Vergleich inc/functions_upload.php - 1.6.10 - 1.6.11

Zeile 32	Zeile 32
$query = $db->simple_select("attachments", "aid, attachname, thumbnail, visible", "aid='{$aid}' AND pid='{$pid}'"); $attachment = $db->fetch_array($query); }	$query = $db->simple_select("attachments", "aid, attachname, thumbnail, visible", "aid='{$aid}' AND pid='{$pid}'"); $attachment = $db->fetch_array($query); }

$plugins->run_hooks("remove_attachment_do_delete", $attachment);	$plugins->run_hooks("remove_attachment_do_delete", $attachment);

$db->delete_query("attachments", "aid='{$attachment['aid']}'");	$db->delete_query("attachments", "aid='{$attachment['aid']}'");
if(defined('IN_ADMINCP')) { $uploadpath = '../'.$mybb->settings['uploadspath']; } else { $uploadpath = $mybb->settings['uploadspath'];	if(defined('IN_ADMINCP')) { $uploadpath = '../'.$mybb->settings['uploadspath']; } else { $uploadpath = $mybb->settings['uploadspath'];
}	}

// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='".$db->escape_string($attachment['attachname'])."'"); if($db->fetch_field($query, "numreferences") == 0)	// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='".$db->escape_string($attachment['attachname'])."'"); if($db->fetch_field($query, "numreferences") == 0)
Zeile 61	Zeile 61
{ @rmdir($uploadpath."/".$date_directory[0]); }	{ @rmdir($uploadpath."/".$date_directory[0]); }
}	}
if($attachment['visible'] == 1 && $pid) { $post = get_post($pid);	if($attachment['visible'] == 1 && $pid) { $post = get_post($pid);
Zeile 79	Zeile 79
function remove_attachments($pid, $posthash="") { global $db, $mybb, $plugins;	function remove_attachments($pid, $posthash="") { global $db, $mybb, $plugins;

if($pid) { $post = get_post($pid);	if($pid) { $post = get_post($pid);
Zeile 88	Zeile 88
if($posthash != "" && !$pid) { $query = $db->simple_select("attachments", "*", "posthash='$posthash'");	if($posthash != "" && !$pid) { $query = $db->simple_select("attachments", "*", "posthash='$posthash'");
} else	} else
{ $query = $db->simple_select("attachments", "*", "pid='$pid'");	{ $query = $db->simple_select("attachments", "*", "pid='$pid'");
}	}
if(defined('IN_ADMINCP')) { $uploadpath = '../'.$mybb->settings['uploadspath']; } else	if(defined('IN_ADMINCP')) { $uploadpath = '../'.$mybb->settings['uploadspath']; } else
{	{
$uploadpath = $mybb->settings['uploadspath']; }	$uploadpath = $mybb->settings['uploadspath']; }
Zeile 107	Zeile 107
while($attachment = $db->fetch_array($query)) { if($attachment['visible'] == 1)	while($attachment = $db->fetch_array($query)) { if($attachment['visible'] == 1)
{	{
$num_attachments++; }	$num_attachments++; }

$plugins->run_hooks("remove_attachments_do_delete", $attachment);	$plugins->run_hooks("remove_attachments_do_delete", $attachment);

$db->delete_query("attachments", "aid='".$attachment['aid']."'");	$db->delete_query("attachments", "aid='".$attachment['aid']."'");

// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query2 = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='".$db->escape_string($attachment['attachname'])."'"); if($db->fetch_field($query2, "numreferences") == 0)	// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query2 = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='".$db->escape_string($attachment['attachname'])."'"); if($db->fetch_field($query2, "numreferences") == 0)
Zeile 132	Zeile 132
} } }	} } }

if($post['tid'])	if($post['tid'])
{ update_thread_counters($post['tid'], array("attachmentcount" => "-{$num_attachments}")); } }	{ update_thread_counters($post['tid'], array("attachmentcount" => "-{$num_attachments}")); } }
/** * Remove any matching avatars for a specific user ID	/** * Remove any matching avatars for a specific user ID
Zeile 148	Zeile 148
function remove_avatars($uid, $exclude="") { global $mybb, $plugins;	function remove_avatars($uid, $exclude="") { global $mybb, $plugins;

if(defined('IN_ADMINCP'))	if(defined('IN_ADMINCP'))
{	{
$avatarpath = '../'.$mybb->settings['avataruploadpath']; } else { $avatarpath = $mybb->settings['avataruploadpath'];	$avatarpath = '../'.$mybb->settings['avataruploadpath']; } else { $avatarpath = $mybb->settings['avataruploadpath'];
}	}
$dir = opendir($avatarpath); if($dir) { while($file = @readdir($dir)) { $plugins->run_hooks("remove_avatars_do_delete", $file);	$dir = opendir($avatarpath); if($dir) { while($file = @readdir($dir)) { $plugins->run_hooks("remove_avatars_do_delete", $file);

if(preg_match("#avatar_".$uid."\.#", $file) && is_file($avatarpath."/".$file) && $file != $exclude) { @unlink($avatarpath."/".$file);	if(preg_match("#avatar_".$uid."\.#", $file) && is_file($avatarpath."/".$file) && $file != $exclude) { @unlink($avatarpath."/".$file);
Zeile 183	Zeile 183
* @return array Array of errors if any, otherwise filename of successful. */ function upload_avatar($avatar=array(), $uid=0)	* @return array Array of errors if any, otherwise filename of successful. */ function upload_avatar($avatar=array(), $uid=0)
{	{
global $db, $mybb, $lang, $plugins;	global $db, $mybb, $lang, $plugins;

if(!$uid) { $uid = $mybb->user['uid'];	if(!$uid) { $uid = $mybb->user['uid'];
Zeile 197	Zeile 197
} if(!is_uploaded_file($avatar['tmp_name']))	} if(!is_uploaded_file($avatar['tmp_name']))
{ $ret['error'] = $lang->error_uploadfailed;	{ $ret['error'] = $lang->error_uploadfailed;
return $ret; } // Check we have a valid extension $ext = get_extension(my_strtolower($avatar['name']));	return $ret; } // Check we have a valid extension $ext = get_extension(my_strtolower($avatar['name']));
if(!preg_match("#^(gif\|jpg\|jpeg\|jpe\|bmp\|png)$#i", $ext))	if(!preg_match("#^(gif\|jpg\|jpeg\|jpe\|bmp\|png)$#i", $ext))
{ $ret['error'] = $lang->error_avatartype; return $ret; }	{ $ret['error'] = $lang->error_avatartype; return $ret; }

if(defined('IN_ADMINCP')) { $avatarpath = '../'.$mybb->settings['avataruploadpath']; $lang->load("messages", true);	if(defined('IN_ADMINCP')) { $avatarpath = '../'.$mybb->settings['avataruploadpath']; $lang->load("messages", true);
}	}
else { $avatarpath = $mybb->settings['avataruploadpath']; }	else { $avatarpath = $mybb->settings['avataruploadpath']; }

$filename = "avatar_".$uid.".".$ext; $file = upload_file($avatar, $avatarpath, $filename); if($file['error']) {	$filename = "avatar_".$uid.".".$ext; $file = upload_file($avatar, $avatarpath, $filename); if($file['error']) {
@unlink($avatarpath."/".$filename);	@unlink($avatarpath."/".$filename);
$ret['error'] = $lang->error_uploadfailed; return $ret;	$ret['error'] = $lang->error_uploadfailed; return $ret;
}	}
// Lets just double check that it exists	// Lets just double check that it exists
Zeile 237	Zeile 237
@unlink($avatarpath."/".$filename); return $ret; }	@unlink($avatarpath."/".$filename); return $ret; }

