makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 13:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'Fyorl/ticket/10939' into develop

Browse source 
* Fyorl/ticket/10939:
  [ticket/10939] Added documentation for phpbb_request::file
  [ticket/10939] Added tests for phpbb_request::file
  [ticket/10939] Modified the default return for $request->file
  [ticket/10939] Modified fileupload tests to deal with new behaviour
  [ticket/10939] Modified mock request class to handle deactivated $_FILES
  [ticket/10939] Modified acp_groups.php to not use $_FILES
  [ticket/10939] Modified ucp_groups.php to not use $_FILES
  [ticket/10939] Modified functions_user.php to not use $_FILES
  [ticket/10939] Modified message_parser.php to not use $_FILES
  [ticket/10939] Modified functions_upload to not use $_FILES
  [ticket/10939] Modified request test slightly to include $_FILES
  [ticket/10939] Added $_FILES handling to phpbb_request
This commit is contained in:
Andreas Fischer 2012-11-10 23:49:29 +01:00
commit e86ecc0f3b
10 changed files with 94 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/includes/acp/acp_groups.php
View file

@ -26,6 +26,7 @@ class acp_groups
{
global $config, $db, $user, $auth, $template, $cache;
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
global $request;
$user->add_lang('acp/groups');
$this->tpl_name = 'acp_groups';
@ -323,7 +324,8 @@ class acp_groups
$submit_ary['founder_manage'] = isset($_REQUEST['group_founder_manage']) ? 1 : 0;
}
if (!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl'] || $data['remotelink'])
$uploadfile = $request->file('uploadfile');
if (!empty($uploadfile['tmp_name']) || $data['uploadurl'] || $data['remotelink'])
{
// Avatar stuff
$var_ary = array(
@ -337,7 +339,7 @@ class acp_groups
{
$data['user_id'] = "g$group_id";
if ((!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl']) && $can_upload)
if ((!empty($uploadfile['tmp_name']) || $data['uploadurl']) && $can_upload)
{
list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_upload($data, $error);
}

45
phpBB/includes/functions_upload.php
View file

@ -566,10 +566,11 @@ class fileupload
*/
function form_upload($form_name)
{
global $user;
global $user, $request;
unset($_FILES[$form_name]['local_mode']);
$file = new filespec($_FILES[$form_name], $this);
$upload = $request->file($form_name);
unset($upload['local_mode']);
$file = new filespec($upload, $this);
if ($file->init_error)
{
@ -578,9 +579,9 @@ class fileupload
}
// Error array filled?
if (isset($_FILES[$form_name]['error']))
if (isset($upload['error']))
{
$error = $this->assign_internal_error($_FILES[$form_name]['error']);
$error = $this->assign_internal_error($upload['error']);
if ($error !== false)
{
@ -590,7 +591,7 @@ class fileupload
}
// Check if empty file got uploaded (not catched by is_uploaded_file)
if (isset($_FILES[$form_name]['size']) && $_FILES[$form_name]['size'] == 0)
if (isset($upload['size']) && $upload['size'] == 0)
{
$file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD'];
return $file;
@ -631,17 +632,17 @@ class fileupload
*/
function local_upload($source_file, $filedata = false)
{
global $user;
global $user, $request;
$form_name = 'local';
$upload = array();
$_FILES[$form_name]['local_mode'] = true;
$_FILES[$form_name]['tmp_name'] = $source_file;
$upload['local_mode'] = true;
$upload['tmp_name'] = $source_file;
if ($filedata === false)
{
$_FILES[$form_name]['name'] = utf8_basename($source_file);
$_FILES[$form_name]['size'] = 0;
$upload['name'] = utf8_basename($source_file);
$upload['size'] = 0;
$mimetype = '';
if (function_exists('mime_content_type'))
@ -655,16 +656,16 @@ class fileupload
$mimetype = 'application/octetstream';
}
$_FILES[$form_name]['type'] = $mimetype;
$upload['type'] = $mimetype;
}
else
{
$_FILES[$form_name]['name'] = $filedata['realname'];
$_FILES[$form_name]['size'] = $filedata['size'];
$_FILES[$form_name]['type'] = $filedata['type'];
$upload['name'] = $filedata['realname'];
$upload['size'] = $filedata['size'];
$upload['type'] = $filedata['type'];
}
$file = new filespec($_FILES[$form_name], $this);
$file = new filespec($upload, $this);
if ($file->init_error)
{
@ -672,9 +673,9 @@ class fileupload
return $file;
}
if (isset($_FILES[$form_name]['error']))
if (isset($upload['error']))
{
$error = $this->assign_internal_error($_FILES[$form_name]['error']);
$error = $this->assign_internal_error($upload['error']);
if ($error !== false)
{
@ -709,6 +710,7 @@ class fileupload
}
$this->common_checks($file);
$request->overwrite('local', $upload, phpbb_request_interface::FILES);
return $file;
}
@ -1001,7 +1003,10 @@ class fileupload
*/
function is_valid($form_name)
{
return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
global $request;
$upload = $request->file($form_name);
return (!empty($upload) && $upload['name'] !== 'none');
}

