index : fluxbb | |
Archlinux32 customized Fluxbb installation | gitolite user |
summaryrefslogtreecommitdiff |
author | Andreas Baumann <mail@andreasbaumann.cc> | 2020-09-17 14:36:49 +0200 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2020-09-17 14:36:49 +0200 |
commit | adbe6225d8aaaaa785389345e5621c6369636ab3 (patch) | |
tree | f05e2ba1fb912231c0a03bcb4165e620834fdb7d /include | |
parent | 598e662d52afb3b80289390aa4605717ab7cc911 (diff) |
-rw-r--r-- | include/upload.php | 784 | ||||
-rw-r--r-- | include/uploadf.php | 116 | ||||
-rw-r--r-- | include/uploadp.php | 23 |
diff --git a/include/upload.php b/include/upload.php new file mode 100644 index 0000000..5d3aac5 --- /dev/null +++ b/include/upload.php @@ -0,0 +1,784 @@ +<?php + +/** + * Copyright (C) 2011-2019 Visman (mio.visman@yandex.ru) + * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher + */ + +// Make sure no one attempts to run this script "directly" +if (! defined('PUN')) { + exit; +} + +// Load language file +if (file_exists(PUN_ROOT . 'lang/' . $pun_user['language'] . '/upload.php')) { + require PUN_ROOT . 'lang/' . $pun_user['language'] . '/upload.php'; +} else { + require PUN_ROOT . 'lang/English/upload.php'; +} + +class upfClass +{ + protected $blackList = [ + '' => true, + 'asmx' => true, + 'asp' => true, + 'aspx' => true, + 'cgi' => true, + 'dll' => true, + 'exe' => true, + 'fcgi' => true, + 'fpl' => true, + 'htaccess' => true, + 'htm' => true, + 'html' => true, + 'js' => true, + 'jsp' => true, + 'php' => true, + 'php3' => true, + 'php4' => true, + 'php5' => true, + 'php6' => true, + 'php7' => true, + 'phar' => true, + 'phps' => true, + 'phtm' => true, + 'phtml' => true, + 'pl' => true, + 'py' => true, + 'rb' => true, + 'shtm' => true, + 'shtml' => true, + 'wml' => true, + 'xml' => true, + ]; + + /** + * Список кодов типов картинок и расширений для них???? + * @var array + */ + protected $imageType = [ + 1 => ['gif', true], + 2 => ['jpg', true], + 3 => ['png', true], + 4 => ['swf', false], + 5 => ['psd', false], + 6 => ['bmp', true], + 7 => ['tiff', false], + 8 => ['tiff', false], + 9 => ['jpc', false], + 10 => ['jp2', false], + 11 => ['jpx', false], + 12 => ['jb2', false], + 13 => ['swc', false], + 14 => ['iff', false], + 15 => ['wbmp', false], + 16 => ['xbm', false], + 17 => ['ico', false], + 18 => ['webp', true], + ]; + + /** + * Список единиц измерения + * @var string + */ + protected $units = 'BKMGTPEZY'; + + protected $UTF8AR = [ + 'à' => 'a', 'ô' => 'o', 'ď' => 'd', 'ḟ' => 'f', 'ë' => 'e', 'š' => 's', 'ơ' => 'o', + 'ß' => 'ss', 'ă' => 'a', 'ř' => 'r', 'ț' => 't', 'ň' => 'n', 'ā' => 'a', 'ķ' => 'k', + 'ŝ' => 's', 'ỳ' => 'y', 'ņ' => 'n', 'ĺ' => 'l', 'ħ' => 'h', 'ṗ' => 'p', 'ó' => 'o', + 'ú' => 'u', 'ě' => 'e', 'é' => 'e', 'ç' => 'c', 'ẁ' => 'w', 'ċ' => 'c', 'õ' => 'o', + 'ṡ' => 's', 'ø' => 'o', 'ģ' => 'g', 'ŧ' => 't', 'ș' => 's', 'ė' => 'e', 'ĉ' => 'c', + 'ś' => 's', 'î' => 'i', 'ű' => 'u', 'ć' => 'c', 'ę' => 'e', 'ŵ' => 'w', 'ṫ' => 't', + 'ū' => 'u', 'č' => 'c', 'ö' => 'oe', 'è' => 'e', 'ŷ' => 'y', 'ą' => 'a', 'ł' => 'l', + 'ų' => 'u', 'ů' => 'u', 'ş' => 's', 'ğ' => 