1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-10-26 05:06:12 +01:00

Merge pull request #2633 from marc1706/ticket/12755

[ticket/12755] Add timeout to remote upload to prevent infinite loop

* marc1706/ticket/12755:
  [ticket/12755] Apply de morgan to conditional
  [ticket/12755] Terminate upload loop if upload reaches filesize
  [ticket/12755] Change upload in remote_upload() method to fit get_remote_file
  [ticket/12755] Add language string for timed out remote upload
  [ticket/12755] Add timeout to remote upload to prevent infinite loop
This commit is contained in:
Andreas Fischer
2014-06-24 20:59:10 +02:00
3 changed files with 31 additions and 2 deletions

View File

@@ -466,6 +466,9 @@ class fileupload
var $max_height = 0; var $max_height = 0;
var $error_prefix = ''; var $error_prefix = '';
/** @var int Timeout for remote upload */
var $upload_timeout = 6;
/** /**
* Init file upload class. * Init file upload class.
* *
@@ -795,13 +798,28 @@ class fileupload
fputs($fsock, "HOST: " . $host . "\r\n"); fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n"); fputs($fsock, "Connection: close\r\n\r\n");
// Set a proper timeout for the socket
socket_set_timeout($fsock, $this->upload_timeout);
$get_info = false; $get_info = false;
$data = ''; $data = '';
while (!@feof($fsock)) $length = false;
$timer_stop = time() + $this->upload_timeout;
while ((!$length || $filesize < $length) && !@feof($fsock))
{ {
if ($get_info) if ($get_info)
{ {
$block = @fread($fsock, 1024); if ($length)
{
// Don't attempt to read past end of file if server indicated length
$block = @fread($fsock, min($length - $filesize, 1024));
}
else
{
$block = @fread($fsock, 1024);
}
$filesize += strlen($block); $filesize += strlen($block);
if ($remote_max_filesize && $filesize > $remote_max_filesize) if ($remote_max_filesize && $filesize > $remote_max_filesize)
@@ -847,6 +865,15 @@ class fileupload
} }
} }
} }
$stream_meta_data = stream_get_meta_data($fsock);
// Cancel upload if we exceed timeout
if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
{
$file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']);
return $file;
}
} }
@fclose($fsock); @fclose($fsock);

View File

@@ -88,6 +88,7 @@ $lang = array_merge($lang, array(
'AVATAR_PARTIAL_UPLOAD' => 'The specified file was only partially uploaded.', 'AVATAR_PARTIAL_UPLOAD' => 'The specified file was only partially uploaded.',
'AVATAR_PHP_SIZE_NA' => 'The avatars filesize is too large.<br />The maximum allowed filesize set in php.ini could not be determined.', 'AVATAR_PHP_SIZE_NA' => 'The avatars filesize is too large.<br />The maximum allowed filesize set in php.ini could not be determined.',
'AVATAR_PHP_SIZE_OVERRUN' => 'The avatars filesize is too large. The maximum allowed upload size is %1$d %2$s.<br />Please note this is set in php.ini and cannot be overridden.', 'AVATAR_PHP_SIZE_OVERRUN' => 'The avatars filesize is too large. The maximum allowed upload size is %1$d %2$s.<br />Please note this is set in php.ini and cannot be overridden.',
'AVATAR_REMOTE_UPLOAD_TIMEOUT' => 'The specified avatar could not be uploaded because the request timed out.',
'AVATAR_URL_INVALID' => 'The URL you specified is invalid.', 'AVATAR_URL_INVALID' => 'The URL you specified is invalid.',
'AVATAR_URL_NOT_FOUND' => 'The file specified could not be found.', 'AVATAR_URL_NOT_FOUND' => 'The file specified could not be found.',
'AVATAR_WRONG_FILESIZE' => 'The avatars filesize must be between 0 and %1$d %2$s.', 'AVATAR_WRONG_FILESIZE' => 'The avatars filesize must be between 0 and %1$d %2$s.',

View File

@@ -178,6 +178,7 @@ $lang = array_merge($lang, array(
'QUOTE_DEPTH_EXCEEDED' => 'You may embed only %1$d quotes within each other.', 'QUOTE_DEPTH_EXCEEDED' => 'You may embed only %1$d quotes within each other.',
'REMOTE_UPLOAD_TIMEOUT' => 'The specified file could not be uploaded because the request timed out.',
'SAVE' => 'Save', 'SAVE' => 'Save',
'SAVE_DATE' => 'Saved at', 'SAVE_DATE' => 'Saved at',
'SAVE_DRAFT' => 'Save draft', 'SAVE_DRAFT' => 'Save draft',