github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-14 18:48:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Some cleanup for attach mod (#1250)

Browse source 
* Some cleanup for attach mod

* Update displaying.php

* Update CHANGELOG.md
This commit is contained in:
Roman Kelesidis 2023-12-23 01:19:26 +07:00 committed by GitHub
commit 94f1641b5c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 45 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -33,6 +33,7 @@
- Improved handling errors while uploading [\#1246](https://github.com/torrentpier/torrentpier/pull/1246)
- Use hardcoded dictionary names for better counting result in file listing [\#1247](https://github.com/torrentpier/torrentpier/pull/1247) ([kovalensky](https://github.com/kovalensky))
- Refactored thumbnail creation 🌄 [\#1249](https://github.com/torrentpier/torrentpier/pull/1249) ([belomaxorka](https://github.com/belomaxorka))
- Some cleanup for attach mod [\#1250](https://github.com/torrentpier/torrentpier/pull/1250) ([belomaxorka](https://github.com/belomaxorka))
- New Crowdin updates [\#1203](https://github.com/torrentpier/torrentpier/pull/1203), [\#1222](https://github.com/torrentpier/torrentpier/pull/1222) ([Exileum](https://github.com/Exileum))
## [v2.4.0-rc2](https://github.com/torrentpier/torrentpier/tree/v2.4.0-rc2) (2023-12-12)

2
admin/admin_attach_cp.php
View file

@ -201,7 +201,7 @@ if ($submit_change && $view === 'attachments') {
if (isset($attachments['_' . $attachrow['attach_id']])) {
if ($attachrow['comment'] != $attachments['_' . $attachrow['attach_id']]['comment'] || $attachrow['download_count'] != $attachments['_' . $attachrow['attach_id']]['download_count']) {
$sql = 'UPDATE ' . BB_ATTACHMENTS_DESC . "
SET comment = '" . attach_mod_sql_escape($attachments['_' . $attachrow['attach_id']]['comment']) . "', download_count = " . (int)$attachments['_' . $attachrow['attach_id']]['download_count'] . '
SET comment = '" . DB()->escape($attachments['_' . $attachrow['attach_id']]['comment']) . "', download_count = " . (int)$attachments['_' . $attachrow['attach_id']]['download_count'] . '
WHERE attach_id = ' . (int)$attachrow['attach_id'];
if (!DB()->sql_query($sql)) {

