Vergleich inc/functions_upload.php - 1.8.21 - 1.8.25

Keine Änderungen Hinzugefügt Modifiziert Entfernt
Zeile 374	Zeile 374
$posthash = $db->escape_string($mybb->get_input('posthash')); $pid = (int)$pid;	$posthash = $db->escape_string($mybb->get_input('posthash')); $pid = (int)$pid;
if(isset($attachment['error']) && $attachment['error'] != 0) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_detail; switch($attachment['error']) { case 1: // UPLOAD_ERR_INI_SIZE $ret['error'] .= $lang->error_uploadfailed_php1; break; case 2: // UPLOAD_ERR_FORM_SIZE $ret['error'] .= $lang->error_uploadfailed_php2; break; case 3: // UPLOAD_ERR_PARTIAL $ret['error'] .= $lang->error_uploadfailed_php3; break; case 4: // UPLOAD_ERR_NO_FILE $ret['error'] .= $lang->error_uploadfailed_php4; break; case 6: // UPLOAD_ERR_NO_TMP_DIR $ret['error'] .= $lang->error_uploadfailed_php6; break; case 7: // UPLOAD_ERR_CANT_WRITE $ret['error'] .= $lang->error_uploadfailed_php7; break; default: $ret['error'] .= $lang->sprintf($lang->error_uploadfailed_phpx, $attachment['error']); break; } return $ret; }
if(!is_uploaded_file($attachment['tmp_name']) \|\| empty($attachment['tmp_name'])) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_php4;	if(!is_uploaded_file($attachment['tmp_name']) \|\| empty($attachment['tmp_name'])) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_php4;
return $ret; }	return $ret; }
$attachtypes = (array)$cache->read('attachtypes'); $attachment = $plugins->run_hooks("upload_attachment_start", $attachment);	$attachtypes = (array)$cache->read('attachtypes'); $attachment = $plugins->run_hooks("upload_attachment_start", $attachment);

