non-image uploads
This commit is contained in:
parent
87903f57e3
commit
10a8fe28e6
@ -116,6 +116,7 @@
|
||||
$config['error']['toomanyreports'] = 'You can\'t report that many posts at once.';
|
||||
$config['error']['invalidpassword'] = 'Wrong password…';
|
||||
$config['error']['invalidimg'] = 'Invalid image.';
|
||||
$config['error']['unknownext'] = 'Unknown file extension.';
|
||||
$config['error']['filesize'] = 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes';
|
||||
$config['error']['maxsize'] = 'The file was too big.';
|
||||
$config['error']['invalidzip'] = 'Invalid archive!';
|
||||
@ -516,8 +517,14 @@
|
||||
// https://github.com/savetheinternet/Tinyboard/issues/20
|
||||
$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/';
|
||||
|
||||
// Allowed file extensions
|
||||
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', '');
|
||||
// Allowed image file extensions
|
||||
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png');
|
||||
|
||||
// Allowed additional file extensions (not images; downloadable files)
|
||||
$config['allowed_ext_files'] = Array('mp3');
|
||||
|
||||
// Thumbnail to use for the downloadable files (not images)
|
||||
$config['file_thumb'] = 'static/file.png';
|
||||
|
||||
// The names on the post buttons. (On most imageboards, these are both "Post".)
|
||||
$config['button_newtopic'] = 'New Topic';
|
||||
|
@ -259,14 +259,16 @@
|
||||
if(!empty($this->file) && $this->file != 'deleted') {
|
||||
$built .= '<p class="fileinfo">File: <a href="' . $config['uri_img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
|
||||
// Filesize
|
||||
format_bytes($this->filesize) . ', ' .
|
||||
format_bytes($this->filesize) .
|
||||
// File dimensions
|
||||
$this->filex . 'x' . $this->filey;
|
||||
($this->filex && $this->filey ?
|
||||
', ' . $this->filex . 'x' . $this->filey
|
||||
: '' );
|
||||
// Aspect Ratio
|
||||
if($config['show_ratio']) {
|
||||
$fraction = fraction($this->filex, $this->filey, ':');
|
||||
$built .= ', ' . $fraction;
|
||||
}
|
||||
if($config['show_ratio'] && $this->filex && $this->filey) {
|
||||
$fraction = fraction($this->filex, $this->filey, ':');
|
||||
$built .= ', ' . $fraction;
|
||||
}
|
||||
// Filename
|
||||
$built .= ', ' . $this->filename . ')</span></p>' .
|
||||
|
||||
@ -377,11 +379,13 @@
|
||||
|
||||
$built = '<p class="fileinfo">File: <a href="' . $config['uri_img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
|
||||
// Filesize
|
||||
format_bytes($this->filesize) . ', ' .
|
||||
format_bytes($this->filesize) .
|
||||
// File dimensions
|
||||
$this->filex . 'x' . $this->filey;
|
||||
($this->filex && $this->filey ?
|
||||
', ' . $this->filex . 'x' . $this->filey
|
||||
: '' );
|
||||
// Aspect Ratio
|
||||
if($config['show_ratio']) {
|
||||
if($config['show_ratio'] && $this->filex && $this->filey) {
|
||||
$fraction = fraction($this->filex, $this->filey, ':');
|
||||
$built .= ', ' . $fraction;
|
||||
}
|
||||
|
@ -363,7 +363,7 @@
|
||||
$query->bindValue(':height', $post['height'], PDO::PARAM_INT);
|
||||
$query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT);
|
||||
$query->bindValue(':filename', $post['filename']);
|
||||
$query->bindValue(':filehash', $post['filehash']);
|
||||
$query->bindValue(':filehash', $post['file']);
|
||||
} else {
|
||||
$query->bindValue(':thumb', null, PDO::PARAM_NULL);
|
||||
$query->bindValue(':thumbwidth', null, PDO::PARAM_NULL);
|
||||
@ -1363,12 +1363,13 @@
|
||||
}
|
||||
break;
|
||||
default:
|
||||
error('Unknwon file extension.');
|
||||
error($config['error']['unknownext']);
|
||||
}
|
||||
return $image;
|
||||
}
|
||||
|
||||
function resize($src, $width, $height, $destination_pic, $max_width, $max_height, $ext) {
|
||||
function resize($src, $width, $height, $destination_pic, $max_width, $max_height, $ext) {
|
||||
global $config;
|
||||
$return = Array();
|
||||
|
||||
$x_ratio = $max_width / $width;
|
||||
@ -1414,7 +1415,7 @@
|
||||
imagebmp($tmp, $destination_pic);
|
||||
break;
|
||||
default:
|
||||
error('Unknwon file extension.');
|
||||
error($config['error']['unknownext']);
|
||||
}
|
||||
|
||||
imagedestroy($src);
|
||||
|
86
post.php
86
post.php
@ -384,51 +384,65 @@
|
||||
}
|
