search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add some properties
[phpbb.git] / phpBB / includes / functions_upload.php
blob142ec1537a27d5113bc520c05a7743d9d444e5dd
1 <?php
2 /**
3 *
4 * @package phpBB3
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * @ignore
13 */
14 if (!defined('IN_PHPBB'))
15 {
16 exit;
17 }
18
19 /**
20 * Responsible for holding all file relevant information, as well as doing file-specific operations.
21 * The {@link fileupload fileupload class} can be used to upload several files, each of them being this object to operate further on.
22 * @package phpBB3
23 */
24 class filespec
25 {
26 var $filename = '';
27 var $realname = '';
28 var $uploadname = '';
29 var $mimetype = '';
30 var $extension = '';
31 var $filesize = 0;
32 var $width = 0;
33 var $height = 0;
34 var $image_info = array();
35
36 var $destination_file = '';
37 var $destination_path = '';
38
39 var $file_moved = false;
40 var $init_error = false;
41 var $local = false;
42
43 var $error = array();
44
45 var $upload = '';
46
47 /**
48 * File Class
49 * @access private
50 */
51 function __construct($upload_ary, $upload_namespace)
52 {
53 if (!isset($upload_ary))
54 {
55 $this->init_error = true;
56 return;
57 }
58
59 $this->filename = $upload_ary['tmp_name'];
60 $this->filesize = $upload_ary['size'];
61 $name = trim(htmlspecialchars(basename($upload_ary['name'])));
62 $this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
63 $this->mimetype = $upload_ary['type'];
64
65 // Opera adds the name to the mime type
66 $this->mimetype = (strpos($this->mimetype, '; name') !== false) ? str_replace(strstr($this->mimetype, '; name'), '', $this->mimetype) : $this->mimetype;
67
68 if (!$this->mimetype)
69 {
70 $this->mimetype = 'application/octetstream';
71 }
72
73 $this->extension = strtolower($this->get_extension($this->realname));
74
75 // Try to get real filesize from temporary folder (not always working) ;)
76 $this->filesize = (@filesize($this->filename)) ? @filesize($this->filename) : $this->filesize;
77
78 $this->width = $this->height = 0;
79 $this->file_moved = false;
80
81 $this->local = (isset($upload_ary['local_mode'])) ? true : false;
82 $this->upload = $upload_namespace;
83 }
84
85 /**
86 * Cleans destination filename
87 *
88 * @param real|unique|unique_ext $mode real creates a realname, filtering some characters, lowering every character. Unique creates an unique filename
89 * @param string $prefix Prefix applied to filename
90 * @access public
91 */
92 function clean_filename($mode = 'unique', $prefix = '', $user_id = '')
93 {
94 if ($this->init_error)
95 {
96 return;
97 }
98
99 switch ($mode)
100 {
101 case 'real':
102 // Remove every extension from filename (to not let the mime bug being exposed)
103 if (strpos($this->realname, '.') !== false)
104 {
105 $this->realname = substr($this->realname, 0, strpos($this->realname, '.'));
106 }
107
108 // Replace any chars which may cause us problems with _
109 $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
110
111 $this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname)));
112 $this->realname = preg_replace("/%(\w{2})/", '_', $this->realname);
113
114 $this->realname = $prefix . $this->realname . '.' . $this->extension;
115 break;
116
117 case 'unique':
118 $this->realname = $prefix . md5(unique_id());
119 break;
120
121 case 'avatar':
122 $this->extension = strtolower($this->extension);
123 $this->realname = $prefix . $user_id . '.' . $this->extension;
124
125 break;
126
127 case 'unique_ext':
128 default:
129 $this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
130 break;
131 }
132 }
133
134 /**
135 * Get property from file object
136 */
137 function get($property)
138 {
139 if ($this->init_error || !isset($this->$property))
140 {
141 return false;
142 }
143
144 return $this->$property;
145 }
146
147 /**
148 * Check if file is an image (mimetype)
149 *
150 * @return true if it is an image, false if not
151 */
152 function is_image()
153 {
154 return (strpos($this->mimetype, 'image/') !== false) ? true : false;
155 }
156
157 /**
158 * Check if the file got correctly uploaded
159 *
160 * @return true if it is a valid upload, false if not
161 */
162 function is_uploaded()
163 {
164 if (!$this->local && !is_uploaded_file($this->filename))
165 {
166 return false;
167 }
168
169 if ($this->local && !file_exists($this->filename))
170 {
171 return false;
172 }
173
174 return true;
175 }
176
177 /**
178 * Remove file
179 */
180 function remove()
181 {
182 if ($this->file_moved)
183 {
184 @unlink($this->destination_file);
185 }
186 }
187
188 /**
189 * Get file extension
190 */
191 function get_extension($filename)
192 {
193 if (strpos($filename, '.') === false)
194 {
195 return '';
196 }
197
198 $filename = explode('.', $filename);
199 return array_pop($filename);
200 }
201
202 /**
203 * Get mimetype. Utilize mime_content_type if the function exist.
