Verzeichnisstruktur phpBB-3.3.15
- Veröffentlicht
- 28.08.2024
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
upload.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\files;
015
016 use phpbb\filesystem\filesystem_interface;
017 use phpbb\language\language;
018 use phpbb\request\request_interface;
019
020 /**
021 * File upload class
022 * Init class (all parameters optional and able to be set/overwritten separately) - scope is global and valid for all uploads
023 */
024 class upload
025 {
026 /** @var array Allowed file extensions */
027 public $allowed_extensions = array();
028
029 /** @var array Disallowed content */
030 protected $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title');
031
032 /** @var int Maximum filesize */
033 public $max_filesize = 0;
034
035 /** @var int Minimum width of images */
036 public $min_width = 0;
037
038 /** @var int Minimum height of images */
039 public $min_height = 0;
040
041 /** @var int Maximum width of images */
042 public $max_width = 0;
043
044 /** @var int Maximum height of images */
045 public $max_height = 0;
046
047 /** @var string Prefix for language variables of errors */
048 public $error_prefix = '';
049
050 /** @var int Timeout for remote upload */
051 public $upload_timeout = 6;
052
053 /** @var filesystem_interface */
054 protected $filesystem;
055
056 /** @var \phpbb\files\factory Files factory */
057 protected $factory;
058
059 /** @var \bantu\IniGetWrapper\IniGetWrapper ini_get() wrapper */
060 protected $php_ini;
061
062 /** @var language Language class */
063 protected $language;
064
065 /** @var request_interface Request class */
066 protected $request;
067
068 /**
069 * Init file upload class.
070 *
071 * @param filesystem_interface $filesystem
072 * @param factory $factory Files factory
073 * @param language $language Language class
074 * @param \bantu\IniGetWrapper\IniGetWrapper $php_ini ini_get() wrapper
075 * @param request_interface $request Request class
076 */
077 public function __construct(filesystem_interface $filesystem, factory $factory, language $language, \bantu\IniGetWrapper\IniGetWrapper $php_ini, request_interface $request)
078 {
079 $this->filesystem = $filesystem;
080 $this->factory = $factory;
081 $this->language = $language;
082 $this->php_ini = $php_ini;
083 $this->request = $request;
084 }
085
086 /**
087 * Reset vars
088 */
089 public function reset_vars()
090 {
091 $this->max_filesize = 0;
092 $this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
093 $this->error_prefix = '';
094 $this->allowed_extensions = array();
095 $this->disallowed_content = array();
096 }
097
098 /**
099 * Set allowed extensions
100 *
101 * @param array $allowed_extensions Allowed file extensions
102 *
103 * @return \phpbb\files\upload This instance of upload
104 */
105 public function set_allowed_extensions($allowed_extensions)
106 {
107 if ($allowed_extensions !== false && is_array($allowed_extensions))
108 {
109 $this->allowed_extensions = $allowed_extensions;
110 }
111
112 return $this;
113 }
114
115 /**
116 * Set allowed dimensions
117 *
118 * @param int $min_width Minimum image width
119 * @param int $min_height Minimum image height
120 * @param int $max_width Maximum image width
121 * @param int $max_height Maximum image height
122 *
123 * @return \phpbb\files\upload This instance of upload
124 */
125 public function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height)
126 {
127 $this->min_width = (int) $min_width;
128 $this->min_height = (int) $min_height;
129 $this->max_width = (int) $max_width;
130 $this->max_height = (int) $max_height;
131
132 return $this;
133 }
134
135 /**
136 * Set maximum allowed file size
137 *
138 * @param int $max_filesize Maximum file size
139 *
140 * @return \phpbb\files\upload This instance of upload
141 */
142 public function set_max_filesize($max_filesize)
143 {
144 if ($max_filesize !== false && (int) $max_filesize)
145 {
146 $this->max_filesize = (int) $max_filesize;
147 }
148
149 return $this;
150 }
151
152 /**
153 * Set disallowed strings
154 *
155 * @param array $disallowed_content Disallowed content
156 *
157 * @return \phpbb\files\upload This instance of upload
158 */
159 public function set_disallowed_content($disallowed_content)
160 {
161 if ($disallowed_content !== false && is_array($disallowed_content))
162 {
163 $this->disallowed_content = array_diff($disallowed_content, array(''));
164 }
165
166 return $this;
167 }
168
169 /**
170 * Set error prefix
171 *
172 * @param string $error_prefix Prefix for language variables of errors
173 *
174 * @return \phpbb\files\upload This instance of upload
175 */
176 public function set_error_prefix($error_prefix)
177 {
178 $this->error_prefix = $error_prefix;
179
180 return $this;
181 }
182
183 /**
184 * Handle upload based on type
185 *
186 * @param string $type Upload type
187 *
188 * @return \phpbb\files\filespec|bool A filespec instance if upload was
189 * successful, false if there were issues or the type is not supported
190 */
191 public function handle_upload($type)
192 {
193 $args = func_get_args();
194 array_shift($args);
195 $type_class = $this->factory->get($type)
196 ->set_upload($this);
197
198 return (is_object($type_class)) ? call_user_func_array(array($type_class, 'upload'), $args) : false;
