search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update code_sniffer build.xml file to be executable on our system
[phpbb.git] / phpBB / includes / functions_upload.php
blob363bfdd76872f1fde35e1c2301d65a882ce19bae
1 <?php
2 /**
3 *
4 * @package phpBB3
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * @ignore
13 */
14 if (!defined('IN_PHPBB'))
15 {
16 exit;
17 }
18
19 /**
20 * Responsible for holding all file relevant information, as well as doing file-specific operations.
21 * The {@link fileupload fileupload class} can be used to upload several files, each of them being this object to operate further on.
22 * @package phpBB3
23 */
24 class filespec
25 {
26 var $filename = '';
27 var $realname = '';
28 var $uploadname = '';
29 var $mimetype = '';
30 var $extension = '';
31 var $filesize = 0;
32 var $width = 0;
33 var $height = 0;
34 var $image_info = array();
35
36 var $destination_file = '';
37 var $destination_path = '';
38
39 var $file_moved = false;
40 var $init_error = false;
41 var $local = false;
42
43 var $error = array();
44
45 var $upload = '';
46
47 /**
48 * File Class
49 * @access private
50 */
51 function __construct($upload_ary, $upload_namespace)
52 {
53 if (!isset($upload_ary))
54 {
55 $this->init_error = true;
56 return;
57 }
58
59 $this->filename = $upload_ary['tmp_name'];
60 $this->filesize = $upload_ary['size'];
61 $name = trim(htmlspecialchars(basename($upload_ary['name'])));
62 $this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
63 $this->mimetype = $upload_ary['type'];
64
65 // Opera adds the name to the mime type
66 $this->mimetype = (strpos($this->mimetype, '; name') !== false) ? str_replace(strstr($this->mimetype, '; name'), '', $this->mimetype) : $this->mimetype;
67
68 if (!$this->mimetype)
69 {
70 $this->mimetype = 'application/octetstream';
71 }
72
73 $this->extension = strtolower($this->get_extension($this->realname));
74
75 // Try to get real filesize from temporary folder (not always working) ;)
76 $this->filesize = (@filesize($this->filename)) ? @filesize($this->filename) : $this->filesize;
77
78 $this->width = $this->height = 0;
79 $this->file_moved = false;
80
81 $this->local = (isset($upload_ary['local_mode'])) ? true : false;
82 $this->upload = $upload_namespace;
83 }
84
85 /**
86 * Cleans destination filename
87 *
88 * @param real|unique|unique_ext $mode real creates a realname, filtering some characters, lowering every character. Unique creates an unique filename
89 * @param string $prefix Prefix applied to filename
90 * @access public
91 */
92 function clean_filename($mode = 'unique', $prefix = '', $user_id = '')
93 {
94 if ($this->init_error)
95 {
96 return;
97 }
98
99 switch ($mode)
100 {
101 case 'real':
102 // Remove every extension from filename (to not let the mime bug being exposed)
103 if (strpos($this->realname, '.') !== false)
104 {
105 $this->realname = substr($this->realname, 0, strpos($this->realname, '.'));
106 }
107
108 // Replace any chars which may cause us problems with _
109 $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
110
111 $this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname)));
112 $this->realname = preg_replace("/%(\w{2})/", '_', $this->realname);
113
114 $this->realname = $prefix . $this->realname . '.' . $this->extension;
115 break;
116
117 case 'unique':
118 $this->realname = $prefix . md5(unique_id());
119 break;
120
121 case 'avatar':
122 $this->extension = strtolower($this->extension);
123 $this->realname = $prefix . $user_id . '.' . $this->extension;
124
125 break;
126
127 case 'unique_ext':
128 default:
129 $this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
130 break;
131 }
132 }
133
134 /**
135 * Get property from file object
136 */
137 function get($property)
138 {
139 if ($this->init_error || !isset($this->$property))
140 {
141 return false;
142 }
143
144 return $this->$property;
145 }
146
147 /**
148 * Check if file is an image (mimetype)
149 *
150 * @return true if it is an image, false if not
151 */
152 function is_image()
153 {
154 return (strpos($this->mimetype, 'image/') !== false) ? true : false;
155 }
156
157 /**
158 * Check if the file got correctly uploaded
159 *
160 * @return true if it is a valid upload, false if not
161 */
162 function is_uploaded()
163 {
164 if (!$this->local && !is_uploaded_file($this->filename))
165 {
166 return false;
167 }
168
169 if ($this->local && !file_exists($this->filename))
170 {
171 return false;
172 }
173
174 return true;
175 }
176
177 /**
178 * Remove file
179 */
180 function remove()
181 {
182 if ($this->file_moved)
183 {
184 @unlink($this->destination_file);
185 }
186 }
187
188 /**
189 * Get file extension
190 */
191 function get_extension($filename)
192 {
193 if (strpos($filename, '.') === false)
194 {
195 return '';
196 }
197
198 $filename = explode('.', $filename);
199 return array_pop($filename);
200 }
201
202 /**
203 * Get mimetype. Utilize mime_content_type if the function exist.