204 * Not used at the moment...
205 */
206 function get_mimetype($filename)
207 {
208 $mimetype = '';
209
210 if (function_exists('mime_content_type'))
211 {
212 $mimetype = mime_content_type($filename);
213 }
214
215 // Some browsers choke on a mimetype of application/octet-stream
216 if (!$mimetype || $mimetype == 'application/octet-stream')
217 {
218 $mimetype = 'application/octetstream';
219 }
220
221 return $mimetype;
222 }
223
224 /**
225 * Get filesize
226 */
227 function get_filesize($filename)
228 {
229 return @filesize($filename);
230 }
231
232
233 /**
234 * Check the first 256 bytes for forbidden content
235 */
236 function check_content($disallowed_content)
237 {
238 if (empty($disallowed_content))
239 {
240 return true;
241 }
242
243 $fp = @fopen($this->filename, 'rb');
244
245 if ($fp !== false)
246 {
247 $ie_mime_relevant = fread($fp, 256);
248 fclose($fp);
249 foreach ($disallowed_content as $forbidden)
250 {
251 if (stripos($ie_mime_relevant, '<' . $forbidden) !== false)
252 {
253 return false;
254 }
255 }
256 }
257 return true;
258 }
259
260 /**
261 * Move file to destination folder
262 * The phpbb_root_path variable will be applied to the destination path
263 *
264 * @param string $destination_path Destination path, for example phpbb::$config['avatar_path']
265 * @param bool $overwrite If set to true, an already existing file will be overwritten
266 * @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here is the octal permission mask.
267 *
268 * @access public
269 */
270 function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false)
271 {
272 global $user;
273
274 if (sizeof($this->error))
275 {
276 return false;
277 }
278
279 $chmod = ($chmod === false) ? phpbb::CHMOD_READ | phpbb::CHMOD_WRITE : $chmod;
280
281 // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
282 $this->destination_path = PHPBB_ROOT_PATH . $destination;
283
284 // Check if the destination path exist...
285 if (!file_exists($this->destination_path))
286 {
287 @unlink($this->filename);
288 return false;
289 }
290
291 $upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
292 $upload_mode = ($this->local) ? 'local' : $upload_mode;
293 $this->destination_file = $this->destination_path . '/' . basename($this->realname);
294
295 // Check if the file already exist, else there is something wrong...
296 if (file_exists($this->destination_file) && !$overwrite)
297 {
298 @unlink($this->filename);
299 }
300 else
301 {
302 if (file_exists($this->destination_file))
303 {
304 @unlink($this->destination_file);
305 }
306
307 switch ($upload_mode)
308 {
309 case 'copy':
310
311 if (!@copy($this->filename, $this->destination_file))
312 {
313 if (!@move_uploaded_file($this->filename, $this->destination_file))
314 {
315 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
316 return false;
317 }
318 }
319
320 @unlink($this->filename);
321
322 break;
323
324 case 'move':
325
326 if (!@move_uploaded_file($this->filename, $this->destination_file))
327 {
328 if (!@copy($this->filename, $this->destination_file))
329 {
330 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
331 return false;
332 }
333 }
334
335 @unlink($this->filename);
336
337 break;
338
339 case 'local':
340
341 if (!@copy($this->filename, $this->destination_file))
342 {
343 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR'], $this->destination_file);
344 return false;
345 }
346 @unlink($this->filename);
347
348 break;
349 }
350
351 phpbb::$system->chmod($this->destination_file, $chmod);
352 }
353
354 // Try to get real filesize from destination folder
355 $this->filesize = (@filesize($this->destination_file)) ? @filesize($this->destination_file) : $this->filesize;
356
357 if ($this->is_image() && !$skip_image_check)
358 {
359 $this->width = $this->height = 0;
360
361 if (($this->image_info = @getimagesize($this->destination_file)) !== false)
362 {
363 $this->width = $this->image_info[0];
364 $this->height = $this->image_info[1];
365
366 if (!empty($this->image_info['mime']))
367 {
368 $this->mimetype = $this->image_info['mime'];
369 }
370
371 // Check image type
372 $types = $this->upload->image_types();
373
374 if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]]))
375 {
376 if (!isset($types[$this->image_info[2]]))
377 {
378 $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype);
379 }
380 else
381 {
382 $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension);
383 }
384 }
385
386 // Make sure the dimensions match a valid image
387 if (empty($this->width) || empty($this->height))
388 {
389 $this->error[] = $user->lang['ATTACHED_IMAGE_NOT_IMAGE'];
390 }
391 }
392 else
393 {
394 $this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
