From e543874d083908d22198a0950e5126a98f1ae96d Mon Sep 17 00:00:00 2001 From: rubencm Date: Sat, 24 Apr 2021 15:03:12 +0200 Subject: [PATCH 1/4] [ticket/16764] Remove unused files PHPBB3-16764 --- .../default/container/services_files.yml | 22 -- .../db/migration/data/v310/avatar_types.php | 1 - phpBB/phpbb/files/types/remote.php | 205 ------------------ phpBB/phpbb/files/types/remote_storage.php | 204 ----------------- tests/files/types_remote_test.php | 135 ------------ tests/functional/fileupload_remote_test.php | 125 ----------- 6 files changed, 692 deletions(-) delete mode 100644 phpBB/phpbb/files/types/remote.php delete mode 100644 phpBB/phpbb/files/types/remote_storage.php delete mode 100644 tests/files/types_remote_test.php delete mode 100644 tests/functional/fileupload_remote_test.php diff --git a/phpBB/config/default/container/services_files.yml b/phpBB/config/default/container/services_files.yml index b6cb2f6a45..66874166b2 100644 --- a/phpBB/config/default/container/services_files.yml +++ b/phpBB/config/default/container/services_files.yml @@ -62,25 +62,3 @@ services: - '@language' - '@php_ini' - '@request' - - files.types.remote: - class: phpbb\files\types\remote - shared: false - arguments: - - '@config' - - '@files.factory' - - '@filesystem.temp' - - '@language' - - '@php_ini' - - '@request' - - files.types.remote_storage: - class: phpbb\files\types\remote_storage - shared: false - arguments: - - '@config' - - '@files.factory' - - '@filesystem.temp' - - '@language' - - '@php_ini' - - '@request' diff --git a/phpBB/phpbb/db/migration/data/v310/avatar_types.php b/phpBB/phpbb/db/migration/data/v310/avatar_types.php index 10bb278c57..4e5cea2268 100644 --- a/phpBB/phpbb/db/migration/data/v310/avatar_types.php +++ b/phpBB/phpbb/db/migration/data/v310/avatar_types.php @@ -20,7 +20,6 @@ class avatar_types extends \phpbb\db\migration\migration */ protected $avatar_type_map = array( AVATAR_UPLOAD => 'avatar.driver.upload', - AVATAR_REMOTE => 'avatar.driver.remote', AVATAR_GALLERY => 'avatar.driver.local', ); diff --git a/phpBB/phpbb/files/types/remote.php b/phpBB/phpbb/files/types/remote.php deleted file mode 100644 index 5fce258113..0000000000 --- a/phpBB/phpbb/files/types/remote.php +++ /dev/null @@ -1,205 +0,0 @@ - - * @license GNU General Public License, version 2 (GPL-2.0) - * - * For full copyright and license information, please see - * the docs/CREDITS.txt file. - * - */ - -namespace phpbb\files\types; - -use bantu\IniGetWrapper\IniGetWrapper; -use phpbb\config\config; -use phpbb\files\factory; -use phpbb\files\filespec; -use phpbb\filesystem\temp; -use phpbb\language\language; -use phpbb\request\request_interface; - -class remote extends base -{ - /** @var config phpBB config */ - protected $config; - - /** @var factory Files factory */ - protected $factory; - - /** @var temp Filesystem temp */ - protected $temp; - - /** @var language */ - protected $language; - - /** @var IniGetWrapper */ - protected $php_ini; - - /** @var request_interface */ - protected $request; - - /** - * Construct a form upload type - * - * @param config $config phpBB config - * @param factory $factory Files factory - * @param temp $temp Filesystem temp - * @param language $language Language class - * @param IniGetWrapper $php_ini ini_get() wrapper - * @param request_interface $request Request object - */ - public function __construct(config $config, factory $factory, temp $temp, language $language, IniGetWrapper $php_ini, request_interface $request) - { - $this->config = $config; - $this->factory = $factory; - $this->temp = $temp; - $this->language = $language; - $this->php_ini = $php_ini; - $this->request = $request; - } - - /** - * {@inheritdoc} - */ - public function upload() - { - $args = func_get_args(); - return $this->remote_upload($args[0]); - } - - /** - * Remote upload method - * Uploads file from given url - * - * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif - * @return filespec $file Object "filespec" is returned, all further operations can be done with this object - * @access public - */ - protected function remote_upload($upload_url) - { - $upload_ary = array(); - $upload_ary['local_mode'] = true; - - if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->upload->allowed_extensions) . ')$#i', $upload_url, $match)) - { - return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'URL_INVALID')); - } - - $url = parse_url($upload_url); - - $upload_ary['type'] = 'application/octet-stream'; - - $url['path'] = explode('.', $url['path']); - $ext = array_pop($url['path']); - - $url['path'] = implode('', $url['path']); - $upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : ''); - - $remote_max_filesize = $this->get_max_file_size(); - - $guzzle_options = [ - 'timeout' => $this->upload->upload_timeout, - 'connect_timeout' => $this->upload->upload_timeout, - 'verify' => !empty($this->config['remote_upload_verify']) ? (bool) $this->config['remote_upload_verify'] : false, - ]; - $client = new \GuzzleHttp\Client($guzzle_options); - - try - { - $response = $client->get($upload_url, $guzzle_options); - } - catch (\GuzzleHttp\Exception\ClientException $clientException) - { - return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'URL_NOT_FOUND'); - } - catch (\GuzzleHttp\Exception\RequestException $requestException) - { - if (strpos($requestException->getMessage(), 'cURL error 28') !== false || preg_match('/408|504/', $requestException->getCode())) - { - return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'REMOTE_UPLOAD_TIMEOUT'); - } - else - { - return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED')); - } - } - catch (\Exception $e) - { - return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED')); - } - - $content_length = $response->getBody()->getSize(); - if ($remote_max_filesize && $content_length > $remote_max_filesize) - { - $max_filesize = get_formatted_filesize($remote_max_filesize, false); - - return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); - } - - if ($content_length == 0) - { - return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'EMPTY_REMOTE_DATA'); - } - - $data = $response->getBody(); - - $filename = tempnam($this->temp->get_dir(), unique_id() . '-'); - - if (!($fp = @fopen($filename, 'wb'))) - { - return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'NOT_UPLOADED'); - } - - $upload_ary['size'] = fwrite($fp, $data); - fclose($fp); - unset($data); - - $upload_ary['tmp_name'] = $filename; - - /** @var filespec $file */ - $file = $this->factory->get('filespec') - ->set_upload_ary($upload_ary) - ->set_upload_namespace($this->upload); - $this->upload->common_checks($file); - - return $file; - } - - /** - * Get maximum file size for remote uploads - * - * @return int Maximum file size - */ - protected function get_max_file_size() - { - $max_file_size = $this->upload->max_filesize; - if (!$max_file_size) - { - $max_file_size = $this->php_ini->getString('upload_max_filesize'); - - if (!empty($max_file_size)) - { - $unit = strtolower(substr($max_file_size, -1, 1)); - $max_file_size = (int) $max_file_size; - - switch ($unit) - { - case 'g': - $max_file_size *= 1024; - // no break - case 'm': - $max_file_size *= 1024; - // no break - case 'k': - $max_file_size *= 1024; - // no break - } - } - } - - return $max_file_size; - } -} diff --git a/phpBB/phpbb/files/types/remote_storage.php b/phpBB/phpbb/files/types/remote_storage.php deleted file mode 100644 index d542c5e2f4..0000000000 --- a/phpBB/phpbb/files/types/remote_storage.php +++ /dev/null @@ -1,204 +0,0 @@ - - * @license GNU General Public License, version 2 (GPL-2.0) - * - * For full copyright and license information, please see - * the docs/CREDITS.txt file. - * - */ - -namespace phpbb\files\types; - -use bantu\IniGetWrapper\IniGetWrapper; -use phpbb\config\config; -use phpbb\files\factory; -use phpbb\files\filespec; -use phpbb\filesystem\temp; -use phpbb\language\language; -use phpbb\request\request_interface; - -class remote_storage extends base -{ - /** @var config phpBB config */ - protected $config; - - /** @var factory Files factory */ - protected $factory; - - /** @var temp Filesystem temp */ - protected $temp; - - /** @var language */ - protected $language; - - /** @var IniGetWrapper */ - protected $php_ini; - - /** @var request_interface */ - protected $request; - - /** - * Construct a form upload type - * - * @param config $config phpBB config - * @param factory $factory Files factory - * @param temp $temp Filesystem temp - * @param language $language Language class - * @param IniGetWrapper $php_ini ini_get() wrapper - * @param request_interface $request Request object - */ - public function __construct(config $config, factory $factory, temp $temp, language $language, IniGetWrapper $php_ini, request_interface $request) - { - $this->config = $config; - $this->factory = $factory; - $this->temp = $temp; - $this->language = $language; - $this->php_ini = $php_ini; - $this->request = $request; - } - - /** - * {@inheritdoc} - */ - public function upload() - { - $args = func_get_args(); - return $this->remote_upload($args[0]); - } - - /** - * Remote upload method - * Uploads file from given url - * - * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif - * @return filespec $file Object "filespec" is returned, all further operations can be done with this object - */ - protected function remote_upload($upload_url) - { - $upload_ary = array(); - $upload_ary['local_mode'] = true; - - if (!preg_match('#^(https?://).*?\.(' . implode('|', $this->upload->allowed_extensions) . ')$#i', $upload_url, $match)) - { - return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'URL_INVALID')); - } - - $url = parse_url($upload_url); - - $upload_ary['type'] = 'application/octet-stream'; - - $url['path'] = explode('.', $url['path']); - $ext = array_pop($url['path']); - - $url['path'] = implode('', $url['path']); - $upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : ''); - - $remote_max_filesize = $this->get_max_file_size(); - - $guzzle_options = [ - 'timeout' => $this->upload->upload_timeout, - 'connect_timeout' => $this->upload->upload_timeout, - 'verify' => !empty($this->config['remote_upload_verify']) ? (bool) $this->config['remote_upload_verify'] : false, - ]; - $client = new \GuzzleHttp\Client($guzzle_options); - - try - { - $response = $client->get($upload_url, $guzzle_options); - } - catch (\GuzzleHttp\Exception\ClientException $clientException) - { - return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'URL_NOT_FOUND'); - } - catch (\GuzzleHttp\Exception\RequestException $requestException) - { - if (strpos($requestException->getMessage(), 'cURL error 28') !== false || preg_match('/408|504/', $requestException->getCode())) - { - return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'REMOTE_UPLOAD_TIMEOUT'); - } - else - { - return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED')); - } - } - catch (\Exception $e) - { - return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED')); - } - - $content_length = $response->getBody()->getSize(); - if ($remote_max_filesize && $content_length > $remote_max_filesize) - { - $max_filesize = get_formatted_filesize($remote_max_filesize, false); - - return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); - } - - if ($content_length === 0) - { - return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'EMPTY_REMOTE_DATA'); - } - - $data = $response->getBody(); - - $filename = tempnam($this->temp->get_dir(), unique_id() . '-'); - - if (!($fp = @fopen($filename, 'wb'))) - { - return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'NOT_UPLOADED'); - } - - $upload_ary['size'] = fwrite($fp, $data); - fclose($fp); - unset($data); - - $upload_ary['tmp_name'] = $filename; - - /** @var filespec $file */ - $file = $this->factory->get('filespec_storage') - ->set_upload_ary($upload_ary) - ->set_upload_namespace($this->upload); - $this->upload->common_checks($file); - - return $file; - } - - /** - * Get maximum file size for remote uploads - * - * @return int Maximum file size - */ - protected function get_max_file_size() - { - $max_file_size = $this->upload->max_filesize; - if (!