makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Apply locale-independent basename() to attachment filenames. New function added: utf8_basename(). (Bug #43335 - Patch by ocean=Yohsuke)

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9905 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2009-08-01 12:28:50 +00:00
parent 6bc7e15162
commit 2958890439
12 changed files with 59 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/docs/CHANGELOG.html
View file

@ -184,6 +184,7 @@
<li>[Fix] Min/max characters per posts also affects polls option (Bug #47295 - Patch by nickvergessen)</li>
<li>[Fix] Correctly log action when users request to join a group (Bug #37585 - Patch by nickvergessen)</li>
<li>[Fix] Do not try to create thumbnails for images we cannot open properly. (Bug #48695)</li>
<li>[Fix] Apply locale-independent basename() to attachment filenames. New function added: utf8_basename(). (Bug #43335 - Patch by ocean=Yohsuke)</li>
<li>[Change] Change the data format of the default file ACM to be more secure from tampering and have better performance.</li>
<li>[Change] Add index on log_time to the log table to prevent slowdown on boards with many log entries. (Bug #44665 - Patch by bantu)</li>
<li>[Change] Template engine now permits to a limited extent variable includes.</li>

2
phpBB/download/file.php
View file

@ -249,7 +249,7 @@ if (!$attachment)
trigger_error('ERROR_NO_ATTACHMENT');
}
$attachment['physical_filename'] = basename($attachment['physical_filename']);
$attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))

4
phpBB/includes/acp/acp_attachments.php
View file

@ -1027,8 +1027,8 @@ class acp_attachments
$template->assign_block_vars('orphan', array(
'FILESIZE' => get_formatted_filesize($row['filesize']),
'FILETIME' => $user->format_date($row['filetime']),
'REAL_FILENAME' => basename($row['real_filename']),
'PHYSICAL_FILENAME' => basename($row['physical_filename']),
'REAL_FILENAME' => utf8_basename($row['real_filename']),
'PHYSICAL_FILENAME' => utf8_basename($row['physical_filename']),
'ATTACH_ID' => $row['attach_id'],
'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&amp;id=' . $row['attach_id']))

4
phpBB/includes/functions_admin.php
View file

@ -1235,7 +1235,7 @@ function phpbb_unlink($filename, $mode = 'file', $entry_removed = false)
// Because of copying topics or modifications a physical filename could be assigned more than once. If so, do not remove the file itself.
$sql = 'SELECT COUNT(attach_id) AS num_entries
FROM ' . ATTACHMENTS_TABLE . "
WHERE physical_filename = '" . $db->sql_escape(basename($filename)) . "'";
WHERE physical_filename = '" . $db->sql_escape(utf8_basename($filename)) . "'";
$result = $db->sql_query($sql);
$num_entries = (int) $db->sql_fetchfield('num_entries');
$db->sql_freeresult($result);
@ -1246,7 +1246,7 @@ function phpbb_unlink($filename, $mode = 'file', $entry_removed = false)
return false;
}
$filename = ($mode == 'thumbnail') ? 'thumb_' . basename($filename) : basename($filename);
$filename = ($mode == 'thumbnail') ? 'thumb_' . utf8_basename($filename) : utf8_basename($filename);
return @unlink($phpbb_root_path . $config['upload_path'] . '/' . $filename);
}

6
phpBB/includes/functions_content.php
View file

@ -841,8 +841,8 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
// Some basics...
$attachment['extension'] = strtolower(trim($attachment['extension']));
$filename = $phpbb_root_path . $config['upload_path'] . '/' . basename($attachment['physical_filename']);
$thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']);
$filename = $phpbb_root_path . $config['upload_path'] . '/' . utf8_basename($attachment['physical_filename']);
$thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . utf8_basename($attachment['physical_filename']);
$upload_icon = '';
@ -866,7 +866,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
'UPLOAD_ICON' => $upload_icon,
'FILESIZE' => $filesize['value'],
'SIZE_LANG' => $filesize['unit'],
'DOWNLOAD_NAME' => basename($attachment['real_filename']),
'DOWNLOAD_NAME' => utf8_basename($attachment['real_filename']),
'COMMENT' => $comment,
);

10
phpBB/includes/functions_convert.php
View file

@ -551,7 +551,7 @@ function _import_check($config_var, $source, $use_target)
);
// copy file will prepend $phpBB_root_path
$target = $config[$config_var] . '/' . basename(($use_target === false) ? $source : $use_target);
$target = $config[$config_var] . '/' . utf8_basename(($use_target === false) ? $source : $use_target);
if (!empty($convert->convertor[$config_var]) && strpos($source, $convert->convertor[$config_var]) !== 0)
{
@ -567,11 +567,11 @@ function _import_check($config_var, $source, $use_target)
if ($result['copied'])
{
$result['target'] = basename($target);
$result['target'] = utf8_basename($target);
}
else
{
$result['target'] = ($use_target !== false) ? $result['orig_source'] : basename($target);
$result['target'] = ($use_target !== false) ? $result['orig_source'] : utf8_basename($target);
}
return $result;
@ -600,7 +600,7 @@ function import_attachment($source, $use_target = false)
{
$thumb_dir = $convert->convertor['thumbnails'][0];
$thumb_prefix = $convert->convertor['thumbnails'][1];
$thumb_source = $thumb_dir . $thumb_prefix . basename($result['source']);
$thumb_source = $thumb_dir . $thumb_prefix . utf8_basename($result['source']);
if (strpos($thumb_source, $convert->convertor['upload_path']) !== 0)
{
@ -2257,7 +2257,7 @@ function copy_file($src, $trg, $overwrite = false, $die_on_failure = true, $sour
if (substr($trg, -1) == '/')
{
$trg .= basename($src);
$trg .= utf8_basename($src);
}
$src_path = relative_base($src, $source_relative_path, __LINE__, __FILE__);
$trg_path = $trg;

