mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-06 22:57:14 +02:00
Code Issues Releases Wiki Activity

Browse Source
This commit is contained in:
CaMer0n
2011-05-03 22:11:03 +00:00
parent 97c15bc904
commit 0969c5cd42
3 changed files with 108 additions and 292 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
e107_core/shortcodes/single/uploadfile.php
View File

@@ -107,7 +107,9 @@ function uploadfile_shortcode($parm)
'return_type' => 'message',
), $parms);
// PROCESS UPLOADED FILES
// Processing is done by Media Manager.
/* // PROCESS UPLOADED FILES
if($parms['process'])
{
e107_require_once(e_HANDLER.'upload_handler.php');
@@ -122,7 +124,7 @@ function uploadfile_shortcode($parm)
'overwrite' => $parms['upload_overwrite'] ? true : false,
);
$uploaded = process_uploaded_files($path, false, $options);
// $uploaded = process_uploaded_files($path, false, $options);
if($uploaded)
{
$emessage = e107::getMessage();
@@ -134,7 +136,7 @@ function uploadfile_shortcode($parm)
}
return($parms['return_type'] == 'result' ? $uploaded : '');
}
*/
// RENDER FORM
$onclickt = !isset($parms['nowarn']) ? " onclick=\"return jsconfirm('".LAN_UPLOAD_CONFIRM."')\"" : '';
$onclickd = " onclick=\"duplicateHTML('{$parms['up_row']}','{$parms['up_container']}');\"";
@@ -144,8 +146,12 @@ function uploadfile_shortcode($parm)
<!-- Upload Shortcode -->
<div>
<div class='field-spacer'>
<button class='action duplicate' type='button' value='no-value'{$onclickd}><span>".LAN_UPLOAD_ADDFILE."</span></button>
<button class='upload' type='submit' name='{$parms['trigger']}' value='no-value'{$onclickt}><span>".LAN_UPLOAD_FILES."</span></button>
<button class='action duplicate' type='button' value='no-value'{$onclickd}><span>".LAN_UPLOAD_ADDFILE."</span></button>";
// Media Manager does the submit, not the shortcode.
// $text .= "<button class='upload' type='submit' name='{$parms['trigger']}' value='no-value'{$onclickt}><span>".LAN_UPLOAD_FILES."</span></button>";
$text .= "
</div>
<div id='{$parms['up_container']}'>
<div id='{$parms['up_row']}' class='nowrap'>

353
e107_handlers/e107_class.php
View File

@@ -49,8 +49,7 @@ class e107
public $_ip_cache;
public $_host_name_cache;
public $site_theme; // class2 -> check valid theme
public $http_theme_dir; // class2 -> check valid theme
public $site_theme;
/**
* Contains reference to global $_E107 array
@@ -145,7 +144,6 @@ class e107
'e107_user_extended' => '{e_HANDLER}user_extended_class.php',
'e107plugin' => '{e_HANDLER}plugin_class.php',
'eURL' => '{e_HANDLER}e107Url.php',
'e_core_session' => '{e_HANDLER}session_handler.php',
'e_admin_controller' => '{e_HANDLER}admin_ui.php',
'e_admin_controller_ui' => '{e_HANDLER}admin_ui.php',
'e_admin_dispatcher' => '{e_HANDLER}admin_ui.php',
@@ -164,7 +162,6 @@ class e107
'e_model' => '{e_HANDLER}model_class.php',
'e_news_item' => '{e_HANDLER}news_class.php',
'e_news_tree' => '{e_HANDLER}news_class.php',
'e_object' => '{e_HANDLER}model_class.php',
'e_online' => '{e_HANDLER}online_class.php',
'e_parse' => '{e_HANDLER}e_parse_class.php',
'e_parse_shortcode' => '{e_HANDLER}shortcode_handler.php',
@@ -177,7 +174,7 @@ class e107
'e_user_extended_structure_tree' => '{e_HANDLER}user_model.php',
'e_userperms' => '{e_HANDLER}user_handler.php',
'e_validator' => '{e_HANDLER}validator_class.php',
'e_vars' => '{e_HANDLER}model_class.php',
'e_vars' => '{e_HANDLER}e_parse_class.php',
'ecache' => '{e_HANDLER}cache_handler.php',
'news' => '{e_HANDLER}news_class.php',
'notify' => '{e_HANDLER}notify_class.php',
@@ -250,37 +247,7 @@ class e107
*/
public function initCore($e107_paths, $e107_root_path, $e107_config_mysql_info, $e107_config_override = array())