18
admin/admin_attachments.php
View file

@ -103,12 +103,12 @@ while ($row = DB()->sql_fetchrow($result)) {
}
$sql = 'UPDATE ' . BB_ATTACH_CONFIG . "
SET config_value = '" . attach_mod_sql_escape($new_attach[$config_name]) . "'
WHERE config_name = '" . attach_mod_sql_escape($config_name) . "'";
SET config_value = '" . DB()->escape($new_attach[$config_name]) . "'
WHERE config_name = '" . DB()->escape($config_name) . "'";
} else {
$sql = 'UPDATE ' . BB_ATTACH_CONFIG . "
SET config_value = '" . attach_mod_sql_escape($new_attach[$config_name]) . "'
WHERE config_name = '" . attach_mod_sql_escape($config_name) . "'";
SET config_value = '" . DB()->escape($new_attach[$config_name]) . "'
WHERE config_name = '" . DB()->escape($config_name) . "'";
}
if (!DB()->sql_query($sql)) {
@ -157,7 +157,7 @@ if ($check_upload) {
$error = false;
// Does the target directory exist, is it a directory and writeable
if (!@file_exists(amod_realpath($upload_dir))) {
if (!@file_exists(realpath($upload_dir))) {
$error = true;
$error_msg = sprintf($lang['DIRECTORY_DOES_NOT_EXIST'], $attach_config['upload_dir']) . '<br />';
}
@ -301,12 +301,12 @@ if ($check_image_cat) {
$error = false;
// Does the target directory exist, is it a directory and writeable
if (!@file_exists(amod_realpath($upload_dir))) {
if (!@file_exists(realpath($upload_dir))) {
if (!bb_mkdir($upload_dir) && !is_dir($upload_dir)) {
throw new \RuntimeException(sprintf('Directory "%s" was not created', $upload_dir));
}
if (!@file_exists(amod_realpath($upload_dir))) {
if (!@file_exists(realpath($upload_dir))) {
$error = true;
$error_msg = sprintf($lang['DIRECTORY_DOES_NOT_EXIST'], $upload_dir) . '<br />';
}
@ -346,7 +346,7 @@ if ($submit && $mode == 'quota') {
$filesize_list[$i] = ($size_select_list[$i] == 'kb') ? round($filesize_list[$i] * 1024) : (($size_select_list[$i] == 'mb') ? round($filesize_list[$i] * 1048576) : $filesize_list[$i]);
$sql = 'UPDATE ' . BB_QUOTA_LIMITS . "
SET quota_desc = '" . attach_mod_sql_escape($quota_desc_list[$i]) . "', quota_limit = " . (int)$filesize_list[$i] . '
SET quota_desc = '" . DB()->escape($quota_desc_list[$i]) . "', quota_limit = " . (int)$filesize_list[$i] . '
WHERE quota_limit_id = ' . (int)$quota_change_list[$i];
if (!DB()->sql_query($sql)) {
@ -408,7 +408,7 @@ if ($submit && $mode == 'quota') {
$filesize = ($size_select == 'kb') ? round($filesize * 1024) : (($size_select == 'mb') ? round($filesize * 1048576) : $filesize);
$sql = 'INSERT INTO ' . BB_QUOTA_LIMITS . " (quota_desc, quota_limit)
VALUES ('" . attach_mod_sql_escape($quota_desc) . "', " . (int)$filesize . ')';
VALUES ('" . DB()->escape($quota_desc) . "', " . (int)$filesize . ')';
if (!DB()->sql_query($sql)) {
bb_die('Could not add quota limit');

4
admin/admin_extensions.php
View file

@ -499,7 +499,7 @@ if ($add_forum && $e_mode == 'perm' && $group) {
$auth_bitstream = auth_pack($auth_p);
$sql = 'UPDATE ' . BB_EXTENSION_GROUPS . " SET forum_permissions = '" . attach_mod_sql_escape($auth_bitstream) . "' WHERE group_id = " . (int)$group;
$sql = 'UPDATE ' . BB_EXTENSION_GROUPS . " SET forum_permissions = '" . DB()->escape($auth_bitstream) . "' WHERE group_id = " . (int)$group;
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not update permissions #2');
@ -536,7 +536,7 @@ if ($delete_forum && $e_mode == 'perm' && $group) {
$auth_bitstream = (count($auth_p) > 0) ? auth_pack($auth_p) : '';
$sql = 'UPDATE ' . BB_EXTENSION_GROUPS . " SET forum_permissions = '" . attach_mod_sql_escape($auth_bitstream) . "' WHERE group_id = " . (int)$group;
$sql = 'UPDATE ' . BB_EXTENSION_GROUPS . " SET forum_permissions = '" . DB()->escape($auth_bitstream) . "' WHERE group_id = " . (int)$group;
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not update permissions #3');

2
dl.php
View file

@ -30,7 +30,7 @@ function send_file_to_browser($attachment, $upload_dir)
$gotit = false;
if (@!file_exists(@amod_realpath($filename))) {
if (@!file_exists(realpath($filename))) {
bb_die($lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . htmlCHR($filename));
} else {
$gotit = true;