10
phpBB/includes/functions_posting.php
View file

@ -785,7 +785,7 @@ function posting_gen_inline_attachments(&$attachment_data)
foreach ($attachment_data as $i => $attachment)
{
$s_inline_attachment_options .= '<option value="' . $i . '">' . basename($attachment['real_filename']) . '</option>';
$s_inline_attachment_options .= '<option value="' . $i . '">' . utf8_basename($attachment['real_filename']) . '</option>';
}
$template->assign_var('S_INLINE_ATTACHMENT_OPTIONS', $s_inline_attachment_options);
@ -819,7 +819,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data, $show_a
foreach ($attachment_data as $count => $attach_row)
{
$hidden = '';
$attach_row['real_filename'] = basename($attach_row['real_filename']);
$attach_row['real_filename'] = utf8_basename($attach_row['real_filename']);
foreach ($attach_row as $key => $value)
{
@ -829,8 +829,8 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data, $show_a
$download_link = append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&amp;id=' . (int) $attach_row['attach_id'], true, ($attach_row['is_orphan']) ? $user->session_id : false);
$template->assign_block_vars('attach_row', array(
'FILENAME' => basename($attach_row['real_filename']),
'A_FILENAME' => addslashes(basename($attach_row['real_filename'])),
'FILENAME' => utf8_basename($attach_row['real_filename']),
'A_FILENAME' => addslashes(utf8_basename($attach_row['real_filename'])),
'FILE_COMMENT' => $attach_row['attach_comment'],
'ATTACH_ID' => $attach_row['attach_id'],
'S_IS_ORPHAN' => $attach_row['is_orphan'],
@ -2175,7 +2175,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
else
{
// insert attachment into db
if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . utf8_basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
{
continue;
}

2
phpBB/includes/functions_privmsgs.php
View file

@ -1552,7 +1552,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
else
{
// insert attachment into db
if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . utf8_basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
{
continue;
}

8
phpBB/includes/functions_upload.php
View file

@ -58,7 +58,7 @@ class filespec
$this->filename = $upload_ary['tmp_name'];
$this->filesize = $upload_ary['size'];
$name = trim(htmlspecialchars(basename($upload_ary['name'])));
$name = trim(utf8_htmlspecialchars(utf8_basename($upload_ary['name'])));
$this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
$this->mimetype = $upload_ary['type'];
@ -290,7 +290,7 @@ class filespec
$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
$upload_mode = ($this->local) ? 'local' : $upload_mode;
$this->destination_file = $this->destination_path . '/' . basename($this->realname);
$this->destination_file = $this->destination_path . '/' . utf8_basename($this->realname);
// Check if the file already exist, else there is something wrong...
if (file_exists($this->destination_file) && !$overwrite)
@ -634,7 +634,7 @@ class fileupload
if ($filedata === false)
{
$_FILES[$form_name]['name'] = basename($source_file);
$_FILES[$form_name]['name'] = utf8_basename($source_file);
$_FILES[$form_name]['size'] = 0;
$mimetype = '';
@ -746,7 +746,7 @@ class fileupload
$ext = array_pop($url['path']);
$url['path'] = implode('', $url['path']);
$upload_ary['name'] = basename($url['path']) . (($ext) ? '.' . $ext : '');
$upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : '');
$filename = $url['path'];
$filesize = 0;

4
phpBB/includes/mcp/mcp_main.php
View file

@ -1168,8 +1168,8 @@ function mcp_fork_topic($topic_ids)
'in_message' => 0,
'is_orphan' => (int) $attach_row['is_orphan'],
'poster_id' => (int) $attach_row['poster_id'],
'physical_filename' => (string) basename($attach_row['physical_filename']),
'real_filename' => (string) basename($attach_row['real_filename']),
'physical_filename' => (string) utf8_basename($attach_row['physical_filename']),
'real_filename' => (string) utf8_basename($attach_row['real_filename']),
'download_count' => (int) $attach_row['download_count'],
'attach_comment' => (string) $attach_row['attach_comment'],
'extension' => (string) $attach_row['extension'],

28
phpBB/includes/utf/utf_tools.php
View file

@ -1917,4 +1917,32 @@ function utf8_wordwrap($string, $width = 75, $break = "\n", $cut = false)
return implode($break, $new_lines);
}
/**
* UTF8-safe basename() function
*
* basename() has some limitations and is dependent on the locale setting
* according to the PHP manual. Therefore we provide our own locale independant
* basename function.
*
* @param string $filename The filename basename() should be applied to
* @return string The basenamed filename
*/
function utf8_basename($filename)
{
// We always check for forward slash AND backward slash
// because they could be mixed or "sneaked" in. ;)
// You know, never trust user input...
if (strpos($filename, '/') !== false)
{
$filename = utf8_substr($filename, utf8_strrpos($filename, '/') + 1);
}
if (strpos($filename, '\\') !== false)
{
$filename = utf8_substr($filename, utf8_strrpos($filename, '\\') + 1);
}
return $filename;
}
?>

1
phpBB/viewtopic.php
View file

@ -1613,7 +1613,6 @@ else if (!$all_marked_read)
}
// let's set up quick_reply
// TODO: introduce a per-forum and a per-user setting
$s_quick_reply = $user->data['is_registered'] && $config['allow_quick_reply'] && ($topic_data['forum_flags'] & FORUM_FLAG_QUICK_REPLY) && $auth->acl_get('f_reply', $forum_id);
if ($s_can_vote || $s_quick_reply)