Menu
▾
▴
[Phpbb-checkins] r9905 - in /branches/phpBB-3_0_0/phpBB: ./ docs/ download/ includes/ includes/acp/ includes/mcp/ includes/utf/
|
From: Meik S. <acy...@ph...> - 2009-08-01 12:29:12
|
Author: acydburn
Date: Sat Aug 1 13:28:50 2009
New Revision: 9905
Log:
Apply locale-independent basename() to attachment filenames. New function added: utf8_basename(). (Bug #43335 - Patch by ocean=Yohsuke)
Modified:
branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html
branches/phpBB-3_0_0/phpBB/download/file.php
branches/phpBB-3_0_0/phpBB/includes/acp/acp_attachments.php
branches/phpBB-3_0_0/phpBB/includes/functions_admin.php
branches/phpBB-3_0_0/phpBB/includes/functions_content.php
branches/phpBB-3_0_0/phpBB/includes/functions_convert.php
branches/phpBB-3_0_0/phpBB/includes/functions_posting.php
branches/phpBB-3_0_0/phpBB/includes/functions_privmsgs.php
branches/phpBB-3_0_0/phpBB/includes/functions_upload.php
branches/phpBB-3_0_0/phpBB/includes/mcp/mcp_main.php
branches/phpBB-3_0_0/phpBB/includes/utf/utf_tools.php
branches/phpBB-3_0_0/phpBB/viewtopic.php
Modified: branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html
==============================================================================
*** branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html (original)
--- branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html Sat Aug 1 13:28:50 2009
***************
*** 184,189 ****
--- 184,190 ----
<li>[Fix] Min/max characters per posts also affects polls option (Bug #47295 - Patch by nickvergessen)</li>
<li>[Fix] Correctly log action when users request to join a group (Bug #37585 - Patch by nickvergessen)</li>
<li>[Fix] Do not try to create thumbnails for images we cannot open properly. (Bug #48695)</li>
+ <li>[Fix] Apply locale-independent basename() to attachment filenames. New function added: utf8_basename(). (Bug #43335 - Patch by ocean=Yohsuke)</li>
<li>[Change] Change the data format of the default file ACM to be more secure from tampering and have better performance.</li>
<li>[Change] Add index on log_time to the log table to prevent slowdown on boards with many log entries. (Bug #44665 - Patch by bantu)</li>
<li>[Change] Template engine now permits to a limited extent variable includes.</li>
Modified: branches/phpBB-3_0_0/phpBB/download/file.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/download/file.php (original)
--- branches/phpBB-3_0_0/phpBB/download/file.php Sat Aug 1 13:28:50 2009
***************
*** 249,255 ****
trigger_error('ERROR_NO_ATTACHMENT');
}
! $attachment['physical_filename'] = basename($attachment['physical_filename']);
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
--- 249,255 ----
trigger_error('ERROR_NO_ATTACHMENT');
}
! $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
Modified: branches/phpBB-3_0_0/phpBB/includes/acp/acp_attachments.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/acp/acp_attachments.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/acp/acp_attachments.php Sat Aug 1 13:28:50 2009
***************
*** 1027,1034 ****
$template->assign_block_vars('orphan', array(
'FILESIZE' => get_formatted_filesize($row['filesize']),
'FILETIME' => $user->format_date($row['filetime']),
! 'REAL_FILENAME' => basename($row['real_filename']),
! 'PHYSICAL_FILENAME' => basename($row['physical_filename']),
'ATTACH_ID' => $row['attach_id'],
'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&id=' . $row['attach_id']))
--- 1027,1034 ----
$template->assign_block_vars('orphan', array(
'FILESIZE' => get_formatted_filesize($row['filesize']),
'FILETIME' => $user->format_date($row['filetime']),
! 'REAL_FILENAME' => utf8_basename($row['real_filename']),
! 'PHYSICAL_FILENAME' => utf8_basename($row['physical_filename']),
'ATTACH_ID' => $row['attach_id'],
'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&id=' . $row['attach_id']))
Modified: branches/phpBB-3_0_0/phpBB/includes/functions_admin.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/functions_admin.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/functions_admin.php Sat Aug 1 13:28:50 2009
***************
*** 1235,1241 ****
// Because of copying topics or modifications a physical filename could be assigned more than once. If so, do not remove the file itself.