// Check if this is a valid image or not $img_dimensions = @getimagesize($avatarpath."/".$filename); if(!is_array($img_dimensions))	// Check if this is a valid image or not $img_dimensions = @getimagesize($avatarpath."/".$filename); if(!is_array($img_dimensions))
Zeile 246	Zeile 246
$ret['error'] = $lang->error_uploadfailed; return $ret; }	$ret['error'] = $lang->error_uploadfailed; return $ret; }

// Check avatar dimensions if($mybb->settings['maxavatardims'] != '') {	// Check avatar dimensions if($mybb->settings['maxavatardims'] != '') {
Zeile 263	Zeile 263
$ret['error'] = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight); $ret['error'] .= "<br /><br />".$lang->error_avatarresizefailed; @unlink($avatarpath."/".$filename);	$ret['error'] = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight); $ret['error'] .= "<br /><br />".$lang->error_avatarresizefailed; @unlink($avatarpath."/".$filename);
return $ret;	return $ret;
} else {	} else {
Zeile 282	Zeile 282
} @unlink($avatarpath."/".$filename); return $ret;	} @unlink($avatarpath."/".$filename); return $ret;
}	}
} }	} }

// Next check the file size if($avatar['size'] > ($mybb->settings['avatarsize']*1024) && $mybb->settings['avatarsize'] > 0) { @unlink($avatarpath."/".$filename); $ret['error'] = $lang->error_uploadsize; return $ret;	// Next check the file size if($avatar['size'] > ($mybb->settings['avatarsize']*1024) && $mybb->settings['avatarsize'] > 0) { @unlink($avatarpath."/".$filename); $ret['error'] = $lang->error_uploadsize; return $ret;
}	}
// Check a list of known MIME types to establish what kind of avatar we're uploading switch(my_strtolower($avatar['type']))	// Check a list of known MIME types to establish what kind of avatar we're uploading switch(my_strtolower($avatar['type']))
Zeile 314	Zeile 314
default: $img_type = 0; }	default: $img_type = 0; }

// Check if the uploaded file type matches the correct image type (returned by getimagesize) if($img_dimensions[2] != $img_type \|\| $img_type == 0) { $ret['error'] = $lang->error_uploadfailed; @unlink($avatarpath."/".$filename);	// Check if the uploaded file type matches the correct image type (returned by getimagesize) if($img_dimensions[2] != $img_type \|\| $img_type == 0) { $ret['error'] = $lang->error_uploadfailed; @unlink($avatarpath."/".$filename);
return $ret;	return $ret;
} // Everything is okay so lets delete old avatars for this user remove_avatars($uid, $filename);	} // Everything is okay so lets delete old avatars for this user remove_avatars($uid, $filename);

$ret = array( "avatar" => $mybb->settings['avataruploadpath']."/".$filename, "width" => intval($img_dimensions[0]),	$ret = array( "avatar" => $mybb->settings['avataruploadpath']."/".$filename, "width" => intval($img_dimensions[0]),
Zeile 336	Zeile 336
/** * Upload an attachment in to the file system	/** * Upload an attachment in to the file system
*	*
* @param array Attachment data (as fed by PHPs $_FILE) * @param boolean Whether or not we are updating a current attachment or inserting a new one * @return array Array of attachment data if successful, otherwise array of error data	* @param array Attachment data (as fed by PHPs $_FILE) * @param boolean Whether or not we are updating a current attachment or inserting a new one * @return array Array of attachment data if successful, otherwise array of error data
Zeile 344	Zeile 344
function upload_attachment($attachment, $update_attachment=false) { global $db, $theme, $templates, $posthash, $pid, $tid, $forum, $mybb, $lang, $plugins, $cache;	function upload_attachment($attachment, $update_attachment=false) { global $db, $theme, $templates, $posthash, $pid, $tid, $forum, $mybb, $lang, $plugins, $cache;

