1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-05 16:27:38 +02:00

Prepare to be yelled at and brace for the tide of bug reports: I had hoped we would not have to do this, but it seems that we have to.

-Route all avatar downloads through download.php - adrien
-Change the way inline attachments are delivered
-Fixes a few (unreported) bugs, notably avatar upload during group generation
-#10079


git-svn-id: file:///svn/phpbb/trunk@7429 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
2007-04-30 10:46:17 +00:00
parent dc747b8d99
commit 42251d008c
19 changed files with 443 additions and 43 deletions

View File

@@ -983,7 +983,7 @@ class acp_attachments
'PHYSICAL_FILENAME' => basename($row['physical_filename']),
'ATTACH_ID' => $row['attach_id'],
'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
'U_FILE' => append_sid($phpbb_root_path . 'download.' . $phpEx, 'id=' . $row['attach_id']))
'U_FILE' => append_sid($phpbb_root_path . 'download.' . $phpEx, 'mode=view&id=' . $row['attach_id']))
);
}
$db->sql_freeresult($result);

View File

@@ -355,7 +355,7 @@ class acp_groups
}
}
if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar'])) || $delete)
if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']))) || $delete)
{
if (isset($group_row['group_avatar']) && $group_row['group_avatar'])
{

View File

@@ -1620,7 +1620,7 @@ class acp_users
'S_IN_MESSAGE' => $row['in_message'],
'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']),
'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&id=' . $row['attach_id']),
'U_VIEW_TOPIC' => $view_topic)
);
}

View File

@@ -2878,16 +2878,18 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . (int) $forum_id);
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . (int) $forum_id . '&mode=view');
switch ($display_cat)
{
// Images
case ATTACHMENT_CATEGORY_IMAGE:
$l_downloaded_viewed = 'VIEWED_COUNT';
$inline_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . (int) $forum_id);
$block_array += array(
'S_IMAGE' => true,
'U_INLINE_LINK' => $inline_link,
);
$update_count[] = $attachment['attach_id'];

View File

@@ -630,7 +630,10 @@ function import_smiley($source, $use_target = false)
return $result['target'];
}
function import_avatar($source, $use_target = false)
/*
*
*/
function import_avatar($source, $use_target = false, $user_id = false)
{
if (empty($source) || preg_match('#^https?:#i', $source) || preg_match('#blank\.(gif|png)$#i', $source))
{
@@ -643,9 +646,15 @@ function import_avatar($source, $use_target = false)
{
$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_AVATAR_PATH'], 'import_avatar()'), __LINE__, __FILE__);
}
if ($use_target === false && $user_id !== false)
{
$use_target = $config['avatar_salt'] . '_' . $user_id . '.' . substr(strrchr($source, '.'), 1);
}
$result = _import_check('avatar_path', $source, $use_target);
return $result['target'];
return ((!empty($user_id)) ? $user_id : $use_target) . '.' . substr(strrchr($source, '.'), 1);
}
/**

View File

@@ -1117,7 +1117,7 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
*/
function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $alt = 'USER_AVATAR')
{
global $user, $config, $phpbb_root_path;
global $user, $config, $phpbb_root_path, $phpEx;
if (empty($avatar) || !$avatar_type)
{
@@ -1129,7 +1129,7 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
switch ($avatar_type)
{
case AVATAR_UPLOAD:
$avatar_img = $phpbb_root_path . $config['avatar_path'] . '/';
$avatar_img = $phpbb_root_path . "download.$phpEx?avatar=";
break;
case AVATAR_GALLERY:

View File

@@ -745,7 +745,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data)
$hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />';
}
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false);
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&amp;id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false);
$template->assign_block_vars('attach_row', array(
'FILENAME' => basename($attach_row['real_filename']),