{
return $this->_init($e107_paths, $e107_root_path, $e107_config_mysql_info, $e107_config_override);
}
/**
* Initialize environment path constants while installing e107
*
* @return e107
*/
public function initInstall($e107_paths, $e107_root_path, $e107_config_override = array())
{
// Do some security checks/cleanup, prepare the environment
$this->prepare_request();
// folder info
//$this->e107_dirs = $e107_paths;
$this->setDirs($e107_paths, $e107_config_override);
// build all paths
$this->set_paths();
$this->file_path = $this->fix_windows_paths($e107_root_path)."/";
// set base path, SSL is auto-detected
$this->set_base_path();
// cleanup QUERY_STRING and friends, set related constants
$this->set_request();
// set some core URLs (e_LOGIN/SIGNUP)
$this->set_urls();
return $this;
return $this->_init($e107_paths, $e107_root_path, $e107_config_mysql_info, $e107_config_override = array());
}
/**
@@ -312,11 +279,13 @@ class e107
// set base path, SSL is auto-detected
$this->set_base_path();
// cleanup QUERY_STRING and friends, set related constants
$this->set_request();
// set some core URLs (e_LOGIN/SIGNUP)
$this->set_urls();
// cleanup QUERY_STRING and friends, set related constants
$this->set_request();
}
return $this;
@@ -341,9 +310,7 @@ class e107
*/
public function setDirs($e107_dirs, $e107_config_override = array())
{
$override = array_merge((array) $e107_dirs, (array) $e107_config_override);
// override all
$this->e107_dirs = array_merge($this->defaultDirs($override), $override);
$this->e107_dirs = array_merge($this->defaultDirs($e107_dirs), (array) $e107_dirs, (array) $e107_config_override);
return $this;
}
@@ -369,7 +336,7 @@ class e107
'SYSTEM_DIRECTORY' => 'e107_system/',
'CORE_DIRECTORY' => 'e107_core/',
'WEB_DIRECTORY' => 'e107_web/',
), (array) $override_root);
), $override_root);
if($return_root) return $ret;
@@ -400,6 +367,36 @@ class e107
return $ret;
}
/**
* Initialize environment path constants while installing e107
*
* @return e107
*/
public function initInstall($e107_paths, $e107_root_path, $e107_config_override = array())
{
// Do some security checks/cleanup, prepare the environment
$this->prepare_request();
// folder info
//$this->e107_dirs = $e107_paths;
$this->setDirs($e107_paths, $e107_config_override);
// build all paths
$this->set_paths();
$this->file_path = $this->fix_windows_paths($e107_root_path)."/";
// set base path, SSL is auto-detected
$this->set_base_path();
// set some core URLs (e_LOGIN/SIGNUP)
$this->set_urls();
// cleanup QUERY_STRING and friends, set related constants
$this->set_request();
return $this;
}
/**
* Set mysql data
*
@@ -487,8 +484,7 @@ class e107
function getFolder($for)
{
$key = strtoupper($for).'_DIRECTORY';
$self = self::getInstance();
return (isset($self->e107_dirs[$key]) ? $self->e107_dirs[$key] : '');
return (isset($this->e107_dirs[$key]) ? $this->e107_dirs[$key] : '');
}
/**
@@ -748,12 +744,12 @@ class e107
* @param string $name core|core_backup|emote|menu|search|notify|ipool
* @return e_core_pref
*/
public static function getConfig($name = 'core', $load = true)
public static function getConfig($name = 'core')
{
if(!isset(self::$_core_config_arr[$name]))
{
e107_require_once(e_HANDLER.'pref_class.php');
self::$_core_config_arr[$name] = new e_core_pref($name, $load);
self::$_core_config_arr[$name] = new e_core_pref($name, true);
}
return self::$_core_config_arr[$name];
@@ -953,28 +949,11 @@ class e107
*
* @return UserHandler
*/
public static function getUserSession()
public static function getSession()
{
return self::getSingleton('UserHandler', true);