'g', 'ļ' => 'l', 'ƒ' => 'f', 'ž' => 'z', + 'ẃ' => 'w', 'ḃ' => 'b', 'å' => 'a', 'ì' => 'i', 'ï' => 'i', 'ḋ' => 'd', 'ť' => 't', + 'ŗ' => 'r', 'ä' => 'ae', 'í' => 'i', 'ŕ' => 'r', 'ê' => 'e', 'ü' => 'ue', 'ò' => 'o', + 'ē' => 'e', 'ñ' => 'n', 'ń' => 'n', 'ĥ' => 'h', 'ĝ' => 'g', 'đ' => 'd', 'ĵ' => 'j', + 'ÿ' => 'y', 'ũ' => 'u', 'ŭ' => 'u', 'ư' => 'u', 'ţ' => 't', 'ý' => 'y', 'ő' => 'o', + 'â' => 'a', 'ľ' => 'l', 'ẅ' => 'w', 'ż' => 'z', 'ī' => 'i', 'ã' => 'a', 'ġ' => 'g', + 'ṁ' => 'm', 'ō' => 'o', 'ĩ' => 'i', 'ù' => 'u', 'į' => 'i', 'ź' => 'z', 'á' => 'a', + 'û' => 'u', 'þ' => 'th', 'ð' => 'dh', 'æ' => 'ae', 'µ' => 'u', 'ĕ' => 'e', + 'À' => 'A', 'Ô' => 'O', 'Ď' => 'D', 'Ḟ' => 'F', 'Ë' => 'E', 'Š' => 'S', 'Ơ' => 'O', + 'Ă' => 'A', 'Ř' => 'R', 'Ț' => 'T', 'Ň' => 'N', 'Ā' => 'A', 'Ķ' => 'K', + 'Ŝ' => 'S', 'Ỳ' => 'Y', 'Ņ' => 'N', 'Ĺ' => 'L', 'Ħ' => 'H', 'Ṗ' => 'P', 'Ó' => 'O', + 'Ú' => 'U', 'Ě' => 'E', 'É' => 'E', 'Ç' => 'C', 'Ẁ' => 'W', 'Ċ' => 'C', 'Õ' => 'O', + 'Ṡ' => 'S', 'Ø' => 'O', 'Ģ' => 'G', 'Ŧ' => 'T', 'Ș' => 'S', 'Ė' => 'E', 'Ĉ' => 'C', + 'Ś' => 'S', 'Î' => 'I', 'Ű' => 'U', 'Ć' => 'C', 'Ę' => 'E', 'Ŵ' => 'W', 'Ṫ' => 'T', + 'Ū' => 'U', 'Č' => 'C', 'Ö' => 'Oe', 'È' => 'E', 'Ŷ' => 'Y', 'Ą' => 'A', 'Ł' => 'L', + 'Ų' => 'U', 'Ů' => 'U', 'Ş' => 'S', 'Ğ' => 'G', 'Ļ' => 'L', 'Ƒ' => 'F', 'Ž' => 'Z', + 'Ẃ' => 'W', 'Ḃ' => 'B', 'Å' => 'A', 'Ì' => 'I', 'Ï' => 'I', 'Ḋ' => 'D', 'Ť' => 'T', + 'Ŗ' => 'R', 'Ä' => 'Ae', 'Í' => 'I', 'Ŕ' => 'R', 'Ê' => 'E', 'Ü' => 'Ue', 'Ò' => 'O', + 'Ē' => 'E', 'Ñ' => 'N', 'Ń' => 'N', 'Ĥ' => 'H', 'Ĝ' => 'G', 'Đ' => 'D', 'Ĵ' => 'J', + 'Ÿ' => 'Y', 'Ũ' => 'U', 'Ŭ' => 'U', 'Ư' => 'U', 'Ţ' => 'T', 'Ý' => 'Y', 'Ő' => 'O', + 'Â' => 'A', 'Ľ' => 'L', 'Ẅ' => 'W', 'Ż' => 'Z', 'Ī' => 'I', 'Ã' => 'A', 'Ġ' => 'G', + 'Ṁ' => 'M', 'Ō' => 'O', 'Ĩ' => 'I', 'Ù' => 'U', 'Į' => 'I', 'Ź' => 'Z', 'Á' => 'A', + 'Û' => 'U', 'Þ' => 'Th', 'Ð' => 'Dh', 'Æ' => 'Ae', 'Ĕ' => 'E', + 'а' => 'a', 'б' => 'b', 'в' => 'v', 'г' => 'g', 'д' => 'd', 'е' => 'e', 'ё' => 'jo', + 'ж' => 'zh', 'з' => 'z', 'и' => 'i', 'й' => 'jj', 'к' => 'k', 'л' => 'l', 'м' => 'm', + 'н' => 'n', 'о' => 'o', 'п' => 'p', 'р' => 'r', 'с' => 's', 'т' => 't', 'у' => 'u', + 'ф' => 'f', 'х' => 'kh', 'ц' => 'c', 'ч' => 'ch', 'ш' => 'sh', 'щ' => 'shh', 'ъ' => '', + 'ы' => 'y', 'ь' => '', 'э' => 'eh', 'ю' => 'ju', 'я' => 'ja', + 'А' => 'A', 'Б' => 'B', 'В' => 'V', 'Г' => 'G', 'Д' => 'D', 'Е' => 'E', 'Ё' => 'Jo', + 'Ж' => 'Zh', 'З' => 'Z', 'И' => 'I', 'Й' => 'Jj', 'К' => 'K', 'Л' => 'L', 'М' => 'M', + 'Н' => 'N', 'О' => 'O', 'П' => 'P', 'Р' => 'R', 'С' => 'S', 'Т' => 'T', 'У' => 'U', + 'Ф' => 'F', 'Х' => 'Kh', 'Ц' => 'C', 'Ч' => 'Ch', 'Ш' => 'Sh', 'Щ' => 'Shh', 'Ъ' => '', + 'Ы' => 'Y', 'Ь' => '', 'Э' => 'Eh', 'Ю' => 'Ju', 'Я' => 'Ja', + ]; + + const GD = 1; + const IMAGICK = 2; + + protected $resizeFlag = false; + protected $libType; + protected $libName = '-'; + protected $libVersion = '-'; + protected $error; + protected $quality = 75; + + public function __construct() + { + if (\extension_loaded('imagick') && \class_exists('\Imagick')) { + $this->resizeFlag = true; + $this->libType = self::IMAGICK; + $this->libName = 'ImageMagick'; + $imagick = \Imagick::getVersion(); + $this->libVersion = \trim(\preg_replace(['%ImageMagick%i', '%http[^\s]+%i'], '', $imagick['versionString'])); + } elseif (\extension_loaded('gd') && \function_exists('\\imagecreatetruecolor')) { + $this->resizeFlag = true; + $this->libType = self::GD; + $this->libName = 'GD'; + $gd = \gd_info(); + $this->libVersion = $gd['GD Version']; + } + } + + public function isResize() + { + return $this->resizeFlag; + } + + public function getLibName() + { + return $this->libName; + } + + public function getLibVersion() + { + return $this->libVersion; + } + + public function getError() + { + $error = $this->error; + $this->error = null; + return $error; + } + + protected function isBadLink($link) + { + if (false !== \strpos($link, ':', 2) || false !== \strpos($link, '//') || \preg_match('%\bphar\b%i', $link)) { + $this->error = 'Bad link'; + return true; + } else { + return false; + } + } + + public function inBlackList($ext) + { + return isset($this->blackList[\strtolower($ext)]); + } + + public function dirSize($dir) + { + if ($this->isBadLink($dir)) { + return false; + } + if (! \is_dir($dir)) { + $this->error = 'Directory expected'; + return false; + } + if (false === ($dh = \opendir($dir))) { + $this->error = 'Could not open directory'; + return false; + } + + $size = 0; + while (false !== ($file = \readdir($dh))) { + if ('' == \trim($file) || '.' === $file[0] || '#' === $file[0] || ! \is_file($dir . $file)) { + continue; + } + $ext = \strtolower(\substr(\strrchr($file, '.'), 1)); // расширение файла + if (isset($this->blackList[$ext])) { + continue; + } + $size += \filesize($dir . $file); + } + + \closedir($dh); + return $size; + } + + /** + * Переводит объем информации из одних единиц в другие + * кило = 1024, а не 1000 + * + * @param int|float|string $value + * @param string $to + * + * @return int|float|false + */ + public function size($value, $to = null) + { + if (\is_string($value)) { + if (! \preg_match('%^([^a-z]+)([a-z]+)?$%i', \trim($value), $matches)) { + $this->error = 'Expected string indicating the amount of information'; + return false; + } + if (! \is_numeric($matches[1])) { + $this->error = 'String does not contain number'; + return false; + } + + $value = 0 + $matches[1]; + + if (! empty($matches[2])) { + $unit = \strtoupper($matches[2][0]); + $expo = \strpos($this->units, $unit); + + if (false === $expo) { + $this->error = 'Unknown unit'; + return false; + } + + $value *= 1024 ** $expo; + } + } + + if (\is_string($to)) { + $to = \trim($to); + $unit = \strtoupper($to[0]); + $expo = \strpos($this->units, $unit); + + if (false === $expo) { + $this->error = 'Unknown unit'; + return false; + } + + $value /= 1024 ** $expo; + } + + return 0 + $value; + } + + /** + * Определяет по содержимому файла расширение картинки???? + * + * @param string $path + * + * @return false|array + */ + public function imageExt($path) + { + if ($this->isBadLink($path)) { + return false; + } + + if (\function_exists('\\exif_imagetype')) { + $type = \exif_imagetype($path); + } elseif ( + \function_exists('\\getimagesize') + && false !