mirror of
				https://github.com/phpbb/phpbb.git
				synced 2025-10-26 21:21:32 +01:00 
			
		
		
		
	Merge pull request #2633 from marc1706/ticket/12755
[ticket/12755] Add timeout to remote upload to prevent infinite loop * marc1706/ticket/12755: [ticket/12755] Apply de morgan to conditional [ticket/12755] Terminate upload loop if upload reaches filesize [ticket/12755] Change upload in remote_upload() method to fit get_remote_file [ticket/12755] Add language string for timed out remote upload [ticket/12755] Add timeout to remote upload to prevent infinite loop
This commit is contained in:
		| @@ -466,6 +466,9 @@ class fileupload | ||||
| 	var $max_height = 0; | ||||
| 	var $error_prefix = ''; | ||||
|  | ||||
| 	/** @var int Timeout for remote upload */ | ||||
| 	var $upload_timeout = 6; | ||||
|  | ||||
| 	/** | ||||
| 	* Init file upload class. | ||||
| 	* | ||||
| @@ -795,13 +798,28 @@ class fileupload | ||||
| 		fputs($fsock, "HOST: " . $host . "\r\n"); | ||||
| 		fputs($fsock, "Connection: close\r\n\r\n"); | ||||
|  | ||||
| 		// Set a proper timeout for the socket | ||||
| 		socket_set_timeout($fsock, $this->upload_timeout); | ||||
|  | ||||
| 		$get_info = false; | ||||
| 		$data = ''; | ||||
| 		while (!@feof($fsock)) | ||||
| 		$length = false; | ||||
| 		$timer_stop = time() + $this->upload_timeout; | ||||
|  | ||||
| 		while ((!$length || $filesize < $length) && !@feof($fsock)) | ||||
| 		{ | ||||
| 			if ($get_info) | ||||
| 			{ | ||||
| 				$block = @fread($fsock, 1024); | ||||
| 				if ($length) | ||||
| 				{ | ||||
| 					// Don't attempt to read past end of file if server indicated length | ||||
| 					$block = @fread($fsock, min($length - $filesize, 1024)); | ||||
| 				} | ||||
| 				else | ||||
| 				{ | ||||
| 					$block = @fread($fsock, 1024); | ||||
| 				} | ||||
|  | ||||
| 				$filesize += strlen($block); | ||||
|  | ||||
| 				if ($remote_max_filesize && $filesize > $remote_max_filesize) | ||||
| @@ -847,6 +865,15 @@ class fileupload | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
|  | ||||
| 			$stream_meta_data = stream_get_meta_data($fsock); | ||||
|  | ||||
| 			// Cancel upload if we exceed timeout | ||||
| 			if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) | ||||
| 			{ | ||||
| 				$file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']); | ||||
| 				return $file; | ||||
| 			} | ||||
| 		} | ||||
| 		@fclose($fsock); | ||||
|  | ||||
|   | ||||
| @@ -88,6 +88,7 @@ $lang = array_merge($lang, array( | ||||
| 	'AVATAR_PARTIAL_UPLOAD'			=> 'The specified file was only partially uploaded.', | ||||
| 	'AVATAR_PHP_SIZE_NA'			=> 'The avatar’s filesize is too large.<br />The maximum allowed filesize set in php.ini could not be determined.', | ||||
| 	'AVATAR_PHP_SIZE_OVERRUN'		=> 'The avatar’s filesize is too large. The maximum allowed upload size is %1$d %2$s.<br />Please note this is set in php.ini and cannot be overridden.', | ||||
| 	'AVATAR_REMOTE_UPLOAD_TIMEOUT'		=> 'The specified avatar could not be uploaded because the request timed out.', | ||||
| 	'AVATAR_URL_INVALID'			=> 'The URL you specified is invalid.', | ||||
| 	'AVATAR_URL_NOT_FOUND'			=> 'The file specified could not be found.', | ||||
| 	'AVATAR_WRONG_FILESIZE'			=> 'The avatar’s filesize must be between 0 and %1$d %2$s.', | ||||
|   | ||||
| @@ -178,6 +178,7 @@ $lang = array_merge($lang, array( | ||||
|  | ||||
| 	'QUOTE_DEPTH_EXCEEDED'		=> 'You may embed only %1$d quotes within each other.', | ||||
|  | ||||
| 	'REMOTE_UPLOAD_TIMEOUT'		=> 'The specified file could not be uploaded because the request timed out.', | ||||
| 	'SAVE'						=> 'Save', | ||||
| 	'SAVE_DATE'					=> 'Saved at', | ||||
| 	'SAVE_DRAFT'				=> 'Save draft', | ||||
|   | ||||
		Reference in New Issue
	
	Block a user