mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

[ticket/13904] Set visibility in files and improve test coverage

Browse Source 
PHPBB3-13904
This commit is contained in:
Marc Alexander
2015-07-16 12:06:23 +02:00
parent 9e87e5a343
commit 3e99816fa2
5 changed files with 127 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
phpBB/phpbb/files/filespec.php
View File

@@ -22,49 +22,52 @@ use \phpbb\language\language;
class filespec
{
/** @var string File name */
var $filename = '';
protected $filename = '';
/** @var string Real name of file */
var $realname = '';
protected $realname = '';
/** @var string Upload name of file */
var $uploadname = '';
protected $uploadname = '';
/** @var string Mimetype of file */
var $mimetype = '';
protected $mimetype = '';
/** @var string File extension */
var $extension = '';
public $extension = '';
/** @var int File size */
var $filesize = 0;
public $filesize = 0;
/** @var int Width of file */
var $width = 0;
protected $width = 0;
/** @var int Height of file */
var $height = 0;
protected $height = 0;
/** @var array Image info including type and size */
var $image_info = array();
protected $image_info = array();
/** @var string Destination file name */
var $destination_file = '';
protected $destination_file = '';
/** @var string Destination file path */
var $destination_path = '';
protected $destination_path = '';
/** @var bool Whether file was moved */
var $file_moved = false;
public $file_moved = false;
/** @var bool Whether file is local */
var $local = false;
/** @var bool Whether file is local */
public $local = false;
/** @var bool Class initialization flag */
protected $class_initialized = false;
/** @var array Error array */
var $error = array();
public $error = array();
/** @var upload Instance of upload class */
var $upload;
public $upload;
/**
* @var \phpbb\filesystem\filesystem_interface
@@ -98,7 +101,7 @@ class filespec
* @param \phpbb\mimetype\guesser $mimetype_guesser Mime type guesser
* @param \phpbb\plupload\plupload $plupload Plupload
*/
function __construct(\phpbb\filesystem\filesystem_interface $phpbb_filesystem, language $language, $phpbb_root_path, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null)
public function __construct(\phpbb\filesystem\filesystem_interface $phpbb_filesystem, language $language, $phpbb_root_path, \phpbb\mimetype\guesser $mimetype_guesser = null, \phpbb\plupload\plupload $plupload = null)
{
$this->plupload = $plupload;
$this->mimetype_guesser = $mimetype_guesser;
@@ -116,6 +119,12 @@ class filespec
*/
public function set_upload_ary($upload_ary)
{
if (!isset($upload_ary) || !sizeof($upload_ary))
{
return $this;
}
$this->class_initialized = true;
$this->filename = $upload_ary['tmp_name'];
$this->filesize = $upload_ary['size'];
$name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name'];
@@ -165,7 +174,7 @@ class filespec
*/
public function init_error()
{
return !isset($this->filename);
return !$this->class_initialized;
}
/**
@@ -193,7 +202,7 @@ class filespec
*
*@access public
*/
function clean_filename($mode = 'unique', $prefix = '', $user_id = '')
public function clean_filename($mode = 'unique', $prefix = '', $user_id = '')
{
if ($this->init_error())
{
@@ -216,22 +225,21 @@ class filespec
$this->realname = preg_replace("/%(\w{2})/", '_', $this->realname);
$this->realname = $prefix . $this->realname . '.' . $this->extension;
break;
break;
case 'unique':
$this->realname = $prefix . md5(unique_id());
break;
break;
case 'avatar':
$this->extension = strtolower($this->extension);
$this->realname = $prefix . $user_id . '.' . $this->extension;
break;
break;
case 'unique_ext':
default:
$this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
break;
}
}
@@ -242,7 +250,7 @@ class filespec
*
* @return mixed Content of property
*/
function get($property)
public function get($property)
{
if ($this->init_error() || !isset($this->$property))
{
@@ -257,7 +265,7 @@ class filespec
*
* @return bool true if it is an image, false if not
*/
function is_image()
public function is_image()
{
return (strpos($this->mimetype, 'image/') === 0);
}
@@ -267,7 +275,7 @@ class filespec
*
* @return bool true if it is a valid upload, false if not
*/
function is_uploaded()
public function is_uploaded()
{
$is_plupload = $this->plupload && $this->plupload->is_active();
@@ -287,7 +295,7 @@ class filespec
/**
* Remove file
*/
function remove()
public function remove()
{
if ($this->file_moved)
{
@@ -321,7 +329,7 @@ class filespec
* @param string $filename Filename that needs to be checked
* @return string Mime type of supplied filename
*/
function get_mimetype($filename)
public function get_mimetype($filename)
{
if ($this->mimetype_guesser !== null)
{
@@ -343,7 +351,7 @@ class filespec
*
* @return int File size
*/
function get_filesize($filename)
public function get_filesize($filename)
{
return @filesize($filename);
}
@@ -356,7 +364,7 @@ class filespec
*
* @return bool False if disallowed content found, true if not
*/
function check_content($disallowed_content)
public function check_content($disallowed_content)
{
if (empty($disallowed_content))
{
@@ -393,7 +401,7 @@ class filespec
* @return bool True if file was moved, false if not
* @access public
*/
function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false)
public function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false)
{
if (sizeof($this->error))
{
@@ -443,7 +451,7 @@ class filespec
}
}
break;
break;
case 'move':
@@ -455,7 +463,7 @@ class filespec
}
}
break;
break;
case 'local':
@@ -464,7 +472,7 @@ class filespec
$this->error[] = $this->language->lang($this->upload->error_prefix . 'GENERAL_UPLOAD_ERROR', $this->destination_file);
}
break;
break;
}
// Remove temporary filename
@@ -544,7 +552,7 @@ class filespec
*
* @return bool False if issue was found, true if not
*/
function additional_checks()
public function additional_checks()
{
if (!$this->file_moved)
{