$max_file_size) - { - $max_file_size = $this->php_ini->getString('upload_max_filesize'); - - if (!empty($max_file_size)) - { - $unit = strtolower(substr($max_file_size, -1, 1)); - $max_file_size = (int) $max_file_size; - - switch ($unit) - { - case 'g': - $max_file_size *= 1024; - // no break - case 'm': - $max_file_size *= 1024; - // no break - case 'k': - $max_file_size *= 1024; - // no break - } - } - } - - return $max_file_size; - } -} diff --git a/tests/files/types_remote_test.php b/tests/files/types_remote_test.php deleted file mode 100644 index d36791fab0..0000000000 --- a/tests/files/types_remote_test.php +++ /dev/null @@ -1,135 +0,0 @@ - - * @license GNU General Public License, version 2 (GPL-2.0) - * - * For full copyright and license information, please see - * the docs/CREDITS.txt file. - * - */ - -require_once __DIR__ . '/type_foo.php'; - -class phpbb_files_types_remote_test extends phpbb_test_case -{ - /** @var \phpbb\filesystem\filesystem */ - private $filesystem; - - /** @var \phpbb\filesystem\temp */ - private $temp; - - /** @var \phpbb\config\config */ - protected $config; - - /** @var \Symfony\Component\DependencyInjection\ContainerInterface */ - protected $container; - - /** @var \phpbb\files\factory */ - protected $factory; - - /** @var \bantu\IniGetWrapper\IniGetWrapper */ - protected $php_ini; - - /** @var \phpbb\language\language */ - protected $language; - - /** @var \phpbb\request\request_interface */ - protected $request; - - /** @var string phpBB root path */ - protected $phpbb_root_path; - - protected function setUp(): void - { - global $config, $phpbb_root_path, $phpEx; - - $config = new \phpbb\config\config(array()); - $this->config = $config; - $this->config->set('remote_upload_verify', 0); - $this->request = $this->createMock('\phpbb\request\request'); - - $cache_path = $phpbb_root_path . 'cache/files'; - $this->filesystem = new \phpbb\filesystem\filesystem(); - $this->temp = new \phpbb\filesystem\temp($this->filesystem, $cache_path); - $this->language = new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)); - $this->php_ini = new \bantu\IniGetWrapper\IniGetWrapper; - - $this->container = new phpbb_mock_container_builder(); - $this->container->set('files.filespec', new \phpbb\files\filespec( - $this->filesystem, - $this->language, - $this->php_ini, - new \FastImageSize\FastImageSize(), - $phpbb_root_path, - new \phpbb\mimetype\guesser(array( - 'mimetype.extension_guesser' => new \phpbb\mimetype\extension_guesser(), - )))); - $this->factory = new \phpbb\files\factory($this->container); - - $this->phpbb_root_path = $phpbb_root_path; - } - - public function test_upload_fsock_fail() - { - $type_remote = new \phpbb\files\types\remote($this->config, $this->factory, $this->temp, $this->language, $this->php_ini, $this->request); - $upload = new \phpbb\files\upload($this->factory, $this->language, $this->php_ini, $this->request); - $upload->set_allowed_extensions(array('png')); - $type_remote->set_upload($upload); - - $file = $type_remote->upload('https://bärföö.com/foo.png'); - - $this->assertSame(array('NOT_UPLOADED'), $file->error); - } - - public function data_get_max_file_size() - { - return array( - array('', 'http://phpbb.com/foo/bar.png'), - array('2k', 'http://phpbb.com/foo/bar.png'), - array('500k', 'http://phpbb.com/foo/bar.png'), - array('500M', 'http://phpbb.com/foo/bar.png'), - array('500m', 'http://phpbb.com/foo/bar.png'), - array('500k', 'http://google.com/?.png', array('DISALLOWED_EXTENSION', 'DISALLOWED_CONTENT')), - array('1', 'http://google.com/?.png', array('WRONG_FILESIZE')), - array('500g', 'http://phpbb.com/foo/bar.png'), - array('foobar', 'http://phpbb.com/foo/bar.png'), - array('-5k', 'http://phpbb.com/foo/bar.png'), - ); - } - - /** - * @dataProvider data_get_max_file_size - */ - public function test_get_max_file_size($max_file_size, $link, $expected = array('URL_NOT_FOUND')) - { - $php_ini = $this->createMock('\bantu\IniGetWrapper\IniGetWrapper', array('getString')); - $php_ini->expects($this->any()) - ->method('getString') - ->willReturn($max_file_size); - $type_remote = new \phpbb\files\types\remote($this->config, $this->factory, $this->temp, $this->language, $php_ini, $this->request); - $upload = new \phpbb\files\upload($this->factory, $this->language, $this->php_ini, $this->request); - $upload->set_allowed_extensions(array('png')); - $type_remote->set_upload($upload); - - $file = $type_remote->upload($link); - - $this->assertSame($expected, $file->error); - } - - public function test_upload_wrong_path() - { - $type_remote = new \phpbb\files\types\foo($this->config, $this->factory, $this->temp, $this->language, $this->php_ini, $this->request); - $upload = new \phpbb\files\upload($this->factory, $this->language, $this->php_ini, $this->request); - $upload->set_allowed_extensions(array('png')); - $type_remote->set_upload($upload); - $type_remote::$tempnam_path = $this->phpbb_root_path . 