== ($type = @\getimagesize($path)) + && $type[0] > 0 + && $type[1] > 0 + ) { + $type = $type[2]; + } else { + $type = 0; + } + return isset($this->imageType[$type]) ? $this->imageType[$type] : false; + } + + /** + * Фильрует и переводит в латиницу(?) имя файла + * + * @param string $name + * + * @return string + */ + protected function filterName($name) + { + $new = false; + if (\function_exists('\\transliterator_transliterate')) { + $new = \transliterator_transliterate("Any-Latin; NFD; [:Nonspacing Mark:] Remove; NFC;", $name); + } + if (! \is_string($new)) { + $new = str_replace(array_keys($this->UTF8AR), array_values($this->UTF8AR), $name); + } + + $name = \trim(\preg_replace('%[^\w-]+%', '-', $new), '-_'); + + if (! isset($name[0])) { + $name = $this->filterName(\date('Ymd\-His')); + } + + return $name; + } + + public function getFileExt() + { + return $this->fileExt; + } + + public function getFileName() + { + return $this->fileName; + } + + public function prepFileName() + { + if ('mini_' === \substr($this->fileName, 0, 5)) { + $this->fileName = \substr($this->fileName, 5); + } + if (\strlen($this->fileName) > 100) { + $this->fileName = \substr($this->fileName, 0, 100); + } + if ('' == $this->fileName) { + $this->fileName = 'none'; + } + } + + public function isImage() + { + return $this->fileAsImage; + } + + public function setImageQuality($quality) + { + $this->quality = \min(\max((int) $quality, 1), 100); + } + + protected $filePath; + protected $fileName; + protected $fileExt; + protected $fileCalcExt; + protected $fileAsImage; + protected $fileIsUp; + protected $image; + + public function loadFile($path, $basename = null) + { + $this->filePath = null; + $this->fileName = null; + $this->fileExt = null; + $this->fileCalcExt = null; + $this->fileAsImage = false; + $this->fileIsUp = null !== $basename; + + $this->destroyImage(); + $this->image = null; + + if ($this->isBadLink($path)) { + return false; + } + + if (null !== $basename) { + $pattern = '%^(.+)\.(\w+)$%'; + $subject = $basename; + } else { + $pattern = '%[\\/]([\w-]+)\.(\w+)$%'; + $subject = $path; + } + if (! \preg_match($pattern, $subject, $matches)) { + $this->error = 'Bad file name or extension'; + return false; + } + + $this->fileExt = $this->fileCalcExt = \strtolower($matches[2]); + if (isset($this->blackList[$this->fileExt])) { + $this->error = 'Bad file extension'; + return false; + } + + if (null !== $basename) { + if (! \is_uploaded_file($path)) { + $this->error = 'File was not uploaded'; + return false; + } + } else { + if (! \is_file($path)) { + $this->error = 'No file'; + return false; + } + } + if (! \is_readable($path)) { + $this->error = 'File unreadable'; + return false; + } + + $imageInfo = $this->imageExt($path); + if (\is_array($imageInfo)) { + if (null !== $basename) { + $this->fileExt = $imageInfo[0]; + } + $this->fileCalcExt = $imageInfo[0]; + $this->fileAsImage = $imageInfo[1]; + } + + $this->fileName = null !