40
phpBB/phpbb/files/upload.php
View File

@@ -24,31 +24,31 @@ use \phpbb\request\request_interface;
class upload
{
/** @var array Allowed file extensions */
var $allowed_extensions = array();
public $allowed_extensions = array();
/** @var array Disallowed content */
var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title');
protected $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title');
/** @var int Maximum filesize */
var $max_filesize = 0;
public $max_filesize = 0;
/** @var int Minimum width of images */
var $min_width = 0;
public $min_width = 0;
/** @var int Minimum height of images */
var $min_height = 0;
public $min_height = 0;
/** @var int Maximum width of images */
var $max_width = 0;
public $max_width = 0;
/** @var int Maximum height of images */
var $max_height = 0;
public $max_height = 0;
/** @var string Prefix for language variables of errors */
var $error_prefix = '';
public $error_prefix = '';
/** @var int Timeout for remote upload */
var $upload_timeout = 6;
public $upload_timeout = 6;
/** @var filesystem_interface */
protected $filesystem;
@@ -86,7 +86,7 @@ class upload
/**
* Reset vars
*/
function reset_vars()
public function reset_vars()
{
$this->max_filesize = 0;
$this->min_width = $this->min_height = $this->max_width = $this->max_height = 0;
@@ -102,7 +102,7 @@ class upload
*
* @return \phpbb\files\upload This instance of upload
*/
function set_allowed_extensions($allowed_extensions)
public function set_allowed_extensions($allowed_extensions)
{
if ($allowed_extensions !== false && is_array($allowed_extensions))
{
@@ -122,7 +122,7 @@ class upload
*
* @return \phpbb\files\upload This instance of upload
*/
function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height)
public function set_allowed_dimensions($min_width, $min_height, $max_width, $max_height)
{
$this->min_width = (int) $min_width;
$this->min_height = (int) $min_height;
@@ -139,7 +139,7 @@ class upload
*
* @return \phpbb\files\upload This instance of upload
*/
function set_max_filesize($max_filesize)
public function set_max_filesize($max_filesize)
{
if ($max_filesize !== false && (int) $max_filesize)
{
@@ -156,7 +156,7 @@ class upload
*
* @return \phpbb\files\upload This instance of upload
*/
function set_disallowed_content($disallowed_content)
public function set_disallowed_content($disallowed_content)
{
if ($disallowed_content !== false && is_array($disallowed_content))
{
@@ -173,7 +173,7 @@ class upload
*
* @return \phpbb\files\upload This instance of upload
*/
function set_error_prefix($error_prefix)
public function set_error_prefix($error_prefix)
{
$this->error_prefix = $error_prefix;
@@ -264,7 +264,7 @@ class upload
*
* @param filespec $file Instance of filespec class
*/
function common_checks(&$file)
public function common_checks(&$file)
{
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
@@ -300,7 +300,7 @@ class upload
*
* @return bool True if extension is allowed, false if not
*/
function valid_extension(&$file)
public function valid_extension(&$file)
{
return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false;
}
@@ -313,7 +313,7 @@ class upload
* @return bool True if dimensions are valid or no constraints set, false
* if not
*/
function valid_dimensions(&$file)
public function valid_dimensions(&$file)
{
if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height)
{
@@ -338,7 +338,7 @@ class upload
*
* @return bool True if form upload is valid, false if not
*/
function is_valid($form_name)
public function is_valid($form_name)
{
$upload = $this->request->file($form_name);
@@ -353,7 +353,7 @@ class upload
*
* @return bool True if content is valid, false if not
*/
function valid_content(&$file)
public function valid_content(&$file)
{
return ($file->check_content($this->disallowed_content));
}