makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/14168] Add attachment upload class

Browse source 
PHPBB3-14168
This commit is contained in:
Marc Alexander 2015-09-19 16:39:17 +02:00
parent 73fd3d1df8
commit e50718008a
3 changed files with 285 additions and 167 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
phpBB/config/default/container/services_files.yml
View file

@ -1,4 +1,19 @@
services: services:
attachment.upload:
class: phpbb\attachment\upload
scope: prototype
arguments:
- @auth
- @cache
- @config
- @files.upload
- @language
- @mimetype.guesser
- @dispatcher
- @plupload
- @user
- %core.root_path%
filesystem: filesystem:
class: phpbb\filesystem\filesystem class: phpbb\filesystem\filesystem

176
phpBB/includes/functions_posting.php
View file

@ -391,183 +391,25 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL)
* Upload Attachment - filedata is generated here * Upload Attachment - filedata is generated here
* Uses upload class * Uses upload class
* *
* @deprecated 3.2.0-a1 (To be removed: 3.4.0)
*
* @param string $form_name The form name of the file upload input * @param string $form_name The form name of the file upload input
* @param int $forum_id The id of the forum * @param int $forum_id The id of the forum
* @param bool $local Whether the file is local or not * @param bool $local Whether the file is local or not
* @param string $local_storage The path to the local file * @param string $local_storage The path to the local file
* @param bool $is_message Whether it is a PM or not * @param bool $is_message Whether it is a PM or not
* @param \filespec $local_filedata A filespec object created for the local file * @param array $local_filedata A filespec object created for the local file
* @param \phpbb\mimetype\guesser $mimetype_guesser The mimetype guesser object if used
* @param \phpbb\plupload\plupload $plupload The plupload object if one is being used
* *
* @return object filespec * @return \phpbb\files\filespec
*/ */
function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null) function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false)
{ {
global $auth, $user, $config, $db, $cache; global $phpbb_container;
global $phpbb_root_path, $phpEx, $phpbb_dispatcher, $phpbb_container;
$filedata = array( /** @var \phpbb\attachment\upload $attachment_upload */
'error' => array() $attachment_upload = $phpbb_container->get('attachment.upload');
);
$upload = $phpbb_container->get('files.upload'); return $attachment_upload->upload($form_name, $forum_id, $local, $local_storage, $is_message, $local_filedata);
if ($config['check_attachment_content'] && isset($config['mime_triggers']))
{
$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
}
else if (!$config['check_attachment_content'])
{
$upload->set_disallowed_content(array());
}
$filedata['post_attach'] = $local || $upload->is_valid($form_name);
if (!$filedata['post_attach'])
{
$filedata['error'][] = $user->lang['NO_UPLOAD_FORM_FOUND'];
return $filedata;
}
$extensions = $cache->obtain_attach_extensions((($is_message) ? false : (int) $forum_id));
$upload->set_allowed_extensions(array_keys($extensions['_allowed_']));
/** @var \phpbb\files\filespec $file */
$file = ($local) ? $upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $upload->handle_upload('files.types.form', $form_name);
if ($file->init_error())
{
$filedata['post_attach'] = false;
return $filedata;
}
// Whether the uploaded file is in the image category
$is_image = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false;
if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id))
{
// Check Image Size, if it is an image
if ($is_image)
{
$file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']);
}
// Admins and mods are allowed to exceed the allowed filesize
if (!empty($extensions[$file->get('extension')]['max_filesize']))
{
$allowed_filesize = $extensions[$file->get('extension')]['max_filesize'];
}
else
{
$allowed_filesize = ($is_message) ? $config['max_filesize_pm'] : $config['max_filesize'];
}
$file->upload->set_max_filesize($allowed_filesize);
}
$file->clean_filename('unique', $user->data['user_id'] . '_');
// Are we uploading an image *and* this image being within the image category?
// Only then perform additional image checks.
$file->move_file($config['upload_path'], false, !$is_image);
// Do we have to create a thumbnail?
$filedata['thumbnail'] = ($is_image && $config['img_create_thumbnail']) ? 1 : 0;
if (sizeof($file->error))
{
$file->remove();
$filedata['error'] = array_merge($filedata['error'], $file->error);
$filedata['post_attach'] = false;
return $filedata;
}
// Make sure the image category only holds valid images...
if ($is_image && !$file->is_image())
{
$file->remove();
if ($plupload && $plupload->is_active())
{
$plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE');
}
// If this error occurs a user tried to exploit an IE Bug by renaming extensions
// Since the image category is displaying content inline we need to catch this.
trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']);
}
$filedata['filesize'] = $file->get('filesize');
$filedata['mimetype'] = $file->get('mimetype');
$filedata['extension'] = $file->get('extension');
$filedata['physical_filename'] = $file->get('realname');
$filedata['real_filename'] = $file->get('uploadname');
$filedata['filetime'] = time();
/**
* Event to modify uploaded file before submit to the post
*
* @event core.modify_uploaded_file
* @var array filedata Array containing uploaded file data
* @var bool is_image Flag indicating if the file is an image
* @since 3.1.0-RC3
*/
$vars = array(
'filedata',
'is_image',
);
extract($phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars)));
// Check our complete quota
if ($config['attachment_quota'])
{
if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota'])
{
$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED'];
$filedata['post_attach'] = false;
$file->remove();
return $filedata;
}
}
// Check free disk space
if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path']))
{
if ($free_space <= $file->get('filesize'))
{
if ($auth->acl_get('a_'))
{
$filedata['error'][] = $user->lang['ATTACH_DISK_FULL'];
}
else
{
$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED'];
}
$filedata['post_attach'] = false;
$file->remove();
return $filedata;
}
}
// Create Thumbnail
if ($filedata['thumbnail'])
{
$source = $file->get('destination_file');
$destination = $file->get('destination_path') . '/thumb_' . $file->get('realname');
if (!create_thumbnail($source, $destination, $file->get('mimetype')))
{
$filedata['thumbnail'] = 0;
}
}
return $filedata;
} }
/** /**