204 * Not used at the moment...
205 */
206 function get_mimetype($filename)
207 {
208 $mimetype = '';
209
210 if (function_exists('mime_content_type'))
211 {
212 $mimetype = mime_content_type($filename);
213 }
214
215 // Some browsers choke on a mimetype of application/octet-stream
216 if (!$mimetype || $mimetype == 'application/octet-stream')
217 {
218 $mimetype = 'application/octetstream';
219 }
220
221 return $mimetype;
222 }
223
224 /**
225 * Get filesize
226 */
227 function get_filesize($filename)
228 {
229 return @filesize($filename);
230 }
231
232
233 /**
234 * Check the first 256 bytes for forbidden content
235 */
236 function check_content($disallowed_content)
237 {
238 if (empty($disallowed_content))
239 {
240 return true;
241 }
242
243 $fp = @fopen($this->filename, 'rb');
244
245 if ($fp !== false)
246 {
247 $ie_mime_relevant = fread($fp, 256);
248 fclose($fp);
249 foreach ($disallowed_content as $forbidden)
250 {
251 if (stripos($ie_mime_relevant, '<' . $forbidden) !== false)
252 {
253 return false;
254 }
255 }
256 }
257 return true;
258 }
259
260 /**
261 * Move file to destination folder
262 * The phpbb_root_path variable will be applied to the destination path
263 *
264 * @param string $destination_path Destination path, for example phpbb::$config['avatar_path']
265 * @param bool $overwrite If set to true, an already existing file will be overwritten
266 * @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here is the octal permission mask.
267 *
268 * @access public
269 */
270 function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false)
271 {
272 if (sizeof($this->error))
273 {
274 return false;
275 }
276
277 $chmod = ($chmod === false) ? phpbb::CHMOD_READ | phpbb::CHMOD_WRITE : $chmod;
278
279 // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
280 $this->destination_path = PHPBB_ROOT_PATH . $destination;
281
282 // Check if the destination path exist...
283 if (!file_exists($this->destination_path))
284 {
285 @unlink($this->filename);
286 return false;
287 }
288
289 $upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
290 $upload_mode = ($this->local) ? 'local' : $upload_mode;
291 $this->destination_file = $this->destination_path . '/' . basename($this->realname);
292
293 // Check if the file already exist, else there is something wrong...
294 if (file_exists($this->destination_file) && !$overwrite)
295 {
296 @unlink($this->filename);
297 }
298 else
299 {
300 if (file_exists($this->destination_file))
301 {
302 @unlink($this->destination_file);
303 }
304
305 switch ($upload_mode)
306 {
307 case 'copy':
308
309 if (!@copy($this->filename, $this->destination_file))
310 {
311 if (!@move_uploaded_file($this->filename, $this->destination_file))
312 {
313 $this->error[] = sprintf(phpbb::$user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
314 return false;
315 }
316 }
317
318 @unlink($this->filename);
319
320 break;
321
322 case 'move':
323
324 if (!@move_uploaded_file($this->filename, $this->destination_file))
325 {
326 if (!@copy($this->filename, $this->destination_file))
327 {
328 $this->error[] = sprintf(phpbb::$user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
329 return false;
330 }
331 }
332
333 @unlink($this->filename);
334
335 break;
336
337 case 'local':
338
339 if (!@copy($this->filename, $this->destination_file))
340 {
341 $this->error[] = sprintf(phpbb::$user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
342 return false;
343 }
344 @unlink($this->filename);
345
346 break;
347 }
348
349 phpbb::$system->chmod($this->destination_file, $chmod);
350 }
351
352 // Try to get real filesize from destination folder
353 $this->filesize = (@filesize($this->destination_file)) ? @filesize($this->destination_file) : $this->filesize;
354
355 if ($this->is_image() && !$skip_image_check)
356 {
357 $this->width = $this->height = 0;
358
359 if (($this->image_info = @getimagesize($this->destination_file)) !== false)
360 {
361 $this->width = $this->image_info[0];
362 $this->height = $this->image_info[1];
363
364 if (!empty($this->image_info['mime']))