$allowed_mime_types = array(); foreach($attachtypes as $ext => $attachtype)	$allowed_mime_types = array(); foreach($attachtypes as $ext => $attachtype)
{	{
if(!is_member($attachtype['groups']) \|\| ($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$forum['fid'].',') === false)) { unset($attachtypes[$ext]);	if(!is_member($attachtype['groups']) \|\| ($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$forum['fid'].',') === false)) { unset($attachtypes[$ext]);
Zeile 428	Zeile 398
if(!isset($attachtypes[$ext])) { $ret['error'] = $lang->error_attachtype;	if(!isset($attachtypes[$ext])) { $ret['error'] = $lang->error_attachtype;
return $ret; } else {	return $ret; } else {
$attachtype = $attachtypes[$ext];	$attachtype = $attachtypes[$ext];
	} // check the length of the filename $maxFileNameLength = 255; if(my_strlen($attachment['name']) > $maxFileNameLength) { $ret['error'] = $lang->sprintf($lang->error_attach_filename_length, htmlspecialchars_uni($attachment['name']), $maxFileNameLength); return $ret;
} // Check the size if($attachment['size'] > $attachtype['maxsize']*1024 && $attachtype['maxsize'] != "")	} // Check the size if($attachment['size'] > $attachtype['maxsize']*1024 && $attachtype['maxsize'] != "")
{	{
$ret['error'] = $lang->sprintf($lang->error_attachsize, htmlspecialchars_uni($attachment['name']), $attachtype['maxsize']); return $ret; }	$ret['error'] = $lang->sprintf($lang->error_attachsize, htmlspecialchars_uni($attachment['name']), $attachtype['maxsize']); return $ret; }
Zeile 449	Zeile 427
$usage = $db->fetch_array($query); $usage = $usage['ausage']+$attachment['size']; if($usage > ($mybb->usergroup['attachquota']*1024))	$usage = $db->fetch_array($query); $usage = $usage['ausage']+$attachment['size']; if($usage > ($mybb->usergroup['attachquota']*1024))
{	{
$friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); $ret['error'] = $lang->sprintf($lang->error_reachedattachquota, $friendlyquota);	$friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); $ret['error'] = $lang->sprintf($lang->error_reachedattachquota, $friendlyquota);
return $ret; } }	return $ret; } }
// Gather forum permissions $forumpermissions = forum_permissions($forum['fid']); // Check if an attachment with this name is already in the post if($pid != 0)	// Gather forum permissions $forumpermissions = forum_permissions($forum['fid']); // Check if an attachment with this name is already in the post if($pid != 0)
{	{
$uploaded_query = "pid='{$pid}'"; } else	$uploaded_query = "pid='{$pid}'"; } else
Zeile 479	Zeile 457
} $ret['error'] = $lang->sprintf($lang->error_alreadyuploaded, htmlspecialchars_uni($attachment['name']));	} $ret['error'] = $lang->sprintf($lang->error_alreadyuploaded, htmlspecialchars_uni($attachment['name']));
return $ret;	return $ret;
} // Check to see how many attachments exist for this post already	} // Check to see how many attachments exist for this post already
Zeile 491	Zeile 469
{ $ret['error'] = $lang->sprintf($lang->error_maxattachpost, $mybb->settings['maxattachments']); return $ret;	{ $ret['error'] = $lang->sprintf($lang->error_maxattachpost, $mybb->settings['maxattachments']); return $ret;
}	}
} $month_dir = '';	} $month_dir = '';
Zeile 514	Zeile 492
@fclose($index); } }	@fclose($index); } }
}	}
// All seems to be good, lets move the attachment! $filename = "post_".$mybb->user['uid']."_".TIME_NOW."_".md5(random_str()).".attach";	// All seems to be good, lets move the attachment! $filename = "post_".$mybb->user['uid']."_".TIME_NOW."_".md5(random_str()).".attach";
Zeile 527	Zeile 505
$file = upload_file($attachment, $mybb->settings['uploadspath'].'/', $filename); } elseif($month_dir)	$file = upload_file($attachment, $mybb->settings['uploadspath'].'/', $filename); } elseif($month_dir)
{	{
$filename = $month_dir."/".$filename; }	$filename = $month_dir."/".$filename; }
Zeile 543	Zeile 521
$ret['error'] .= $lang->error_uploadfailed_movefailed; break; }	$ret['error'] .= $lang->error_uploadfailed_movefailed; break; }
return $ret; }	return $ret; }
// Lets just double check that it exists if(!file_exists($mybb->settings['uploadspath']."/".$filename)) {	// Lets just double check that it exists if(!file_exists($mybb->settings['uploadspath']."/".$filename)) {
Zeile 574	Zeile 552
{ case "image/gif": $img_type = 1;	{ case "image/gif": $img_type = 1;
break;	break;
case "image/jpeg": case "image/x-jpg": case "image/x-jpeg":	case "image/jpeg": case "image/x-jpg": case "image/x-jpeg":
Zeile 668	Zeile 646
if(@is_dir($mybb->settings['uploadspath']."/".$date_directory[0])) { delete_upload_directory($mybb->settings['uploadspath']."/".$date_directory[0]);	if(@is_dir($mybb->settings['uploadspath']."/".$date_directory[0])) { delete_upload_directory($mybb->settings['uploadspath']."/".$date_directory[0]);
} }	} }
$aid = $prevattach['aid'];	$aid = $prevattach['aid'];
}	}
else { $aid = $db->insert_query("attachments", $attacharray); if($pid) { update_thread_counters($tid, array("attachmentcount" => "+1"));	else { $aid = $db->insert_query("attachments", $attacharray); if($pid) { update_thread_counters($tid, array("attachmentcount" => "+1"));
}	}
} $ret['aid'] = $aid; return $ret;	} $ret['aid'] = $aid; return $ret;
	} /** * Check whether the input $FILE variable indicates a PHP file upload error, * and if so, return an appropriate user-friendly error message. * * @param array $FILE File data (as fed by PHP's $_FILE). * * @return string Error message or empty if no error detected. */ function check_parse_php_upload_err($FILE) { global $lang; $err = ''; if(isset($FILE['error']) && $FILE['error'] != 0 && ($FILE['error'] != UPLOAD_ERR_NO_FILE \|\| $FILE['name'])) { $err = $lang->error_uploadfailed.$lang->error_uploadfailed_detail; switch($FILE['error']) { case 1: // UPLOAD_ERR_INI_SIZE $err .= $lang->error_uploadfailed_php1; break; case 2: // UPLOAD_ERR_FORM_SIZE $err .= $lang->error_uploadfailed_php2; break; case 3: // UPLOAD_ERR_PARTIAL $err .= $lang->error_uploadfailed_php3; break; case 4: // UPLOAD_ERR_NO_FILE $err .= $lang->error_uploadfailed_php4; break; case 6: // UPLOAD_ERR_NO_TMP_DIR $err .= $lang->error_uploadfailed_php6; break; case 7: // UPLOAD_ERR_CANT_WRITE $err .= $lang->error_uploadfailed_php7; break; default: $err .= $lang->sprintf($lang->error_uploadfailed_phpx, $FILE['error']); break; } } return $err;
} /**	} /**
Zeile 714	Zeile 738
{ foreach($fields as $field) {	{ foreach($fields as $field) {
$attach1[$field] = $_FILES['attachments'][$field][$key];
$attachments[$i][$field] = $_FILES['attachments'][$field][$i]; }	$attachments[$i][$field] = $_FILES['attachments'][$field][$i]; }
Zeile 738	Zeile 761
foreach($attachments as $FILE) {	foreach($attachments as $FILE) {
if(!empty($FILE['name']) && !empty($FILE['type']))	if($err = check_parse_php_upload_err($FILE)) { $ret['errors'][] = $err; $mybb->input['action'] = $action; } else if(!empty($FILE['name']) && !empty($FILE['type']))
{ if($FILE['size'] > 0) {	{ if($FILE['size'] > 0) {
Zeile 749	Zeile 777
if($action == "editpost") { if($exists && $mybb->get_input('updateattachment') && ($mybb->usergroup['caneditattachments'] \|\| $forumpermissions['caneditattachments']))	if($action == "editpost") { if($exists && $mybb->get_input('updateattachment') && ($mybb->usergroup['caneditattachments'] \|\| $forumpermissions['caneditattachments']))
{ $update_attachment = true;	{ $update_attachment = true;
} } else	} } else
Zeile 759	Zeile 787
{ $update_attachment = true; }	{ $update_attachment = true; }
}	}
$attachedfile = upload_attachment($FILE, $update_attachment); if(!empty($attachedfile['error']))	$attachedfile = upload_attachment($FILE, $update_attachment); if(!empty($attachedfile['error']))
Zeile 768	Zeile 796
$ret['errors'][] = $attachedfile['error']; $mybb->input['action'] = $action; }	$ret['errors'][] = $attachedfile['error']; $mybb->input['action'] = $action; }

} else {	} else {