== $basename ? $this->filterName($matches[1]) : $matches[1]; + $this->filePath = $path; + + return true; + } + + public function isUnsafeContent() + { + if (null === $this->filePath) { + return true; + } + + $f = \fopen($this->filePath, "rb"); + if (false === $f) { + return true; + } + + $buf1 = ''; + while ($buf2 = \fread($f, 4096)) { + if (\preg_match( "%<(?:script|html|head|title|body|table|a\s+href|img\s|plaintext|cross\-domain\-policy|embed|applet|i?frame|\?php)%msi", $buf1 . $buf2)) { + \fclose($f); + return true; + } + $buf1 = \substr($buf2, -30); + } + \fclose($f); + return false; + } + + public function loadImage() + { + if (null === $this->filePath || true !== $this->fileAsImage) { + $this->error = 'No image'; + return false; + } + switch ($this->libType) { + case self::IMAGICK: + try { + $image = new \Imagick(\realpath($this->filePath)); + $width = $image->getImageWidth(); + $height = $image->getImageHeight(); + } catch (\Exception $e) { + $this->error = $this->hidePath($e->getMessage()); + return false; + } + break; + case self::GD: + $type = $this->fileCalcExt; + switch ($type) { + case 'jpg': + $type = 'jpeg'; + break; + } + + $func = '\\imagecreatefrom' . $type; + if (! \function_exists($func)) { + $this->error = 'No function to create image'; + return false; + } + + $image = @$func($this->filePath); + if (! $image) { + $this->error = 'Failed to create image'; + return false; + } + if (false === \imagealphablending($image, false) || false === \imagesavealpha($image, true)) { + $this->error = 'Failed to adjust image'; + return false; + } + $width = \imagesx($image); + $height = \imagesy($image); + break; + default: + $this->error = 'Graphics library type not defined'; + return false; + } + $this->image = $image; + + return [ + $width, + $height, + ]; + } + + public function saveFile($path, $overwrite = false) + { + return $this->save($path, $overwrite, false); + } + + public function saveImage($path, $overwrite = false) + { + if (empty($this->image)) { + $this->error = 'No image'; + return false; + } + + return $this->save($path, $overwrite, true); + } + + protected function save($path, $overwrite, $isImage) + { + if ($this->isBadLink($path)) { + return false; + } + + if (! \preg_match('%^(.+[\\/])([\w-]+)\.(\w+)$%', $path, $matches)) { + $this->error = 'Bad dir name, file name or extension'; + return false; + } + + $ext = \strtolower($matches[3]); + if (isset($this->blackList[$ext])) { + $this->error = 'Bad file extension'; + return false; + } + $name = $matches[2]; + $dir = $matches[1]; + + if (true !== $overwrite) { + $tmp = ''; + $i = 0; + while (\is_file($dir . $name . $tmp . '.' . $ext) && $i < 100) { + $tmp = '-' . random_pass(4); + ++$i; + } + if ($i >= 100) { + $this->error = 'Many similar names'; + return false; + } + $name .