365 {
366 $this->mimetype = $this->image_info['mime'];
367 }
368
369 // Check image type
370 $types = $this->upload->image_types();
371
372 if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]]))
373 {
374 if (!isset($types[$this->image_info[2]]))
375 {
376 $this->error[] = sprintf(phpbb::$user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype);
377 }
378 else
379 {
380 $this->error[] = sprintf(phpbb::$user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension);
381 }
382 }
383
384 // Make sure the dimensions match a valid image
385 if (empty($this->width) || empty($this->height))
386 {
387 $this->error[] = phpbb::$user->lang['ATTACHED_IMAGE_NOT_IMAGE'];
388 }
389 }
390 else
391 {
392 $this->error[] = phpbb::$user->lang['UNABLE_GET_IMAGE_SIZE'];
393 }
394 }
395
396 $this->file_moved = true;
397 $this->additional_checks();
398 unset($this->upload);
399
400 return true;
401 }
402
403 /**
404 * Performing additional checks
405 */
406 function additional_checks()
407 {
408 if (!$this->file_moved)
409 {
410 return false;
411 }
412
413 // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
414 if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
415 {
416 $size_lang = ($this->upload->max_filesize >= 1048576) ? phpbb::$user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? phpbb::$user->lang['KIB'] : phpbb::$user->lang['BYTES'] );
417 $max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
418
419 $this->error[] = sprintf(phpbb::$user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
420
421 return false;
422 }
423
424 if (!$this->upload->valid_dimensions($this))
425 {
426 $this->error[] = sprintf(phpbb::$user->lang[$this->upload->error_prefix . 'WRONG_SIZE'], $this->upload->min_width, $this->upload->min_height, $this->upload->max_width, $this->upload->max_height, $this->width, $this->height);
427
428 return false;
429 }
430
431 return true;
432 }
433 }
434
435 /**
436 * Class for assigning error messages before a real filespec class can be assigned
437 *
438 * @package phpBB3
439 */
440 class fileerror extends filespec
441 {
442 function fileerror($error_msg)
443 {
444 $this->error[] = $error_msg;
445 }
446 }
447
448 /**
449 * File upload class
450 * Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads
451 *
452 * @package phpBB3
453 */
454 class fileupload
455 {
456 var $allowed_extensions = array();
457 var $disallowed_content = array();
458 var $max_filesize = 0;
459 var $min_width = 0;
460 var $min_height = 0;
461 var $max_width = 0;
462 var $max_height = 0;
463 var $error_prefix = '';
464
465 /**
466 * Init file upload class.
467 *
468 * @param string $error_prefix Used error messages will get prefixed by this string
469 * @param array $allowed_extensions Array of allowed extensions, for example array('jpg', 'jpeg', 'gif', 'png')
470 * @param int $max_filesize Maximum filesize
471 * @param int $min_width Minimum image width (only checked for images)
472 * @param int $min_height Minimum image height (only checked for images)
473 * @param int $max_width Maximum image width (only checked for images)
474 * @param int $max_height Maximum image height (only checked for images)
475 *
476 */
477 function __construct($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false)
478 {
479 $this->set_allowed_extensions($allowed_extensions);
480 $this->set_max_filesize($max_filesize);
481 $this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height);
482 $this->set_error_prefix($error_prefix);
483 $this->set_disallowed_content($disallowed_content);
484 }
485
486 /**
487 * Reset vars
488 */
489 function reset_vars()
490 {
491 $this->max_filesize = 0;
492 $this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
493 $this->error_prefix = '';
494 $this->allowed_extensions = array();
495 $this->disallowed_content = array();
496 }
497
498 /**
499 * Set allowed extensions
500 */
501 function set_allowed_extensions($allowed_extensions)
502 {
503 if ($allowed_extensions !== false && is_array($allowed_extensions))
504 {
505 $this->allowed_extensions = $allowed_extensions;
506 }