$sql = 'SELECT COUNT(attach_id) AS num_entries
FROM ' . ATTACHMENTS_TABLE . "
! WHERE physical_filename = '" . $db->sql_escape(basename($filename)) . "'";
$result = $db->sql_query($sql);
$num_entries = (int) $db->sql_fetchfield('num_entries');
$db->sql_freeresult($result);
--- 1235,1241 ----
// Because of copying topics or modifications a physical filename could be assigned more than once. If so, do not remove the file itself.
$sql = 'SELECT COUNT(attach_id) AS num_entries
FROM ' . ATTACHMENTS_TABLE . "
! WHERE physical_filename = '" . $db->sql_escape(utf8_basename($filename)) . "'";
$result = $db->sql_query($sql);
$num_entries = (int) $db->sql_fetchfield('num_entries');
$db->sql_freeresult($result);
***************
*** 1246,1252 ****
return false;
}
! $filename = ($mode == 'thumbnail') ? 'thumb_' . basename($filename) : basename($filename);
return @unlink($phpbb_root_path . $config['upload_path'] . '/' . $filename);
}
--- 1246,1252 ----
return false;
}
! $filename = ($mode == 'thumbnail') ? 'thumb_' . utf8_basename($filename) : utf8_basename($filename);
return @unlink($phpbb_root_path . $config['upload_path'] . '/' . $filename);
}
Modified: branches/phpBB-3_0_0/phpBB/includes/functions_content.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/functions_content.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/functions_content.php Sat Aug 1 13:28:50 2009
***************
*** 841,848 ****
// Some basics...
$attachment['extension'] = strtolower(trim($attachment['extension']));
! $filename = $phpbb_root_path . $config['upload_path'] . '/' . basename($attachment['physical_filename']);
! $thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']);
$upload_icon = '';
--- 841,848 ----
// Some basics...
$attachment['extension'] = strtolower(trim($attachment['extension']));
! $filename = $phpbb_root_path . $config['upload_path'] . '/' . utf8_basename($attachment['physical_filename']);
! $thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . utf8_basename($attachment['physical_filename']);
$upload_icon = '';
***************
*** 866,872 ****
'UPLOAD_ICON' => $upload_icon,
'FILESIZE' => $filesize['value'],
'SIZE_LANG' => $filesize['unit'],
! 'DOWNLOAD_NAME' => basename($attachment['real_filename']),
'COMMENT' => $comment,
);
--- 866,872 ----
'UPLOAD_ICON' => $upload_icon,
'FILESIZE' => $filesize['value'],
'SIZE_LANG' => $filesize['unit'],
! 'DOWNLOAD_NAME' => utf8_basename($attachment['real_filename']),
'COMMENT' => $comment,
);
Modified: branches/phpBB-3_0_0/phpBB/includes/functions_convert.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/functions_convert.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/functions_convert.php Sat Aug 1 13:28:50 2009
***************
*** 551,557 ****
);
// copy file will prepend $phpBB_root_path
! $target = $config[$config_var] . '/' . basename(($use_target === false) ? $source : $use_target);
if (!empty($convert->convertor[$config_var]) && strpos($source, $convert->convertor[$config_var]) !== 0)
{
--- 551,557 ----
);
// copy file will prepend $phpBB_root_path
! $target = $config[$config_var] . '/' . utf8_basename(($use_target === false) ? $source : $use_target);
if (!empty($convert->convertor[$config_var]) && strpos($source, $convert->convertor[$config_var]) !== 0)
{
***************
*** 567,577 ****
if ($result['copied'])
{
! $result['target'] = basename($target);
}
else
{
! $result['target'] = ($use_target !== false) ? $result['orig_source'] : basename($target);
}
return $result;
--- 567,577 ----
if ($result['copied'])
{
! $result['target'] = utf8_basename($target);
}
else
{
! $result['target'] = ($use_target !== false) ? $result['orig_source'] : utf8_basename($target);
}
return $result;
***************
*** 600,606 ****
{
$thumb_dir = $convert->convertor['thumbnails'][0];
$thumb_prefix = $convert->convertor['thumbnails'][1];