}
/**
* Retrieve core session singleton object(s)
*
* @return e_core_session
*/
public static function getSession($namespace = null)
{
$id = 'core/e107/session/'.(null === $namespace ? 'e107' : $namespace);
if(self::getRegistry($id))
{
return self::getRegistry($id);
}
$session = self::getObject('e_core_session', array('namespace' => $namespace), true);
self::setRegistry($id, $session);
return $session;
}
/**
* Retrieve redirection singleton object
*
@@ -988,7 +967,7 @@ class e107
/**
* Retrieve sitelinks singleton object
*
* @return sitelinks
* @return user_class
*/
public static function getSitelinks()
{
@@ -1116,7 +1095,7 @@ class e107
{
return self::getSingleton('notify', true);
}
/**
* Retrieve Language handler singleton object
*
@@ -1221,7 +1200,7 @@ class e107
/**
* Retrieve online users handler singleton object
* @return e_ranks
* @return e_online
*/
public static function getRank()
{
@@ -1708,76 +1687,6 @@ class e107
return (isset($ret)) ? $ret : "";
}
/**
* Simplify importing of core Language files.
* All inputs are sanitized.
* Core Exceptions as e_LANGUAGE.'.php' and e_LANGUAGE.'_custom.php' are manually loaded. (see class2.php)
*
* Examples:
* <code><?php
* // import defeinitions from /e107_languages/[CurrentLanguage]/lan_comment.php</code>
* e107::coreLan('comment');
*
* // import defeinitions from /e107_languages/[CurrentLanguage]/admin/lan_banlist.php
* e107::coreLan('banlist', true);
* </code>
*
* @param string $fname filename without the extension part (e.g. 'comment')
* @param boolean $admin true if it's an administration language file
* @return void
*/
public static function coreLan($fname, $admin = false)
{
$cstring = 'corelan/'.e_LANGUAGE.'_'.$fname.($admin ? '_admin' : '_front');
if(e107::getRegistry($cstring)) return;
$fname = ($admin ? 'admin/' : '').'lan_'.preg_replace('/[^\w]/', '', $fname).'.php';
$path = e_LANGUAGEDIR.e_LANGUAGE.'/'.$fname;
e107::setRegistry($cstring, true);
self::includeLan($path, false);
}
/**
* Simplify importing of plugin Language files (following e107 plugin structure standards).
* All inputs are sanitized.
*
* Examples:
* <code><?php
* // import defeinitions from /e107_plugins/forum/languages/[CurrentLanguage]/lan_forum.php</code>
* e107::plugLan('forum', 'lan_forum');
*
* // import defeinitions from /e107_plugins/featurebox/languages/[CurrentLanguage]_admin_featurebox.php</code>
* e107::plugLan('featurebox', 'admin_featurebox', true);
*
* // import defeinitions from /e107_plugins/myplug/languages/[CurrentLanguage].php
* e107::plugLan('myplug');
*
* // import defeinitions from /e107_plugins/myplug/languages/[CurrentLanguage].php
* e107::plugLan('myplug', 'admin/common');
* </code>
*
* @param string $plugin plugin name
* @param string $fname filename without the extension part (e.g. 'common')
* @param boolean $flat false (default, preferred) Language folder structure; true - prepend Language to file name
* @return void
*/
public static function plugLan($plugin, $fname = '', $flat = false)
{
$cstring = 'pluglan/'.e_LANGUAGE.'_'.$plugin.'_'.$fname.($flat ? '_1' : '_0');
if(e107::getRegistry($cstring)) return;
$plugin = preg_replace('/[^\w]/', '', $plugin);
if($fname) $fname = e_LANGUAGE.($flat ? '_' : '/').preg_replace('#[^\w/]#', '', $fname);
else $fname = e_LANGUAGE;
$path = e_PLUGIN.$plugin.'/languages/'.$fname.'.php';
e107::setRegistry($cstring, true);
self::includeLan($path, false);
}
/**
* Routine looks in standard paths for language files associated with a plugin or
* theme - primarily for core routines, which won't know for sure where the author has put them.