10
phpBB/includes/functions_user.php
View file

@ -2140,13 +2140,14 @@ function avatar_remote($data, &$error)
*/
function avatar_upload($data, &$error)
{
global $phpbb_root_path, $config, $db, $user, $phpEx;
global $phpbb_root_path, $config, $db, $user, $phpEx, $request;
// Init upload class
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));
if (!empty($_FILES['uploadfile']['name']))
$uploadfile = $request->file('uploadfile');
if (!empty($uploadfile['name']))
{
$file = $upload->form_upload('uploadfile');
}
@ -2369,7 +2370,7 @@ function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $
*/
function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null)
{
global $config, $phpbb_root_path, $auth, $user, $db;
global $config, $phpbb_root_path, $auth, $user, $db, $request;
$data = array(
'uploadurl' => request_var('uploadurl', ''),
@ -2411,7 +2412,8 @@ function avatar_process_user(&$error, $custom_userdata = false, $can_upload = nu
$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
}
if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
$uploadfile = $request->file('uploadfile');
if ((!empty($uploadfile['name']) || $data['uploadurl']) && $can_upload)
{
list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
}

5
phpBB/includes/message_parser.php
View file

@ -1363,13 +1363,14 @@ class parse_message extends bbcode_firstpass
*/
function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false)
{
global $config, $auth, $user, $phpbb_root_path, $phpEx, $db;
global $config, $auth, $user, $phpbb_root_path, $phpEx, $db, $request;
$error = array();
$num_attachments = sizeof($this->attachment_data);
$this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
$upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false;
$upload = $request->file($form_name);
$upload_file = (!empty($upload) && $upload['name'] !== 'none' && trim($upload['name']));
$add_file = (isset($_POST['add_file'])) ? true : false;
$delete_file = (isset($_POST['delete_file'])) ? true : false;

1
phpBB/includes/request/interface.php
View file

@ -30,6 +30,7 @@ interface phpbb_request_interface
const REQUEST = 2;
const COOKIE = 3;
const SERVER = 4;
const FILES = 5;
/**#@-*/
/**

14
phpBB/includes/request/request.php
View file

@ -34,6 +34,7 @@ class phpbb_request implements phpbb_request_interface
phpbb_request_interface::REQUEST => '_REQUEST',
phpbb_request_interface::COOKIE => '_COOKIE',
phpbb_request_interface::SERVER => '_SERVER',
phpbb_request_interface::FILES => '_FILES',
);
/**
@ -268,6 +269,19 @@ class phpbb_request implements phpbb_request_interface
return $this->server($var_name, $default);
}
/**
* Shortcut method to retrieve $_FILES variables
*
* @param string $form_name The name of the file input form element
*
* @return array The uploaded file's information or an empty array if the
* variable does not exist in _FILES.
*/
public function file($form_name)
{
return $this->variable($form_name, array('name' => 'none'), false, phpbb_request_interface::FILES);
}
/**
* Checks whether a certain variable was sent via POST.
* To make sure that a request was sent using POST you should call this function