! $thumb_source = $thumb_dir . $thumb_prefix . basename($result['source']);
if (strpos($thumb_source, $convert->convertor['upload_path']) !== 0)
{
--- 600,606 ----
{
$thumb_dir = $convert->convertor['thumbnails'][0];
$thumb_prefix = $convert->convertor['thumbnails'][1];
! $thumb_source = $thumb_dir . $thumb_prefix . utf8_basename($result['source']);
if (strpos($thumb_source, $convert->convertor['upload_path']) !== 0)
{
***************
*** 2257,2263 ****
if (substr($trg, -1) == '/')
{
! $trg .= basename($src);
}
$src_path = relative_base($src, $source_relative_path, __LINE__, __FILE__);
$trg_path = $trg;
--- 2257,2263 ----
if (substr($trg, -1) == '/')
{
! $trg .= utf8_basename($src);
}
$src_path = relative_base($src, $source_relative_path, __LINE__, __FILE__);
$trg_path = $trg;
Modified: branches/phpBB-3_0_0/phpBB/includes/functions_posting.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/functions_posting.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/functions_posting.php Sat Aug 1 13:28:50 2009
***************
*** 785,791 ****
foreach ($attachment_data as $i => $attachment)
{
! $s_inline_attachment_options .= '<option value="' . $i . '">' . basename($attachment['real_filename']) . '</option>';
}
$template->assign_var('S_INLINE_ATTACHMENT_OPTIONS', $s_inline_attachment_options);
--- 785,791 ----
foreach ($attachment_data as $i => $attachment)
{
! $s_inline_attachment_options .= '<option value="' . $i . '">' . utf8_basename($attachment['real_filename']) . '</option>';
}
$template->assign_var('S_INLINE_ATTACHMENT_OPTIONS', $s_inline_attachment_options);
***************
*** 819,825 ****
foreach ($attachment_data as $count => $attach_row)
{
$hidden = '';
! $attach_row['real_filename'] = basename($attach_row['real_filename']);
foreach ($attach_row as $key => $value)
{
--- 819,825 ----
foreach ($attachment_data as $count => $attach_row)
{
$hidden = '';
! $attach_row['real_filename'] = utf8_basename($attach_row['real_filename']);
foreach ($attach_row as $key => $value)
{
***************
*** 829,836 ****
$download_link = append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . (int) $attach_row['attach_id'], true, ($attach_row['is_orphan']) ? $user->session_id : false);
$template->assign_block_vars('attach_row', array(
! 'FILENAME' => basename($attach_row['real_filename']),
! 'A_FILENAME' => addslashes(basename($attach_row['real_filename'])),
'FILE_COMMENT' => $attach_row['attach_comment'],
'ATTACH_ID' => $attach_row['attach_id'],
'S_IS_ORPHAN' => $attach_row['is_orphan'],
--- 829,836 ----
$download_link = append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . (int) $attach_row['attach_id'], true, ($attach_row['is_orphan']) ? $user->session_id : false);
$template->assign_block_vars('attach_row', array(
! 'FILENAME' => utf8_basename($attach_row['real_filename']),
! 'A_FILENAME' => addslashes(utf8_basename($attach_row['real_filename'])),
'FILE_COMMENT' => $attach_row['attach_comment'],
'ATTACH_ID' => $attach_row['attach_id'],
'S_IS_ORPHAN' => $attach_row['is_orphan'],
***************
*** 2175,2181 ****
else
{
// insert attachment into db
! if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
{
continue;
}
--- 2175,2181 ----
else
{
// insert attachment into db
! if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . utf8_basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
{
continue;
}
Modified: branches/phpBB-3_0_0/phpBB/includes/functions_privmsgs.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/functions_privmsgs.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/functions_privmsgs.php Sat Aug 1 13:28:50 2009
***************
*** 1552,1558 ****
else
{
// insert attachment into db
! if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
{
continue;
}
--- 1552,1558 ----
else
{
// insert attachment into db
