mirror of
https://github.com/phpbb/phpbb.git
synced 2025-02-13 03:54:57 +01:00
#11074 - only process and check (as well as display) images if the category also matches. ;)
git-svn-id: file:///svn/phpbb/trunk@7616 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
parent
a2c81d763f
commit
fbd7416060
@ -214,6 +214,16 @@ if (!$attachment)
|
||||
$attachment['physical_filename'] = basename($attachment['physical_filename']);
|
||||
$display_cat = $extensions[$attachment['extension']]['display_cat'];
|
||||
|
||||
if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
|
||||
{
|
||||
$display_cat = ATTACHMENT_CATEGORY_NONE;
|
||||
}
|
||||
|
||||
if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
|
||||
{
|
||||
$display_cat = ATTACHMENT_CATEGORY_NONE;
|
||||
}
|
||||
|
||||
if ($thumbnail)
|
||||
{
|
||||
$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
|
||||
@ -227,7 +237,7 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT
|
||||
$db->sql_query($sql);
|
||||
}
|
||||
|
||||
if ($mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)
|
||||
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)
|
||||
{
|
||||
wrap_img_in_html(append_sid('./download.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
|
||||
}
|
||||
@ -247,7 +257,7 @@ else
|
||||
}
|
||||
else
|
||||
{
|
||||
send_file_to_browser($attachment, $config['upload_path'], $extensions[$attachment['extension']]['display_cat']);
|
||||
send_file_to_browser($attachment, $config['upload_path'], $display_cat);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
@ -358,7 +368,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
|
||||
|
||||
// Correct the mime type - we force application/octetstream for all files, except images
|
||||
// Please do not change this, it is a security precaution
|
||||
if (strpos($attachment['mimetype'], 'image') !== 0)
|
||||
if ($category != ATTACHMENT_CATEGORY_IMAGE || strpos($attachment['mimetype'], 'image') !== 0)
|
||||
{
|
||||
$attachment['mimetype'] = (strpos(strtolower($user->browser), 'msie') !== false || strpos(strtolower($user->browser), 'opera') !== false) ? 'application/octetstream' : 'application/octet-stream';
|
||||
}
|
||||
|
||||
@ -2987,7 +2987,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
|
||||
$display_cat = ATTACHMENT_CATEGORY_NONE;
|
||||
}
|
||||
|
||||
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&mode=view');
|
||||
$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']);
|
||||
|
||||
switch ($display_cat)
|
||||
{
|
||||
@ -2995,6 +2995,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
|
||||
case ATTACHMENT_CATEGORY_IMAGE:
|
||||
$l_downloaded_viewed = 'VIEWED_COUNT';
|
||||
$inline_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']);
|
||||
$download_link .= '&mode=view';
|
||||
|
||||
$block_array += array(
|
||||
'S_IMAGE' => true,
|
||||
@ -3008,6 +3009,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
|
||||
case ATTACHMENT_CATEGORY_THUMB:
|
||||
$l_downloaded_viewed = 'VIEWED_COUNT';
|
||||
$thumbnail_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&t=1');
|
||||
$download_link = '&mode=view';
|
||||
|
||||
$block_array += array(
|
||||
'S_THUMBNAIL' => true,
|
||||
|
||||
@ -408,7 +408,11 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
|
||||
}
|
||||
|
||||
$file->clean_filename('unique', $user->data['user_id'] . '_');
|
||||
$file->move_file($config['upload_path']);
|
||||
|
||||
// Are we uploading an image *and* this image being within the image category? Only then perform additional image checks.
|
||||
$no_image = ($cat_id == ATTACHMENT_CATEGORY_IMAGE) ? false : true;
|
||||
|
||||
$file->move_file($config['upload_path'], false, $no_image);
|
||||
|
||||
if (sizeof($file->error))
|
||||
{
|
||||
|
||||
@ -230,7 +230,7 @@ class filespec
|
||||
* @param octal $chmod Permission mask for chmodding the file after a successful move
|
||||
* @access public
|
||||
*/
|
||||
function move_file($destination, $overwrite = false, $chmod = 0666)
|
||||
function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = 0666)
|
||||
{
|
||||
global $user, $phpbb_root_path;
|
||||
|
||||
@ -315,7 +315,7 @@ class filespec
|
||||
// Try to get real filesize from destination folder
|
||||
$this->filesize = (@filesize($this->destination_file)) ? @filesize($this->destination_file) : $this->filesize;
|
||||
|
||||
if ($this->is_image())
|
||||
if ($this->is_image() && !$skip_image_check)
|
||||
{
|
||||
$this->width = $this->height = 0;
|
||||
|
||||
|
||||
@ -1853,6 +1853,7 @@ function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $
|
||||
$avatar = $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar ;
|
||||
break;
|
||||
}
|
||||
|
||||
// Make sure getimagesize works...
|
||||
if (($image_data = @getimagesize($avatar)) === false)
|
||||
{
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user