mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-04-19 20:21:51 +02:00
Code Issues Releases Wiki Activity

Bugtracker #4212 - don't show user email in uploads if hidden

Browse Source
This commit is contained in:
e107steved 2007-11-23 21:52:44 +00:00
parent beb4b8c411
commit 66f20bab1f
2 changed files with 164 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
e107_languages/English/lan_upload.php
View File

@ -4,21 +4,25 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_upload.php,v $
| $Revision: 1.1.1.1 $
| $Date: 2006-12-02 04:34:40 $
| $Author: mcfly_e107 $
| $Revision: 1.2 $
| $Date: 2007-11-23 21:52:44 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
define("PAGE_NAME", "Upload");
define("LAN_20", "Error");
define('LAN_UL_001','Invalid email address');
define('LAN_UL_002', 'You do not have the correct permissions to upload files to this server.'); // LAN_403
define('LAN_UL_020', 'Error');
define('LAN_UL_021', 'Upload Failure');
define("LAN_61", "Your Name: ");
define("LAN_112", "Email Address: ");
define("LAN_144", "Website URL: ");
define("LAN_402", "You must be a registered member to upload files to this server.");
define("LAN_403", "You do not have the correct permissions to upload files to this server.");
define("LAN_404", "Thank you. Your upload will be reviewed by an administrator and posted to the site if appropriate.");
define("LAN_405", "File exceeds specified maximum size limit - deleted.");
//define("LAN_405", "File exceeds specified maximum size limit - deleted.");
define("LAN_406", "Please note");
define("LAN_407", "Any other filetypes uploaded will be instantly deleted.");
define("LAN_408", "Underlined");

