search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
(a little test for later merges)
[phpbb.git] / phpBB / includes / functions_upload.php
blob054af2904518a3fe4653b670bd7c5b3e55e07b52
1 <?php
2 /**
3 *
4 * @package phpBB3
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * @ignore
13 */
14 if (!defined('IN_PHPBB'))
15 {
16 exit;
17 }
18
19 /**
20 * Responsible for holding all file relevant information, as well as doing file-specific operations.
21 * The {@link fileupload fileupload class} can be used to upload several files, each of them being this object to operate further on.
22 * @package phpBB3
23 */
24 class filespec
25 {
26 var $filename = '';
27 var $realname = '';
28 var $uploadname = '';
29 var $mimetype = '';
30 var $extension = '';
31 var $filesize = 0;
32 var $width = 0;
33 var $height = 0;
34 var $image_info = array();
35
36 var $destination_file = '';
37 var $destination_path = '';
38
39 var $file_moved = false;
40 var $init_error = false;
41 var $local = false;
42
43 var $error = array();
44
45 var $upload = '';
46
47 /**
48 * File Class
49 * @access private
50 */
51 function filespec($upload_ary, $upload_namespace)
52 {
53 if (!isset($upload_ary))
54 {
55 $this->init_error = true;
56 return;
57 }
58
59 $this->filename = $upload_ary['tmp_name'];
60 $this->filesize = $upload_ary['size'];
61 $name = trim(utf8_htmlspecialchars(utf8_basename($upload_ary['name'])));
62 $this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
63 $this->mimetype = $upload_ary['type'];
64
65 // Opera adds the name to the mime type
66 $this->mimetype = (strpos($this->mimetype, '; name') !== false) ? str_replace(strstr($this->mimetype, '; name'), '', $this->mimetype) : $this->mimetype;
67
68 if (!$this->mimetype)
69 {
70 $this->mimetype = 'application/octetstream';
71 }
72
73 $this->extension = strtolower($this->get_extension($this->realname));
74
75 // Try to get real filesize from temporary folder (not always working) ;)
76 $this->filesize = (@filesize($this->filename)) ? @filesize($this->filename) : $this->filesize;
77
78 $this->width = $this->height = 0;
79 $this->file_moved = false;
80
81 $this->local = (isset($upload_ary['local_mode'])) ? true : false;
82 $this->upload = $upload_namespace;
83 }
84
85 /**
86 * Cleans destination filename
87 *
88 * @param real|unique|unique_ext $mode real creates a realname, filtering some characters, lowering every character. Unique creates an unique filename
89 * @param string $prefix Prefix applied to filename
90 * @access public
91 */
92 function clean_filename($mode = 'unique', $prefix = '', $user_id = '')
93 {
94 if ($this->init_error)
95 {
96 return;
97 }
98
99 switch ($mode)
100 {
101 case 'real':
102 // Remove every extension from filename (to not let the mime bug being exposed)
103 if (strpos($this->realname, '.') !== false)
104 {
105 $this->realname = substr($this->realname, 0, strpos($this->realname, '.'));
106 }
107
108 // Replace any chars which may cause us problems with _
109 $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
110
111 $this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname)));
112 $this->realname = preg_replace("/%(\w{2})/", '_', $this->realname);
113
114 $this->realname = $prefix . $this->realname . '.' . $this->extension;
115 break;
116
117 case 'unique':
118 $this->realname = $prefix . md5(unique_id());
119 break;
120
121 case 'avatar':
122 $this->extension = strtolower($this->extension);
123 $this->realname = $prefix . $user_id . '.' . $this->extension;
124
125 break;
126
127 case 'unique_ext':
128 default:
129 $this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
130 break;
131 }
132 }
133
134 /**
135 * Get property from file object
136 */
137 function get($property)
138 {
139 if ($this->init_error || !isset($this->$property))
140 {
141 return false;
142 }
143
144 return $this->$property;
145 }
146
147 /**
148 * Check if file is an image (mimetype)
149 *
150 * @return true if it is an image, false if not
151 */
152 function is_image()
153 {
154 return (strpos($this->mimetype, 'image/') !== false) ? true : false;
155 }
156
157 /**
158 * Check if the file got correctly uploaded
159 *
160 * @return true if it is a valid upload, false if not
161 */
162 function is_uploaded()
163 {
164 if (!$this->local && !is_uploaded_file($this->filename))
165 {
166 return false;
167 }
168
169 if ($this->local && !file_exists($this->filename))
170 {
171 return false;
172 }
173
174 return true;
175 }
176
177 /**
178 * Remove file
179 */
180 function remove()
181 {
182 if ($this->file_moved)
183 {
184 @unlink($this->destination_file);
185 }
186 }
187
188 /**
189 * Get file extension
190 */
191 function get_extension($filename)
192 {
193 if (strpos($filename, '.') === false)
194 {
195 return '';
196 }
197
198 $filename = explode('.', $filename);
199 return array_pop($filename);
200 }
201
202 /**
203 * Get mimetype. Utilize mime_content_type if the function exist.