507 }
508
509 /**
510 * Set allowed dimensions
511 */
512 function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height)
513 {
514 $this->min_width = (int) $min_width;
515 $this->min_height = (int) $min_height;
516 $this->max_width = (int) $max_width;
517 $this->max_height = (int) $max_height;
518 }
519
520 /**
521 * Set maximum allowed filesize
522 */
523 function set_max_filesize($max_filesize)
524 {
525 if ($max_filesize !== false && (int) $max_filesize)
526 {
527 $this->max_filesize = (int) $max_filesize;
528 }
529 }
530
531 /**
532 * Set disallowed strings
533 */
534 function set_disallowed_content($disallowed_content)
535 {
536 if ($disallowed_content !== false && is_array($disallowed_content))
537 {
538 $this->disallowed_content = $disallowed_content;
539 }
540 }
541
542 /**
543 * Set error prefix
544 */
545 function set_error_prefix($error_prefix)
546 {
547 $this->error_prefix = $error_prefix;
548 }
549
550 /**
551 * Form upload method
552 * Upload file from users harddisk
553 *
554 * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified)
555 * @return object $file Object "filespec" is returned, all further operations can be done with this object
556 * @access public
557 */
558 function form_upload($form_name)
559 {
560 unset($_FILES[$form_name]['local_mode']);
561 $file = new filespec($_FILES[$form_name], $this);
562
563 if ($file->init_error)
564 {
565 $file->error[] = '';
566 return $file;
567 }
568
569 // Error array filled?
570 if (isset($_FILES[$form_name]['error']))
571 {
572 $error = $this->assign_internal_error($_FILES[$form_name]['error']);
573
574 if ($error !== false)
575 {
576 $file->error[] = $error;
577 return $file;
578 }
579 }
580
581 // Check if empty file got uploaded (not catched by is_uploaded_file)
582 if (isset($_FILES[$form_name]['size']) && $_FILES[$form_name]['size'] == 0)
583 {
584 $file->error[] = phpbb::$user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD'];
585 return $file;
586 }
587
588 // PHP Upload filesize exceeded
589 if ($file->get('filename') == 'none')
590 {
591 $max_filesize = @ini_get('upload_max_filesize');
592 $unit = 'MB';
593
594 if (!empty($max_filesize))
595 {
596 $unit = strtolower(substr($max_filesize, -1, 1));
597 $max_filesize = (int) $max_filesize;
598
599 $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
600 }
601
602 $file->error[] = (empty($max_filesize)) ? phpbb::$user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : phpbb::$user->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, phpbb::$user->lang[$unit]);
603 return $file;
604 }
605
606 // Not correctly uploaded
607 if (!$file->is_uploaded())
608 {
609 $file->error[] = phpbb::$user->lang[$this->error_prefix . 'NOT_UPLOADED'];
610 return $file;
611 }
612
613 $this->common_checks($file);
614
615 return $file;
616 }
617
618 /**
619 * Move file from another location to phpBB
620 */
621 function local_upload($source_file, $filedata = false)
622 {
623 $form_name = 'local';
624
625 $_FILES[$form_name]['local_mode'] = true;
626 $_FILES[$form_name]['tmp_name'] = $source_file;
627
628 if ($filedata === false)
629 {
630 $_FILES[$form_name]['name'] = basename($source_file);
631 $_FILES[$form_name]['size'] = 0;
632 $mimetype = '';
633
634 if (function_exists('mime_content_type'))
635 {
636 $mimetype = mime_content_type($source_file);
637 }
638
639 // Some browsers choke on a mimetype of application/octet-stream
640 if (!$mimetype || $mimetype == 'application/octet-stream')
641 {
642 $mimetype = 'application/octetstream';
643 }
644
645 $_FILES[$form_name]['type'] = $mimetype;
646 }
647 else
648 {
649 $_FILES[$form_name]['name'] = $filedata['realname'];
650 $_FILES[$form_name]['size'] = $filedata['size'];
651 $_FILES[$form_name]['type'] = $filedata['type'];
652 }
653
654 $file = new filespec($_FILES[$form_name], $this);
655
656 if ($file->init_error)
657 {
658 $file->error[] = '';
659 return $file;
660 }
661
662 if (isset($_FILES[$form_name]['error']))
663 {
664 $error = $this->assign_internal_error($_FILES[$form_name]['error']);
665
666 if ($error !== false)