||||
|
||||
if($post['has_file']) {
|
||||
if(!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files']))
|
||||
error($config['error']['unknownext']);
|
||||
|
||||
if(in_array($post['extension'], $config['allowed_ext_files']))
|
||||
$__file = true;
|
||||
|
||||
// Just trim the filename if it's too long
|
||||
if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…';
|
||||
// Move the uploaded file
|
||||
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']);
|
||||
|
||||
$size = @getimagesize($post['file']);
|
||||
$post['width'] = $size[0];
|
||||
$post['height'] = $size[1];
|
||||
|
||||
// Check if the image is valid
|
||||
if($post['width'] < 1 || $post['height'] < 1) {
|
||||
undoImage($post);
|
||||
error($config['error']['invalidimg']);
|
||||
}
|
||||
|
||||
if($post['width'] > $config['max_width'] || $post['height'] > $config['max_height']) {
|
||||
undoImage($post);
|
||||
error($config['error']['maxsize']);
|
||||
}
|
||||
|
||||
// Check IE MIME type detection XSS exploit
|
||||
$buffer = file_get_contents($post['file'], null, null, null, 255);
|
||||
if(preg_match($config['ie_mime_type_detection'], $buffer)) {
|
||||
undoImage($post);
|
||||
error($config['error']['mime_exploit']);
|
||||
if(!isset($__file)) {
|
||||
$size = @getimagesize($post['file']);
|
||||
$post['width'] = $size[0];
|
||||
$post['height'] = $size[1];
|
||||
|
||||
// Check if the image is valid
|
||||
if($post['width'] < 1 || $post['height'] < 1) {
|
||||
undoImage($post);
|
||||
error($config['error']['invalidimg']);
|
||||
}
|
||||
|
||||
if($post['width'] > $config['max_width'] || $post['height'] > $config['max_height']) {
|
||||
undoImage($post);
|
||||
error($config['error']['maxsize']);
|
||||
}
|
||||
|
||||
// Check IE MIME type detection XSS exploit
|
||||
$buffer = file_get_contents($post['file'], null, null, null, 255);
|
||||
if(preg_match($config['ie_mime_type_detection'], $buffer)) {
|
||||
undoImage($post);
|
||||
error($config['error']['mime_exploit']);
|
||||
}
|
||||
|
||||
if($config['minimum_copy_resize'] && $post['width'] <= $config['thumb_width'] && $post['height'] <= $config['thumb_height'] && $post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
|
||||
// Copy, because there's nothing to resize
|
||||
copy($post['file'], $post['thumb']);
|
||||
|
||||
$post['thumbwidth'] = $post['width'];
|
||||
$post['thumbheight'] = $post['height'];
|
||||
} else {
|
||||
$image = createimage($post['extension'], $post['file']);
|
||||
|
||||
// Create a thumbnail
|
||||
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], $config['thumb_width'], $config['thumb_height'], ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension']));
|
||||
|
||||
$post['thumbwidth'] = $thumb['width'];
|
||||
$post['thumbheight'] = $thumb['height'];
|
||||
}
|
||||
} else {
|
||||
copy($config['file_thumb'], $post['thumb']);
|
||||
|
||||
$size = @getimagesize($post['thumb']);
|
||||
$post['thumbwidth'] = $size[0];
|
||||
$post['thumbheight'] = $size[1];
|
||||
}
|
||||
|
||||
$post['filehash'] = $config['file_hash']($post['file']);
|
||||
$post['filesize'] = filesize($post['file']);
|
||||
|
||||
if($config['minimum_copy_resize'] && $post['width'] <= $config['thumb_width'] && $post['height'] <= $config['thumb_height'] && $post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
|
||||
// Copy, because there's nothing to resize
|
||||
copy($post['file'], $post['thumb']);
|
||||
|
||||
$post['thumbwidth'] = $post['width'];
|
||||
$post['thumbheight'] = $post['height'];
|
||||
} else {
|
||||
$image = createimage($post['extension'], $post['file']);
|
||||
|
||||
// Create a thumbnail
|
||||
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], $config['thumb_width'], $config['thumb_height'], ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension']));
|
||||
|
||||
$post['thumbwidth'] = $thumb['width'];
|
||||
$post['thumbheight'] = $thumb['height'];
|
||||
}
|
||||
}
|
||||
|
||||
if($post['has_file'] && $config['image_reject_repost'] && $p = getPostByHash($post['filehash'])) {
|
||||
|
BIN
static/file.png
Normal file
BIN
static/file.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 6.0 KiB |
Loading…
Reference in New Issue
Block a user