204 * Not used at the moment...
205 */
206 function get_mimetype($filename)
207 {
208 $mimetype = '';
209
210 if (function_exists('mime_content_type'))
211 {
212 $mimetype = mime_content_type($filename);
213 }
214
215 // Some browsers choke on a mimetype of application/octet-stream
216 if (!$mimetype || $mimetype == 'application/octet-stream')
217 {
218 $mimetype = 'application/octetstream';
219 }
220
221 return $mimetype;
222 }
223
224 /**
225 * Get filesize
226 */
227 function get_filesize($filename)
228 {
229 return @filesize($filename);
230 }
231
232
233 /**
234 * Check the first 256 bytes for forbidden content
235 */
236 function check_content($disallowed_content)
237 {
238 if (empty($disallowed_content))
239 {
240 return true;
241 }
242
243 $fp = @fopen($this->filename, 'rb');
244
245 if ($fp !== false)
246 {
247 $ie_mime_relevant = fread($fp, 256);
248 fclose($fp);
249 foreach ($disallowed_content as $forbidden)
250 {
251 if (stripos($ie_mime_relevant, '<' . $forbidden) !== false)
252 {
253 return false;
254 }
255 }
256 }
257 return true;
258 }
259
260 /**
261 * Move file to destination folder
262 * The phpbb_root_path variable will be applied to the destination path
263 *
264 * @param string $destination_path Destination path, for example $config['avatar_path']
265 * @param bool $overwrite If set to true, an already existing file will be overwritten
266 * @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here reflects the mode defined by {@link phpbb_chmod()}
267 *
268 * @access public
269 */
270 function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false)
271 {
272 global $user, $phpbb_root_path;
273
274 if (sizeof($this->error))
275 {
276 return false;
277 }
278
279 $chmod = ($chmod === false) ? CHMOD_READ | CHMOD_WRITE : $chmod;
280
281 // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
282 $this->destination_path = $phpbb_root_path . $destination;
283
284 // Check if the destination path exist...
285 if (!file_exists($this->destination_path))
286 {
287 @unlink($this->filename);
288 return false;
289 }
290
291 $upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
292 $upload_mode = ($this->local) ? 'local' : $upload_mode;
293 $this->destination_file = $this->destination_path . '/' . utf8_basename($this->realname);
294
295 // Check if the file already exist, else there is something wrong...