667 {
668 $file->error[] = $error;
669 return $file;
670 }
671 }
672
673 // PHP Upload filesize exceeded
674 if ($file->get('filename') == 'none')
675 {
676 $max_filesize = @ini_get('upload_max_filesize');
677 $unit = 'MB';
678
679 if (!empty($max_filesize))
680 {
681 $unit = strtolower(substr($max_filesize, -1, 1));
682 $max_filesize = (int) $max_filesize;
683
684 $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
685 }
686
687 $file->error[] = (empty($max_filesize)) ? phpbb::$user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : phpbb::$user->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, phpbb::$user->lang[$unit]);
688 return $file;
689 }
690
691 // Not correctly uploaded
692 if (!$file->is_uploaded())
693 {
694 $file->error[] = phpbb::$user->lang[$this->error_prefix . 'NOT_UPLOADED'];
695 return $file;
696 }
697
698 $this->common_checks($file);
699
700 return $file;
701 }
702
703 /**
704 * Remote upload method
705 * Uploads file from given url
706 *
707 * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif
708 * @return object $file Object "filespec" is returned, all further operations can be done with this object
709 * @access public
710 */
711 function remote_upload($upload_url)
712 {
713 $upload_ary = array();
714 $upload_ary['local_mode'] = true;
715
716 if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match))
717 {
718 $file = new fileerror(phpbb::$user->lang[$this->error_prefix . 'URL_INVALID']);
719 return $file;
720 }
721
722 if (empty($match[2]))
723 {
724 $file = new fileerror(phpbb::$user->lang[$this->error_prefix . 'URL_INVALID']);
725 return $file;
726 }
727
728 $url = parse_url($upload_url);
729
730 $host = $url['host'];
731 $path = $url['path'];
732 $port = (!empty($url['port'])) ? (int) $url['port'] : 80;
733
734 $upload_ary['type'] = 'application/octet-stream';
735
736 $url['path'] = explode('.', $url['path']);
737 $ext = array_pop($url['path']);
738
739 $url['path'] = implode('', $url['path']);
740 $upload_ary['name'] = basename($url['path']) . (($ext) ? '.' . $ext : '');
741 $filename = $url['path'];
742 $filesize = 0;
743
744 $errno = 0;
745 $errstr = '';
746
747 if (!($fsock = @fsockopen($host, $port, $errno, $errstr)))
748 {
749 $file = new fileerror(phpbb::$user->lang[$this->error_prefix . 'NOT_UPLOADED']);
750 return $file;
751 }
752
753 // Make sure $path not beginning with /
754 if (strpos($path, '/') === 0)
755 {
756 $path = substr($path, 1);
757 }
758
759 fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
760 fputs($fsock, "HOST: " . $host . "\r\n");
761 fputs($fsock, "Connection: close\r\n\r\n");
762
763 $get_info = false;
764 $data = '';
765 while (!@feof($fsock))
766 {
767 if ($get_info)
768 {
769 $data .= @fread($fsock, 1024);
770 }
771 else
772 {
773 $line = @fgets($fsock, 1024);
774
775 if ($line == "\r\n")
776 {
777 $get_info = true;
778 }
779 else
780 {
781 if (stripos($line, 'content-type: ') !== false)
782 {
783 $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
784 }
785 else if (stripos($line, '404 not found') !== false)
786 {
787 $file = new fileerror(phpbb::$user->lang[$this->error_prefix . 'URL_NOT_FOUND']);
788 return $file;
789 }
790 }
791 }
792 }
793 @fclose($fsock);
794
795 if (empty($data))
796 {
797 $file = new fileerror(phpbb::$user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']);
798 return $file;
799 }
800
801 $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : PHPBB_ROOT_PATH . 'cache';
802 $filename = tempnam($tmp_path, unique_id() . '-');
803
804 if (!($fp = @fopen($filename, 'wb')))
805 {
806 $file = new fileerror(phpbb::$user->lang[$this->error_prefix . 'NOT_UPLOADED']);
807 return $file;
808 }
809
810 $upload_ary['size'] = fwrite($fp, $data);
811 fclose($fp);
812 unset($data);
813
814 $upload_ary['tmp_name'] = $filename;
815
816 $file = new filespec($upload_ary, $this);
817 $this->common_checks($file);
818
819 return $file;
820 }
821
822 /**
823 * Assign internal error
824 * @access private
825 */
826 function assign_internal_error($errorcode)
827 {
828 switch ($errorcode)
829 {