= $tmp; + } + $path = $dir . $name . '.' . $ext; + + if (false === $isImage) { + $func = $this->fileIsUp ? '\\move_uploaded_file' : '\\copy'; + $result = @$func($this->filePath, $path); + if (! $result) { + $this->error = 'Failed to copy file'; + return false; + } + } else { + switch ($this->libType) { + case self::IMAGICK: + try { + //var_dump($this->image->getImageColors()); + $type = $this->fileCalcExt; + switch ($type) { + case 'png': + $this->image->setImageCompressionQuality(0); + break; + default: + $this->image->setImageCompressionQuality($this->quality); + break; + } + $this->image->writeImages($path, true); + } catch (\Exception $e) { + $this->error = $this->hidePath($e->getMessage(), $path); + return false; + } + break; + case self::GD: + $result = false; + $type = $this->fileCalcExt; + $args = [$this->image, $path]; + switch ($type) { + case 'jpg': + $type = 'jpeg'; + $args[] = $this->quality; + break; + case 'png': + //$args[] = -1; + //$args[] = \PNG_ALL_FILTERS; // \PNG_NO_FILTER; + // imagecolorstotal + // , int $quality = -1 , int $filters = -1 + break; + case 'webp': + $args[] = $this->quality; + break; + } + $func = '\\image' . $type; + if (! \function_exists($func)) { + $this->error = 'No function to save image'; + return false; + } + + $result = @$func(...$args); + if (true !== $result) { + $this->error = 'Failed to copy image'; + return false; + } + break; + default: + $this->error = 'Graphics library type not defined'; + return false; + } + } + + @\chmod($path, 0644); + + return [ + 'path' => $path, + 'dirname' => $dir, + 'filename' => $name, + 'extension' => $ext, + ]; + } + + public function resizeImage($width, $height = null) + { + if (empty($this->image)) { + $this->error = 'No image'; + return false; + } + + switch ($this->libType) { + case self::IMAGICK: + try { + $oldWidth = $this->image->getImageWidth(); + $oldHeight = $this->image->getImageHeight(); + } catch (\Exception $e) { + $this->error = $this->hidePath($e->getMessage()); + return false; + } + break; + case self::GD: + $oldWidth = \imagesx($this->image); + $oldHeight = \imagesy($this->image); + break; + default: + $this->error = 'Graphics library type not defined'; + return false; + } + + $w = (empty($width) || $width < 16) ? 1 : $width / $oldWidth; + $h = (empty($height) || $height < 16) ? 1 : $height / $oldHeight; + $r = \min(1, $w, $h); + if (1 == $r) { // ? + return 1; + } + $width = (int) \round($oldWidth * $r); + $height = (int) \round($oldHeight * $r); + + switch ($this->libType) { + case self::IMAGICK: + try { + // есть анимация + if ($this->image->getImageDelay() > 0) { + $image = $this->image->coalesceImages(); + + foreach ($image as $frame) { + $frame->resizeImage($width, $height, \Imagick::FILTER_LANCZOS, 1); + $frame->setImagePage($width, $height, 0, 0); + } + + $image = $image->deconstructImages(); + //$image = $image->optimizeImageLayers(); + // нет анимации + } else { + $image = clone $this->image; + $image->resizeImage($width, $height, \Imagick::FILTER_LANCZOS, 1); + } + } catch (\Exception $e) { + $this->error = $this->hidePath($e->getMessage()); + return false; + } + break; + case self::GD: + if (false === ($image = \imagecreatetruecolor($width, $height))) { + $this->error = 'Failed to create new truecolor image'; + return false; + } + if (false === ($transparent = \imagecolorallocatealpha($image, 255, 255, 255, 127))) { + $this->error = 'Failed to create color for image'; + return false; + } + if (false === \imagefill($image, 0, 0, $transparent)) { + $this->error = 'Failed to fill