296 if (file_exists($this->destination_file) && !$overwrite)
297 {
298 @unlink($this->filename);
299 }
300 else
301 {
302 if (file_exists($this->destination_file))
303 {
304 @unlink($this->destination_file);
305 }
306
307 switch ($upload_mode)
308 {
309 case 'copy':
310
311 if (!@copy($this->filename, $this->destination_file))
312 {
313 if (!@move_uploaded_file($this->filename, $this->destination_file))
314 {
315 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
316 }
317 }
318
319 break;
320
321 case 'move':
322
323 if (!@move_uploaded_file($this->filename, $this->destination_file))
324 {
325 if (!@copy($this->filename, $this->destination_file))
326 {
327 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
328 }
329 }
330
331 break;
332
333 case 'local':
334
335 if (!@copy($this->filename, $this->destination_file))
336 {
337 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
338 }
339
340 break;
341 }
342
343 // Remove temporary filename
344 @unlink($this->filename);
345
346 if (sizeof($this->error))
347 {
348 return false;
349 }
350
351 phpbb_chmod($this->destination_file, $chmod);
352 }
353
354 // Try to get real filesize from destination folder
355 $this->filesize = (@filesize($this->destination_file)) ? @filesize($this->destination_file) : $this->filesize;
356
357 if ($this->is_image() && !$skip_image_check)
358 {
359 $this->width = $this->height = 0;
360
361 if (($this->image_info = @getimagesize($this->destination_file)) !== false)
362 {
363 $this->width = $this->image_info[0];
364 $this->height = $this->image_info[1];
365
366 if (!empty($this->image_info['mime']))
367 {
368 $this->mimetype = $this->image_info['mime'];
369 }
370
371 // Check image type
372 $types = $this->upload->image_types();
373
374 if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]]))
375 {
376 if (!isset($types[$this->image_info[2]]))
377 {
378 $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype);
379 }
380 else
381 {
382 $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension);
383 }
384 }
385
386 // Make sure the dimensions match a valid image
387 if (empty($this->width) || empty($this->height))
388 {
389 $this->error[] = $user->lang['ATTACHED_IMAGE_NOT_IMAGE'];
390 }
391 }
392 else
393 {
394 $this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
395 }
396 }
397
398 $this->file_moved = true;
399 $this->additional_checks();
400 unset($this->upload);
401
402 return true;
403 }
404
405 /**
406 * Performing additional checks
407 */
408 function additional_checks()
409 {
410 global $user;
411
412 if (!$this->file_moved)
413 {
414 return false;
415 }
416
417 // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
418 if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
419 {
420 $max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
421
422 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);
423
424 return false;
425 }
426
427 if (!$this->upload->valid_dimensions($this))
428 {
429 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_SIZE'], $this->upload->min_width, $this->upload->min_height, $this->upload->max_width, $this->upload->max_height, $this->width, $this->height);
430
431 return false;
432 }
433
434 return true;
435 }
436 }
437
438 /**
439 * Class for assigning error messages before a real filespec class can be assigned
440 *
441 * @package phpBB3
442 */
443 class fileerror extends filespec
444 {
445 function fileerror($error_msg)
446 {
447 $this->error[] = $error_msg;
448 }
449 }
450
451 /**
452 * File upload class
453 * Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads
454 *
455 * @package phpBB3
456 */
457 class fileupload
458 {
459 var $allowed_extensions = array();
460 var $disallowed_content = array();
461 var $max_filesize = 0;
462 var $min_width = 0;
463 var $min_height = 0;
464 var $max_width = 0;
465 var $max_height = 0;
466 var $error_prefix = '';
467
468 /**
469 * Init file upload class.