234
upload.php
View File

@ -11,79 +11,150 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/upload.php,v $
| $Revision: 1.1.1.1 $
| $Date: 2006-12-02 04:33:10 $
| $Author: mcfly_e107 $
| $Revision: 1.2 $
| $Date: 2007-11-23 21:52:44 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
require_once("class2.php");
if (!$pref['upload_enabled'] || $pref['upload_class'] == 255) {
header("location: ".e_BASE."index.php");
exit;
if (!$pref['upload_enabled'] || $pref['upload_class'] == 255)
{
header("location: ".e_BASE."index.php");
exit;
}
require_once(HEADERF);
if (!defined("USER_WIDTH")){ define("USER_WIDTH","width:97%"); }
if (!check_class($pref['upload_class'])) {
$text = "<div style='text-align:center'>".LAN_403."</div>";
$ns->tablerender(LAN_20, $text);
require_once(FOOTERF);
exit;
if (!check_class($pref['upload_class']))
{
$text = "<div style='text-align:center'>".LAN_UL_002."</div>";
$ns->tablerender(LAN_UL_020, $text);
require_once(FOOTERF);
exit;
}
if (isset($_POST['upload'])) {
if (($_POST['file_email'] || USER == TRUE) && $_POST['file_name'] && $_POST['file_description']) {
require_once(e_HANDLER."upload_handler.php");
$uploaded = file_upload(e_FILE."public/", "unique");
$message = '';
$postemail ='';
if (isset($_POST['upload']))
{
if (($_POST['file_email'] || USER == TRUE) && $_POST['file_name'] && $_POST['file_description'])
{
require_once(e_HANDLER."upload_handler.php");
// $uploaded = file_upload(e_FILE."public/", "unique");
$uploaded = process_uploaded_files(e_FILE."public/", "unique", array('max_file_count' => 2));
$file = $uploaded[0]['name'];
$filetype = $uploaded[0]['type'];
$filesize = $uploaded[0]['size'];
$image = $uploaded[1]['name'];
$imagetype = $uploaded[1]['type'];
if (!$pref['upload_maxfilesize']) {
$pref['upload_maxfilesize'] = ini_get('upload_max_filesize') * 1048576;
}
if ($filesize > $pref['upload_maxfilesize']) {
$message = LAN_405;
} else {
if (is_array($uploaded)) {
$poster = (USER ? USERID.".".USERNAME : "0".$_POST['file_poster']);
$_POST['file_email'] = ($_POST['file_email'] ? $_POST['file_email'] : USEREMAIL);
$_POST['file_description'] = $tp->toDB($_POST['file_description']);
$file_time = time();
$sql->db_Insert("upload", "0, '".$tp -> toDB($poster)."', '".$tp -> toDB(check_email($_POST['file_email']))."', '".$tp -> toDB($_POST['file_website'])."', '".$file_time."', '".$tp -> toDB($_POST['file_name'])."', '".$tp -> toDB($_POST['file_version'])."', '".$file."', '".$image."', '".$tp -> toDB($_POST['file_description'])."', '".$tp -> toDB($_POST['file_demo'])."', '".$filesize."', 0, '".$tp -> toDB($_POST['download_category'])."'");
$edata_fu = array("upload_user" => $poster, "upload_email" => $_POST['file_email'], "upload_name" => $tp -> toDB($_POST['file_name']),"upload_file" => $file, "upload_version" => $_POST['file_version'], "upload_description" => $tp -> toDB($_POST['file_description']), "upload_size" => $filesize, "upload_category" => $tp -> toDB($_POST['download_category']), "upload_website" => $tp -> toDB($_POST['file_website']), "upload_image" => $image, "upload_demo" => $tp -> toDB($_POST['file_demo']), "upload_time" => $file_time);
$e_event->trigger("fileupload", $edata_fu);
$message .= "<br />".LAN_404;
}
}
} else {
require_once(e_HANDLER."message_handler.php");
message_handler("ALERT", 5);
// First, see what errors the upload handler picked up
if ($uploaded === FALSE)
{
$message = LAN_UL_021.'<br />';
}
// Now see if we have a code file
if (count($uploaded) > 0)
{
if ($uploaded[0]['error'] == 0)
{
$file = $uploaded[0]['name'];
$filesize = $uploaded[0]['size'];
}
else
{
$message .= $uploaded[0]['message'].'<br />';
}
}
// Now see if we have an image file
if (count($uploaded) > 1)
{
if ($uploaded[1]['error'] == 0)
{
$image = $uploaded[1]['name'];
}
else
{
$message .= $uploaded[1]['message'].'<br />';
}
}
// The upload handler checks max file size
// $message non-null here indicates an error - delete the files to keep things tidy
if ($message)
{
@unlink($file);
@unlink($image);
}
else
{
if (USER)
{
$qry = "SELECT user_hideemail FROM #user WHERE user_id=".USERID;
if(!$sql->db_Select_gen($qry))
{
echo "Fatal database error!";
exit;
}
$poster = USERID.".".USERNAME;
$row = $sql->db_Fetch();
if ($row['user_hideemail'])
{
$postemail = '-witheld-';
}
else
{
$postemail = USEREMAIL;
}
}
else
{
$poster = "0".$tp -> toDB($_POST['file_poster']);
$postemail = $tp->toDB($_POST['file_email']);
}
if (($postemail != '-witheld-') && !check_email($postemail))
{
$message = LAN_UL_001."<br />";
}
else
{
if ($postemail == '-witheld-') $postemail = '';
$_POST['file_description'] = $tp->toDB($_POST['file_description']);
$file_time = time();
$sql->db_Insert("upload", "0, '".$poster."', '".$postemail."', '".$tp -> toDB($_POST['file_website'])."', '".$file_time."', '".$tp -> toDB($_POST['file_name'])."', '".$tp -> toDB($_POST['file_version'])."', '".$file."', '".$image."', '".$tp -> toDB($_POST['file_description'])."', '".$tp -> toDB($_POST['file_demo'])."', '".$filesize."', 0, '".$tp -> toDB($_POST['download_category'])."'");
$edata_fu = array("upload_user" => $poster, "upload_email" => $postemail, "upload_name" => $tp -> toDB($_POST['file_name']),"upload_file" => $file, "upload_version" => $_POST['file_version'], "upload_description" => $tp -> toDB($_POST['file_description']), "upload_size" => $filesize, "upload_category" => $tp -> toDB($_POST['download_category']), "upload_website" => $tp -> toDB($_POST['file_website']), "upload_image" => $image, "upload_demo" => $tp -> toDB($_POST['file_demo']), "upload_time" => $file_time);
$e_event->trigger("fileupload", $edata_fu);
$message .= "<br />".LAN_404;
}
}
}
else
{ // Error - missing data
require_once(e_HANDLER."message_handler.php");
message_handler("ALERT", 5);
}
}
if (isset($message)) {
