mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-05 16:27:38 +02:00
Prepare to be yelled at and brace for the tide of bug reports: I had hoped we would not have to do this, but it seems that we have to.
-Route all avatar downloads through download.php - adrien -Change the way inline attachments are delivered -Fixes a few (unreported) bugs, notably avatar upload during group generation -#10079 git-svn-id: file:///svn/phpbb/trunk@7429 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
@@ -983,7 +983,7 @@ class acp_attachments
|
||||
'PHYSICAL_FILENAME' => basename($row['physical_filename']),
|
||||
'ATTACH_ID' => $row['attach_id'],
|
||||
'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
|
||||
'U_FILE' => append_sid($phpbb_root_path . 'download.' . $phpEx, 'id=' . $row['attach_id']))
|
||||
'U_FILE' => append_sid($phpbb_root_path . 'download.' . $phpEx, 'mode=view&id=' . $row['attach_id']))
|
||||
);
|
||||
}
|
||||
$db->sql_freeresult($result);
|
||||
|
@@ -355,7 +355,7 @@ class acp_groups
|
||||
}
|
||||
}
|
||||
|
||||
if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar'])) || $delete)
|
||||
if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']))) || $delete)
|
||||
{
|
||||
if (isset($group_row['group_avatar']) && $group_row['group_avatar'])
|
||||
{
|
||||
|
@@ -1620,7 +1620,7 @@ class acp_users
|
||||
|
||||
'S_IN_MESSAGE' => $row['in_message'],
|
||||
|
||||
'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']),
|
||||
'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&id=' . $row['attach_id']),
|
||||
'U_VIEW_TOPIC' => $view_topic)
|
||||
);
|
||||
}
|
||||
|
@@ -2878,16 +2878,18 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
|
||||
$display_cat = ATTACHMENT_CATEGORY_NONE;
|
||||
}
|
||||
|
||||
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . (int) $forum_id);
|
||||
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . (int) $forum_id . '&mode=view');
|
||||
|
||||
switch ($display_cat)
|
||||
{
|
||||
// Images
|
||||
case ATTACHMENT_CATEGORY_IMAGE:
|
||||
$l_downloaded_viewed = 'VIEWED_COUNT';
|
||||
$inline_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . (int) $forum_id);
|
||||
|
||||
$block_array += array(
|
||||
'S_IMAGE' => true,
|
||||
'U_INLINE_LINK' => $inline_link,
|
||||
);
|
||||
|
||||
$update_count[] = $attachment['attach_id'];
|
||||
|
@@ -630,7 +630,10 @@ function import_smiley($source, $use_target = false)
|
||||
return $result['target'];
|
||||
}
|
||||
|
||||
function import_avatar($source, $use_target = false)
|
||||
/*
|
||||
*
|
||||
*/
|
||||
function import_avatar($source, $use_target = false, $user_id = false)
|
||||
{
|
||||
if (empty($source) || preg_match('#^https?:#i', $source) || preg_match('#blank\.(gif|png)$#i', $source))
|
||||
{
|
||||
@@ -643,9 +646,15 @@ function import_avatar($source, $use_target = false)
|
||||
{
|
||||
$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_AVATAR_PATH'], 'import_avatar()'), __LINE__, __FILE__);
|
||||
}
|
||||
|
||||
|
||||
if ($use_target === false && $user_id !== false)
|
||||
{
|
||||
$use_target = $config['avatar_salt'] . '_' . $user_id . '.' . substr(strrchr($source, '.'), 1);
|
||||
}
|
||||
|
||||
$result = _import_check('avatar_path', $source, $use_target);
|
||||
return $result['target'];
|
||||
|
||||
return ((!empty($user_id)) ? $user_id : $use_target) . '.' . substr(strrchr($source, '.'), 1);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@@ -1117,7 +1117,7 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
|
||||
*/
|
||||
function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $alt = 'USER_AVATAR')
|
||||
{
|
||||
global $user, $config, $phpbb_root_path;
|
||||
global $user, $config, $phpbb_root_path, $phpEx;
|
||||
|
||||
if (empty($avatar) || !$avatar_type)
|
||||
{
|
||||
@@ -1129,7 +1129,7 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
|
||||
switch ($avatar_type)
|
||||
{
|
||||
case AVATAR_UPLOAD:
|
||||
$avatar_img = $phpbb_root_path . $config['avatar_path'] . '/';
|
||||
$avatar_img = $phpbb_root_path . "download.$phpEx?avatar=";
|
||||
break;
|
||||
|
||||
case AVATAR_GALLERY:
|
||||
|
@@ -745,7 +745,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data)
|
||||
$hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />';
|
||||
}
|
||||
|
||||
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false);
|
||||
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false);
|
||||
|
||||
$template->assign_block_vars('attach_row', array(
|
||||
'FILENAME' => basename($attach_row['real_filename']),
|
||||
|
@@ -81,7 +81,7 @@ class filespec
|
||||
* @param string $prefix Prefix applied to filename
|
||||
* @access public
|
||||
*/
|
||||
function clean_filename($mode = 'unique', $prefix = '')
|
||||
function clean_filename($mode = 'unique', $prefix = '', $user_id = '')