image with color'; + return false; + } + \imagecolortransparent($image, $transparent); + $colors = \imagecolorstotal($this->image); + if ($colors > 0 && false === \imagetruecolortopalette($image, true, $colors)) { + $this->error = 'Failed to convert image to palette'; + return false; + } + if (false === \imagealphablending($image, false) || false === \imagesavealpha($image, true)) { + $this->error = 'Failed to adjust image'; + return false; + } + if (false === \imagecopyresampled($image, $this->image, 0, 0, 0, 0, $width, $height, $oldWidth, $oldHeight)) { + $this->error = 'Failed to resize image'; + return false; + } + break; + } + + if (false === $this->destroyImage()) { + return false; + } + $this->image = $image; + + return $r; + } + + public function destroyImage() + { + if (empty($this->image)) { + return true; + } + + $result = false; + + switch ($this->libType) { + case self::IMAGICK: + try { + $result = $this->image->clear(); + } catch (\Exception $e) { + $result = false; + } + break; + case self::GD: + $result = \imagedestroy($this->image); + break; + } + + if (true === $result) { + $this->image = null; + } else { + $this->error = 'Failed to clear resource'; + } + + return $result; + } + + public function __destruct() + { + $this->destroyImage(); + } + + protected function hidePath($str, $path = null) + { + $search = []; + if (null !== $this->filePath) { + $search[] = \realpath($this->filePath); + $search[] = $this->filePath; + } + if (null !== $path) { + $search[] = \realpath($path); + $search[] = $path; + } + return empty($search) ? $str : \str_replace($search, '', $str); + } +} + +$upf_class = new upfClass(); diff --git a/include/uploadf.php b/include/uploadf.php new file mode 100644 index 0000000..527bc32 --- /dev/null +++ b/include/uploadf.php @@ -0,0 +1,116 @@ +<?php +/** + * Copyright (C) 2011-2020 Visman (visman@inbox.ru) + * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher + */ + +// Make sure no one attempts to run this script "directly" +if (! defined('PUN')) { + exit; +} + +if (!$pun_user['is_guest'] && isset($pun_config['o_upload_config'], $required_fields['req_message'])) { + if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_up_limit'] > 0 && $pun_user['g_up_max'] > 0)) { + // Load language file + if (! isset($lang_up)) { + if (file_exists(PUN_ROOT.'lang/'.$pun_user['language'].'/upload.php')) { + require PUN_ROOT.'lang/'.$pun_user['language'].'/upload.php'; + } else { + require PUN_ROOT.'lang/English/upload.php'; + } + } + + if (file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/upfiles.css')) { + $style = 'style/'.$pun_user['style'].'/upfiles.css'; + } else { + $style = 'style/imports/upfiles.css'; + } + + $upf_conf = unserialize($pun_config['o_upload_config']); + $upf_max_size = (int) (10485.76 * $pun_user['g_up_max']) + +?> +<script type="text/javascript"> +/* <![CDATA[ */ +if (typeof FluxBB === 'undefined' || !FluxBB) {var FluxBB = {};} +FluxBB.uploadvars = { + action: 'upfiles.php', + style: '<?= addslashes($style) ?>', + lang: { + upfiles: '<strong><?= addslashes($lang_up['upfiles']) ?></strong>', + confirmation: '<?