From 610048cc6d3e59297391b18493805057843a2aa4 Mon Sep 17 00:00:00 2001 From: Scott Dutton Date: Sun, 24 Jan 2016 14:21:32 +0000 Subject: [PATCH 1/2] [ticket/14431] Remote avatar uploading Allow HTTPS images to be remotely uploaded. Also includes support for redirects (currently up to 5) PHPBB3-14431 --- phpBB/includes/functions_upload.php | 31 ++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 89bc31fa25..79f561c170 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -752,10 +752,11 @@ class fileupload * * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser + * @param int $redirect_count the current count of redirects * @return object $file Object "filespec" is returned, all further operations can be done with this object * @access public */ - function remote_upload($upload_url, \phpbb\mimetype\guesser $mimetype_guesser = null) + function remote_upload($upload_url, \phpbb\mimetype\guesser $mimetype_guesser = null, $redirect_count = 0) { global $user, $phpbb_root_path; @@ -776,9 +777,18 @@ class fileupload $url = parse_url($upload_url); + $default_port = 80; + $hostname = $url['host']; + + if ($url['scheme'] == 'https') + { + $default_port = 443; + $hostname = 'tls://' . $url['host']; + } + $host = $url['host']; $path = $url['path']; - $port = (!empty($url['port'])) ? (int) $url['port'] : 80; + $port = (!empty($url['port'])) ? (int) $url['port'] : $default_port; $upload_ary['type'] = 'application/octet-stream'; @@ -818,7 +828,7 @@ class fileupload $errno = 0; $errstr = ''; - if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) + if (!($fsock = @fsockopen($hostname, $port, $errno, $errstr))) { $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']); return $file; @@ -899,6 +909,21 @@ class fileupload $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); return $file; } + else if (stripos($line, 'location: ') !== false) + { + //there is a redirect, follow up to 5 + if ($redirect_count >= 5) + { + $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); + return $file; + } + + $upload_url = rtrim(str_replace('location: ', '', strtolower($line))); + //close the current connection, lets not leave dangeling connections open + @fclose($fsock); + + return $this->remote_upload($upload_url, $mimetype_guesser, ++$redirect_count); + } } } From 366a92c36ae988706565e1fa02f8808a0241e916 Mon Sep 17 00:00:00 2001 From: Scott Dutton Date: Wed, 3 Feb 2016 05:33:45 +0000 Subject: [PATCH 2/2] [ticket/14430] Remote avatar uploading Remove support for redirects PHPBB3-14431 --- phpBB/includes/functions_upload.php | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 79f561c170..727d177344 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -752,11 +752,10 @@ class fileupload * * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif * @param \phpbb\mimetype\guesser $mimetype_guesser Mimetype guesser - * @param int $redirect_count the current count of redirects * @return object $file Object "filespec" is returned, all further operations can be done with this object * @access public */ - function remote_upload($upload_url, \phpbb\mimetype\guesser $mimetype_guesser = null, $redirect_count = 0) + function remote_upload($upload_url, \phpbb\mimetype\guesser $mimetype_guesser = null) { global $user, $phpbb_root_path; @@ -909,21 +908,6 @@ class fileupload $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); return $file; } - else if (stripos($line, 'location: ') !== false) - { - //there is a redirect, follow up to 5 - if ($redirect_count >= 5) - { - $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); - return $file; - } - - $upload_url = rtrim(str_replace('location: ', '', strtolower($line))); - //close the current connection, lets not leave dangeling connections open - @fclose($fsock); - - return $this->remote_upload($upload_url, $mimetype_guesser, ++$redirect_count); - } } }