@@ -1850,19 +1759,10 @@ class e107
/**
* Prepare e107 environment
* This is done before e107_dirs initilization and [TODO] config include
* @param bool $checkS basic security check (0.7 like), will be extended in the future
* @return e107
*/
public function prepare_request($checkS = true)
public function prepare_request()
{
// Block common bad agents / queries / php issues.
array_walk($_SERVER, array('self', 'filter_request'), '_SERVER');
if (isset($_GET)) array_walk($_GET, array('self', 'filter_request'), '_GET');
if (isset($_POST)) array_walk($_POST, array('self', 'filter_request'), '_POST');
if (isset($_COOKIE)) array_walk($_COOKIE, array('self', 'filter_request'), '_COOKIE');
if (isset($_REQUEST)) array_walk($_REQUEST, array('self', 'filter_request'), '_REQUEST');
// TODO - better ajax detection method (headers when possible)
define('e_AJAX_REQUEST', isset($_REQUEST['ajax_used']));
unset($_REQUEST['ajax_used']); // removed because it's auto-appended from JS (AJAX), could break something...
@@ -1892,7 +1792,6 @@ class e107
// remove ajax_used=1 from query string to avoid SELF problems, ajax should always be detected via e_AJAX_REQUEST constant
$_SERVER['QUERY_STRING'] = trim(str_replace(array('ajax_used=1', '&&'), array('', '&'), $_SERVER['QUERY_STRING']), '&');
/* PathInfo doesn't break anything, URLs should be always absolute. Disabling the below forever.
// e107 uses relative url's, which are broken by "pretty" URL's. So for now we don't support / after .php
if(($pos = strpos($_SERVER['PHP_SELF'], '.php/')) !== false) // redirect bad URLs to the correct one.
{
@@ -1901,10 +1800,8 @@ class e107
header('Location: '.$new_loc);
exit();
}
*/
// If url contains a .php in it, PHP_SELF is set wrong (imho), affecting all paths. We need to 'fix' it if it does.
$_SERVER['PHP_SELF'] = (($pos = stripos($_SERVER['PHP_SELF'], '.php')) !== false ? substr($_SERVER['PHP_SELF'], 0, $pos+4) : $_SERVER['PHP_SELF']);
$_SERVER['PHP_SELF'] = (($pos = strpos($_SERVER['PHP_SELF'], '.php')) !== false ? substr($_SERVER['PHP_SELF'], 0, $pos+4) : $_SERVER['PHP_SELF']);
// setup some php options
e107::ini_set('magic_quotes_runtime', 0);
@@ -1919,48 +1816,13 @@ class e107
{
array_unshift($inc_path, '.');
$inc_path = implode(PATH_SEPARATOR, $inc_path);
e107::ini_set('include_path', $inc_path);
e107_ini_set('include_path', $inc_path);
}
unset($inc_path);
return $this;
}
/**
* Filter User Input - used by array_walk in prepare_request method above.
* @param string $input array value
* @param string $key array key
* @param string $type array type _SESSION, _GET etc.