470 *
471 * @param string $error_prefix Used error messages will get prefixed by this string
472 * @param array $allowed_extensions Array of allowed extensions, for example array('jpg', 'jpeg', 'gif', 'png')
473 * @param int $max_filesize Maximum filesize
474 * @param int $min_width Minimum image width (only checked for images)
475 * @param int $min_height Minimum image height (only checked for images)
476 * @param int $max_width Maximum image width (only checked for images)
477 * @param int $max_height Maximum image height (only checked for images)
478 *
479 */
480 function fileupload($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false)
481 {
482 $this->set_allowed_extensions($allowed_extensions);
483 $this->set_max_filesize($max_filesize);
484 $this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height);
485 $this->set_error_prefix($error_prefix);
486 $this->set_disallowed_content($disallowed_content);
487 }
488
489 /**
490 * Reset vars
491 */
492 function reset_vars()
493 {
494 $this->max_filesize = 0;
495 $this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
496 $this->error_prefix = '';
497 $this->allowed_extensions = array();
498 $this->disallowed_content = array();
499 }
500
501 /**
502 * Set allowed extensions
503 */
504 function set_allowed_extensions($allowed_extensions)
505 {
506 if ($allowed_extensions !== false && is_array($allowed_extensions))
507 {
508 $this->allowed_extensions = $allowed_extensions;
509 }
510 }
511
512 /**
513 * Set allowed dimensions
514 */
515 function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height)
516 {
517 $this->min_width = (int) $min_width;
518 $this->min_height = (int) $min_height;
519 $this->max_width = (int) $max_width;
520 $this->max_height = (int) $max_height;
521 }
522
523 /**
524 * Set maximum allowed filesize
525 */
526 function set_max_filesize($max_filesize)
527 {
528 if ($max_filesize !== false && (int) $max_filesize)
529 {
530 $this->max_filesize = (int) $max_filesize;
531 }
532 }
533
534 /**
535 * Set disallowed strings
536 */
537 function set_disallowed_content($disallowed_content)
538 {
539 if ($disallowed_content !== false && is_array($disallowed_content))
540 {
541 $this->disallowed_content = $disallowed_content;
542 }
543 }
544
545 /**
546 * Set error prefix
547 */
548 function set_error_prefix($error_prefix)
549 {
550 $this->error_prefix = $error_prefix;
551 }
552
553 /**
554 * Form upload method
555 * Upload file from users harddisk
556 *
557 * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified)
558 * @return object $file Object "filespec" is returned, all further operations can be done with this object
559 * @access public
560 */
561 function form_upload($form_name)
562 {
563 global $user;
564
565 unset($_FILES[$form_name]['local_mode']);
566 $file = new filespec($_FILES[$form_name], $this);
567
568 if ($file->init_error)
569 {
570 $file->error[] = '';
571 return $file;
572 }
573
574 // Error array filled?
575 if (isset($_FILES[$form_name]['error']))
576 {
577 $error = $this->assign_internal_error($_FILES[$form_name]['error']);
578
579 if ($error !== false)
580 {
581 $file->error[] = $error;
582 return $file;
583 }
584 }
585
586 // Check if empty file got uploaded (not catched by is_uploaded_file)
587 if (isset($_FILES[$form_name]['size']) && $_FILES[$form_name]['size'] == 0)
588 {
589 $file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD'];
590 return $file;
591 }
592
593 // PHP Upload filesize exceeded
594 if ($file->get('filename') == 'none')
595 {
596 $max_filesize = @ini_get('upload_max_filesize');
597 $unit = 'MB';
598
599 if (!empty($max_filesize))
600 {
601 $unit = strtolower(substr($max_filesize, -1, 1));
602 $max_filesize = (int) $max_filesize;
603
604 $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
605 }
606
607 $file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);
608 return $file;
609 }
610
611 // Not correctly uploaded
612 if (!$file->is_uploaded())
613 {
614 $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
615 return $file;
616 }
617
618 $this->common_checks($file);
619
620 return $file;
621 }
622
623 /**
624 * Move file from another location to phpBB
625 */
626 function local_upload($source_file, $filedata = false)
627 {