21
library/attach_mod/displaying.php
View file

@ -179,9 +179,7 @@ function display_attachments($post_id)
$template->assign_block_vars('postrow.attach', []);
for ($i = 0; $i < $num_attachments; $i++) {
// Some basic things...
$filename = $upload_dir . '/' . basename($attachments['_' . $post_id][$i]['physical_filename']);
$thumbnail_filename = $upload_dir . '/' . THUMB_DIR . '/t_' . basename($attachments['_' . $post_id][$i]['physical_filename']);
// Checks the file existence
if (!is_file($filename)) {
@ -189,7 +187,6 @@ function display_attachments($post_id)
}
$upload_image = '';
if ($attach_config['upload_img'] && empty($upload_icons[$attachments['_' . $post_id][$i]['extension']])) {
$upload_image = '<img src="' . $attach_config['upload_img'] . '" alt="" border="0" />';
} elseif (trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) != '') {
@ -217,15 +214,13 @@ function display_attachments($post_id)
$thumbnail = false;
$link = false;
// Shows the images in topic
if (@(int)$display_categories[$attachments['_' . $post_id][$i]['extension']] == IMAGE_CAT && (int)$attach_config['img_display_inlined']) {
if ((int)$attach_config['img_link_width'] != 0 || (int)$attach_config['img_link_height'] != 0) {
// Checks the thumbnail existence
if (!is_file($thumbnail_filename)) {
continue;
}
// Get image sizes
[$width, $height] = getimagesize($filename);
// Check if image sizes is allowed
if ($width == 0 && $height == 0) {
$image = true;
} else {
@ -238,11 +233,13 @@ function display_attachments($post_id)
}
}
// Checks if image is thumbnail
if (@(int)$display_categories[$attachments['_' . $post_id][$i]['extension']] == IMAGE_CAT && $attachments['_' . $post_id][$i]['thumbnail'] == 1) {
$thumbnail = true;
$image = false;
}
// Checks whether the image should be displayed as a link
if (!$image && !$thumbnail) {
$link = true;
}
@ -278,6 +275,14 @@ function display_attachments($post_id)
}
if ($thumbnail) {
// Get the thumbnail image
$thumbnail_filename = $upload_dir . '/' . THUMB_DIR . '/t_' . basename($attachments['_' . $post_id][$i]['physical_filename']);
// Checks the thumbnail existence
if (!is_file($thumbnail_filename)) {
continue;
}
// Images, but display Thumbnail
if ($attach_config['upload_dir'][0] == '/' || ($attach_config['upload_dir'][0] != '/' && $attach_config['upload_dir'][1] == ':')) {
$thumb_source = BB_ROOT . DL_URL . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1';

6
library/attach_mod/includes/functions_admin.php
View file

@ -146,7 +146,7 @@ function search_attachments($order_by, &$total_rows)
$search_author = stripslashes(clean_username($search_author));
// Prepare for directly going into sql query
$search_author = str_replace('*', '%', attach_mod_sql_escape($search_author));
$search_author = str_replace('*', '%', DB()->escape($search_author));
// We need the post_id's, because we want to query the Attachment Table
$sql = 'SELECT user_id FROM ' . BB_USERS . " WHERE username LIKE '$search_author'";
@ -172,13 +172,13 @@ function search_attachments($order_by, &$total_rows)
$search_keyword_fname = get_var('search_keyword_fname', '');
if ($search_keyword_fname) {
$match_word = str_replace('*', '%', $search_keyword_fname);
$where_sql[] = " (a.real_filename LIKE '" . attach_mod_sql_escape($match_word) . "') ";
$where_sql[] = " (a.real_filename LIKE '" . DB()->escape($match_word) . "') ";
}
$search_keyword_comment = get_var('search_keyword_comment', '');
if ($search_keyword_comment) {
$match_word = str_replace('*', '%', $search_keyword_comment);
$where_sql[] = " (a.comment LIKE '" . attach_mod_sql_escape($match_word) . "') ";
$where_sql[] = " (a.comment LIKE '" . DB()->escape($match_word) . "') ";
}
// Search Download Count

