/phpBB/phpbb/attachment/upload.php
PHP | 378 lines | 210 code | 60 blank | 108 comment | 29 complexity | ac9dfbd7247ec4a58b720b1aabe2eb60 MD5 | raw file
Possible License(s): GPL-3.0, AGPL-1.0
- <?php
- /**
- *
- * This file is part of the phpBB Forum Software package.
- *
- * @copyright (c) phpBB Limited <https://www.phpbb.com>
- * @license GNU General Public License, version 2 (GPL-2.0)
- *
- * For full copyright and license information, please see
- * the docs/CREDITS.txt file.
- *
- */
- namespace phpbb\attachment;
- use phpbb\auth\auth;
- use \phpbb\cache\service;
- use \phpbb\config\config;
- use \phpbb\event\dispatcher;
- use \phpbb\language\language;
- use \phpbb\mimetype\guesser;
- use \phpbb\plupload\plupload;
- use \phpbb\storage\storage;
- use \phpbb\filesystem\temp;
- use \phpbb\user;
- /**
- * Attachment upload class
- */
- class upload
- {
- /** @var auth */
- protected $auth;
- /** @var service */
- protected $cache;
- /** @var config */
- protected $config;
- /** @var \phpbb\files\upload Upload class */
- protected $files_upload;
- /** @var language */
- protected $language;
- /** @var guesser Mimetype guesser */
- protected $mimetype_guesser;
- /** @var dispatcher */
- protected $phpbb_dispatcher;
- /** @var plupload Plupload */
- protected $plupload;
- /** @var storage */
- protected $storage;
- /** @var temp */
- protected $temp;
- /** @var user */
- protected $user;
- /** @var \phpbb\files\filespec Current filespec instance */
- private $file;
- /** @var array File data */
- private $file_data = array(
- 'error' => array()
- );
- /** @var array Extensions array */
- private $extensions;
- /**
- * Constructor for attachments upload class
- *
- * @param auth $auth
- * @param service $cache
- * @param config $config
- * @param \phpbb\files\upload $files_upload
- * @param language $language
- * @param guesser $mimetype_guesser
- * @param dispatcher $phpbb_dispatcher
- * @param plupload $plupload
- * @param storage $storage
- * @param temp $temp
- * @param user $user
- */
- public function __construct(auth $auth, service $cache, config $config, \phpbb\files\upload $files_upload, language $language, guesser $mimetype_guesser, dispatcher $phpbb_dispatcher, plupload $plupload, storage $storage, temp $temp, user $user)
- {
- $this->auth = $auth;
- $this->cache = $cache;
- $this->config = $config;
- $this->files_upload = $files_upload;
- $this->language = $language;
- $this->mimetype_guesser = $mimetype_guesser;
- $this->phpbb_dispatcher = $phpbb_dispatcher;
- $this->plupload = $plupload;
- $this->storage = $storage;
- $this->temp = $temp;
- $this->user = $user;
- }
- /**
- * Upload Attachment - filedata is generated here
- * Uses upload class
- *
- * @param string $form_name The form name of the file upload input
- * @param int $forum_id The id of the forum
- * @param bool $local Whether the file is local or not
- * @param string $local_storage The path to the local file
- * @param bool $is_message Whether it is a PM or not
- * @param array $local_filedata An file data object created for the local file
- *
- * @return array File data array
- */
- public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = array())
- {
- $this->init_files_upload($forum_id, $is_message);
- $this->file_data['post_attach'] = $local || $this->files_upload->is_valid($form_name);
- if (!$this->file_data['post_attach'])
- {
- $this->file_data['error'][] = $this->language->lang('NO_UPLOAD_FORM_FOUND');
- return $this->file_data;
- }
- $this->file = ($local) ? $this->files_upload->handle_upload('files.types.local_storage', $local_storage, $local_filedata) : $this->files_upload->handle_upload('files.types.form_storage', $form_name);
- if ($this->file->init_error())
- {
- $this->file_data['post_attach'] = false;
- return $this->file_data;
- }
- // Whether the uploaded file is in the image category
- $is_image = (isset($this->extensions[$this->file->get('extension')]['display_cat'])) ? $this->extensions[$this->file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false;
- if (!$this->auth->acl_get('a_') && !$this->auth->acl_get('m_', $forum_id))
- {
- // Check Image Size, if it is an image
- if ($is_image)
- {
- $this->file->upload->set_allowed_dimensions(0, 0, $this->config['img_max_width'], $this->config['img_max_height']);
- }
- // Admins and mods are allowed to exceed the allowed filesize
- if (!empty($this->extensions[$this->file->get('extension')]['max_filesize']))
- {
- $allowed_filesize = $this->extensions[$this->file->get('extension')]['max_filesize'];
- }
- else
- {
- $allowed_filesize = ($is_message) ? $this->config['max_filesize_pm'] : $this->config['max_filesize'];
- }
- $this->file->upload->set_max_filesize($allowed_filesize);
- }
- $this->file->clean_filename('unique', $this->user->data['user_id'] . '_');
- // Do we have to create a thumbnail?
- $this->file_data['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0;
- // Make sure the image category only holds valid images...