$posthash = $db->escape_string($mybb->input['posthash']); $pid = intval($pid);	$posthash = $db->escape_string($mybb->input['posthash']); $pid = intval($pid);
Zeile 364	Zeile 364
break; case 4: // UPLOAD_ERR_NO_FILE $ret['error'] .= $lang->error_uploadfailed_php4;	break; case 4: // UPLOAD_ERR_NO_FILE $ret['error'] .= $lang->error_uploadfailed_php4;
break;	break;
case 6: // UPLOAD_ERR_NO_TMP_DIR $ret['error'] .= $lang->error_uploadfailed_php6; break;	case 6: // UPLOAD_ERR_NO_TMP_DIR $ret['error'] .= $lang->error_uploadfailed_php6; break;
Zeile 377	Zeile 377
} return $ret; }	} return $ret; }

if(!is_uploaded_file($attachment['tmp_name']) \|\| empty($attachment['tmp_name'])) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_php4; return $ret; }	if(!is_uploaded_file($attachment['tmp_name']) \|\| empty($attachment['tmp_name'])) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_php4; return $ret; }

$ext = get_extension($attachment['name']); // Check if we have a valid extension $query = $db->simple_select("attachtypes", "*", "extension='".$db->escape_string($ext)."'");	$ext = get_extension($attachment['name']); // Check if we have a valid extension $query = $db->simple_select("attachtypes", "*", "extension='".$db->escape_string($ext)."'");
Zeile 393	Zeile 393
$ret['error'] = $lang->error_attachtype; return $ret; }	$ret['error'] = $lang->error_attachtype; return $ret; }

// Check the size if($attachment['size'] > $attachtype['maxsize']*1024 && $attachtype['maxsize'] != "") {	// Check the size if($attachment['size'] > $attachtype['maxsize']*1024 && $attachtype['maxsize'] != "") {
Zeile 456	Zeile 456
} } }	} } }

// All seems to be good, lets move the attachment! $filename = "post_".$mybb->user['uid']."_".TIME_NOW."_".md5(random_str()).".attach";	// All seems to be good, lets move the attachment! $filename = "post_".$mybb->user['uid']."_".TIME_NOW."_".md5(random_str()).".attach";

$file = upload_file($attachment, $mybb->settings['uploadspath']."/".$month_dir, $filename);	$file = upload_file($attachment, $mybb->settings['uploadspath']."/".$month_dir, $filename);

// Failed to create the attachment in the monthly directory, just throw it in the main directory if($file['error'] && $month_dir)	// Failed to create the attachment in the monthly directory, just throw it in the main directory if($file['error'] && $month_dir)
{ $file = upload_file($attachment, $mybb->settings['uploadspath'].'/', $filename);	{ $file = upload_file($attachment, $mybb->settings['uploadspath'].'/', $filename);
} if($month_dir) { $filename = $month_dir."/".$filename; }	} if($month_dir) { $filename = $month_dir."/".$filename; }

if($file['error']) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_detail;	if($file['error']) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_detail;
Zeile 483	Zeile 483
break; case 2: $ret['error'] .= $lang->error_uploadfailed_movefailed;	break; case 2: $ret['error'] .= $lang->error_uploadfailed_movefailed;
break; }	break; }
return $ret; }	return $ret; }
Zeile 531	Zeile 531
default: $img_type = 0; }	default: $img_type = 0; }

