"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Upload/inc/functions_upload.php" between
mybb_1822.zip and mybb_1823.zip

About: MyBB is a multilingual, standards-compliant and free forum (discussion board) software.

functions_upload.php  (mybb_1822):functions_upload.php  (mybb_1823)
skipping to change at line 377 skipping to change at line 377
* @param boolean $update_attachment Whether or not we are updating a current at tachment or inserting a new one * @param boolean $update_attachment Whether or not we are updating a current at tachment or inserting a new one
* @return array Array of attachment data if successful, otherwise array of erro r data * @return array Array of attachment data if successful, otherwise array of erro r data
*/ */
function upload_attachment($attachment, $update_attachment=false) function upload_attachment($attachment, $update_attachment=false)
{ {
global $mybb, $db, $theme, $templates, $posthash, $pid, $tid, $forum, $my bb, $lang, $plugins, $cache; global $mybb, $db, $theme, $templates, $posthash, $pid, $tid, $forum, $my bb, $lang, $plugins, $cache;
$posthash = $db->escape_string($mybb->get_input('posthash')); $posthash = $db->escape_string($mybb->get_input('posthash'));
$pid = (int)$pid; $pid = (int)$pid;
if(isset($attachment['error']) && $attachment['error'] != 0)
{
$ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfail
ed_detail;
switch($attachment['error'])
{
case 1: // UPLOAD_ERR_INI_SIZE
$ret['error'] .= $lang->error_uploadfailed_php1;
break;
case 2: // UPLOAD_ERR_FORM_SIZE
$ret['error'] .= $lang->error_uploadfailed_php2;
break;
case 3: // UPLOAD_ERR_PARTIAL
$ret['error'] .= $lang->error_uploadfailed_php3;
break;
case 4: // UPLOAD_ERR_NO_FILE
$ret['error'] .= $lang->error_uploadfailed_php4;
break;
case 6: // UPLOAD_ERR_NO_TMP_DIR
$ret['error'] .= $lang->error_uploadfailed_php6;
break;
case 7: // UPLOAD_ERR_CANT_WRITE
$ret['error'] .= $lang->error_uploadfailed_php7;
break;
default:
$ret['error'] .= $lang->sprintf($lang->error_uplo
adfailed_phpx, $attachment['error']);
break;
}
return $ret;
}
if(!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_n ame'])) if(!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_n ame']))
{ {
$ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfail ed_php4; $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfail ed_php4;
return $ret; return $ret;
} }
$attachtypes = (array)$cache->read('attachtypes'); $attachtypes = (array)$cache->read('attachtypes');
$attachment = $plugins->run_hooks("upload_attachment_start", $attachment); $attachment = $plugins->run_hooks("upload_attachment_start", $attachment);
$allowed_mime_types = array(); $allowed_mime_types = array();
skipping to change at line 696 skipping to change at line 666
if($pid) if($pid)
{ {
update_thread_counters($tid, array("attachmentcount" => " +1")); update_thread_counters($tid, array("attachmentcount" => " +1"));
} }
} }
$ret['aid'] = $aid; $ret['aid'] = $aid;
return $ret; return $ret;
} }
/** /**
* Check whether the input $FILE variable indicates a PHP file upload error,
* and if so, return an appropriate user-friendly error message.
*
* @param array $FILE File data (as fed by PHP's $_FILE).
*
* @return string Error message or empty if no error detected.
*/
function check_parse_php_upload_err($FILE)
{
global $lang;
$err = '';
if(isset($FILE['error']) && $FILE['error'] != 0 && ($FILE['error'] != UPL
OAD_ERR_NO_FILE || $FILE['name']))
{
$err = $lang->error_uploadfailed.$lang->error_uploadfailed_detail
;
switch($FILE['error'])
{
case 1: // UPLOAD_ERR_INI_SIZE
$err .= $lang->error_uploadfailed_php1;
break;
case 2: // UPLOAD_ERR_FORM_SIZE
$err .= $lang->error_uploadfailed_php2;
break;
case 3: // UPLOAD_ERR_PARTIAL
$err .= $lang->error_uploadfailed_php3;
break;
case 4: // UPLOAD_ERR_NO_FILE
$err .= $lang->error_uploadfailed_php4;
break;
case 6: // UPLOAD_ERR_NO_TMP_DIR
$err .= $lang->error_uploadfailed_php6;
break;
case 7: // UPLOAD_ERR_CANT_WRITE
$err .= $lang->error_uploadfailed_php7;
break;
default:
$err .= $lang->sprintf($lang->error_uploadfailed_
phpx, $FILE['error']);
break;
}
}
return $err;
}
/**
* Process adding attachment(s) when the "Add Attachment" button is pressed. * Process adding attachment(s) when the "Add Attachment" button is pressed.