= addslashes($lang_up['delete file']) ?>', + large: '<?= addslashes($lang_up['Too large']) ?>', + bad_type: '<?= addslashes($lang_up['Bad type']) ?>' + }, + maxsize: <?= $upf_max_size ?>, + exts: ['<?= str_replace([' ', ','], ['', '\', \''], addslashes($pun_user['g_up_ext'])) ?>'], + token: '<?= addslashes(function_exists('csrf_hash') ? csrf_hash('upfiles.php') : pun_csrf_token()) ?>' +}; +/* ]]> */ +</script> +<script type="text/javascript" src="js/upload.js"></script> + +<div id="upf-template" style="width: 0; height: 0; overflow: hidden; margin: 0; padding: 0;"> + <div class="inform upf-fmess"> + <fieldset> + <legend><?= $lang_up['upfiles'] ?></legend> + <div class="infldset"> + <button id="upf-button" type="button"><?= $lang_up['fichier'] ?></button> + <span><?= sprintf($lang_up['info_2'], pun_htmlspecialchars(str_replace([' ', ','], ['', ', '], $pun_user['g_up_ext'])), pun_htmlspecialchars(file_size($upf_max_size))) ?></span> + </div> + </fieldset> + </div> + <div class="inform upf-fmess"> + <fieldset id="upf-list-fls"> + <div class="infldset"> + <div id="upf-container"> + <ul id="upf-list"> + <li id="upf--"> + <div class="upf-name" title="End"> + <span> </span> + </div> + <div class="upf-file" style="height: <?= max((int) $upf_conf['thumb_size'], 100) ?>px;"> + <a> + <span> </span> + </a> + </div> + <div class="upf-size"> + <span> </span> + </div> + <div class="upf-but upf-delete"> + <a title="<?= $lang_up['delete'] ?>"> + <span></span> + </a> + </div> + <div class="upf-but upf-insert"> + <a title="<?= $lang_up['insert'] ?>"> + <span></span> + </a> + </div> + <div class="upf-but upf-insert-t"> + <a title="<?= $lang_up['insert_thumb'] ?>"> + <span></span> + </a> + </div> + </li> + </ul> + </div> + </div> + </fieldset> + </div> + <div class="inform upf-fmess"> + <fieldset> + <div class="infldset"> + <div id="upf-legend"> + <div style="background-color: rgb(0, 255, 0); width: 0%;"><span>0%</span></div> + </div> + <p id="upf-legend-p"><?= sprintf($lang_up['info_4'], 0, pun_htmlspecialchars(file_size(1048576 * $pun_user['g_up_limit']))) ?></p> + </div> + </fieldset> + </div> +</div> + +<?php + + } +} diff --git a/include/uploadp.php b/include/uploadp.php new file mode 100644 index 0000000..82f1bb5 --- /dev/null +++ b/include/uploadp.php @@ -0,0 +1,23 @@ +<?php + +/** + * Copyright (C) 2011-2019 Visman (mio.visman@yandex.ru) + * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher + */ + +// Make sure no one attempts to run this script "directly" +if (! defined('PUN')) { + exit; +} + +if (isset($pun_config['o_upload_config'])) { + if ($pun_user['g_id'] == PUN_ADMIN || ($id == $pun_user['id'] && $pun_user['g_up_limit'] > 0 && $pun_user['g_up_max'] > 0)) { + if (file_exists(PUN_ROOT . 'lang/' . $pun_user['language'] . '/upload.php')) { + require PUN_ROOT . 'lang/' . $pun_user['language'] . '/upload.php'; + } else { + require PUN_ROOT . 'lang/English/upload.php'; + } + + echo "\t\t\t\t\t" . '<li' . (($page == 'upload') ? ' class="isactive"' : '') . '><a href="upfiles.php?id=' . $id . '">' . $lang_up['upfiles'] . '</a></li>' . "\n"; + } +} |