Code Coverage for /data/phpBB/phpbb/avatar/driver/upload.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	25.00% covered (danger)	25.00%	2 / 8	CRAP	12.50% covered (danger)	12.50%	13 / 104
upload	0.00% covered (danger)	0.00%	0 / 1	25.00% covered (danger)	25.00%	2 / 8	1005.37	12.50% covered (danger)	12.50%	13 / 104
__construct				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	9 / 9
get_data				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	4 / 4
prepare_form				0.00% covered (danger)	0.00%	0 / 1	12.00	0.00% covered (danger)	0.00%	0 / 7
process_form				0.00% covered (danger)	0.00%	0 / 1	552.00	0.00% covered (danger)	0.00%	0 / 68
prepare_form_acp				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 2
delete				0.00% covered (danger)	0.00%	0 / 1	20.00	0.00% covered (danger)	0.00%	0 / 12
get_template_name				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 1
can_upload				0.00% covered (danger)	0.00%	0 / 1	20.00	0.00% covered (danger)	0.00%	0 / 1

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	namespace phpbb\avatar\driver;
15
16	/**
17	* Handles avatars uploaded to the board
18	*/
19	class upload extends \phpbb\avatar\driver\driver
20	{
21	/**
22	* @var \phpbb\filesystem\filesystem_interface
23	*/
24	protected $filesystem;
25
26	/**
27	* @var \phpbb\event\dispatcher_interface
28	*/
29	protected $dispatcher;
30
31	/**
32	* @var \phpbb\files\factory
33	*/
34	protected $files_factory;
35
36	/**
37	* Construct a driver object
38	*
39	* @param \phpbb\config\config $config phpBB configuration
40	* @param string $phpbb_root_path Path to the phpBB root
41	* @param string $php_ext PHP file extension
42	* @param \phpbb\filesystem\filesystem_interface $filesystem phpBB filesystem helper
43	* @param \phpbb\path_helper $path_helper phpBB path helper
44	* @param \phpbb\event\dispatcher_interface $dispatcher phpBB Event dispatcher object
45	* @param \phpbb\files\factory $files_factory File classes factory
46	* @param \phpbb\cache\driver\driver_interface $cache Cache driver
47	*/
48	public function __construct(\phpbb\config\config $config, $phpbb_root_path, $php_ext, \phpbb\filesystem\filesystem_interface $filesystem, \phpbb\path_helper $path_helper, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\files\factory $files_factory, \phpbb\cache\driver\driver_interface $cache = null)
49	{
50	$this->config = $config;
51	$this->phpbb_root_path = $phpbb_root_path;
52	$this->php_ext = $php_ext;
53	$this->filesystem = $filesystem;
54	$this->path_helper = $path_helper;
55	$this->dispatcher = $dispatcher;
56	$this->files_factory = $files_factory;
57	$this->cache = $cache;
58	}
59
60	/**
61	* {@inheritdoc}
62	*/
63	public function get_data($row)
64	{
65	$root_path = $this->path_helper->get_web_root_path();
66
67	return array(
68	'src' => $root_path . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'],
69	'width' => $row['avatar_width'],
70	'height' => $row['avatar_height'],
71	);
72	}
73
74	/**
75	* {@inheritdoc}
76	*/
77	public function prepare_form($request, $template, $user, $row, &$error)
78	{
79	if (!$this->can_upload())
80	{
81	return false;
82	}
83
84	$template->assign_vars(array(
85	'S_UPLOAD_AVATAR_URL' => ($this->config['allow_avatar_remote_upload']) ? true : false,
86	'AVATAR_UPLOAD_SIZE' => $this->config['avatar_filesize'],
87	'AVATAR_ALLOWED_EXTENSIONS' => implode(',', preg_replace('/^/', '.', $this->allowed_extensions)),
88	));
89
90	return true;
91	}
92
93	/**
94	* {@inheritdoc}
95	*/
96	public function process_form($request, $template, $user, $row, &$error)
97	{
98	if (!$this->can_upload())
99	{
100	return false;
101	}
102
103	/** @var \phpbb\files\upload $upload */
104	$upload = $this->files_factory->get('upload')
105	->set_error_prefix('AVATAR_')
106	->set_allowed_extensions($this->allowed_extensions)
107	->set_max_filesize($this->config['avatar_filesize'])
108	->set_allowed_dimensions(
109	$this->config['avatar_min_width'],
110	$this->config['avatar_min_height'],
111	$this->config['avatar_max_width'],
112	$this->config['avatar_max_height'])
