Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | |
0.00% |
0 / 1 |
|
87.50% |
7 / 8 |
CRAP | |
90.83% |
109 / 120 |
| upload | |
0.00% |
0 / 1 |
|
87.50% |
7 / 8 |
39.11 | |
90.83% |
109 / 120 |
| __construct | |
100.00% |
1 / 1 |
1 | |
100.00% |
11 / 11 |
|||
| upload | |
100.00% |
1 / 1 |
16 | |
100.00% |
47 / 47 |
|||
| create_thumbnail | |
100.00% |
1 / 1 |
3 | |
100.00% |
10 / 10 |
|||
| init_files_upload | |
100.00% |
1 / 1 |
5 | |
100.00% |
11 / 11 |
|||
| check_image | |
100.00% |
1 / 1 |
5 | |
100.00% |
10 / 10 |
|||
| check_attach_quota | |
100.00% |
1 / 1 |
3 | |
100.00% |
10 / 10 |
|||
| check_disk_space | |
0.00% |
0 / 1 |
11.76 | |
21.43% |
3 / 14 |
|||
| fill_file_data | |
100.00% |
1 / 1 |
1 | |
100.00% |
7 / 7 |
|||
| <?php | |
| /** | |
| * | |
| * This file is part of the phpBB Forum Software package. | |
| * | |
| * @copyright (c) phpBB Limited <https://www.phpbb.com> | |
| * @license GNU General Public License, version 2 (GPL-2.0) | |
| * | |
| * For full copyright and license information, please see | |
| * the docs/CREDITS.txt file. | |
| * | |
| */ | |
| namespace phpbb\attachment; | |
| use phpbb\auth\auth; | |
| use \phpbb\cache\service; | |
| use \phpbb\config\config; | |
| use \phpbb\event\dispatcher; | |
| use \phpbb\language\language; | |
| use \phpbb\mimetype\guesser; | |
| use \phpbb\plupload\plupload; | |
| use \phpbb\user; | |
| /** | |
| * Attachment upload class | |
| */ | |
| class upload | |
| { | |
| /** @var auth */ | |
| protected $auth; | |
| /** @var service */ | |
| protected $cache; | |
| /** @var config */ | |
| protected $config; | |
| /** @var \phpbb\files\upload Upload class */ | |
| protected $files_upload; | |
| /** @var language */ | |
| protected $language; | |
| /** @var guesser Mimetype guesser */ | |
| protected $mimetype_guesser; | |
| /** @var dispatcher */ | |
| protected $phpbb_dispatcher; | |
| /** @var plupload Plupload */ | |
| protected $plupload; | |
| /** @var user */ | |
| protected $user; | |
| /** @var \phpbb\files\filespec Current filespec instance */ | |
| private $file; | |
| /** @var array File data */ | |
| private $file_data = array( | |
| 'error' => array() | |
| ); | |
| /** @var array Extensions array */ | |
| private $extensions; | |
| /** | |
| * Constructor for attachments upload class | |
| * | |
| * @param auth $auth | |
| * @param service $cache | |
| * @param config $config | |
| * @param \phpbb\files\upload $files_upload | |
| * @param language $language | |
| * @param guesser $mimetype_guesser | |
| * @param dispatcher $phpbb_dispatcher | |
| * @param plupload $plupload | |
| * @param user $user | |
| * @param $phpbb_root_path | |
| */ | |
| public function __construct(auth $auth, service $cache, config $config, \phpbb\files\upload $files_upload, language $language, guesser $mimetype_guesser, dispatcher $phpbb_dispatcher, plupload $plupload, user $user, $phpbb_root_path) | |
| { | |
| $this->auth = $auth; | |
| $this->cache = $cache; | |
| $this->config = $config; | |
| $this->files_upload = $files_upload; | |
| $this->language = $language; | |
| $this->mimetype_guesser = $mimetype_guesser; | |
| $this->phpbb_dispatcher = $phpbb_dispatcher; | |
| $this->plupload = $plupload; | |
| $this->user = $user; | |
| $this->phpbb_root_path = $phpbb_root_path; | |
| } | |
| /** | |
| * Upload Attachment - filedata is generated here | |
| * Uses upload class | |
| * | |
| * @param string $form_name The form name of the file upload input | |
| * @param int $forum_id The id of the forum | |
| * @param bool $local Whether the file is local or not | |
| * @param string $local_storage The path to the local file | |
| * @param bool $is_message Whether it is a PM or not | |
