non-image uploads

This commit is contained in:
Savetheinternet 2011-04-13 20:57:41 +10:00
parent 87903f57e3
commit 10a8fe28e6
5 changed files with 77 additions and 51 deletions

View File

@ -116,6 +116,7 @@
$config['error']['toomanyreports'] = 'You can\'t report that many posts at once.';
$config['error']['invalidpassword'] = 'Wrong password…';
$config['error']['invalidimg'] = 'Invalid image.';
$config['error']['unknownext'] = 'Unknown file extension.';
$config['error']['filesize'] = 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes';
$config['error']['maxsize'] = 'The file was too big.';
$config['error']['invalidzip'] = 'Invalid archive!';
@ -516,8 +517,14 @@
// https://github.com/savetheinternet/Tinyboard/issues/20
$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/';
// Allowed file extensions
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', '');
// Allowed image file extensions
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png');
// Allowed additional file extensions (not images; downloadable files)
$config['allowed_ext_files'] = Array('mp3');
// Thumbnail to use for the downloadable files (not images)
$config['file_thumb'] = 'static/file.png';
// The names on the post buttons. (On most imageboards, these are both "Post".)
$config['button_newtopic'] = 'New Topic';

View File

@ -259,14 +259,16 @@
if(!empty($this->file) && $this->file != 'deleted') {
$built .= '<p class="fileinfo">File: <a href="' . $config['uri_img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
// Filesize
format_bytes($this->filesize) . ', ' .
format_bytes($this->filesize) .
// File dimensions
$this->filex . 'x' . $this->filey;
($this->filex && $this->filey ?
', ' . $this->filex . 'x' . $this->filey
: '' );
// Aspect Ratio
if($config['show_ratio']) {
$fraction = fraction($this->filex, $this->filey, ':');
$built .= ', ' . $fraction;
}
if($config['show_ratio'] && $this->filex && $this->filey) {
$fraction = fraction($this->filex, $this->filey, ':');
$built .= ', ' . $fraction;
}
// Filename
$built .= ', ' . $this->filename . ')</span></p>' .
@ -377,11 +379,13 @@
$built = '<p class="fileinfo">File: <a href="' . $config['uri_img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
// Filesize
format_bytes($this->filesize) . ', ' .
format_bytes($this->filesize) .
// File dimensions
$this->filex . 'x' . $this->filey;
($this->filex && $this->filey ?
', ' . $this->filex . 'x' . $this->filey
: '' );
// Aspect Ratio
if($config['show_ratio']) {
if($config['show_ratio'] && $this->filex && $this->filey) {
$fraction = fraction($this->filex, $this->filey, ':');
$built .= ', ' . $fraction;
}

View File

@ -363,7 +363,7 @@
$query->bindValue(':height', $post['height'], PDO::PARAM_INT);
$query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT);
$query->bindValue(':filename', $post['filename']);
$query->bindValue(':filehash', $post['filehash']);
$query->bindValue(':filehash', $post['file']);
} else {
$query->bindValue(':thumb', null, PDO::PARAM_NULL);
$query->bindValue(':thumbwidth', null, PDO::PARAM_NULL);
@ -1363,12 +1363,13 @@
}
break;
default:
error('Unknwon file extension.');
error($config['error']['unknownext']);
}
return $image;
}
function resize($src, $width, $height, $destination_pic, $max_width, $max_height, $ext) {
function resize($src, $width, $height, $destination_pic, $max_width, $max_height, $ext) {
global $config;
$return = Array();
$x_ratio = $max_width / $width;
@ -1414,7 +1415,7 @@
imagebmp($tmp, $destination_pic);
break;
default:
error('Unknwon file extension.');
error($config['error']['unknownext']);
}
imagedestroy($src);

View File

@ -384,51 +384,65 @@
}
if($post['has_file']) {
if(!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files']))
error($config['error']['unknownext']);
if(in_array($post['extension'], $config['allowed_ext_files']))
$__file = true;
// Just trim the filename if it's too long
if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…';
// Move the uploaded file
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']);
$size = @getimagesize($post['file']);
$post['width'] = $size[0];
$post['height'] = $size[1];
// Check if the image is valid
if($post['width'] < 1 || $post['height'] < 1) {
undoImage($post);
error($config['error']['invalidimg']);
}
if($post['width'] > $config['max_width'] || $post['height'] > $config['max_height']) {
undoImage($post);
error($config['error']['maxsize']);
}
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($post['file'], null, null, null, 255);
if(preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
error($config['error']['mime_exploit']);
if(!isset($__file)) {
$size = @getimagesize($post['file']);
$post['width'] = $size[0];
$post['height'] = $size[1];
// Check if the image is valid
if($post['width'] < 1 || $post['height'] < 1) {
undoImage($post);
error($config['error']['invalidimg']);
}
if($post['width'] > $config['max_width'] || $post['height'] > $config['max_height']) {
undoImage($post);
error($config['error']['maxsize']);
}
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($post['file'], null, null, null, 255);
if(preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
error($config['error']['mime_exploit']);
}
if($config['minimum_copy_resize'] && $post['width'] <= $config['thumb_width'] && $post['height'] <= $config['thumb_height'] && $post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
// Copy, because there's nothing to resize
copy($post['file'], $post['thumb']);
$post['thumbwidth'] = $post['width'];
$post['thumbheight'] = $post['height'];
} else {
$image = createimage($post['extension'], $post['file']);
// Create a thumbnail
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], $config['thumb_width'], $config['thumb_height'], ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension']));
$post['thumbwidth'] = $thumb['width'];
$post['thumbheight'] = $thumb['height'];
}
} else {
copy($config['file_thumb'], $post['thumb']);
$size = @getimagesize($post['thumb']);
$post['thumbwidth'] = $size[0];
$post['thumbheight'] = $size[1];
}
$post['filehash'] = $config['file_hash']($post['file']);
$post['filesize'] = filesize($post['file']);
if($config['minimum_copy_resize'] && $post['width'] <= $config['thumb_width'] && $post['height'] <= $config['thumb_height'] && $post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
// Copy, because there's nothing to resize
copy($post['file'], $post['thumb']);
$post['thumbwidth'] = $post['width'];
$post['thumbheight'] = $post['height'];
} else {
$image = createimage($post['extension'], $post['file']);
// Create a thumbnail
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], $config['thumb_width'], $config['thumb_height'], ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension']));
$post['thumbwidth'] = $thumb['width'];
$post['thumbheight'] = $thumb['height'];
}
}
if($post['has_file'] && $config['image_reject_repost'] && $p = getPostByHash($post['filehash'])) {

BIN
static/file.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.0 KiB