'cache/wrong/path'; - - $file = $type_remote->upload('http://google.com/?.png'); - - $this->assertSame(array('NOT_UPLOADED'), $file->error); - $type_remote::$tempnam_path = ''; - } -} diff --git a/tests/functional/fileupload_remote_test.php b/tests/functional/fileupload_remote_test.php deleted file mode 100644 index 9cb6434922..0000000000 --- a/tests/functional/fileupload_remote_test.php +++ /dev/null @@ -1,125 +0,0 @@ - -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ - -/** - * @group functional - */ -class phpbb_functional_fileupload_remote_test extends phpbb_functional_test_case -{ - /** @var \phpbb\filesystem\filesystem_interface */ - protected $filesystem; - - /** @var \phpbb\filesystem\temp */ - protected $temp; - - /** @var \phpbb\files\factory */ - protected $factory; - - /** @var \bantu\IniGetWrapper\IniGetWrapper */ - protected $php_ini; - - /** @var \phpbb\language\language */ - protected $language; - - /** @var \phpbb\request\request_interface */ - protected $request; - - /** @var string phpBB root path */ - protected $phpbb_root_path; - - protected function setUp(): void - { - parent::setUp(); - // Only doing this within the functional framework because we need a - // URL - - // Global $config required by unique_id - global $config, $phpbb_root_path, $phpEx; - - if (!is_array($config)) - { - $config = new \phpbb\config\config(array()); - } - - $config['rand_seed'] = ''; - $config['rand_seed_last_update'] = time() + 600; - $config['remote_upload_verify'] = 0; - - $this->filesystem = new \phpbb\filesystem\filesystem(); - $this->temp = new \phpbb\filesystem\temp($this->filesystem, ''); - $this->language = new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)); - $this->request = $this->createMock('\phpbb\request\request'); - $this->php_ini = new \bantu\IniGetWrapper\IniGetWrapper; - - $container = new phpbb_mock_container_builder(); - $container->set('files.filespec', new \phpbb\files\filespec($this->filesystem, $this->language, $this->php_ini, new \FastImageSize\FastImageSize(), $this->phpbb_root_path)); - $this->factory = new \phpbb\files\factory($container); - $container->set('files.factory', $this->factory); - $container->set('files.types.remote', new \phpbb\files\types\remote($config, $this->factory, $this->temp, $this->language, $this->php_ini, $this->request)); - $this->phpbb_root_path = $phpbb_root_path; - } - - protected function tearDown(): void - { - global $config, $user; - $user = null; - $config = array(); - } - - public function test_invalid_extension() - { - /** @var \phpbb\files\upload $upload */ - $upload = new \phpbb\files\upload($this->factory, $this->language, $this->php_ini, $this->request); - $upload->set_error_prefix('') - ->set_allowed_extensions(array('jpg')) - ->set_max_filesize(100); - $file = $upload->handle_upload('files.types.remote', self::$root_url . 'develop/blank.gif'); - $this->assertEquals('URL_INVALID', $file->error[0]); - } - - public function test_empty_file() - { - /** @var \phpbb\files\upload $upload */ - $upload = new \phpbb\files\upload($this->factory, $this->language, $this->php_ini, $this->request); - $upload->set_error_prefix('') - ->set_allowed_extensions(array('jpg')) - ->set_max_filesize(100); - $file = $upload->handle_upload('files.types.remote', self::$root_url . 'develop/blank.jpg'); - $this->assertEquals('EMPTY_REMOTE_DATA', $file->error[0]); - } - - public function test_successful_upload() - { - /** @var \phpbb\files\upload $upload */ - $upload = new \phpbb\files\upload($this->factory, $this->language, $this->php_ini, $this->request); - $upload->set_error_prefix('') - ->set_allowed_extensions(array('gif')) - ->set_max_filesize(2000); - $file = $upload->handle_upload('files.types.remote', self::$root_url . 