$ns->tablerender("", "<div style=\"text-align:center\"><b>".$message."</b></div>");
require_once(FOOTERF);
exit;
if ($message)
{
$ns->tablerender("", "<div style=\"text-align:center\"><b>".$message."</b></div>");
require_once(FOOTERF);
exit;
}
$text = "<div style='text-align:center'>
<form enctype='multipart/form-data' method='post' action='".e_SELF."'>
<table style='".USER_WIDTH."' class='fborder'>
<colspan>
<col style='width:30%' />
<col style='width:70%' />
</colspan>
<tr>
<td style='width:20%' class='forumheader3'>".DOWLAN_11.":</td>
<td style='width:80%' class='forumheader3'>";
<td class='forumheader3'>".DOWLAN_11.":</td>
<td class='forumheader3'>";
require_once(e_FILE."shortcode/batch/download_shortcodes.php");
$dlparm = (isset($download_category)) ? $download_category : "";
@ -99,13 +170,15 @@ $text .= "
$text .= "<b>".LAN_406."</b><br />".LAN_419.":";
if (is_readable(e_ADMIN.'filetypes.php')) {
$a_filetypes = trim(file_get_contents(e_ADMIN.'filetypes.php'));
$a_filetypes = explode(',', $a_filetypes);
foreach ($a_filetypes as $ftype) {
$sa_filetypes[] = '.'.trim(str_replace('.', '', $ftype));
}
$allowed_filetypes = implode(' | ', $sa_filetypes);
if (is_readable(e_ADMIN.'filetypes.php'))
{
$a_filetypes = trim(file_get_contents(e_ADMIN.'filetypes.php'));
$a_filetypes = explode(',', $a_filetypes);
foreach ($a_filetypes as $ftype)
{
$sa_filetypes[] = '.'.trim(str_replace('.', '', $ftype));
}
$allowed_filetypes = implode(' | ', $sa_filetypes);
}
$text .= " ".$allowed_filetypes."<br />".LAN_407."<br />
@ -114,53 +187,54 @@ $text .= " ".$allowed_filetypes."<br />".LAN_407."<br />
$text .= "<span style='text-decoration:underline'>".LAN_408."</span> ".LAN_420."</td>
</tr>";
if (!USER) {
$text .= "<tr>
<td style='width:30%' class='forumheader3'>".LAN_61."</td>
<td style='width:70%' class='forumheader3'><input class='tbox' style='width:90%' name='file_poster' type='text' size='50' maxlength='100' /></td>
</tr>
if (!USER)
{ // Prompt for name, email
$text .= "<tr>
<td class='forumheader3'>".LAN_61."</td>
<td class='forumheader3'><input class='tbox' style='width:90%' name='file_poster' type='text' size='50' maxlength='100' value='{$poster}' /></td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'><span style='text-decoration:underline'>".LAN_112."</span></td>
<td style='width:70%' class='forumheader3'><input class='tbox' style='width:90%' name='file_email' type='text' size='50' maxlength='100' value='".USEREMAIL."' /></td>
</tr>";
<tr>
<td class='forumheader3'><span style='text-decoration:underline'>".LAN_112."</span></td>
<td class='forumheader3'><input class='tbox' style='width:90%' name='file_email' type='text' size='50' maxlength='100' value='".$postemail."' /></td>
</tr>";
}
$text .= "
<tr>
<td style='width:30%' class='forumheader3'><span style='text-decoration:underline'>".LAN_409."</span></td>
<td style='width:70%' class='forumheader3'><input class='tbox' style='width:90%' name='file_name' type='text' size='50' maxlength='100' /></td>
<td class='forumheader3'><span style='text-decoration:underline'>".LAN_409."</span></td>
<td class='forumheader3'><input class='tbox' style='width:90%' name='file_name' type='text' size='50' maxlength='100' /></td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".LAN_410."</td>
<td style='width:70%' class='forumheader3'><input class='tbox' style='width:90%' name='file_version' type='text' size='10' maxlength='10' /></td>
<td class='forumheader3'>".LAN_410."</td>
<td class='forumheader3'><input class='tbox' style='width:90%' name='file_version' type='text' size='10' maxlength='10' /></td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'><span style='text-decoration:underline'>".LAN_411."</span></td>
<td style='width:70%' class='forumheader3'><input class='tbox' style='width:90%' name='file_userfile[]' type='file' size='47' /></td>
<td class='forumheader3'><span style='text-decoration:underline'>".LAN_411."</span></td>
<td class='forumheader3'><input class='tbox' style='width:90%' name='file_userfile[]' type='file' size='47' /></td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".LAN_412."</td>
<td style='width:70%' class='forumheader3'><input class='tbox' style='width:90%' name='file_userfile[]' type='file' size='47' /></td>
<td class='forumheader3'>".LAN_412."</td>
<td class='forumheader3'><input class='tbox' style='width:90%' name='file_userfile[]' type='file' size='47' /></td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'><span style='text-decoration:underline'>".LAN_413."</span></td>
<td style='width:70%' class='forumheader3'><textarea class='tbox' style='width:90%' name='file_description' cols='59' rows='6'></textarea></td>
<td class='forumheader3'><span style='text-decoration:underline'>".LAN_413."</span></td>
<td class='forumheader3'><textarea class='tbox' style='width:90%' name='file_description' cols='59' rows='6'></textarea></td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".LAN_144."</td>
<td style='width:70%' class='forumheader3'><input class='tbox' style='width:90%' name='file_website' type='text' size='50' maxlength='100' value='".(defined(USERURL) ? USERURL : "")."' /></td>
<td class='forumheader3'>".LAN_144."</td>
<td class='forumheader3'><input class='tbox' style='width:90%' name='file_website' type='text' size='50' maxlength='100' value='".(defined(USERURL) ? USERURL : "")."' /></td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".LAN_414."<br /><span class='smalltext'>".LAN_415."</span></td>
<td style='width:70%' class='forumheader3'><input class='tbox' style='width:90%' name='file_demo' type='text' size='50' maxlength='100' /></td>
<td class='forumheader3'>".LAN_414."<br /><span class='smalltext'>".LAN_415."</span></td>
<td class='forumheader3'><input class='tbox' style='width:90%' name='file_demo' type='text' size='50' maxlength='100' /></td>
</tr>
<tr>