* @return
*/
public static function filter_request($input,$key,$type)
{
if (is_array($input))
{
return array_walk($input, array('self', 'filter_request'), $type);
}
if($type == "_SERVER")
{
if(($key == "QUERY_STRING") && strpos(strtolower($input),"=http")!==FALSE)
{
exit();
}
if(($key == "HTTP_USER_AGENT") && strpos($input,"libwww-perl")!==FALSE)
{
exit();
}
}
if(strpos(str_replace('.', '', $input), '22250738585072011') !== FALSE) // php-bug 53632
{
exit();
}
}
/**
* Set base system path
* @return e107
@@ -2226,87 +2088,24 @@ class e107
* 3. any plugin file in a folder called admin/
* 4. any file that specifies $eplug_admin = TRUE; or ADMIN_AREA = TRUE;
* NOTE: USER_AREA = true; will force e_ADMIN_AREA to FALSE
*
* @param boolean $no_cbrace remove curly brackets from the url
* @return e107
*/
public function set_urls($no_cbrace = true)
public function set_urls()
{
//global $PLUGINS_DIRECTORY,$ADMIN_DIRECTORY, $eplug_admin;
$PLUGINS_DIRECTORY = $this->getFolder('plugins');
$ADMIN_DIRECTORY = $this->getFolder('admin');
// Outdated
/*$requestQry = '';
$requestUrl = $_SERVER['REQUEST_URI'];
if(strpos($_SERVER['REQUEST_URI'], '?') !== FALSE)
list($requestUrl, $requestQry) = explode("?", $_SERVER['REQUEST_URI'], 2); */
$eplug_admin = vartrue($GLOBALS['eplug_admin'], false);
$page = substr(strrchr($_SERVER['PHP_SELF'], '/'), 1);
define('e_PAGE', $page);
define('e_SELF', $this->HTTP_SCHEME . '://' . $_SERVER['HTTP_HOST'] . ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_FILENAME']));
// Leave e_SELF BC, use e_REQUEST_SELF instead
/*// moved after page check - e_PAGE is important for BC
if($requestUrl && $requestUrl != $_SERVER['PHP_SELF'])
{
$_SERVER['PHP_SELF'] = $requestUrl;
}*/
define('e_SIGNUP', e_BASE.(file_exists(e_BASE.'customsignup.php') ? 'customsignup.php' : 'signup.php'));
define('e_LOGIN', e_BASE.(file_exists(e_BASE.'customlogin.php') ? 'customlogin.php' : 'login.php'));
$eSelf = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_FILENAME'];
define('e_SELF', $this->HTTP_SCHEME.'://'.$_SERVER['HTTP_HOST'].$eSelf);
// START New - request uri/url detection, XSS protection
$requestUri = $requestUrl = '';
if (isset($_SERVER['HTTP_X_REWRITE_URL']))
{
// check this first so IIS will catch
$requestUri = $_SERVER['HTTP_X_REWRITE_URL'];
$requestUrl = $this->HTTP_SCHEME.'://'.$_SERVER['HTTP_HOST'].$requestUri;
// fix request uri
$_SERVER['REQUEST_URI'] = $requestUri;
}
elseif (isset($_SERVER['REQUEST_URI']))
{
$requestUri = $_SERVER['REQUEST_URI'];
$requestUrl = $this->HTTP_SCHEME.'://'.$_SERVER['HTTP_HOST'].$requestUri;
}
else
{
// go back to e_SELF
$requestUri = $eSelf;
$requestUrl = e_SELF;
if (e_QUERY)
{
$requestUri .= '?'.e_QUERY;
$requestUrl .= '?'.e_QUERY;
}
}
// FIXME - basic security - add url sanitize method to e_parse
$check = rawurldecode($requestUri); // urlencoded by default
// a bit aggressive XSS protection... convert to e.g. htmlentities if you are not a bad guy
$checkregx = $no_cbrace ? '[<>\{\}]' : '[<>]';
if(preg_match('/'.$checkregx.'/', $check))
{
header('HTTP/1.1 403 Forbidden');
exit;
}
// e_MENU fix
if(e_MENU)
{