113	->set_disallowed_content((isset($this->config['mime_triggers']) ? explode('\|', $this->config['mime_triggers']) : false));
114
115	$url = $request->variable('avatar_upload_url', '');
116	$upload_file = $request->file('avatar_upload_file');
117
118	if (!empty($upload_file['name']))
119	{
120	$file = $upload->handle_upload('files.types.form', 'avatar_upload_file');
121	}
122	else if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url))
123	{
124	if (!preg_match('#^(http\|https\|ftp)://#i', $url))
125	{
126	$url = 'http://' . $url;
127	}
128
129	if (!function_exists('validate_data'))
130	{
131	require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
132	}
133
134	$validate_array = validate_data(
135	array(
136	'url' => $url,
137	),
138	array(
139	'url' => array('string', true, 5, 255),
140	)
141	);
142
143	$error = array_merge($error, $validate_array);
144
145	if (!empty($error))
146	{
147	return false;
148	}
149
150	// Do not allow specifying the port (see RFC 3986) or IP addresses
151	// remote_upload() will do its own check for allowed filetypes
152	if (!preg_match('#^(http\|https\|ftp)://(?:(.?\.)?[a-z0-9\-]+?\.[a-z]{2,4}\|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]?).?\.('. implode('\|', $this->allowed_extensions) . ')$#i', $url) \|\|
153	preg_match('@^(http\|https\|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) \|\|
154	preg_match('#^(http\|https\|ftp)://(?:(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])\.){3}(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])#i', $url) \|\|
155	preg_match('#^(http\|https\|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}\|(?:(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])\.){3}(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])))\|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?\|(?:(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])\.){3}(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])))\|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}\|(?:(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])\.){3}(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])))\|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}\|(?:(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])\.){3}(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])))\|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}\|(?:(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])\.){3}(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])))\|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}\|(?:(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])\.){3}(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])))\|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}\|(?:(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])\.){3}(?:\d{1,2}\|1\d\d\|2[0-4]\d\|25[0-5])))\|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})\|(?:(?:[\dA-F]{1,4}:){1,7}:)\|(?:::))#i', $url))
156	{
157	$error[] = 'AVATAR_URL_INVALID';
158	return false;
159	}
160
161	$file = $upload->handle_upload('files.types.remote', $url);
162	}
163	else
164	{
165	return false;
166	}
167
168	$prefix = $this->config['avatar_salt'] . '_';
169	$file->clean_filename('avatar', $prefix, $row['id']);
170
171	// If there was an error during upload, then abort operation
172	if (count($file->error))
173	{
174	$file->remove();
175	$error = $file->error;
176	return false;
177	}
178
179	// Calculate new destination
180	$destination = $this->config['avatar_path'];
181
182	// Adjust destination path (no trailing slash)
183	if (substr($destination, -1, 1) == '/' \|\| substr($destination, -1, 1) == '\\')
184	{
185	$destination = substr($destination, 0, -1);
186	}
187
188	$destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
189	if ($destination && ($destination[0] == '/' \|\| $destination[0] == "\\"))
190	{
191	$destination = '';
192	}
193
194	$filedata = array(
195	'filename' => $file->get('filename'),
196	'filesize' => $file->get('filesize'),
197	'mimetype' => $file->get('mimetype'),
198	'extension' => $file->get('extension'),