|
||||
{
|
||||
if ($this->init_error)
|
||||
{
|
||||
@@ -110,6 +110,10 @@ class filespec
|
||||
$this->realname = $prefix . md5(unique_id());
|
||||
break;
|
||||
|
||||
case 'avatar':
|
||||
$this->realname = $prefix . $user_id . '.' . $this->extension;
|
||||
break;
|
||||
|
||||
case 'unique_ext':
|
||||
default:
|
||||
$this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
|
||||
|
@@ -1489,6 +1489,8 @@ function validate_email($email, $allowed_email = false)
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Remove avatar
|
||||
*/
|
||||
@@ -1499,15 +1501,16 @@ function avatar_delete($mode, $row)
|
||||
// Check if the users avatar is actually *not* a group avatar
|
||||
if ($mode == 'user')
|
||||
{
|
||||
if (strpos($row['user_avatar'], 'g' . $row['group_id'] . '_') === 0 || strpos($row['user_avatar'], $row['user_id'] . '_') !== 0)
|
||||
if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar'])))
|
||||
|
||||
$filename = get_avatar_filename($row[$mode . '_avatar']);
|
||||
if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))
|
||||
{
|
||||
@unlink($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar']));
|
||||
@unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -1612,8 +1615,9 @@ function avatar_upload($data, &$error)
|
||||
{
|
||||
$file = $upload->remote_upload($data['uploadurl']);
|
||||
}
|
||||
|
||||
$file->clean_filename('real', $data['user_id'] . '_');
|
||||
|
||||
$prefix = $config['avatar_salt'] . '_';
|
||||
$file->clean_filename('avatar', $prefix, $data['user_id']);
|
||||
|
||||
$destination = $config['avatar_path'];
|
||||
|
||||
@@ -1638,7 +1642,29 @@ function avatar_upload($data, &$error)
|
||||
$error = array_merge($error, $file->error);
|
||||
}
|
||||
|
||||
return array(AVATAR_UPLOAD, $file->get('realname'), $file->get('width'), $file->get('height'));
|
||||
return array(AVATAR_UPLOAD, $data['user_id'] . '_' . substr(time(), -5) . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Generates avatar filename from the database entry
|
||||
*/
|
||||
function get_avatar_filename($avatar_entry)
|
||||
{
|
||||
global $config;
|
||||
|
||||
|
||||
if ($avatar_entry[0] === 'g')
|
||||
{
|
||||
$avatar_group = true;
|
||||
$avatar_entry = substr($avatar_entry, 1);
|
||||
}
|
||||
else
|
||||
{
|
||||
$avatar_group = false;
|
||||
}
|
||||
$ext = substr(strrchr($avatar_entry, '.'), 1);
|
||||
$avatar_entry = intval($avatar_entry);
|
||||
return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1858,7 +1884,7 @@ function avatar_process_user(&$error, $custom_userdata = false)
|
||||
$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
|
||||
|
||||
// Delete old avatar if present
|
||||
if ($userdata['user_avatar'] && $sql_ary['user_avatar'] != $userdata['user_avatar'] && $userdata['user_avatar_type'] != AVATAR_GALLERY)
|
||||
if ($userdata['user_avatar'] && empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] != AVATAR_GALLERY)
|
||||
{
|
||||
avatar_delete('user', $userdata);
|
||||
}
|
||||
@@ -1966,6 +1992,10 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
|
||||
if (!$group_id)
|
||||
{
|
||||
$group_id = $db->sql_nextid();
|
||||
if ($sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
|
||||
{
|
||||
group_correct_avatar($group_id, $sql_ary['group_avatar']);
|
||||
}
|
||||
}
|
||||
|
||||
// Set user attributes
|
||||
@@ -2016,6 +2046,30 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
|
||||
return (sizeof($error)) ? $error : false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Changes a group avatar's filename to conform to the naming scheme
|
||||
*/
|
||||
function group_correct_avatar($group_id, $old_entry)
|
||||
{
|
||||
global $config, $db, $phpbb_root_path;
|
||||
|
||||
$group_id = (int)$group_id;
|
||||
$ext = substr(strrchr($old_entry, '.'), 1);
|
||||
$old_filename = get_avatar_filename($old_entry);
|
||||
$new_filename = $config['avatar_salt'] . "_g$group_id.$ext";
|
||||
$new_entry = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
|
||||
|
||||
$avatar_path = $phpbb_root_path . $config['avatar_path'];
|
||||
if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
|
||||
{
|
||||
$sql = 'UPDATE ' . GROUPS_TABLE . '
|
||||
SET group_avatar = \'' . $db->sql_escape($new_entry) . "'
|
||||
WHERE group_id = $group_id";
|
||||
$db->sql_query($sql);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Group Delete
|
||||
*/
|
||||
|
@@ -544,7 +544,7 @@ class ucp_groups
|
||||
}
|
||||
}
|
||||
|
||||
if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar'])) || $delete)
|
||||
if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']))) || $delete)
|
||||
{
|
||||
if (isset($group_row['group_avatar']) && $group_row['group_avatar'])
|
||||
{
|
||||
|
Reference in New Issue
Block a user