199 }
200
201 /**
202 * Assign internal error
203 *
204 * @param string $errorcode Error code to assign
205 *
206 * @return string Error string
207 * @access public
208 */
209 public function assign_internal_error($errorcode)
210 {
211 switch ($errorcode)
212 {
213 case UPLOAD_ERR_INI_SIZE:
214 $max_filesize = $this->php_ini->getString('upload_max_filesize');
215 $unit = 'MB';
216
217 if (!empty($max_filesize))
218 {
219 $unit = strtolower(substr($max_filesize, -1, 1));
220 $max_filesize = (int) $max_filesize;
221
222 $unit = ($unit == 'k') ? 'KB' : (($unit == 'g') ? 'GB' : 'MB');
223 }
224
225 $error = (empty($max_filesize)) ? $this->language->lang($this->error_prefix . 'PHP_SIZE_NA') : $this->language->lang($this->error_prefix . 'PHP_SIZE_OVERRUN', $max_filesize, $this->language->lang($unit));
226 break;
227
228 case UPLOAD_ERR_FORM_SIZE:
229 $max_filesize = get_formatted_filesize($this->max_filesize, false);
230
231 $error = $this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']);
232 break;
233
234 case UPLOAD_ERR_PARTIAL:
235 $error = $this->language->lang($this->error_prefix . 'PARTIAL_UPLOAD');
236 break;
237
238 case UPLOAD_ERR_NO_FILE:
239 $error = $this->language->lang($this->error_prefix . 'NOT_UPLOADED');
240 break;
241
242 case UPLOAD_ERR_NO_TMP_DIR:
243 case UPLOAD_ERR_CANT_WRITE:
244 $error = $this->language->lang($this->error_prefix . 'NO_TEMP_DIR');
245 break;
246
247 case UPLOAD_ERR_EXTENSION:
248 $error = $this->language->lang($this->error_prefix . 'PHP_UPLOAD_STOPPED');
249 break;
250
251 default:
252 $error = false;
253 break;
254 }
255
256 return $error;
257 }
258
259 /**
260 * Perform common file checks
261 *
262 * @param filespec $file Instance of filespec class
263 */
264 public function common_checks($file)
265 {
266 // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
267 if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
268 {
269 $max_filesize = get_formatted_filesize($this->max_filesize, false);
270
271 $file->error[] = $this->language->lang($this->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']);
272 }
273
274 // check Filename
275 if (preg_match("#[\\/:*?\"<>|]#i", $file->get('realname')))
276 {
277 $file->error[] = $this->language->lang($this->error_prefix . 'INVALID_FILENAME', $file->get('realname'));
278 }
279
280 // Invalid Extension
281 if (!$this->valid_extension($file))
282 {
283 $file->error[] = $this->language->lang($this->error_prefix . 'DISALLOWED_EXTENSION', $file->get('extension'));
284 }
285
286 // MIME Sniffing
287 if (!$this->valid_content($file))
288 {
289 $file->error[] = $this->language->lang($this->error_prefix . 'DISALLOWED_CONTENT');
290 }
291 }
292
293 /**
294 * Check for allowed extension
295 *
296 * @param filespec $file Instance of filespec class
297 *
298 * @return bool True if extension is allowed, false if not
299 */
300 public function valid_extension($file)
301 {
302 return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false;
303 }
304
305 /**
306 * Check for allowed dimension
307 *
308 * @param filespec $file Instance of filespec class
309 *
310 * @return bool True if dimensions are valid or no constraints set, false
311 * if not
312 */
313 public function valid_dimensions($file)
314 {
315 if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height)
316 {
317 return true;
318 }
319
320 if (($file->get('width') > $this->max_width && $this->max_width) ||
321 ($file->get('height') > $this->max_height && $this->max_height) ||
322 ($file->get('width') < $this->min_width && $this->min_width) ||
323 ($file->get('height') < $this->min_height && $this->min_height))
324 {
325 return false;
326 }
327
328 return true;
329 }
330
331 /**
332 * Check if form upload is valid
333 *
334 * @param string $form_name Name of form
335 *
336 * @return bool True if form upload is valid, false if not
337 */
338 public function is_valid($form_name)
339 {
340 $upload = $this->request->file($form_name);
341
342 return (!empty($upload) && $upload['name'] !== 'none');
343 }
344
345
346 /**
347 * Check for bad content (IE mime-sniffing)
348 *
349 * @param filespec $file Instance of filespec class
350 *
351 * @return bool True if content is valid, false if not
352 */
353 public function valid_content($file)
354 {
355 return ($file->check_content($this->disallowed_content));
356 }
357
358 /**
359 * Get image type/extension mapping
360 *
361 * @return array Array containing the image types and their extensions
362 */
363 static public function image_types()
364 {
365 $result = [
366 IMAGETYPE_GIF => ['gif'],
367 IMAGETYPE_JPEG => ['jpg', 'jpeg'],
368 IMAGETYPE_PNG => ['png'],
369 IMAGETYPE_SWF => ['swf'],
370 IMAGETYPE_PSD => ['psd'],
371 IMAGETYPE_BMP => ['bmp'],
372 IMAGETYPE_TIFF_II => ['tif', 'tiff'],
373 IMAGETYPE_TIFF_MM => ['tif', 'tiff'],
374 IMAGETYPE_JPC => ['jpg', 'jpeg'],
375 IMAGETYPE_JP2 => ['jpg', 'jpeg'],
376 IMAGETYPE_JPX => ['jpg', 'jpeg'],
377 IMAGETYPE_JB2 => ['jpg', 'jpeg'],
378 IMAGETYPE_IFF => ['iff'],
379 IMAGETYPE_WBMP => ['wbmp'],
380 IMAGETYPE_XBM => ['xbm'],
381 IMAGETYPE_WEBP => ['webp'],
382 ];
383
384 if (defined('IMAGETYPE_SWC'))
385 {
386 $result[IMAGETYPE_SWC] = ['swc'];
387 }
388
389 return $result;
390 }
391 }
392