199	'physical_filename' => $file->get('realname'),
200	'real_filename' => $file->get('uploadname'),
201	);
202
203	/**
204	* Before moving new file in place (and eventually overwriting the existing avatar with the newly uploaded avatar)
205	*
206	* @event core.avatar_driver_upload_move_file_before
207	* @var array filedata Array containing uploaded file data
208	* @var \phpbb\files\filespec file Instance of filespec class
209	* @var string destination Destination directory where the file is going to be moved
210	* @var string prefix Prefix for the avatar filename
211	* @var array row Array with avatar row data
212	* @var array error Array of errors, if filled in by this event file will not be moved
213	* @since 3.1.6-RC1
214	* @changed 3.1.9-RC1 Added filedata
215	* @changed 3.2.3-RC1 Added file
216	*/
217	$vars = array(
218	'filedata',
219	'file',
220	'destination',
221	'prefix',
222	'row',
223	'error',
224	);
225	extract($this->dispatcher->trigger_event('core.avatar_driver_upload_move_file_before', compact($vars)));
226
227	unset($filedata);
228
229	if (!count($error))
230	{
231	// Move file and overwrite any existing image
232	$file->move_file($destination, true);
233	}
234
235	// If there was an error during move, then clean up leftovers
236	$error = array_merge($error, $file->error);
237	if (count($error))
238	{
239	$file->remove();
240	return false;
241	}
242
243	// Delete current avatar if not overwritten
244	$ext = substr(strrchr($row['avatar'], '.'), 1);
245	if ($ext && $ext !== $file->get('extension'))
246	{
247	$this->delete($row);
248	}
249
250	return array(
251	'avatar' => $row['id'] . '_' . time() . '.' . $file->get('extension'),
252	'avatar_width' => $file->get('width'),
253	'avatar_height' => $file->get('height'),
254	);
255	}
256
257	/**
258	* {@inheritdoc}
259	*/
260	public function prepare_form_acp($user)
261	{
262	return array(
263	'allow_avatar_remote_upload'=> array('lang' => 'ALLOW_REMOTE_UPLOAD', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
264	'avatar_filesize' => array('lang' => 'MAX_FILESIZE', 'validate' => 'int:0', 'type' => 'number:0', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
265	'avatar_path' => array('lang' => 'AVATAR_STORAGE_PATH', 'validate' => 'rpath', 'type' => 'text:20:255', 'explain' => true),
266	);
267	}
268
269	/**
270	* {@inheritdoc}
271	*/
272	public function delete($row)
273	{
274
275	$error = array();
276	$destination = $this->config['avatar_path'];
277	$prefix = $this->config['avatar_salt'] . '_';
278	$ext = substr(strrchr($row['avatar'], '.'), 1);
279	$filename = $this->phpbb_root_path . $destination . '/' . $prefix . $row['id'] . '.' . $ext;
280
281	/**
282	* Before deleting an existing avatar
283	*
284	* @event core.avatar_driver_upload_delete_before
285	* @var string destination Destination directory where the file is going to be deleted
286	* @var string prefix Prefix for the avatar filename
287	* @var array row Array with avatar row data
288	* @var array error Array of errors, if filled in by this event file will not be deleted
289	* @since 3.1.6-RC1
290	*/
291	$vars = array(
292	'destination',
293	'prefix',
294	'row',
295	'error',
296	);
297	extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars)));
298
299	if (!count($error) && $this->filesystem->exists($filename))
300	{
301	try
302	{
303	$this->filesystem->remove($filename);
304	return true;
305	}
306	catch (\phpbb\filesystem\exception\filesystem_exception $e)
307	{
308	// Fail is covered by return statement below
309	}
310	}
311
312	return false;
313	}
314
315	/**
316	* {@inheritdoc}
317	*/
318	public function get_template_name()
319	{
320	return 'ucp_avatar_options_upload.html';
321	}
322
323	/**
324	* Check if user is able to upload an avatar
325	*
326	* @return bool True if user can upload, false if not
327	*/
328	protected function can_upload()
329	{
330	return ($this->filesystem->exists($this->phpbb_root_path . $this->config['avatar_path']) && $this->filesystem->is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') \|\| strtolower(@ini_get('file_uploads')) == 'on'));
331	}
332	}