'develop/test.gif'); - $this->assertEquals(0, count($file->error)); - $this->assertTrue(file_exists($file->get('filename'))); - $this->assertTrue($file->is_uploaded()); - } - - public function test_too_large() - { - /** @var \phpbb\files\upload $upload */ - $upload = new \phpbb\files\upload($this->factory, $this->language, $this->php_ini, $this->request); - $upload->set_error_prefix('') - ->set_allowed_extensions(array('gif')) - ->set_max_filesize(100); - $file = $upload->handle_upload('files.types.remote', self::$root_url . 'develop/test.gif'); - $this->assertEquals(1, count($file->error)); - $this->assertEquals('WRONG_FILESIZE', $file->error[0]); - } -} From e1bbef77748b66ceb8644564625941d1aa788e37 Mon Sep 17 00:00:00 2001 From: rubencm Date: Sat, 24 Apr 2021 16:04:10 +0200 Subject: [PATCH 2/4] [ticket/16764] Remove remote avatar from converter PHPBB3-16764 --- phpBB/includes/constants.php | 1 - phpBB/includes/functions_convert.php | 124 ------------------ .../install/convertors/functions_phpbb20.php | 6 - 3 files changed, 131 deletions(-) diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 2ec615c1c6..45880024c4 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -42,7 +42,6 @@ define('USER_ACTIVATION_ADMIN', 2); define('USER_ACTIVATION_DISABLE', 3); define('AVATAR_UPLOAD', 1); -define('AVATAR_REMOTE', 2); define('AVATAR_GALLERY', 3); define('USER_NORMAL', 0); diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 2248cd1bc8..1764650adc 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -377,40 +377,6 @@ function mimetype($filename) } } -/** -* Obtain the dimensions of all remotely hosted avatars -* This should only be called from execute_last -* There can be significant network overhead if there are a large number of remote avatars -* @todo Look at the option of allowing the user to decide whether this is called or to force the dimensions -*/ -function remote_avatar_dims() -{ - global $db; - - $sql = 'SELECT user_id, user_avatar - FROM ' . USERS_TABLE . ' - WHERE user_avatar_type = ' . AVATAR_REMOTE; - $result = $db->sql_query($sql); - - $remote_avatars = array(); - while ($row = $db->sql_fetchrow($result)) - { - $remote_avatars[(int) $row['user_id']] = $row['user_avatar']; - } - $db->sql_freeresult($result); - - foreach ($remote_avatars as $user_id => $avatar) - { - $width = (int) get_remote_avatar_dim($avatar, 0); - $height = (int) get_remote_avatar_dim($avatar, 1); - - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_avatar_width = ' . (int) $width . ', user_avatar_height = ' . (int) $height . ' - WHERE user_id = ' . $user_id; - $db->sql_query($sql); - } -} - function import_avatar_gallery($gallery_name = '', $subdirs_as_galleries = false) { global $config, $convert, $user; @@ -810,23 +776,15 @@ function get_avatar_dim($src, $axis, $func = false, $arg1 = false, $arg2 = false { case AVATAR_UPLOAD: return get_upload_avatar_dim($src, $axis); - break; case AVATAR_GALLERY: return get_gallery_avatar_dim($src, $axis); - break; - - case AVATAR_REMOTE: - // see notes on this functions usage and (hopefully) model $func to avoid this accordingly - return get_remote_avatar_dim($src, $axis); - break; default: $default_x = (defined('DEFAULT_AVATAR_X_CUSTOM')) ? DEFAULT_AVATAR_X_CUSTOM : DEFAULT_AVATAR_X; $default_y = (defined('DEFAULT_AVATAR_Y_CUSTOM')) ? DEFAULT_AVATAR_Y_CUSTOM : DEFAULT_AVATAR_Y; return $axis ? $default_y : $default_x; - break; } } @@ -922,88 +880,6 @@ function get_gallery_avatar_dim($source, $axis) return $avatar_cache[$orig_source][$axis]; } -/** -* Obtain the size of the specified remote avatar (using the cache if possible) and cache the value -* Whilst it's unlikely that remote avatars will be duplicated, it is possible so caching seems the best option -* This should only be called from a post processing step due to the possibility of network timeouts -*/ -function get_remote_avatar_dim($src, $axis) -{ - if (empty($src)) - { - return 0; - } - - static $remote_avatar_cache = array(); - - // an ugly hack: we assume that the dimensions of each remote avatar are accessed exactly twice (x and y) - if (isset($remote_avatar_cache[$src])) - { - $retval = $remote_avatar_cache[$src][$axis]; - unset($remote_avatar_cache); - return $retval; - } - - $url_info = @parse_url($src); - if (empty($url_info['host'])) - { - return 0; - } - $host = $url_info['host']; - $port = (isset($url_info['port'])) ? $url_info['port'] : 0; - $protocol = (isset($url_info['scheme'])) ? $url_info['scheme'] : 