$supported_mimes = array(); $attachtypes = $cache->read("attachtypes"); foreach($attachtypes as $attachtype)	$supported_mimes = array(); $attachtypes = $cache->read("attachtypes"); foreach($attachtypes as $attachtype)
Zeile 554	Zeile 554
finfo_close($file_info); } else if(function_exists("mime_content_type"))	finfo_close($file_info); } else if(function_exists("mime_content_type"))
{	{
$mime = mime_content_type(MYBB_ROOT.$file_path);	$mime = mime_content_type(MYBB_ROOT.$file_path);
}	}
if(!is_array($img_dimensions) \|\| ($img_dimensions[2] != $img_type && !in_array($mime, $supported_mimes))) { @unlink($mybb->settings['uploadspath']."/".$filename); $ret['error'] = $lang->error_uploadfailed;	if(!is_array($img_dimensions) \|\| ($img_dimensions[2] != $img_type && !in_array($mime, $supported_mimes))) { @unlink($mybb->settings['uploadspath']."/".$filename); $ret['error'] = $lang->error_uploadfailed;
return $ret; }	return $ret; }
require_once MYBB_ROOT."inc/functions_image.php"; $thumbname = str_replace(".attach", "_thumb.$ext", $filename); $thumbnail = generate_thumbnail($mybb->settings['uploadspath']."/".$filename, $mybb->settings['uploadspath'], $thumbname, $mybb->settings['attachthumbh'], $mybb->settings['attachthumbw']);	require_once MYBB_ROOT."inc/functions_image.php"; $thumbname = str_replace(".attach", "_thumb.$ext", $filename); $thumbnail = generate_thumbnail($mybb->settings['uploadspath']."/".$filename, $mybb->settings['uploadspath'], $thumbname, $mybb->settings['attachthumbh'], $mybb->settings['attachthumbw']);

if($thumbnail['filename'])	if($thumbnail['filename'])
{	{
$attacharray['thumbnail'] = $thumbnail['filename']; } elseif($thumbnail['code'] == 4) { $attacharray['thumbnail'] = "SMALL";	$attacharray['thumbnail'] = $thumbnail['filename']; } elseif($thumbnail['code'] == 4) { $attacharray['thumbnail'] = "SMALL";
}	}
} if($forum['modattachments'] == 1 && !is_moderator($forum['fid'], "", $mybb->user['uid'])) {	} if($forum['modattachments'] == 1 && !is_moderator($forum['fid'], "", $mybb->user['uid'])) {
Zeile 585	Zeile 585
{ $attacharray['visible'] = 1; }	{ $attacharray['visible'] = 1; }

$attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray);	$attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray);

if($prevattach['aid'] && $update_attachment == true) { unset($attacharray['downloads']); // Keep our download count if we're updating an attachment	if($prevattach['aid'] && $update_attachment == true) { unset($attacharray['downloads']); // Keep our download count if we're updating an attachment
Zeile 597	Zeile 597
else { $aid = $db->insert_query("attachments", $attacharray);	else { $aid = $db->insert_query("attachments", $attacharray);
} if($pid) { update_thread_counters($tid, array("attachmentcount" => "+1"));	if($pid) { update_thread_counters($tid, array("attachmentcount" => "+1")); }
} $ret['aid'] = $aid; return $ret;	} $ret['aid'] = $aid; return $ret;
Zeile 617	Zeile 616
function upload_file($file, $path, $filename="") { global $plugins;	function upload_file($file, $path, $filename="") { global $plugins;

if(empty($file['name']) \|\| $file['name'] == "none" \|\| $file['size'] < 1) { $upload['error'] = 1; return $upload;	if(empty($file['name']) \|\| $file['name'] == "none" \|\| $file['size'] < 1) { $upload['error'] = 1; return $upload;
}	}
if(!$filename) { $filename = $file['name']; }	if(!$filename) { $filename = $file['name']; }

$upload['original_filename'] = preg_replace("#/$#", "", $file['name']); // Make the filename safe	$upload['original_filename'] = preg_replace("#/$#", "", $file['name']); // Make the filename safe
	$upload['original_filename'] = utf8_handle_4byte_string($upload['original_filename']);
$filename = preg_replace("#/$#", "", $filename); // Make the filename safe $moved = @move_uploaded_file($file['tmp_name'], $path."/".$filename);	$filename = preg_replace("#/$#", "", $filename); // Make the filename safe $moved = @move_uploaded_file($file['tmp_name'], $path."/".$filename);

if(!$moved) { $upload['error'] = 2;	if(!$moved) { $upload['error'] = 2;