* *
* @param int $pid The ID of the post. * @param int $pid The ID of the post.
* @param array $forumpermission The permissions for the forum. * @param array $forumpermission The permissions for the forum.
* @param string $attachwhere Search string "pid='$pid'" or "posthash='".$db->es cape_string($mybb->get_input('posthash'))."'" * @param string $attachwhere Search string "pid='$pid'" or "posthash='".$db->es cape_string($mybb->get_input('posthash'))."'"
* @param string $action Where called from: "newthread", "newreply", or "editpos t" * @param string $action Where called from: "newthread", "newreply", or "editpos t"
* *
* @return array Array of errors if any, empty array otherwise * @return array Array of errors if any, empty array otherwise
*/ */
function add_attachments($pid, $forumpermissions, $attachwhere, $action=false) function add_attachments($pid, $forumpermissions, $attachwhere, $action=false)
skipping to change at line 724 skipping to change at line 740
$fields = array ('name', 'type', 'tmp_name', 'error', 'size'); $fields = array ('name', 'type', 'tmp_name', 'error', 'size');
$aid = array(); $aid = array();
$total = isset($_FILES['attachments']['name']) ? count($_FILES['a ttachments']['name']) : 0; $total = isset($_FILES['attachments']['name']) ? count($_FILES['a ttachments']['name']) : 0;
$filenames = ""; $filenames = "";
$delim = ""; $delim = "";
for($i=0; $i<$total; ++$i) for($i=0; $i<$total; ++$i)
{ {
foreach($fields as $field) foreach($fields as $field)
{ {
$attach1[$field] = $_FILES['attachments'][$field] [$key];
$attachments[$i][$field] = $_FILES['attachments'] [$field][$i]; $attachments[$i][$field] = $_FILES['attachments'] [$field][$i];
} }
$FILE = $attachments[$i]; $FILE = $attachments[$i];
if(!empty($FILE['name']) && !empty($FILE['type']) && $FIL E['size'] > 0) if(!empty($FILE['name']) && !empty($FILE['type']) && $FIL E['size'] > 0)
{ {
$filenames .= $delim . "'" . $db->escape_string($ FILE['name']) . "'"; $filenames .= $delim . "'" . $db->escape_string($ FILE['name']) . "'";
$delim = ","; $delim = ",";
} }
} }
skipping to change at line 748 skipping to change at line 763
$query = $db->simple_select("attachments", "filename", "{ $attachwhere} AND filename IN (".$filenames.")"); $query = $db->simple_select("attachments", "filename", "{ $attachwhere} AND filename IN (".$filenames.")");
while ($row = $db->fetch_array($query)) while ($row = $db->fetch_array($query))
{ {
$aid[$row['filename']] = true; $aid[$row['filename']] = true;
} }
} }
foreach($attachments as $FILE) foreach($attachments as $FILE)
{ {
if(!empty($FILE['name']) && !empty($FILE['type'])) if($err = check_parse_php_upload_err($FILE))
{
$ret['errors'][] = $err;
$mybb->input['action'] = $action;
}
else if(!empty($FILE['name']) && !empty($FILE['type']))
{ {
if($FILE['size'] > 0) if($FILE['size'] > 0)
{ {
$filename = $db->escape_string($FILE['nam e']); $filename = $db->escape_string($FILE['nam e']);
$exists = $aid[$filename]; $exists = $aid[$filename];
$update_attachment = false; $update_attachment = false;
if($action == "editpost") if($action == "editpost")
{ {
if($exists && $mybb->get_input('u pdateattachment') && ($mybb->usergroup['caneditattachments'] || $forumpermission s['caneditattachments'])) if($exists && $mybb->get_input('u pdateattachment') && ($mybb->usergroup['caneditattachments'] || $forumpermission s['caneditattachments']))
skipping to change at line 778 skipping to change at line 798
} }
} }
$attachedfile = upload_attachment($FILE, $update_attachment); $attachedfile = upload_attachment($FILE, $update_attachment);
if(!empty($attachedfile['error'])) if(!empty($attachedfile['error']))
{ {
$ret['errors'][] = $attachedfile[ 'error']; $ret['errors'][] = $attachedfile[ 'error'];
$mybb->input['action'] = $action; $mybb->input['action'] = $action;
} }
} }
else else
{ {
$ret['errors'][] = $lang->sprintf($lang-> error_uploadempty, htmlspecialchars_uni($FILE['name'])); $ret['errors'][] = $lang->sprintf($lang-> error_uploadempty, htmlspecialchars_uni($FILE['name']));
$mybb->input['action'] = $action; $mybb->input['action'] = $action;
} }
} }
} }
} }
 End of changes. 5 change blocks. 
34 lines changed or deleted 56 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)