830 case 1:
831 $max_filesize = @ini_get('upload_max_filesize');
832 $unit = 'MB';
833
834 if (!empty($max_filesize))
835 {
836 $unit = strtolower(substr($max_filesize, -1, 1));
837 $max_filesize = (int) $max_filesize;
838
839 $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
840 }
841
842 $error = (empty($max_filesize)) ? phpbb::$user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : phpbb::$user->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, phpbb::$user->lang[$unit]);
843 break;
844
845 case 2:
846 $size_lang = ($this->max_filesize >= 1048576) ? phpbb::$user->lang['MIB'] : (($this->max_filesize >= 1024) ? phpbb::$user->lang['KIB'] : phpbb::$user->lang['BYTES']);
847 $max_filesize = get_formatted_filesize($this->max_filesize, false);
848
849 $error = sprintf(phpbb::$user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
850 break;
851
852 case 3:
853 $error = phpbb::$user->lang[$this->error_prefix . 'PARTIAL_UPLOAD'];
854 break;
855
856 case 4:
857 $error = phpbb::$user->lang[$this->error_prefix . 'NOT_UPLOADED'];
858 break;
859
860 case 6:
861 $error = 'Temporary folder could not be found. Please check your PHP installation.';
862 break;
863
864 default:
865 $error = false;
866 break;
867 }
868
869 return $error;
870 }
871
872 /**
873 * Perform common checks
874 */
875 function common_checks(&$file)
876 {
877 // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
878 if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
879 {
880 $size_lang = ($this->max_filesize >= 1048576) ? phpbb::$user->lang['MIB'] : (($this->max_filesize >= 1024) ? phpbb::$user->lang['KIB'] : phpbb::$user->lang['BYTES']);
881 $max_filesize = get_formatted_filesize($this->max_filesize, false);
882
883 $file->error[] = sprintf(phpbb::$user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
884 }
885
886 // check Filename
887 if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname')))
888 {
889 $file->error[] = sprintf(phpbb::$user->lang[$this->error_prefix . 'INVALID_FILENAME'], $file->get('realname'));
890 }
891
892 // Invalid Extension
893 if (!$this->valid_extension($file))
894 {
895 $file->error[] = sprintf(phpbb::$user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));
896 }
897
898 // MIME Sniffing
899 if (!$this->valid_content($file))
900 {
901 $file->error[] = sprintf(phpbb::$user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']);
902 }
903 }
904
905 /**
906 * Check for allowed extension
907 */
908 function valid_extension(&$file)
909 {
910 return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false;
911 }
912
913 /**
914 * Check for allowed dimension
915 */
916 function valid_dimensions(&$file)
917 {
918 if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height)
919 {
920 return true;
921 }
922
923 if (($file->get('width') > $this->max_width && $this->max_width) ||
924 ($file->get('height') > $this->max_height && $this->max_height) ||
925 ($file->get('width') < $this->min_width && $this->min_width) ||
926 ($file->get('height') < $this->min_height && $this->min_height))
927 {
928 return false;
929 }
930
931 return true;
932 }
933
934 /**
935 * Check if form upload is valid
936 */
937 function is_valid($form_name)
938 {
939 return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
940 }
941
942
943 /**
944 * Check for allowed extension
945 */
946 function valid_content(&$file)
947 {
948 return ($file->check_content($this->disallowed_content));
949 }
950
951 /**
952 * Return image type/extension mapping
953 */
954 function image_types()
955 {
956 return array(
957 1 => array('gif'),
958 2 => array('jpg', 'jpeg'),
959 3 => array('png'),
960 4 => array('swf'),
961 5 => array('psd'),
962 6 => array('bmp'),
963 7 => array('tif', 'tiff'),
964 8 => array('tif', 'tiff'),
965 9 => array('jpg', 'jpeg'),
966 10 => array('jpg', 'jpeg'),
967 11 => array('jpg', 'jpeg'),
968 12 => array('jpg', 'jpeg'),
969 13 => array('swc'),
970 14 => array('iff'),
971 15 => array('wbmp'),
972 16 => array('xbm'),
973 );
974 }
975 }
976
977 ?>
phpbb is a php-based BBS (buletin board system)