! if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . utf8_basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
{
continue;
}
Modified: branches/phpBB-3_0_0/phpBB/includes/functions_upload.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/functions_upload.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/functions_upload.php Sat Aug 1 13:28:50 2009
***************
*** 58,64 ****
$this->filename = $upload_ary['tmp_name'];
$this->filesize = $upload_ary['size'];
! $name = trim(htmlspecialchars(basename($upload_ary['name'])));
$this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
$this->mimetype = $upload_ary['type'];
--- 58,64 ----
$this->filename = $upload_ary['tmp_name'];
$this->filesize = $upload_ary['size'];
! $name = trim(utf8_htmlspecialchars(utf8_basename($upload_ary['name'])));
$this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
$this->mimetype = $upload_ary['type'];
***************
*** 290,296 ****
$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
$upload_mode = ($this->local) ? 'local' : $upload_mode;
! $this->destination_file = $this->destination_path . '/' . basename($this->realname);
// Check if the file already exist, else there is something wrong...
if (file_exists($this->destination_file) && !$overwrite)
--- 290,296 ----
$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on') ? 'move' : 'copy';
$upload_mode = ($this->local) ? 'local' : $upload_mode;
! $this->destination_file = $this->destination_path . '/' . utf8_basename($this->realname);
// Check if the file already exist, else there is something wrong...
if (file_exists($this->destination_file) && !$overwrite)
***************
*** 634,640 ****
if ($filedata === false)
{
! $_FILES[$form_name]['name'] = basename($source_file);
$_FILES[$form_name]['size'] = 0;
$mimetype = '';
--- 634,640 ----
if ($filedata === false)
{
! $_FILES[$form_name]['name'] = utf8_basename($source_file);
$_FILES[$form_name]['size'] = 0;
$mimetype = '';
***************
*** 746,752 ****
$ext = array_pop($url['path']);
$url['path'] = implode('', $url['path']);
! $upload_ary['name'] = basename($url['path']) . (($ext) ? '.' . $ext : '');
$filename = $url['path'];
$filesize = 0;
--- 746,752 ----
$ext = array_pop($url['path']);
$url['path'] = implode('', $url['path']);
! $upload_ary['name'] = utf8_basename($url['path']) . (($ext) ? '.' . $ext : '');
$filename = $url['path'];
$filesize = 0;
Modified: branches/phpBB-3_0_0/phpBB/includes/mcp/mcp_main.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/mcp/mcp_main.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/mcp/mcp_main.php Sat Aug 1 13:28:50 2009
***************
*** 1168,1175 ****
'in_message' => 0,
'is_orphan' => (int) $attach_row['is_orphan'],
'poster_id' => (int) $attach_row['poster_id'],
! 'physical_filename' => (string) basename($attach_row['physical_filename']),
! 'real_filename' => (string) basename($attach_row['real_filename']),
'download_count' => (int) $attach_row['download_count'],
'attach_comment' => (string) $attach_row['attach_comment'],
'extension' => (string) $attach_row['extension'],
--- 1168,1175 ----
'in_message' => 0,
'is_orphan' => (int) $attach_row['is_orphan'],
'poster_id' => (int) $attach_row['poster_id'],
! 'physical_filename' => (string) utf8_basename($attach_row['physical_filename']),
! 'real_filename' => (string) utf8_basename($attach_row['real_filename']),
'download_count' => (int) $attach_row['download_count'],
'attach_comment' => (string) $attach_row['attach_comment'],
'extension' => (string) $attach_row['extension'],
Modified: branches/phpBB-3_0_0/phpBB/includes/utf/utf_tools.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/utf/utf_tools.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/utf/utf_tools.php Sat Aug 1 13:28:50 2009
***************
*** 70,76 ****
$pos = 0;
$len = strlen($str);
$ret = '';
!
