language\language;
/** /**
* File upload class * File upload class
* Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads * Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads
@ -52,16 +54,21 @@ class upload
/** @var \phpbb\files\factory Files factory */ /** @var \phpbb\files\factory Files factory */
protected $factory; protected $factory;
/** @var \phpbb\language\language Language class */
protected $language;
/** /**
* Init file upload class. * Init file upload class.
* *
* @param \phpbb\filesystem\filesystem_interface $filesystem * @param \phpbb\filesystem\filesystem_interface $filesystem
* @param \phpbb\files\factory $factory Files factory * @param \phpbb\files\factory $factory Files factory
* @param \phpbb\language\language $language Language class
*/ */
public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, factory $factory) public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, factory $factory, language $language)
{ {
$this->filesystem = $filesystem; $this->filesystem = $filesystem;
$this->factory = $factory; $this->factory = $factory;
$this->language = $language;
} }
/** /**
@ -173,7 +180,7 @@ class upload
*/ */
function form_upload($form_name, \phpbb\plupload\plupload $plupload = null) function form_upload($form_name, \phpbb\plupload\plupload $plupload = null)
{ {
global $user, $request; global $request;
$upload = $request->file($form_name); $upload = $request->file($form_name);
unset($upload['local_mode']); unset($upload['local_mode']);
@ -213,7 +220,7 @@ class upload
// Check if empty file got uploaded (not catched by is_uploaded_file) // Check if empty file got uploaded (not catched by is_uploaded_file)
if (isset($upload['size']) && $upload['size'] == 0) if (isset($upload['size']) && $upload['size'] == 0)
{ {
$file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD']; $file->error[] = $this->language->lang($this->error_prefix . 'EMPTY_FILEUPLOAD');
return $file; return $file;
} }
@ -231,14 +238,14 @@ class upload
$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
} }
$file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); $file->error[] = (empty($max_filesize)) ? $this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit));
return $file; return $file;
} }
// Not correctly uploaded // Not correctly uploaded
if (!$file->is_uploaded()) if (!$file->is_uploaded())
{ {
$file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; $file->error[] = $this->language->lang($this->error_prefix . 'NOT_UPLOADED');
return $file; return $file;
} }
@ -257,7 +264,7 @@ class upload
*/ */
function local_upload($source_file, $filedata = false) function local_upload($source_file, $filedata = false)
{ {
global $user, $request; global $request;
$upload = array(); $upload = array();
@ -312,14 +319,14 @@ class upload
$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
} }
$file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); $file->error[] = (empty($max_filesize)) ?$this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit));
return $file; return $file;
} }
// Not correctly uploaded // Not correctly uploaded
if (!$file->is_uploaded()) if (!$file->is_uploaded())
{ {
$file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; $file->error[] = $this->language->lang($this->error_prefix . 'NOT_UPLOADED');
return $file; return $file;
} }
@ -339,19 +346,19 @@ class upload
*/ */
function remote_upload($upload_url) function remote_upload($upload_url)
{ {
global $user, $phpbb_root_path; global $phpbb_root_path;
$upload_ary = array(); $upload_ary = array();
$upload_ary['local_mode'] = true; $upload_ary['local_mode'] = true;
if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match)) if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match))
{ {
return $this->factory->get('filespec')->set_error($user->lang[$this->error_prefix . 'URL_INVALID']); return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'URL_INVALID'));
} }
if (empty($match[2])) if (empty($match[2]))
{ {
return $this->factory->get('filespec')->set_error($user->lang[$this->error_prefix . 'URL_INVALID']);e; return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'URL_INVALID'));
} }
$url = parse_url($upload_url); $url = parse_url($upload_url);
@ -400,7 +407,7 @@ class upload
if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) if (!($fsock = @fsockopen($host, $port, $errno, $errstr)))
{ {
return $this->factory->get('filespec')->set_error($user->lang[$this->error_prefix . 'NOT_UPLOADED']); return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'NOT_UPLOADED'));
} }
// Make sure $path not beginning with / // Make sure $path not beginning with /
@ -441,7 +448,7 @@ class upload
{ {
$max_filesize = get_formatted_filesize($remote_max_filesize, false); $max_filesize = get_formatted_filesize($remote_max_filesize, false);
return $this->factory->get('filespec')->set_error(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']));
} }
$data .= $block; $data .= $block;
@ -468,7 +475,7 @@ class upload
{ {
$max_filesize = get_formatted_filesize($remote_max_filesize, false); $max_filesize = get_formatted_filesize($remote_max_filesize, false);
return $this->factory->get('filespec')->set_error(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); return $this->factory->get('filespec')->set_error($this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']));
} }
} }
else if (stripos($line, '404 not found') !== false) else if (stripos($line, '404 not found') !== false)
@ -526,8 +533,6 @@ class upload
*/ */
function assign_internal_error($errorcode) function assign_internal_error($errorcode)
{ {
global $user;
switch ($errorcode) switch ($errorcode)
{ {
case 1: case 1:
@ -542,21 +547,21 @@ class upload
$unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB'); $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
} }
$error = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]); $error = (empty($max_filesize)) ? $this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit));
break; break;
case 2: case 2:
$max_filesize = get_formatted_filesize($this->max_filesize, false); $max_filesize = get_formatted_filesize($this->max_filesize, false);
$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']); $error = $this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']);
break; break;
case 3: case 3:
$error = $user->lang[$this->error_prefix . 'PARTIAL_UPLOAD']; $error = $this->language->lang($this->error_prefix . 'PARTIAL_UPLOAD');
break; break;
case 4: case 4:
$error = $user->lang[$this->error_prefix . 'NOT_UPLOADED']; $error = $this->language->lang($this->error_prefix . 'NOT_UPLOADED');
break; break;
case 6: case 6:
@ -578,32 +583,30 @@ class upload
*/ */
function common_checks(&$file) function common_checks(&$file)
{ {
global $user;
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0)) if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
{ {
$max_filesize = get_formatted_filesize($this->max_filesize, false); $max_filesize = get_formatted_filesize($this->max_filesize, false);
$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']); $file->error[] = $this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']);
} }
// check Filename // check Filename
if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname'))) if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname')))
{ {
$file->error[] = sprintf($user->lang[$this->error_prefix . 'INVALID_FILENAME'], $file->get('realname')); $file->error[] = $this->language->lang($this->error_prefix . 'INVALID_FILENAME', $file->get('realname'));
} }
// Invalid Extension // Invalid Extension
if (!$this->valid_extension($file)) if (!$this->valid_extension($file))
{ {
$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension')); $file->error[] = $this->language->lang($this->error_prefix . 'DISALLOWED_EXTENSION', $file->get('extension'));
} }
// MIME Sniffing // MIME Sniffing
if (!$this->valid_content($file)) if (!$this->valid_content($file))
{ {
$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']); $file->error[] = $this->language->lang($this->error_prefix . 'DISALLOWED_CONTENT');
} }
} }