'http'; - if (empty($port)) - { - switch (strtolower($protocol)) - { - case 'ftp': - $port = 21; - break; - - case 'https': - $port = 443; - break; - - default: - $port = 80; - } - } - - $timeout = @ini_get('default_socket_timeout'); - @ini_set('default_socket_timeout', 2); - - // We're just trying to reach the server to avoid timeouts - $fp = @fsockopen($host, $port, $errno, $errstr, 1); - if ($fp) - { - $remote_avatar_cache[$src] = @getimagesize($src); - fclose($fp); - } - - $default_x = (defined('DEFAULT_AVATAR_X_CUSTOM')) ? DEFAULT_AVATAR_X_CUSTOM : DEFAULT_AVATAR_X; - $default_y = (defined('DEFAULT_AVATAR_Y_CUSTOM')) ? DEFAULT_AVATAR_Y_CUSTOM : DEFAULT_AVATAR_Y; - $default = array($default_x, $default_y); - - if (empty($remote_avatar_cache[$src]) || empty($remote_avatar_cache[$src][0]) || empty($remote_avatar_cache[$src][1])) - { - $remote_avatar_cache[$src] = $default; - } - else - { - // We trust gallery and uploaded avatars to conform to the size settings; we might have to adjust here - if ($remote_avatar_cache[$src][0] > $default_x || $remote_avatar_cache[$src][1] > $default_y) - { - $bigger = ($remote_avatar_cache[$src][0] > $remote_avatar_cache[$src][1]) ? 0 : 1; - $ratio = $default[$bigger] / $remote_avatar_cache[$src][$bigger]; - $remote_avatar_cache[$src][0] = (int) ($remote_avatar_cache[$src][0] * $ratio); - $remote_avatar_cache[$src][1] = (int) ($remote_avatar_cache[$src][1] * $ratio); - } - } - - @ini_set('default_socket_timeout', $timeout); - return $remote_avatar_cache[$src][$axis]; -} - function set_user_options() { global $convert_row; diff --git a/phpBB/install/convertors/functions_phpbb20.php b/phpBB/install/convertors/functions_phpbb20.php index b89c086533..a477e0e58a 100644 --- a/phpBB/install/convertors/functions_phpbb20.php +++ b/phpBB/install/convertors/functions_phpbb20.php @@ -1508,15 +1508,9 @@ function phpbb_avatar_type($type) { case 1: return AVATAR_UPLOAD; - break; - - case 2: - return AVATAR_REMOTE; - break; case 3: return AVATAR_GALLERY; - break; } return 0; From 0ccce7c4f8b2b645fd41eb4ebfc26a1ed4301939 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 26 Apr 2021 20:38:03 +0200 Subject: [PATCH 3/4] [ticket/16764] Remove remote upload certificate validation PHPBB3-16764 --- phpBB/includes/acp/acp_board.php | 1 - phpBB/install/schemas/schema_data.sql | 1 - phpBB/language/en/acp/board.php | 2 -- .../data/v400/remove_remote_upload.php | 33 +++++++++++++++++++ 4 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 phpBB/phpbb/db/migration/data/v400/remove_remote_upload.php diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index ddf99a57b5..f03a3e1ee4 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -419,7 +419,6 @@ class acp_board 'browser_check' => array('lang' => 'BROWSER_VALID', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'forwarded_for_check' => array('lang' => 'FORWARDED_FOR_VALID', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'referer_validation' => array('lang' => 'REFERRER_VALID', 'validate' => 'int:0:3','type' => 'custom', 'method' => 'select_ref_check', 'explain' => true), - 'remote_upload_verify' => array('lang' => 'UPLOAD_CERT_VALID', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'check_dnsbl' => array('lang' => 'CHECK_DNSBL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'email_check_mx' => array('lang' => 'EMAIL_CHECK_MX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'min_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:1', 'type' => 'custom', 'method' => 'password_length', 'explain' => true), diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index aee9644c2a..3a98eab482 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -265,7 +265,6 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('recaptcha_v3_thres INSERT INTO phpbb_config (config_name, config_value) VALUES ('recaptcha_v3_threshold_register', '0.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('recaptcha_v3_threshold_report', '0.