- $this->check_image($is_image);
- if (count($this->file->error))
- {
- $this->file->remove($this->storage);
- $this->file_data['error'] = array_merge($this->file_data['error'], $this->file->error);
- $this->file_data['post_attach'] = false;
- return $this->file_data;
- }
- $this->fill_file_data();
- $filedata = $this->file_data;
- /**
- * Event to modify uploaded file before submit to the post
- *
- * @event core.modify_uploaded_file
- * @var array filedata Array containing uploaded file data
- * @var bool is_image Flag indicating if the file is an image
- * @since 3.1.0-RC3
- */
- $vars = array(
- 'filedata',
- 'is_image',
- );
- extract($this->phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars)));
- $this->file_data = $filedata;
- unset($filedata);
- // Check for attachment quota and free space
- if (!$this->check_attach_quota() || !$this->check_disk_space())
- {
- $this->file->remove($this->storage);
- return $this->file_data;
- }
- // Create Thumbnail
- $this->create_thumbnail();
- // Are we uploading an image *and* this image being within the image category?
- // Only then perform additional image checks.
- $this->file->move_file($this->storage, false, !$is_image);
- if (count($this->file->error))
- {
- $this->file->remove($this->storage);
- // Remove thumbnail if exists
- $thumbnail_file = 'thumb_' . $this->file->get('realname');
- if ($this->storage->exists($thumbnail_file))
- {
- $this->storage->delete($thumbnail_file);
- }
- $this->file_data['error'] = array_merge($this->file_data['error'], $this->file->error);
- $this->file_data['post_attach'] = false;
- return $this->file_data;
- }
- return $this->file_data;
- }
- /**
- * Create thumbnail for file if necessary
- *
- * @return array Updated $filedata
- */
- protected function create_thumbnail()
- {
- if ($this->file_data['thumbnail'])
- {
- $source = $this->file->get('filename');
- $destination_name = 'thumb_' . $this->file->get('realname');
- $destination = $this->temp->get_dir() . '/' . $destination_name;
- if (create_thumbnail($source, $destination, $this->file->get('mimetype')))
- {
- // Move the thumbnail from temp folder to the storage
- $fp = fopen($destination, 'rb');
- $this->storage->write_stream($destination_name, $fp);
- if (is_resource($fp))
- {
- fclose($fp);
- }
- }
- else
- {
- $this->file_data['thumbnail'] = 0;
- }
- }
- }
- /**
- * Init files upload class
- *
- * @param int $forum_id Forum ID
- * @param bool $is_message Whether attachment is inside PM or not
- */
- protected function init_files_upload($forum_id, $is_message)
- {
- if ($this->config['check_attachment_content'] && isset($this->config['mime_triggers']))
- {
- $this->files_upload->set_disallowed_content(explode('|', $this->config['mime_triggers']));
- }
- else if (!$this->config['check_attachment_content'])
- {
- $this->files_upload->set_disallowed_content(array());
- }
- $this->extensions = $this->cache->obtain_attach_extensions((($is_message) ? false : (int) $forum_id));
- $this->files_upload->set_allowed_extensions(array_keys($this->extensions['_allowed_']));
- }
- /**
- * Check if uploaded file is really an image
- *
- * @param bool $is_image Whether file is image
- */
- protected function check_image($is_image)
- {
- // Make sure the image category only holds valid images...
- if ($is_image && !$this->file->is_image())
- {
- $this->file->remove($this->storage);
- if ($this->plupload && $this->plupload->is_active())
- {
- $this->plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE');
- }
- // If this error occurs a user tried to exploit an IE Bug by renaming extensions
- // Since the image category is displaying content inline we need to catch this.
- $this->file->set_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE'));
- }
- }
- /**
- * Check if attachment quota was reached
- *
- * @return bool False if attachment quota was reached, true if not
- */
- protected function check_attach_quota()
- {
- if ($this->config['attachment_quota'])
- {
- if (intval($this->config['upload_dir_size']) + $this->file->get('filesize') > $this->config['attachment_quota'])
- {
- $this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED');
- $this->file_data['post_attach'] = false;
- return false;
- }
- }
- return true;
- }
- /**
- * Check if there is enough free space available on disk
- *
- * @return bool True if disk space is available or not limited, false if not
- */
- protected function check_disk_space()
- {
- try
- {
- $free_space = $this->storage->free_space();
- if ($free_space <= $this->file->get('filesize'))
- {
- if ($this->auth->acl_get('a_'))
- {
- $this->file_data['error'][] = $this->language->lang('ATTACH_DISK_FULL');
- }
- else
- {
- $this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED');
- }
- $this->file_data['post_attach'] = false;
- return false;
- }
- }
- catch (\phpbb\storage\exception\exception $e)
- {
- // Do nothing
- }
- return true;
- }
- /**
- * Fills file data with file information and current time as filetime
- */
- protected function fill_file_data()
- {
- $this->file_data['filesize'] = $this->file->get('filesize');
- $this->file_data['mimetype'] = $this->file->get('mimetype');
- $this->file_data['extension'] = $this->file->get('extension');
- $this->file_data['physical_filename'] = $this->file->get('realname');
- $this->file_data['real_filename'] = $this->file->get('uploadname');
- $this->file_data['filetime'] = time();
- }
- }