str_replace('['.e_MENU.']', '', $requestUri);
str_replace('['.e_MENU.']', '', $requestUrl);
}
// the last anti-XSS measure, XHTML compliant URL to be used in forms instead e_SELF
define('e_REQUEST_URL', str_replace(array("'", '"'), array('%27', '%22'), $requestUrl)); // full request url string (including domain)
define('e_REQUEST_SELF', array_shift(explode('?', e_REQUEST_URL))); // full URL without the QUERY string
define('e_REQUEST_URI', str_replace(array("'", '"'), array('%27', '%22'), $requestUri)); // absolute http path + query string
define('e_REQUEST_HTTP', array_shift(explode('?', e_REQUEST_URI))); // SELF URL without the QUERY string and leading domain part
unset($requestUrl, $requestUri);
// END request uri/url detection, XSS protection
// e_SELF has the full HTML path
$inAdminDir = FALSE;
@@ -2344,19 +2143,14 @@ class e107
define('SITEURLBASE', $this->HTTP_SCHEME.'://'.$_SERVER['HTTP_HOST']);
define('SITEURL', SITEURLBASE.e_HTTP);
// login/signup
define('e_SIGNUP', SITEURL.(file_exists(e_BASE.'customsignup.php') ? 'customsignup.php' : 'signup.php'));
define('e_LOGIN', SITEURL.(file_exists(e_BASE.'customlogin.php') ? 'customlogin.php' : 'login.php'));
return $this;
}
/**
* Set request related constants
* @param boolean $no_cbrace remove curly brackets from the url
* @return e107
*/
public function set_request($no_cbrace = true)
public function set_request()
{
$inArray = array("'", ';', '/**/', '/UNION/', '/SELECT/', 'AS ');
@@ -2371,7 +2165,7 @@ class e107
}
}
if (strpos($_SERVER['QUERY_STRING'], ']') && preg_match('#\[(.*?)](.*)#', $_SERVER['QUERY_STRING'], $matches))
if (strpos($_SERVER['QUERY_STRING'], ']') && preg_match("#\[(.*?)](.*)#", $_SERVER['QUERY_STRING'], $matches))
{
define('e_MENU', $matches[1]);
$e_QUERY = $matches[2];
@@ -2382,7 +2176,6 @@ class e107
$e_QUERY = $_SERVER['QUERY_STRING'];
}
if ($no_cbrace) $e_QUERY = str_replace(array('{', '}', '%7B', '%7b', '%7D', '%7d'), '', rawurldecode($e_QUERY));
$e_QUERY = str_replace("&","&amp;", self::getParser()->post_toForm($e_QUERY));
define('e_QUERY', $e_QUERY);
@@ -2565,23 +2358,29 @@ class e107
{
if(!$this->_ip_cache)
{
$ip=$_SERVER['REMOTE_ADDR'];
if (getenv('HTTP_X_FORWARDED_FOR'))
if(getenv('HTTP_X_FORWARDED_FOR'))
{
if (preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/', getenv('HTTP_X_FORWARDED_FOR'), $ip3))
$ip = $_SERVER['REMOTE_ADDR'];
$ip3 = array();
if(preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/', getenv('HTTP_X_FORWARDED_FOR'), $ip3))
{
$ip2 = array('#^0\..*#',
'#^127\..*#', // Local loopbacks
'#^192\.168\..*#', // RFC1918 - Private Network
'#^172\.(?:1[6789]|2\d|3[01])\..*#', // RFC1918 - Private network
'#^10\..*#', // RFC1918 - Private Network
'#^169\.254\..*#', // RFC3330 - Link-local, auto-DHCP
'#^2(?:2[456789]|[345][0-9])\..*#' // Single check for Class D and Class E
);
$ip = preg_replace($ip2, $ip3[1], $ip);
$ip2 = array(
'#^0\..*#' , '#^127\..*#' , // Local loopbacks
'#^192\.168\..*#' , // RFC1918 - Private Network
'#^172\.(?:1[6789]|2\d|3[01])\..*#' , // RFC1918 - Private network
'#^10\..*#' , // RFC1918 - Private Network
'#^169\.254\..*#' , // RFC3330 - Link-local, auto-DHCP