while ($pos < $len)
{
$ord = ord($str[$pos]) & 0xF0;
--- 70,76 ----
$pos = 0;
$len = strlen($str);
$ret = '';
!
while ($pos < $len)
{
$ord = ord($str[$pos]) & 0xF0;
***************
*** 252,258 ****
if (is_null($offset))
{
$ar = explode($needle, $str);
!
if (sizeof($ar) > 1)
{
// Pop off the end of the string where the last match was made
--- 252,258 ----
if (is_null($offset))
{
$ar = explode($needle, $str);
!
if (sizeof($ar) > 1)
{
// Pop off the end of the string where the last match was made
***************
*** 527,533 ****
$op = '^(?:' . $op . '.{' . $oy . '})';
}
else
! {
// offset == 0; just anchor the pattern
$op = '^';
}
--- 527,533 ----
$op = '^(?:' . $op . '.{' . $oy . '})';
}
else
! {
// offset == 0; just anchor the pattern
$op = '^';
}
***************
*** 560,566 ****
$lx = (int) ($length / 65535);
$ly = $length % 65535;
!
// negative length requires a captured group
// of length characters
if ($lx)
--- 560,566 ----
$lx = (int) ($length / 65535);
$ly = $length % 65535;
!
// negative length requires a captured group
// of length characters
if ($lx)
***************
*** 632,638 ****
{
return array($str);
}
!
preg_match_all('/.{' . $split_len . '}|[^\x00]{1,' . $split_len . '}$/us', $str, $ar);
return $ar[0];
}
--- 632,638 ----
{
return array($str);
}
!
preg_match_all('/.{' . $split_len . '}|[^\x00]{1,' . $split_len . '}$/us', $str, $ar);
return $ar[0];
}
***************
*** 1917,1920 ****
--- 1917,1948 ----
return implode($break, $new_lines);
}
+ /**
+ * UTF8-safe basename() function
+ *
+ * basename() has some limitations and is dependent on the locale setting
+ * according to the PHP manual. Therefore we provide our own locale independant
+ * basename function.
+ *
+ * @param string $filename The filename basename() should be applied to
+ * @return string The basenamed filename
+ */
+ function utf8_basename($filename)
+ {
+ // We always check for forward slash AND backward slash
+ // because they could be mixed or "sneaked" in. ;)
+ // You know, never trust user input...
+ if (strpos($filename, '/') !== false)
+ {
+ $filename = utf8_substr($filename, utf8_strrpos($filename, '/') + 1);
+ }
+
+ if (strpos($filename, '\\') !== false)
+ {
+ $filename = utf8_substr($filename, utf8_strrpos($filename, '\\') + 1);
+ }
+
+ return $filename;
+ }
+
?>
\ No newline at end of file
Modified: branches/phpBB-3_0_0/phpBB/viewtopic.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/viewtopic.php (original)
--- branches/phpBB-3_0_0/phpBB/viewtopic.php Sat Aug 1 13:28:50 2009
***************
*** 1613,1619 ****
}
// let's set up quick_reply
- // TODO: introduce a per-forum and a per-user setting
$s_quick_reply = $user->data['is_registered'] && $config['allow_quick_reply'] && ($topic_data['forum_flags'] & FORUM_FLAG_QUICK_REPLY) && $auth->acl_get('f_reply', $forum_id);
if ($s_can_vote || $s_quick_reply)
--- 1613,1618 ----
|