628 global $user;
629
630 $form_name = 'local';
631
632 $_FILES[$form_name]['local_mode'] = true;
633 $_FILES[$form_name]['tmp_name'] = $source_file;
634
635 if ($filedata === false)
636 {
637 $_FILES[$form_name]['name'] = utf8_basename($source_file);
638 $_FILES[$form_name]['size'] = 0;
639 $mimetype = '';
640
641 if (function_exists('mime_content_type'))
642 {
643 $mimetype = mime_content_type($source_file);
644 }
645
646 // Some browsers choke on a mimetype of application/octet-stream
647 if (!$mimetype || $mimetype == 'application/octet-stream')
648 {
649 $mimetype = 'application/octetstream';
650 }
651
652 $_FILES[$form_name]['type'] = $mimetype;
653 }
654 else
655 {
656 $_FILES[$form_name]['name'] = $filedata['realname'];
657 $_FILES[$form_name]['size'] = $filedata['size'];
658 $_FILES[$form_name]['type'] = $filedata['type'];
659 }
660
661 $file = new filespec($_FILES[$form_name], $this);
662
663 if ($file->init_error)
664 {
665 $file->error[] = '';
666 return $file;
667 }
668
669 if (isset($_FILES[$form_name]['error']))
670 {
671 $error = $this->assign_internal_error($_FILES[$form_name]['error']);
672
673 if ($error !== false)
674 {
675 $file->error[] = $error;
676 return $file;
677 }
678 }
679
680 // PHP Upload filesize exceeded
681 if ($file->get('filename') == 'none')
682 {
683 $max_filesize = @ini_get('upload_max_filesize');
684 $unit = 'MB';
685
686 if (!empty($max_filesize))
687 {
688 $unit = strtolower(substr($max_filesize, -1, 1));
689 $max_filesize = (int) $max_filesize;
690
691 $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
692 }
693
694 $file->error[] = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);
695 return $file;
696 }
697
698 // Not correctly uploaded
699 if (!$file->is_uploaded())
700 {
701 $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
702 return $file;
703 }
704
705 $this->common_checks($file);
706
707 return $file;
708 }
709
710 /**
711 * Remote upload method
712 * Uploads file from given url
713 *
714 * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif
715 * @return object $file Object "filespec" is returned, all further operations can be done with this object
716 * @access public
717 */
718 function remote_upload($upload_url)
719 {
720 global $user, $phpbb_root_path;
721
722 $upload_ary = array();
723 $upload_ary['local_mode'] = true;
724
725 if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match))
726 {
727 $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']);
728 return $file;
729 }
730
731 if (empty($match[2]))
732 {
733 $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']);
734 return $file;
735 }
736
737 $url = parse_url($upload_url);
738
739 $host = $url['host'];
740 $path = $url['path'];
741 $port = (!empty($url['port'])) ? (int) $url['port'] : 80;
742
743 $upload_ary['type'] = 'application/octet-stream';
744
745 $url['path'] = explode('.', $url['path']);
746 $ext = array_pop($url['path']);
747
748 $url['path'] = implode('', $url['path']);
749 $upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : '');
750 $filename = $url['path'];
751 $filesize = 0;
752
753 $errno = 0;
754 $errstr = '';
755
756 if (!($fsock = @fsockopen($host, $port, $errno, $errstr)))
757 {
758 $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']);
759 return $file;
760 }
761
762 // Make sure $path not beginning with /
763 if (strpos($path, '/') === 0)
764 {
765 $path = substr($path, 1);
766 }
767
768 fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
769 fputs($fsock, "HOST: " . $host . "\r\n");
770 fputs($fsock, "Connection: close\r\n\r\n");
771
772 $get_info = false;
773 $data = '';
774 while (!@feof($fsock))
775 {
776 if ($get_info)
777 {
778 $data .= @fread($fsock, 1024);
779 }
780 else
781 {
782 $line = @fgets($fsock, 1024);
783
784 if ($line == "\r\n")
785 {
786 $get_info = true;
787 }
788 else
789 {
790 if (stripos($line, 'content-type: ') !== false)
791 {
792 $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
793 }
794 else if (stripos($line, '404 not found') !== false)
795 {
796 $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']);
797 return $file;
798 }
799 }
800 }
801 }
802 @fclose($fsock);
803
804 if (empty($data))
805 {
806 $file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']);