147
library/attach_mod/includes/functions_attach.php
View file

@ -177,38 +177,6 @@ function unlink_attach($filename, $mode = false)
return @unlink($filename);
}
/**
* Check if Attachment exist
*/
function attachment_exists($filename)
{
global $upload_dir, $attach_config;
$filename = basename($filename);
if (!@file_exists(@amod_realpath($upload_dir . '/' . $filename))) {
return false;
}
return true;
}
/**
* Check if Thumbnail exist
*/
function thumbnail_exists($filename)
{
global $upload_dir, $attach_config;
$filename = basename($filename);
if (!@file_exists(@amod_realpath($upload_dir . '/' . THUMB_DIR . '/t_' . $filename))) {
return false;
}
return true;
}
/**
* Physical Filename stored already ?
*/
@ -222,7 +190,7 @@ function physical_filename_already_stored($filename)
$sql = 'SELECT attach_id
FROM ' . BB_ATTACHMENTS_DESC . "
WHERE physical_filename = '" . attach_mod_sql_escape($filename) . "'
WHERE physical_filename = '" . DB()->escape($filename) . "'
LIMIT 1";
if (!($result = DB()->sql_query($sql))) {
@ -283,37 +251,6 @@ function get_attachments_from_post($post_id_array)
return $attachments;
}
/**
* Count Filesize of Attachments in Database based on the attachment id
*/
function get_total_attach_filesize($attach_ids)
{
if (!is_array($attach_ids) || !count($attach_ids)) {
return 0;
}
$attach_ids = implode(', ', array_map('\intval', $attach_ids));
if (!$attach_ids) {
return 0;
}
$sql = 'SELECT filesize FROM ' . BB_ATTACHMENTS_DESC . " WHERE attach_id IN ($attach_ids)";
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query total filesize');
}
$total_filesize = 0;
while ($row = DB()->sql_fetchrow($result)) {
$total_filesize += (int)$row['filesize'];
}
DB()->sql_freeresult($result);
return $total_filesize;
}
/**
* Get allowed Extensions and their respective Values
*/
@ -377,70 +314,6 @@ function attachment_sync_topic($topics)
}
}
/**
* Get Extension
*/
function get_extension($filename)
{
if (!str_contains($filename, '.')) {
return '';
}
$extension = strrchr(strtolower($filename), '.');
$extension[0] = ' ';
$extension = strtolower(trim($extension));
if (is_array($extension)) {
return '';
}
return $extension;
}
/**
* Delete Extension
*/
function delete_extension($filename)
{
return substr($filename, 0, strripos(trim($filename), '.'));
}
/**
* Check if a user is within Group
*/
function user_in_group($user_id, $group_id)
{
$user_id = (int)$user_id;
$group_id = (int)$group_id;
if (!$user_id || !$group_id) {
return false;
}
$sql = 'SELECT u.group_id
FROM ' . BB_USER_GROUP . ' u, ' . BB_GROUPS . " g
WHERE g.group_single_user = 0
AND u.group_id = g.group_id
AND u.user_id = $user_id
AND g.group_id = $group_id
LIMIT 1";
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not get user group');
}
$num_rows = DB()->num_rows($result);
DB()->sql_freeresult($result);
return !($num_rows == 0);
}
/**
* Realpath replacement for attachment mod
*/
function amod_realpath($path)
{
return (function_exists('realpath')) ? realpath($path) : $path;
}
/**
* _set_var
*
@ -515,18 +388,6 @@ function get_var($var_name, $default, $multibyte = false)
return $var;
}
/**
* Escaping SQL
*/
function attach_mod_sql_escape($text)
{
if (function_exists('mysqli_real_escape_string')) {
return DB()->escape_string($text);
}
return str_replace(['\\', "'"], ['\\\\', "''"], $text);
}
/**
* Build sql statement from array for insert/update/select statements
*
@ -548,7 +409,7 @@ function attach_mod_sql_build_array($query, $assoc_ary = false)
if (null === $var) {
$values[] = 'NULL';
} elseif (is_string($var)) {
$values[] = "'" . attach_mod_sql_escape($var) . "'";
$values[] = "'" . DB()->escape($var) . "'";
} elseif (is_array($var) && is_string($var[0])) {
$values[] = $var[0];
} else {
@ -565,7 +426,7 @@ function attach_mod_sql_build_array($query, $assoc_ary = false)
if (null === $var) {
$values[] = 'NULL';
} elseif (is_string($var)) {
$values[] = "'" . attach_mod_sql_escape($var) . "'";
$values[] = "'" . DB()->escape($var) . "'";
} else {
$values[] = (is_bool($var)) ? (int)$var : $var;
}
@ -580,7 +441,7 @@ function attach_mod_sql_build_array($query, $assoc_ary = false)
if (null === $var) {
$values[] = "$key = NULL";
} elseif (is_string($var)) {
$values[] = "$key = '" . attach_mod_sql_escape($var) . "'";
$values[] = "$key = '" . DB()->escape($var) . "'";
} else {
$values[] = (is_bool($var)) ? "$key = " . (int)$var : "$key = $var";
}