'#^2(?:2[456789]|[345][0-9])\..*#'
); // Single check for Class D and Class E
$ip = preg_replace($ip2, $ip, $ip3[1]);
}
}
if ($ip == "")
else
{
$ip = $_SERVER['REMOTE_ADDR'];
}
if($ip == "")
{
$ip = "x.x.x.x";
}

31
submitnews.php
View File

@@ -68,21 +68,28 @@ if (isset($_POST['submitnews_submit']) && $_POST['submitnews_title'] && $_POST['
$submitnews_error = TRUE;
$message = SUBNEWSLAN_8;
}
elseif (varset($uploaded[0]['error'],0) != 0)
else
{
$submitnews_filearray = array();
foreach($uploaded as $c=>$v)
{
if (varset($uploaded[$c]['error'],0) != 0)
{
$submitnews_error = TRUE;
$message = handle_upload_messages($uploaded);
}
else
{
if (isset($uploaded[0]['name']) && isset($uploaded[0]['type']) && isset($uploaded[0]['size']))
if (isset($uploaded[$c]['name']) && isset($uploaded[$c]['type']) && isset($uploaded[$c]['size']))
{
$filename = $uploaded[0]['name'];
$filetype = $uploaded[0]['type'];
$filesize = $uploaded[0]['size'];
$filename = $uploaded[$c]['name'];
$filetype = $uploaded[$c]['type'];
$filesize = $uploaded[$c]['size'];
$fileext = substr(strrchr($filename, "."), 1);
$today = getdate();
$submitnews_file = USERID."_".$today[0]."_".str_replace(" ", "_", substr($submitnews_title, 0, 6)).".".$fileext;
$submitnews_file = USERID."_".$today[0]."_".$c."_".str_replace(" ", "_", substr($submitnews_title, 0, 6)).".".$fileext;
if (is_numeric($pref['subnews_resize']) && ($pref['subnews_resize'] > 30) && ($pref['subnews_resize'] < 5000))
{
require_once(e_HANDLER.'resize_handler.php');
@@ -99,16 +106,20 @@ if (isset($_POST['submitnews_submit']) && $_POST['submitnews_title'] && $_POST['
}
}
if ($filename && !file_exists(e_IMAGE."newspost_images/".$submitnews_file))
if ($filename && file_exists(e_IMAGE."newspost_images/".$submitnews_file))
{
$submitnews_file = "";
$submitnews_filearray[] = $submitnews_file;
}
}
}
}
if ($submitnews_error === FALSE)
{
$sql->db_Insert("submitnews", "0, '$submitnews_user', '$submitnews_email', '$submitnews_title', '".intval($_POST['cat_id'])."', '$submitnews_item', '".time()."', '$ip', '0', '$submitnews_file' ");
$edata_sn = array("user" => $submitnews_user, "email" => $submitnews_email, "itemtitle" => $submitnews_title, "catid" => intval($_POST['cat_id']), "item" => $submitnews_item, "ip" => $ip, "newname" => $submitnews_file);
$edata_sn = array("user" => $submitnews_user, "email" => $submitnews_email, "itemtitle" => $submitnews_title, "catid" => intval($_POST['cat_id']), "item" => $submitnews_item, "image" => $submitnews_file, "ip" => $ip);
$e_event->trigger("subnews", $edata_sn);
$ns->tablerender(LAN_133, "<div style='text-align:center'>".LAN_134."</div>");
require_once(FOOTERF);
@@ -215,7 +226,7 @@ if ($pref['subnews_attach'] && $pref['upload_enabled'] && check_class($pref['upl
<tr>
<td style='width:20%' class='forumheader3'>".SUBNEWSLAN_5."<br /><span class='smalltext'>".SUBNEWSLAN_6."</span></td>
<td style='width:80%' class='forumheader3'>
<input class='tbox' type='file' name='file_userfile[]' style='width:90%' />
<input class='tbox' type='file' name='file_userfile[]' style='width:90%' multiple='multiple' />
</td>
</tr>";
}