makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-11 22:08:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/12755] Add timeout to remote upload to prevent infinite loop

Browse source 
PHPBB3-12755
This commit is contained in:
Marc Alexander 2014-06-21 11:55:54 +02:00
parent 51b2cc14f8
commit 0499655ba4
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
phpBB/includes/functions_upload.php
View file

@ -466,6 +466,9 @@ class fileupload
var $max_height = 0; var $max_height = 0;
var $error_prefix = ''; var $error_prefix = '';
/** @var int Timeout for remote upload */
var $upload_timeout = 5;
/** /**
* Init file upload class. * Init file upload class.
* *
@ -785,6 +788,9 @@ class fileupload
return $file; return $file;
} }
// Set a proper timeout for the socket
socket_set_timeout($fsock, $this->upload_timeout);
// Make sure $path not beginning with / // Make sure $path not beginning with /
if (strpos($path, '/') === 0) if (strpos($path, '/') === 0)
{ {
@ -797,6 +803,8 @@ class fileupload
$get_info = false; $get_info = false;
$data = ''; $data = '';
$upload_start = time();
while (!@feof($fsock)) while (!@feof($fsock))
{ {
if ($get_info) if ($get_info)
@ -813,6 +821,13 @@ class fileupload
} }
$data .= $block; $data .= $block;
// Cancel upload if we exceed timeout
if ((time() - $upload_start) >= $this->upload_timeout)
{
$file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']);
return $file;
}
} }
else else
{ {