2
library/attach_mod/includes/functions_thumbs.php
View file

@ -25,7 +25,7 @@ function createThumbnail(string $source, string $newFile, string $mimeType): boo
global $attach_config;
// Get the file information
$source = amod_realpath($source);
$source = realpath($source);
$min_filesize = (int)$attach_config['img_min_thumb_filesize'];
$img_filesize = file_exists($source) ? filesize($source) : false;

21
src/Legacy/Attach.php
View file

@ -550,7 +550,7 @@ class Attach
// update entry in db if attachment already stored in db and filespace
$sql = 'UPDATE ' . BB_ATTACHMENTS_DESC . "
SET comment = '" . @attach_mod_sql_escape($this->attachment_comment_list[$i]) . "'
SET comment = '" . DB()->escape($this->attachment_comment_list[$i]) . "'
WHERE attach_id = " . $this->attachment_id_list[$i];
if (!(DB()->sql_query($sql))) {
@ -757,22 +757,22 @@ class Attach
}
$this->type = strtolower($this->type);
$this->extension = strtolower(get_extension($this->filename));
$this->filesize = @filesize($file);
$this->filesize = (int)$this->filesize;
$this->extension = strtolower(pathinfo($this->filename, PATHINFO_EXTENSION));
$this->filesize = (int)filesize($file);
$sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions
FROM ' . BB_EXTENSION_GROUPS . ' g, ' . BB_EXTENSIONS . " e
WHERE g.group_id = e.group_id
AND e.extension = '" . attach_mod_sql_escape($this->extension) . "'
AND e.extension = '" . DB()->escape($this->extension) . "'
LIMIT 1";
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query extensions');
}
$row = DB()->sql_fetchrow($result);
if (!($row = DB()->sql_fetchrow($result))) {
/** TODO **/
}
DB()->sql_freeresult($result);
$allowed_filesize = $row['max_filesize'] ?: $attach_config['max_filesize'];
@ -848,15 +848,14 @@ class Attach
$this->filename = $r_file;
// physical filename
//$this->attach_filename = strtolower($this->filename);
$this->attach_filename = $this->filename;
//bt
if (FILENAME_CRYPTIC) {
$this->attach_filename = make_rand_str(FILENAME_CRYPTIC_LENGTH);
} else { // original
} else {
$this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename)));
$this->attach_filename = delete_extension($this->attach_filename);
$this->attach_filename = pathinfo($this->attach_filename, PATHINFO_FILENAME);
$this->attach_filename = str_replace([' ', '-'], '_', $this->attach_filename);
$this->attach_filename = str_replace('__', '_', $this->attach_filename);
$this->attach_filename = str_replace([',', '.', '!', '?', 'ь', 'Ь', 'ц', 'Ц', 'д', 'Д', ';', ':', '@', "'", '"', '&'], ['', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'], $this->attach_filename);
@ -1082,7 +1081,7 @@ class Attach
if (!$error && $this->thumbnail === 1) {
$source = $upload_dir . '/' . basename($this->attach_filename);
$dest_file = amod_realpath($upload_dir);
$dest_file = realpath($upload_dir);
$dest_file .= '/' . THUMB_DIR . '/t_' . basename($this->attach_filename);
if (!createThumbnail($source, $dest_file, $this->type)) {