395 }
396 }
397
398 $this->file_moved = true;
399 $this->additional_checks();
400 unset($this->upload);
401
402 return true;
403 }
404
405 /**
406 * Performing additional checks
407 */
408 function additional_checks()
409 {
410 global $user;
411
412 if (!$this->file_moved)
413 {
414 return false;
415 }
416
417 // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
418 if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
419 {
420 $size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES'] );
421 $max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
422
423 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
424
425 return false;
426 }
427
428 if (!$this->upload->valid_dimensions($this))
429 {
430 $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_SIZE'], $this->upload->min_width, $this->upload->min_height, $this->upload->max_width, $this->upload->max_height, $this->width, $this->height);
431
432 return false;
433 }
434
435 return true;
436 }
437 }
438
439 /**
440 * Class for assigning error messages before a real filespec class can be assigned
441 *
442 * @package phpBB3
443 */
444 class fileerror extends filespec
445 {
446 function fileerror($error_msg)
447 {
448 $this->error[] = $error_msg;
449 }
450 }
451
452 /**
453 * File upload class
454 * Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads
455 *
456 * @package phpBB3
457 */
458 class fileupload
459 {
460 var $allowed_extensions = array();
461 var $disallowed_content = array();
462 var $max_filesize = 0;
463 var $min_width = 0;
464 var $min_height = 0;
465 var $max_width = 0;
466 var $max_height = 0;
467 var $error_prefix = '';
468
469 /**
470 * Init file upload class.
471 *
472 * @param string $error_prefix Used error messages will get prefixed by this string
473 * @param array $allowed_extensions Array of allowed extensions, for example array('jpg', 'jpeg', 'gif', 'png')
474 * @param int $max_filesize Maximum filesize
475 * @param int $min_width Minimum image width (only checked for images)
476 * @param int $min_height Minimum image height (only checked for images)
477 * @param int $max_width Maximum image width (only checked for images)
478 * @param int $max_height Maximum image height (only checked for images)
479 *
480 */
481 function __construct($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false)
482 {
483 $this->set_allowed_extensions($allowed_extensions);
484 $this->set_max_filesize($max_filesize);
485 $this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height);
486 $this->set_error_prefix($error_prefix);
487 $this->set_disallowed_content($disallowed_content);
488 }
489
490 /**
491 * Reset vars
492 */
493 function reset_vars()
494 {
495 $this->max_filesize = 0;
496 $this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
497 $this->error_prefix = '';
498 $this->allowed_extensions = array();
499 $this->disallowed_content = array();
500 }
501
502 /**
503 * Set allowed extensions
504 */
505 function set_allowed_extensions($allowed_extensions)
506 {
507 if ($allowed_extensions !== false && is_array($allowed_extensions))
508 {
509 $this->allowed_extensions = $allowed_extensions;
510 }
511 }
512
513 /**
514 * Set allowed dimensions
515 */
516 function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height)
517 {
518 $this->min_width = (int) $min_width;
519 $this->min_height = (int) $min_height;
520 $this->max_width = (int) $max_width;
521 $this->max_height = (int) $max_height;
522 }
523
524 /**
525 * Set maximum allowed filesize
526 */
527 function set_max_filesize($max_filesize)
528 {
529 if ($max_filesize !== false && (int) $max_filesize)
530 {
531 $this->max_filesize = (int) $max_filesize;
532 }
533 }
534
535 /**
536 * Set disallowed strings
537 */
538 function set_disallowed_content($disallowed_content)
539 {
540 if ($disallowed_content !== false && is_array($disallowed_content))
541 {
542 $this->disallowed_content = $disallowed_content;
543 }
544 }
545
546 /**
547 * Set error prefix
548 */
549 function set_error_prefix($error_prefix)
550 {
551 $this->error_prefix = $error_prefix;
552 }
553
554 /**
555 * Form upload method
556 * Upload file from users harddisk
557 *
558 * @param string $form_name Form name assigned to the file input field (if it is an array, the key has to be specified)
559 * @return object $file Object "filespec" is returned, all further operations can be done with this object
560 * @access public
561 */
562 function form_upload($form_name)
563 {
564 global $user;
565
566 unset($_FILES[$form_name]['local_mode']);
567 $file = new filespec($_FILES[$form_name], $this);
568
569 if ($file->init_error)
570 {
571 $file->error[] = '';
572 return $file;
573 }
574
575 // Error array filled?
