albertlast /
SMF2.1
| @@ 226-301 (lines=76) @@ | ||
| 223 | } |
|
| 224 | ||
| 225 | // Loop through $_FILES['attachment'] array and move each file to the current attachments folder. |
|
| 226 | foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) |
|
| 227 | { |
|
| 228 | if ($_FILES['attachment']['name'][$n] == '') |
|
| 229 | continue; |
|
| 230 | ||
| 231 | // First, let's first check for PHP upload errors. |
|
| 232 | $errors = array(); |
|
| 233 | if (!empty($_FILES['attachment']['error'][$n])) |
|
| 234 | { |
|
| 235 | if ($_FILES['attachment']['error'][$n] == 2) |
|
| 236 | $errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit'])); |
|
| 237 | ||
| 238 | else |
|
| 239 | log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]); |
|
| 240 | ||
| 241 | // Log this one, because... |
|
| 242 | if ($_FILES['attachment']['error'][$n] == 6) |
|
| 243 | log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical'); |
|
| 244 | ||
| 245 | // Weird, no errors were cached, still fill out a generic one. |
|
| 246 | if (empty($errors)) |
|
| 247 | $errors[] = 'attach_php_error'; |
|
| 248 | } |
|
| 249 | ||
| 250 | // Try to move and rename the file before doing any more checks on it. |
|
| 251 | $attachID = 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand()); |
|
| 252 | $destName = $this->_attchDir . '/' . $attachID; |
|
| 253 | ||
| 254 | // No errors, YAY! |
|
| 255 | if (empty($errors)) |
|
| 256 | { |
|
| 257 | // The reported MIME type of the attachment might not be reliable. |
|
| 258 | // Fortunately, PHP 5.3+ lets us easily verify the real MIME type. |
|
| 259 | if (function_exists('mime_content_type')) |
|
| 260 | $_FILES['attachment']['type'][$n] = mime_content_type($_FILES['attachment']['tmp_name'][$n]); |
|
| 261 | ||
| 262 | $_SESSION['temp_attachments'][$attachID] = array( |
|
| 263 | 'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])), |
|
| 264 | 'tmp_name' => $destName, |
|
| 265 | 'size' => $_FILES['attachment']['size'][$n], |
|
| 266 | 'type' => $_FILES['attachment']['type'][$n], |
|
| 267 | 'id_folder' => $modSettings['currentAttachmentUploadDir'], |
|
| 268 | 'errors' => array(), |
|
| 269 | ); |
|
| 270 | ||
| 271 | // Move the file to the attachments folder with a temp name for now. |
|
| 272 | if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName)) |
|
| 273 | smf_chmod($destName, 0644); |
|
| 274 | ||
| 275 | // This is madness!! |
|
| 276 | else |
|
| 277 | { |
|
| 278 | // File couldn't be moved. |
|
| 279 | $_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout'; |
|
| 280 | if (file_exists($_FILES['attachment']['tmp_name'][$n])) |
|
| 281 | unlink($_FILES['attachment']['tmp_name'][$n]); |
|
| 282 | } |
|
| 283 | } |
|
| 284 | ||
| 285 | // Fill up a nice array with some data from the file and the errors encountered so far. |
|
| 286 | else |
|
| 287 | { |
|
| 288 | $_SESSION['temp_attachments'][$attachID] = array( |
|
| 289 | 'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])), |
|
| 290 | 'tmp_name' => $destName, |
|
| 291 | 'errors' => $errors, |
|
| 292 | ); |
|
| 293 | ||
| 294 | if (file_exists($_FILES['attachment']['tmp_name'][$n])) |
|
| 295 | unlink($_FILES['attachment']['tmp_name'][$n]); |
|
| 296 | } |
|
| 297 | ||
| 298 | // If there's no errors to this point. We still do need to apply some additional checks before we are finished. |
|
| 299 | if (empty($_SESSION['temp_attachments'][$attachID]['errors'])) |
|
| 300 | attachmentChecks($attachID); |
|
| 301 | } |
|
| 302 | ||
| 303 | // Mod authors, finally a hook to hang an alternate attachment upload system upon |