View File

@@ -81,7 +81,7 @@ class filespec
* @param string $prefix Prefix applied to filename
* @access public
*/
function clean_filename($mode = 'unique', $prefix = '')
function clean_filename($mode = 'unique', $prefix = '', $user_id = '')
{
if ($this->init_error)
{
@@ -110,6 +110,10 @@ class filespec
$this->realname = $prefix . md5(unique_id());
break;
case 'avatar':
$this->realname = $prefix . $user_id . '.' . $this->extension;
break;
case 'unique_ext':
default:
$this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;

View File

@@ -1489,6 +1489,8 @@ function validate_email($email, $allowed_email = false)
return false;
}
/**
* Remove avatar
*/
@@ -1499,15 +1501,16 @@ function avatar_delete($mode, $row)
// Check if the users avatar is actually *not* a group avatar
if ($mode == 'user')
{
if (strpos($row['user_avatar'], 'g' . $row['group_id'] . '_') === 0 || strpos($row['user_avatar'], $row['user_id'] . '_') !== 0)
if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))
{
return false;
}
}
if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar'])))
$filename = get_avatar_filename($row[$mode . '_avatar']);
if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))
{
@unlink($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar']));
@unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);
return true;
}
@@ -1612,8 +1615,9 @@ function avatar_upload($data, &$error)
{
$file = $upload->remote_upload($data['uploadurl']);
}
$file->clean_filename('real', $data['user_id'] . '_');
$prefix = $config['avatar_salt'] . '_';
$file->clean_filename('avatar', $prefix, $data['user_id']);
$destination = $config['avatar_path'];
@@ -1638,7 +1642,29 @@ function avatar_upload($data, &$error)
$error = array_merge($error, $file->error);
}
return array(AVATAR_UPLOAD, $file->get('realname'), $file->get('width'), $file->get('height'));
return array(AVATAR_UPLOAD, $data['user_id'] . '_' . substr(time(), -5) . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));
}
/**
* Generates avatar filename from the database entry
*/
function get_avatar_filename($avatar_entry)
{
global $config;
if ($avatar_entry[0] === 'g')
{
$avatar_group = true;
$avatar_entry = substr($avatar_entry, 1);
}
else
{
$avatar_group = false;
}
$ext = substr(strrchr($avatar_entry, '.'), 1);
$avatar_entry = intval($avatar_entry);
return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;
}
/**
@@ -1858,7 +1884,7 @@ function avatar_process_user(&$error, $custom_userdata = false)
$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
// Delete old avatar if present
if ($userdata['user_avatar'] && $sql_ary['user_avatar'] != $userdata['user_avatar'] && $userdata['user_avatar_type'] != AVATAR_GALLERY)
if ($userdata['user_avatar'] && empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] != AVATAR_GALLERY)
{
avatar_delete('user', $userdata);
}
@@ -1966,6 +1992,10 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
if (!$group_id)
{
$group_id = $db->sql_nextid();
if ($sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
{
group_correct_avatar($group_id, $sql_ary['group_avatar']);
}
}
// Set user attributes
@@ -2016,6 +2046,30 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
return (sizeof($error)) ? $error : false;
}
/**
* Changes a group avatar's filename to conform to the naming scheme
*/
function group_correct_avatar($group_id, $old_entry)
{
global $config, $db, $phpbb_root_path;
$group_id = (int)$group_id;
$ext = substr(strrchr($old_entry, '.'), 1);
$old_filename = get_avatar_filename($old_entry);
$new_filename = $config['avatar_salt'] . "_g$group_id.$ext";
$new_entry = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
$avatar_path = $phpbb_root_path . $config['avatar_path'];
if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
{
$sql = 'UPDATE ' . GROUPS_TABLE . '
SET group_avatar = \'' . $db->sql_escape($new_entry) . "'
WHERE group_id = $group_id";
$db->sql_query($sql);
}
}
/**
* Group Delete
*/

View File

@@ -544,7 +544,7 @@ class ucp_groups
}
}
if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar'])) || $delete)
if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']))) || $delete)
{
if (isset($group_row['group_avatar']) && $group_row['group_avatar'])
{