| * @param array $local_filedata An file data object created for the local file | |
| * | |
| * @return array File data array | |
| */ | |
| public function upload($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = array()) | |
| { | |
| $this->init_files_upload($forum_id, $is_message); | |
| $this->file_data['post_attach'] = $local || $this->files_upload->is_valid($form_name); | |
| if (!$this->file_data['post_attach']) | |
| { | |
| $this->file_data['error'][] = $this->language->lang('NO_UPLOAD_FORM_FOUND'); | |
| return $this->file_data; | |
| } | |
| $this->file = ($local) ? $this->files_upload->handle_upload('files.types.local', $local_storage, $local_filedata) : $this->files_upload->handle_upload('files.types.form', $form_name); | |
| if ($this->file->init_error()) | |
| { | |
| $this->file_data['post_attach'] = false; | |
| return $this->file_data; | |
| } | |
| // Whether the uploaded file is in the image category | |
| $is_image = (isset($this->extensions[$this->file->get('extension')]['display_cat'])) ? $this->extensions[$this->file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false; | |
| if (!$this->auth->acl_get('a_') && !$this->auth->acl_get('m_', $forum_id)) | |
| { | |
| // Check Image Size, if it is an image | |
| if ($is_image) | |
| { | |
| $this->file->upload->set_allowed_dimensions(0, 0, $this->config['img_max_width'], $this->config['img_max_height']); | |
| } | |
| // Admins and mods are allowed to exceed the allowed filesize | |
| if (!empty($this->extensions[$this->file->get('extension')]['max_filesize'])) | |
| { | |
| $allowed_filesize = $this->extensions[$this->file->get('extension')]['max_filesize']; | |
| } | |
| else | |
| { | |
| $allowed_filesize = ($is_message) ? $this->config['max_filesize_pm'] : $this->config['max_filesize']; | |
| } | |
| $this->file->upload->set_max_filesize($allowed_filesize); | |
| } | |
| $this->file->clean_filename('unique', $this->user->data['user_id'] . '_'); | |
| // Are we uploading an image *and* this image being within the image category? | |
| // Only then perform additional image checks. | |
| $this->file->move_file($this->config['upload_path'], false, !$is_image); | |
| // Do we have to create a thumbnail? | |
| $this->file_data['thumbnail'] = ($is_image && $this->config['img_create_thumbnail']) ? 1 : 0; | |
| // Make sure the image category only holds valid images... | |
| $this->check_image($is_image); | |
| if (count($this->file->error)) | |
| { | |
| $this->file->remove(); | |
| $this->file_data['error'] = array_merge($this->file_data['error'], $this->file->error); | |
| $this->file_data['post_attach'] = false; | |
| return $this->file_data; | |
| } | |
| $this->fill_file_data(); | |
| $filedata = $this->file_data; | |
| /** | |
| * Event to modify uploaded file before submit to the post | |
| * | |
| * @event core.modify_uploaded_file | |
| * @var array filedata Array containing uploaded file data | |
| * @var bool is_image Flag indicating if the file is an image | |
| * @since 3.1.0-RC3 | |
| */ | |
| $vars = array( | |
| 'filedata', | |
| 'is_image', | |
| ); | |
| extract($this->phpbb_dispatcher->trigger_event('core.modify_uploaded_file', compact($vars))); | |
| $this->file_data = $filedata; | |
| unset($filedata); | |
| // Check for attachment quota and free space | |
| if (!$this->check_attach_quota() || !$this->check_disk_space()) | |
| { | |
| return $this->file_data; | |
| } | |
| // Create Thumbnail | |
| $this->create_thumbnail(); | |
| return $this->file_data; | |
| } | |
| /** | |
| * Create thumbnail for file if necessary | |
| * | |
| * @return array Updated $filedata | |
| */ | |
| protected function create_thumbnail() | |
| { | |
| if ($this->file_data['thumbnail']) | |
| { | |