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('referer_validation', '1'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('remote_upload_verify', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('require_activation', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_anonymous_interval', '0'); diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index 3f1a1b52f1..d02c8b0141 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -544,8 +544,6 @@ $lang = array_merge($lang, array( 'REFERRER_VALID_EXPLAIN' => 'If enabled, the referrer of POST requests will be checked against the host/script path settings. This may cause issues with boards using several domains and or external logins.', 'TPL_ALLOW_PHP' => 'Allow php in templates', 'TPL_ALLOW_PHP_EXPLAIN' => 'If this option is enabled, PHP and INCLUDEPHP statements will be recognised and parsed in templates.', - 'UPLOAD_CERT_VALID' => 'Validate upload certificate', - 'UPLOAD_CERT_VALID_EXPLAIN' => 'If enabled, certificates of remote uploads will be validated. This requires the CA bundle to be defined by the openssl.cafile or curl.cainfo setting in your php.ini.', )); // Email Settings diff --git a/phpBB/phpbb/db/migration/data/v400/remove_remote_upload.php b/phpBB/phpbb/db/migration/data/v400/remove_remote_upload.php new file mode 100644 index 0000000000..234d5353b1 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v400/remove_remote_upload.php @@ -0,0 +1,33 @@ + + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v400; + +use phpbb\db\migration\container_aware_migration; + +class remove_remote_upload extends container_aware_migration +{ + public static function depends_on() + { + return [ + '\phpbb\db\migration\data\v320\remote_upload_validation' + ]; + } + + public function update_data() + { + return [ + ['config.remove', ['remote_upload_verify']], + ]; + } +} From c45c7f46224879296c2b7e18e071f84aa5cc7090 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 26 Apr 2021 20:44:15 +0200 Subject: [PATCH 4/4] [ticket/16764] Remove more remnants of remote uploading PHPBB3-16764 --- phpBB/install/convertors/functions_phpbb20.php | 5 ----- phpBB/language/en/posting.php | 2 -- phpBB/phpbb/files/upload.php | 3 --- tests/files/type_foo.php | 2 +- 4 files changed, 1 insertion(+), 11 deletions(-) diff --git a/phpBB/install/convertors/functions_phpbb20.php b/phpBB/install/convertors/functions_phpbb20.php index a477e0e58a..659ec5a24b 100644 --- a/phpBB/install/convertors/functions_phpbb20.php +++ b/phpBB/install/convertors/functions_phpbb20.php @@ -1542,11 +1542,6 @@ function phpbb_import_avatar($user_avatar) // Uploaded avatar return import_avatar($user_avatar, false, $convert_row['user_id']); } - else if ($convert_row['user_avatar_type'] == 2) - { - // Remote avatar - return $user_avatar; - } else if ($convert_row['user_avatar_type'] == 3) { // Gallery avatar diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php index 1a6866d535..6024907c9e 100644 --- a/phpBB/language/en/posting.php +++ b/phpBB/language/en/posting.php @@ -121,7 +121,6 @@ $lang = array_merge($lang, array( 'EDIT_REASON' => 'Reason for editing this post', 'EMPTY_FILEUPLOAD' => 'The uploaded file is empty.', 'EMPTY_MESSAGE' => 'You must enter a message when posting.', - 'EMPTY_REMOTE_DATA' => 'File could not be uploaded, please try uploading the file manually.', 'FLASH_IS_OFF' => '[flash] is OFF', 'FLASH_IS_ON' => '[flash] is ON', @@ -236,7 +235,6 @@ $lang = array_merge($lang, array( ), 'QUOTE_NO_NESTING' => 'You may not embed quotes within each other.', - 'REMOTE_UPLOAD_TIMEOUT' => 'The specified file could not be uploaded because the request timed out.', 'SAVE' => 'Save', 'SAVE_DATE' => 'Saved at', 'SAVE_DRAFT' => 'Save draft', diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index dd1e23fd3a..1577e67739 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -46,9 +46,6 @@ class upload /** @var string Prefix for language variables of errors */ public $error_prefix = ''; - /** @var int Timeout for remote upload */ - public $upload_timeout = 6; - /** @var \phpbb\files\factory Files factory */ protected $factory; diff --git a/tests/files/type_foo.php b/tests/files/type_foo.php index 95940b9d2f..ab39039ca3 100644 --- a/tests/files/type_foo.php +++ b/tests/files/type_foo.php @@ -13,7 +13,7 @@ namespace phpbb\files\types; -class foo extends \phpbb\files\types\remote +class foo extends \phpbb\files\types\upload { static public $tempnam_path; }