576 if (isset($_FILES[$form_name]['error']))
577 {
578 $error = $this->assign_internal_error($_FILES[$form_name]['error']);
579
580 if ($error !== false)
581 {
582 $file->error[] = $error;
583 return $file;
584 }
585 }
586
587 // Check if empty file got uploaded (not catched by is_uploaded_file)
588 if (isset($_FILES[$form_name]['size']) && $_FILES[$form_name]['size'] == 0)
589 {
590 $file->error[] = $user->lang[$this->error_prefix . 'EMPTY_FILEUPLOAD'];
591 return $file;
592 }
593
594 // PHP Upload filesize exceeded
595 if ($file->get('filename') == 'none')
596 {
597 $file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
598 return $file;
599 }
600
601 // Not correctly uploaded
602 if (!$file->is_uploaded())
603 {
604 $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
605 return $file;
606 }
607
608 $this->common_checks($file);
609
610 return $file;
611 }
612
613 /**
614 * Move file from another location to phpBB
615 */
616 function local_upload($source_file, $filedata = false)
617 {
618 global $user;
619
620 $form_name = 'local';
621
622 $_FILES[$form_name]['local_mode'] = true;
623 $_FILES[$form_name]['tmp_name'] = $source_file;
624
625 if ($filedata === false)
626 {
627 $_FILES[$form_name]['name'] = basename($source_file);
628 $_FILES[$form_name]['size'] = 0;
629 $mimetype = '';
630
631 if (function_exists('mime_content_type'))
632 {
633 $mimetype = mime_content_type($source_file);
634 }
635
636 // Some browsers choke on a mimetype of application/octet-stream
637 if (!$mimetype || $mimetype == 'application/octet-stream')
638 {
639 $mimetype = 'application/octetstream';
640 }
641
642 $_FILES[$form_name]['type'] = $mimetype;
643 }
644 else
645 {
646 $_FILES[$form_name]['name'] = $filedata['realname'];
647 $_FILES[$form_name]['size'] = $filedata['size'];
648 $_FILES[$form_name]['type'] = $filedata['type'];
649 }
650
651 $file = new filespec($_FILES[$form_name], $this);
652
653 if ($file->init_error)
654 {
655 $file->error[] = '';
656 return $file;
657 }
658
659 if (isset($_FILES[$form_name]['error']))
660 {
661 $error = $this->assign_internal_error($_FILES[$form_name]['error']);
662
663 if ($error !== false)
664 {
665 $file->error[] = $error;
666 return $file;
667 }
668 }
669
670 // PHP Upload filesize exceeded
671 if ($file->get('filename') == 'none')
672 {
673 $file->error[] = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
674 return $file;
675 }
676
677 // Not correctly uploaded
678 if (!$file->is_uploaded())
679 {
680 $file->error[] = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
681 return $file;
682 }
683
684 $this->common_checks($file);
685
686 return $file;
687 }
688
689 /**
690 * Remote upload method
691 * Uploads file from given url
692 *
693 * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif
694 * @return object $file Object "filespec" is returned, all further operations can be done with this object
695 * @access public
696 */
697 function remote_upload($upload_url)
698 {
699 global $user;
700
701 $upload_ary = array();
702 $upload_ary['local_mode'] = true;
703
704 if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->allowed_extensions) . ')$#i', $upload_url, $match))
705 {
706 $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']);
707 return $file;
708 }
709
710 if (empty($match[2]))
711 {
712 $file = new fileerror($user->lang[$this->error_prefix . 'URL_INVALID']);
713 return $file;
714 }
715
716 $url = parse_url($upload_url);
717
718 $host = $url['host'];
719 $path = $url['path'];
720 $port = (!empty($url['port'])) ? (int) $url['port'] : 80;
721
722 $upload_ary['type'] = 'application/octet-stream';
723
724 $url['path'] = explode('.', $url['path']);
725 $ext = array_pop($url['path']);
726
727 $url['path'] = implode('', $url['path']);
728 $upload_ary['name'] = basename($url['path']) . (($ext) ? '.' . $ext : '');
729 $filename = $url['path'];
730 $filesize = 0;
731
732 $errno = 0;
733 $errstr = '';
734
735 if (!($fsock = @fsockopen($host, $port, $errno, $errstr)))
736 {
737 $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']);
738 return $file;
739 }
740
741 // Make sure $path not beginning with /
742 if (strpos($path, '/') === 0)
743 {
744 $path = substr($path, 1);
745 }
746
747 fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
748 fputs($fsock, "HOST: " . $host . "\r\n");
749 fputs($fsock, "Connection: close\r\n\r\n");
750
751 $get_info = false;
752 $data = '';
753 while (!@feof($fsock))
754 {
755 if ($get_info)
756 {
757 $data .= @fread($fsock, 1024);
758 }
759 else
760 {