5
phpBB/includes/ucp/ucp_groups.php
View file

@ -513,7 +513,8 @@ class ucp_groups
$data['height'] = request_var('height', '');
$delete = request_var('delete', '');
if (!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl'] || $data['remotelink'])
$uploadfile = $request->file('uploadfile');
if (!empty($uploadfile['tmp_name']) || $data['uploadurl'] || $data['remotelink'])
{
// Avatar stuff
$var_ary = array(
@ -527,7 +528,7 @@ class ucp_groups
{
$data['user_id'] = "g$group_id";
if ((!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl']) && $can_upload)
if ((!empty($uploadfile['tmp_name']) || $data['uploadurl']) && $can_upload)
{
list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_upload($data, $error);
}

9
tests/mock/request.php
View file

@ -11,13 +11,14 @@ class phpbb_mock_request implements phpbb_request_interface
{
protected $data;
public function __construct($get = array(), $post = array(), $cookie = array(), $server = array(), $request = false)
public function __construct($get = array(), $post = array(), $cookie = array(), $server = array(), $request = false, $files = array())
{
$this->data[phpbb_request_interface::GET] = $get;
$this->data[phpbb_request_interface::POST] = $post;
$this->data[phpbb_request_interface::COOKIE] = $cookie;
$this->data[phpbb_request_interface::REQUEST] = ($request === false) ? $post + $get : $request;
$this->data[phpbb_request_interface::SERVER] = $server;
$this->data[phpbb_request_interface::FILES] = $files;
}
public function overwrite($var_name, $value, $super_global = phpbb_request_interface::REQUEST)
@ -42,6 +43,12 @@ class phpbb_mock_request implements phpbb_request_interface
return $this->server($var_name, $default);
}
public function file($form_name)
{
$super_global = phpbb_request_interface::FILES;
return isset($this->data[$super_global][$form_name]) ? $this->data[$super_global][$form_name] : array();
}
public function is_set_post($name)
{
return $this->is_set($name, phpbb_request_interface::POST);

25
tests/request/request_test.php
View file

@ -21,6 +21,13 @@ class phpbb_request_test extends phpbb_test_case
$_COOKIE['test'] = 3;
$_REQUEST['test'] = 3;
$_GET['unset'] = '';
$_FILES['test'] = array(
'name' => 'file',
'tmp_name' => 'tmp',
'size' => 256,
'type' => 'application/octet-stream',
'error' => UPLOAD_ERR_OK,
);
$_SERVER['HTTP_HOST'] = 'example.com';
$_SERVER['HTTP_ACCEPT'] = 'application/json';
@ -42,6 +49,7 @@ class phpbb_request_test extends phpbb_test_case
$this->assertEquals(2, $_GET['test'], 'Checking $_GET after enable_super_globals');
$this->assertEquals(3, $_COOKIE['test'], 'Checking $_COOKIE after enable_super_globals');
$this->assertEquals(3, $_REQUEST['test'], 'Checking $_REQUEST after enable_super_globals');
$this->assertEquals(256, $_FILES['test']['size']);
$_POST['x'] = 2;
$this->assertEquals($_POST, $GLOBALS['_POST'], 'Checking whether $_POST can still be accessed via $GLOBALS[\'_POST\']');
@ -85,6 +93,23 @@ class phpbb_request_test extends phpbb_test_case
$this->request->header('SOMEVAR');
}
public function test_file()
{
$file = $this->request->file('test');
$this->assertEquals('file', $file['name']);
$this->assertEquals('tmp', $file['tmp_name']);
$this->assertEquals(256, $file['size']);
$this->assertEquals('application/octet-stream', $file['type']);
$this->assertEquals(UPLOAD_ERR_OK, $file['error']);
}
public function test_file_not_exists()
{
$file = $this->request->file('404');
$this->assertTrue(is_array($file));
$this->assertTrue(empty($file));
}
/**
* Checks that directly accessing $_POST will trigger
* an error.

6
tests/upload/fileupload_test.php
View file

@ -19,7 +19,8 @@ class phpbb_fileupload_test extends phpbb_test_case
{
// Global $config required by unique_id
// Global $user required by several functions dealing with translations
global $config, $user;
// Global $request required by form_upload, local_upload and is_valid
global $config, $user, $request;
if (!is_array($config))
{
@ -31,6 +32,9 @@ class phpbb_fileupload_test extends phpbb_test_case
$user = new phpbb_mock_user();
$user->lang = new phpbb_mock_lang();
$request = new phpbb_mock_request();
$this->path = __DIR__ . '/fixture/';
}