| $source = $this->file->get('destination_file'); | |
| $destination = $this->file->get('destination_path') . '/thumb_' . $this->file->get('realname'); | |
| if (!create_thumbnail($source, $destination, $this->file->get('mimetype'))) | |
| { | |
| $this->file_data['thumbnail'] = 0; | |
| } | |
| } | |
| } | |
| /** | |
| * Init files upload class | |
| * | |
| * @param int $forum_id Forum ID | |
| * @param bool $is_message Whether attachment is inside PM or not | |
| */ | |
| protected function init_files_upload($forum_id, $is_message) | |
| { | |
| if ($this->config['check_attachment_content'] && isset($this->config['mime_triggers'])) | |
| { | |
| $this->files_upload->set_disallowed_content(explode('|', $this->config['mime_triggers'])); | |
| } | |
| else if (!$this->config['check_attachment_content']) | |
| { | |
| $this->files_upload->set_disallowed_content(array()); | |
| } | |
| $this->extensions = $this->cache->obtain_attach_extensions((($is_message) ? false : (int) $forum_id)); | |
| $this->files_upload->set_allowed_extensions(array_keys($this->extensions['_allowed_'])); | |
| } | |
| /** | |
| * Check if uploaded file is really an image | |
| * | |
| * @param bool $is_image Whether file is image | |
| */ | |
| protected function check_image($is_image) | |
| { | |
| // Make sure the image category only holds valid images... | |
| if ($is_image && !$this->file->is_image()) | |
| { | |
| $this->file->remove(); | |
| if ($this->plupload && $this->plupload->is_active()) | |
| { | |
| $this->plupload->emit_error(104, 'ATTACHED_IMAGE_NOT_IMAGE'); | |
| } | |
| // If this error occurs a user tried to exploit an IE Bug by renaming extensions | |
| // Since the image category is displaying content inline we need to catch this. | |
| $this->file->set_error($this->language->lang('ATTACHED_IMAGE_NOT_IMAGE')); | |
| } | |
| } | |
| /** | |
| * Check if attachment quota was reached | |
| * | |
| * @return bool False if attachment quota was reached, true if not | |
| */ | |
| protected function check_attach_quota() | |
| { | |
| if ($this->config['attachment_quota']) | |
| { | |
| if (intval($this->config['upload_dir_size']) + $this->file->get('filesize') > $this->config['attachment_quota']) | |
| { | |
| $this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED'); | |
| $this->file_data['post_attach'] = false; | |
| $this->file->remove(); | |
| return false; | |
| } | |
| } | |
| return true; | |
| } | |
| /** | |
| * Check if there is enough free space available on disk | |
| * | |
| * @return bool True if disk space is available, false if not | |
| */ | |
| protected function check_disk_space() | |
| { | |
| if ($free_space = @disk_free_space($this->phpbb_root_path . $this->config['upload_path'])) | |
| { | |
| if ($free_space <= $this->file->get('filesize')) | |
| { | |
| if ($this->auth->acl_get('a_')) | |
| { | |
| $this->file_data['error'][] = $this->language->lang('ATTACH_DISK_FULL'); | |
| } | |
| else | |
| { | |
| $this->file_data['error'][] = $this->language->lang('ATTACH_QUOTA_REACHED'); | |
| } | |
| $this->file_data['post_attach'] = false; | |
| $this->file->remove(); | |
| return false; | |
| } | |
| } | |
| return true; | |
| } | |
| /** | |
| * Fills file data with file information and current time as filetime | |
| */ | |
| protected function fill_file_data() | |
| { | |
| $this->file_data['filesize'] = $this->file->get('filesize'); | |
| $this->file_data['mimetype'] = $this->file->get('mimetype'); | |
| $this->file_data['extension'] = $this->file->get('extension'); | |
| $this->file_data['physical_filename'] = $this->file->get('realname'); | |
| $this->file_data['real_filename'] = $this->file->get('uploadname'); | |
| $this->file_data['filetime'] = time(); | |
| } | |
| } |