mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-29 04:50:51 +02:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'phpbb/develop' into feature/softdelete-1-permission

Browse Source 
* phpbb/develop: (704 commits)
  [ticket/11630] Improvements to the PHP lint pre-commit hook
  [feature/auth-refactor] Move auth providers to separate directory
  [ticket/11619] Use HTTP/1.0 because of lack of chunked-encoding handling.
  [ticket/11619] Some tests for get_remote_file().
  [ticket/11617] Remove spaces and tabs from empty lines
  [ticket/11617] Missing U_ACTION in acp_captcha.php
  [feature/auth-refactor] Fix code style issue
  [feature/auth-refactor] Fix comment grammar
  [feature/auth-refactor] Fix the actual cause of test failures
  [ticket/10838] Fix URL for wiki and remove irrelevant line
  [ticket/10838] Remove php 5.4 and builtin server references
  [ticket/10838] Fix missing data
  [ticket/10838] separate database used mentioned in unit tests
  [ticket/11585] Make $auth_admin class property
  [feature/auth-refactor] A possible fix for the functional test failures
  [ticket/11566] Subsilver template error displayed after table headers
  [ticket/11566] Remove extra pair of brackets from conditional statement
  [ticket/11566] Check that guest doesn't have reporting permission by default
  [ticket/11566] Add captcha to report post template in subsilver
  [ticket/11566] Use the new constant CONFIRM_REPORT for captcha init
  ...

Conflicts:
	phpBB/docs/sphinx.sample.conf
	phpBB/feed.php
	phpBB/styles/prosilver/template/search_results.html
	phpBB/styles/prosilver/template/viewforum_body.html
This commit is contained in:
Joas Schilling
2013-07-11 11:41:48 +02:00
parent d41cf293e1 2fcae1ca16
commit bdb7ec0ceb
414 changed files with 15938 additions and 6165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
phpBB/includes/functions_posting.php
View File

@@ -403,14 +403,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
}
if (!$local)
{
$filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false;
}
else
{
$filedata['post_attach'] = true;
}
$filedata['post_attach'] = $local || $upload->is_valid($form_name);
if (!$filedata['post_attach'])
{
@@ -429,30 +422,18 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
return $filedata;
}
$cat_id = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE;
// Whether the uploaded file is in the image category
$is_image = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false;
// Make sure the image category only holds valid images...
if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image())
{
$file->remove();
// If this error occurs a user tried to exploit an IE Bug by renaming extensions
// Since the image category is displaying content inline we need to catch this.
trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']);
}
// Do we have to create a thumbnail?
$filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0;
// Check Image Size, if it is an image
if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id) && $cat_id == ATTACHMENT_CATEGORY_IMAGE)
{
$file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']);
}
// Admins and mods are allowed to exceed the allowed filesize
if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id))
{
// Check Image Size, if it is an image
if ($is_image)
{
$file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']);
}
// Admins and mods are allowed to exceed the allowed filesize
if (!empty($extensions[$file->get('extension')]['max_filesize']))
{
$allowed_filesize = $extensions[$file->get('extension')]['max_filesize'];
@@ -467,10 +448,12 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
$file->clean_filename('unique', $user->data['user_id'] . '_');
// Are we uploading an image *and* this image being within the image category? Only then perform additional image checks.
$no_image = ($cat_id == ATTACHMENT_CATEGORY_IMAGE) ? false : true;
// Are we uploading an image *and* this image being within the image category?
// Only then perform additional image checks.
$file->move_file($config['upload_path'], false, !$is_image);
$file->move_file($config['upload_path'], false, $no_image);
// Do we have to create a thumbnail?
$filedata['thumbnail'] = ($is_image && $config['img_create_thumbnail']) ? 1 : 0;
if (sizeof($file->error))
{
@@ -481,6 +464,16 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
return $filedata;
}
// Make sure the image category only holds valid images...
if ($is_image && !$file->is_image())
{
$file->remove();
// If this error occurs a user tried to exploit an IE Bug by renaming extensions
// Since the image category is displaying content inline we need to catch this.
trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']);
}
$filedata['filesize'] = $file->get('filesize');
$filedata['mimetype'] = $file->get('mimetype');
$filedata['extension'] = $file->get('extension');