261
phpBB/phpbb/attachment/upload.php Normal file
View file

@ -0,0 +1,261 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\attachment;
use phpbb\auth\auth;
use \phpbb\cache\service;
use \phpbb\config\config;
use \phpbb\event\dispatcher;
use \phpbb\language\language;
use \phpbb\mimetype\guesser;
use \phpbb\plupload\plupload;
use \phpbb\user;
/**
* Attachment upload class
*/
class upload
{
/** @var auth */
protected $auth;
/** @var service */
protected $cache;
/** @var config */
protected $config;
/** @var \phpbb\files\upload Upload class */
protected $files_upload;
/** @var \phpbb\language\language */
protected $language;
/** @var guesser Mimetype guesser */
protected $mimetype_guesser;
/** @var dispatcher */
protected $phpbb_dispatcher;
/** @var plupload Plupload */
protected $plupload;
/** @var user */
protected $user;
/**
* Constructor for attachments upload class
*
* @param auth $auth
* @param service $cache
* @param config $config
* @param \phpbb\files\upload $files_upload
* @param language $language
* @param guesser $mimetype_guesser
* @param dispatcher $phpbb_dispatcher
* @param plupload $plupload
* @param user $user
* @param $phpbb_root_path
*/
public function __construct(auth $auth, service $cache, config $config, \phpbb\files\upload $files_upload, language $language, guesser $mimetype_guesser, dispatcher $phpbb_dispatcher, plupload $plupload, user $user, $phpbb_root_path)
{
$this->auth = $auth;
$this->cache = $cache;
$this->config = $config;
$this->files_upload = $files_upload;
$this->language = $language;
$this->mimetype_guesser = $mimetype_guesser;
$this->phpbb_dispatcher = $phpbb_dispatcher;
$this->plupload = $plupload;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
}
/**
* Upload Attachment - filedata is generated here
* Uses upload class
*
* @param string $form_name The form name of the file upload input
* @param int $forum_id The id of the forum
* @param bool $local Whether the file is local or not
* @param string $local_storage The path to the local file
* @param bool $is_message Whether it is a PM or not
* @param array $local_filedata An file data object created for the local file
*
* @return object filespec
*/
public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false)
{
$filedata = array(
'error' => array()
);
if ($this->config['check_attachment_content'] && isset($this->config['mime_triggers']))
{
$this->files_upload->set_disallowed_content(explode('|', $this->config['mime_triggers']));
}
else if (!$this->config['check_attachment_content'])
{
$this->files_upload->set_disallowed_content(array());
}
$filedata['post_attach'] = $local || $this->files_upload->is_valid($form_name);
if (!$filedata['post_attach'])
{
$filedata['error'][] = $this->user->lang['NO_UPLOAD_FORM_FOUND'];
return $filedata;
}
$extensions = $this->cache->obtain_attach_extensions((($is_message) ? false : (int) $forum_id));
$this->files_upload->set_allowed_extensions(array_keys($extensions['_allowed_']));
/** @var \phpbb\files\filespec $file */
$file = ($local) ? $this->files_upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $this->files_upload->handle_upload('files.types.form', $form_name);
if ($file->init_error())
{
$filedata['post_attach'] = false;
return $filedata;
}
// Whether the uploaded file is in the image category