761 $line = @fgets($fsock, 1024);
762
763 if ($line == "\r\n")
764 {
765 $get_info = true;
766 }
767 else
768 {
769 if (stripos($line, 'content-type: ') !== false)
770 {
771 $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
772 }
773 else if (stripos($line, '404 not found') !== false)
774 {
775 $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']);
776 return $file;
777 }
778 }
779 }
780 }
781 @fclose($fsock);
782
783 if (empty($data))
784 {
785 $file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']);
786 return $file;
787 }
788
789 $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : PHPBB_ROOT_PATH . 'cache';
790 $filename = tempnam($tmp_path, unique_id() . '-');
791
792 if (!($fp = @fopen($filename, 'wb')))
793 {
794 $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']);
795 return $file;
796 }
797
798 $upload_ary['size'] = fwrite($fp, $data);
799 fclose($fp);
800 unset($data);
801
802 $upload_ary['tmp_name'] = $filename;
803
804 $file = new filespec($upload_ary, $this);
805 $this->common_checks($file);
806
807 return $file;
808 }
809
810 /**
811 * Assign internal error
812 * @access private
813 */
814 function assign_internal_error($errorcode)
815 {
816 global $user;
817
818 switch ($errorcode)
819 {
820 case 1:
821 $error = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
822 break;
823
824 case 2:
825 $size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
826 $max_filesize = get_formatted_filesize($this->max_filesize, false);
827
828 $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
829 break;
830
831 case 3:
832 $error = $user->lang[$this->error_prefix . 'PARTIAL_UPLOAD'];
833 break;
834
835 case 4:
836 $error = $user->lang[$this->error_prefix . 'NOT_UPLOADED'];
837 break;
838
839 case 6:
840 $error = 'Temporary folder could not be found. Please check your PHP installation.';
841 break;
842
843 default:
844 $error = false;
845 break;
846 }
847
848 return $error;
849 }
850
851 /**
852 * Perform common checks
853 */
854 function common_checks(&$file)
855 {
856 global $user;
857
858 // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
859 if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
860 {
861 $size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
862 $max_filesize = get_formatted_filesize($this->max_filesize, false);
863
864 $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
865 }
866
867 // check Filename
868 if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname')))
869 {
870 $file->error[] = sprintf($user->lang[$this->error_prefix . 'INVALID_FILENAME'], $file->get('realname'));
871 }
872
873 // Invalid Extension
874 if (!$this->valid_extension($file))
875 {
876 $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));
877 }
878
879 // MIME Sniffing
880 if (!$this->valid_content($file))
881 {
882 $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']);
883 }
884 }
885
886 /**
887 * Check for allowed extension
888 */
889 function valid_extension(&$file)
890 {
891 return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false;
892 }
893
894 /**
895 * Check for allowed dimension
896 */
897 function valid_dimensions(&$file)
898 {
899 if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height)
900 {
901 return true;
902 }
903
904 if (($file->get('width') > $this->max_width && $this->max_width) ||
905 ($file->get('height') > $this->max_height && $this->max_height) ||
906 ($file->get('width') < $this->min_width && $this->min_width) ||
907 ($file->get('height') < $this->min_height && $this->min_height))
908 {
909 return false;
910 }
911
912 return true;
913 }
914
915 /**
916 * Check if form upload is valid
917 */
918 function is_valid($form_name)
919 {
920 return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
921 }
922
923
924 /**
925 * Check for allowed extension
926 */
927 function valid_content(&$file)
928 {
929 return ($file->check_content($this->disallowed_content));
930 }
931
932 /**
933 * Return image type/extension mapping
934 */
935 function image_types()
936 {
937 return array(
938 1 => array('gif'),
939 2 => array('jpg', 'jpeg'),
940 3 => array('png'),
941 4 => array('swf'),
942 5 => array('psd'),
943 6 => array('bmp'),
944 7 => array('tif', 'tiff'),
945 8 => array('tif', 'tiff'),
946 9 => array('jpg', 'jpeg'),
947 10 => array('jpg', 'jpeg'),
948 11 => array('jpg', 'jpeg'),
949 12 => array('jpg', 'jpeg'),
950 13 => array('swc'),
951 14 => array('iff'),
952 15 => array('wbmp'),
953 16 => array('xbm'),
954 );
955 }
956 }
957
958 ?>
phpbb is a php-based BBS (buletin board system)