807 return $file;
808 }
809
810 $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache';
811 $filename = tempnam($tmp_path, unique_id() . '-');
812
813 if (!($fp = @fopen($filename, 'wb')))
814 {
815 $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']);
816 return $file;
817 }
818
819 $upload_ary['size'] = fwrite($fp, $data);
820 fclose($fp);
821 unset($data);
822
823 $upload_ary['tmp_name'] = $filename;
824
825 $file = new filespec($upload_ary, $this);
826 $this->common_checks($file);
827
828 return $file;
829 }
830
831 /**
832 * Assign internal error
833 * @access private
834 */
835 function assign_internal_error($errorcode)
836 {
837 global $user;
838
839 switch ($errorcode)
840 {
841 case 1:
842 $max_filesize = @ini_get('upload_max_filesize');
843 $unit = 'MB';
844
845 if (!empty($max_filesize))
846 {
847 $unit = strtolower(substr($max_filesize, -1, 1));
848 $max_filesize = (int) $max_filesize;
849
850 $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
851 }
852
853 $error = (empty($max_filesize)) ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], $max_filesize, $user->lang[$unit]);
854 break;
855
856 case 2:
857 $max_filesize = get_formatted_filesize($this->max_filesize, false);
858
859 $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);
860 break;
861
862 case 3:
863 $error = $user->lang[$this->error_prefix . 'PARTIAL_UPLOAD'];
864 break;
865
866 case 4:
867 $error = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
868 break;
869
870 case 6:
871 $error = 'Temporary folder could not be found. Please check your PHP installation.';
872 break;
873
874 default:
875 $error = false;
876 break;
877 }
878
879 return $error;
880 }
881
882 /**
883 * Perform common checks
884 */
885 function common_checks(&$file)
886 {
887 global $user;
888
889 // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
890 if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
891 {
892 $max_filesize = get_formatted_filesize($this->max_filesize, false);
893
894 $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']);
895 }
896
897 // check Filename
898 if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname')))
899 {
900 $file->error[] = sprintf($user->lang[$this->error_prefix . 'INVALID_FILENAME'], $file->get('realname'));
901 }
902
903 // Invalid Extension
904 if (!$this->valid_extension($file))
905 {
906 $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));
907 }
908
909 // MIME Sniffing
910 if (!$this->valid_content($file))
911 {
912 $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']);
913 }
914 }
915
916 /**
917 * Check for allowed extension
918 */
919 function valid_extension(&$file)
920 {
921 return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false;
922 }
923
924 /**
925 * Check for allowed dimension
926 */
927 function valid_dimensions(&$file)
928 {
929 if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height)
930 {
931 return true;
932 }
933
934 if (($file->get('width') > $this->max_width && $this->max_width) ||
935 ($file->get('height') > $this->max_height && $this->max_height) ||
936 ($file->get('width') < $this->min_width && $this->min_width) ||
937 ($file->get('height') < $this->min_height && $this->min_height))
938 {
939 return false;
940 }
941
942 return true;
943 }
944
945 /**
946 * Check if form upload is valid
947 */
948 function is_valid($form_name)
949 {
950 return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
951 }
952
953
954 /**
955 * Check for allowed extension
956 */
957 function valid_content(&$file)
958 {
959 return ($file->check_content($this->disallowed_content));
960 }
961
962 /**
963 * Return image type/extension mapping
964 */
965 function image_types()
966 {
967 return array(
968 1 => array('gif'),
969 2 => array('jpg', 'jpeg'),
970 3 => array('png'),
971 4 => array('swf'),
972 5 => array('psd'),
973 6 => array('bmp'),
974 7 => array('tif', 'tiff'),
975 8 => array('tif', 'tiff'),
976 9 => array('jpg', 'jpeg'),
977 10 => array('jpg', 'jpeg'),
978 11 => array('jpg', 'jpeg'),
979 12 => array('jpg', 'jpeg'),
980 13 => array('swc'),
981 14 => array('iff'),
982 15 => array('wbmp'),
983 16 => array('xbm'),
984 );
985 }
986 }
987
988 ?>
phpbb is a php-based BBS (buletin board system)