$is_image = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false;
if (!$this->auth->acl_get('a_') && !$this->auth->acl_get('m_', $forum_id))
{
// Check Image Size, if it is an image
if ($is_image)
{
$file->upload->set_allowed_dimensions(0, 0, $this->config['img_max_width'], $this->config['img_max_height']);
}
// Admins and mods are allowed to exceed the allowed filesize
if (!empty($extensions[$file->get('extension')]['max_filesize']))
{
$allowed_filesize = $extensions[$file->get('extension')]['max_filesize'];
}
else
{
$allowed_filesize = ($is_message) ? $this->config['max_filesize_pm'] : $this->config['max_filesize'];
}
$file->upload->set_max_filesize($allowed_filesize);
}
$file->clean_filename('unique', $this->user->data['user_id'] . '_');
// Are we uploading an image *and* this image being within the image category?
// Only then perform additional image checks.
$file->move_file($this->config['upload_path'], false, !$is_image);
// Do we have to create a thumbnail?
$filedata['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0;
if (sizeof($file->error))
{
$file->remove();
$filedata['error'] = array_merge($filedata['error'], $file->error);
$filedata['post_attach'] = false;
return $filedata;
}
// Make sure the image category only holds valid images...
if ($is_image && !$file->is_image())
{
$file->remove();
if ($this->plupload && $this->plupload->is_active())
{
$this->plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE');
}
// If this error occurs a user tried to exploit an IE Bug by renaming extensions
// Since the image category is displaying content inline we need to catch this.
trigger_error($this->user->lang['ATTACHED_IMAGE_NOT_IMAGE']);
}
$filedata['filesize'] = $file->get('filesize');
$filedata['mimetype'] = $file->get('mimetype');
$filedata['extension'] = $file->get('extension');
$filedata['physical_filename'] = $file->get('realname');
$filedata['real_filename'] = $file->get('uploadname');
$filedata['filetime'] = time();
/**
* Event to modify uploaded file before submit to the post
*
* @event core.modify_uploaded_file
* @var array filedata Array containing uploaded file data
* @var bool is_image Flag indicating if the file is an image
* @since 3.1.0-RC3
*/
$vars = array(
'filedata',
'is_image',
);
extract($this->phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars)));
// Check our complete quota
if ($this->config['attachment_quota'])
{
if (intval($this->config['upload_dir_size']) + $file->get('filesize') > $this->config['attachment_quota'])
{
$filedata['error'][] = $this->user->lang['ATTACH_QUOTA_REACHED'];
$filedata['post_attach'] = false;
$file->remove();
return $filedata;
}
}
// Check free disk space
if ($free_space = @disk_free_space($this->phpbb_root_path . $this->config['upload_path']))
{
if ($free_space <= $file->get('filesize'))
{
if ($this->auth->acl_get('a_'))
{
$filedata['error'][] = $this->user->lang['ATTACH_DISK_FULL'];
}
else
{
$filedata['error'][] = $this->user->lang['ATTACH_QUOTA_REACHED'];
}
$filedata['post_attach'] = false;
$file->remove();
return $filedata;
}
}
// Create Thumbnail
if ($filedata['thumbnail'])
{
$source = $file->get('destination_file');
$destination = $file->get('destination_path') . '/thumb_' . $file->get('realname');
if (!create_thumbnail($source, $destination, $file->get('mimetype')))
{
$filedata['thumbnail'] = 0;
}
}
return $filedata;
}
}