|
| 304 | // Upload to the current attachment folder with the file name $attachID or 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand()) |
|
| @@ 403-465 (lines=63) @@ | ||
| 400 | } |
|
| 401 | ||
| 402 | // Loop through $_FILES['attachment'] array and move each file to the current attachments folder. |
|
| 403 | foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) |
|
| 404 | { |
|
| 405 | if ($_FILES['attachment']['name'][$n] == '') |
|
| 406 | continue; |
|
| 407 | ||
| 408 | // First, let's first check for PHP upload errors. |
|
| 409 | $errors = array(); |
|
| 410 | if (!empty($_FILES['attachment']['error'][$n])) |
|
| 411 | { |
|
| 412 | if ($_FILES['attachment']['error'][$n] == 2) |
|
| 413 | $errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit'])); |
|
| 414 | elseif ($_FILES['attachment']['error'][$n] == 6) |
|
| 415 | log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical'); |
|
| 416 | else |
|
| 417 | log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]); |
|
| 418 | if (empty($errors)) |
|
| 419 | $errors[] = 'attach_php_error'; |
|
| 420 | } |
|
| 421 | ||
| 422 | // Try to move and rename the file before doing any more checks on it. |
|
| 423 | $attachID = 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand()); |
|
| 424 | $destName = $context['attach_dir'] . '/' . $attachID; |
|
| 425 | if (empty($errors)) |
|
| 426 | { |
|
| 427 | // The reported MIME type of the attachment might not be reliable. |
|
| 428 | // Fortunately, PHP 5.3+ lets us easily verify the real MIME type. |
|
| 429 | if (function_exists('mime_content_type')) |
|
| 430 | $_FILES['attachment']['type'][$n] = mime_content_type($_FILES['attachment']['tmp_name'][$n]); |
|
| 431 | ||
| 432 | $_SESSION['temp_attachments'][$attachID] = array( |
|
| 433 | 'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])), |
|
| 434 | 'tmp_name' => $destName, |
|
| 435 | 'size' => $_FILES['attachment']['size'][$n], |
|
| 436 | 'type' => $_FILES['attachment']['type'][$n], |
|
| 437 | 'id_folder' => $modSettings['currentAttachmentUploadDir'], |
|
| 438 | 'errors' => array(), |
|
| 439 | ); |
|
| 440 | ||
| 441 | // Move the file to the attachments folder with a temp name for now. |
|
| 442 | if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName)) |
|
| 443 | smf_chmod($destName, 0644); |
|
| 444 | else |
|
| 445 | { |
|
| 446 | $_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout'; |
|
| 447 | if (file_exists($_FILES['attachment']['tmp_name'][$n])) |
|
| 448 | unlink($_FILES['attachment']['tmp_name'][$n]); |
|
| 449 | } |
|
| 450 | } |
|
| 451 | else |
|
| 452 | { |
|
| 453 | $_SESSION['temp_attachments'][$attachID] = array( |
|
| 454 | 'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])), |
|
| 455 | 'tmp_name' => $destName, |
|
| 456 | 'errors' => $errors, |
|
| 457 | ); |
|
| 458 | ||
| 459 | if (file_exists($_FILES['attachment']['tmp_name'][$n])) |
|
| 460 | unlink($_FILES['attachment']['tmp_name'][$n]); |
|
| 461 | } |
|
| 462 | // If there's no errors to this point. We still do need to apply some additional checks before we are finished. |
|
| 463 | if (empty($_SESSION['temp_attachments'][$attachID]['errors'])) |
|
| 464 | attachmentChecks($attachID); |
|
| 465 | } |
|
| 466 | // Mod authors, finally a hook to hang an alternate attachment upload system upon |
|
| 467 | // Upload to the current attachment folder with the file name $attachID or 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand()) |
|
| 468 | // Populate $_SESSION['temp_attachments'][$attachID] with the following: |
|
