leftypol
/
leftypol
3
3
Fork 1
Code Issues 37 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

non-image uploads

pull/40/head
Savetheinternet 13 years ago
parent
87903f57e3
commit
10a8fe28e6
5 changed files with 77 additions and 51 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      inc/config.php
  2. 22
      inc/display.php
  3. 9
      inc/functions.php
  4. 86
      post.php
  5. BIN
      static/file.png

11
inc/config.php
View File

@ -116,6 +116,7 @@
$config['error']['toomanyreports'] = 'You can\'t report that many posts at once.';
$config['error']['invalidpassword'] = 'Wrong password…';
$config['error']['invalidimg'] = 'Invalid image.';
$config['error']['unknownext'] = 'Unknown file extension.';
$config['error']['filesize'] = 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes';
$config['error']['maxsize'] = 'The file was too big.';
$config['error']['invalidzip'] = 'Invalid archive!';
@ -516,8 +517,14 @@
// https://github.com/savetheinternet/Tinyboard/issues/20
$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/';
// Allowed file extensions
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', '');
// Allowed image file extensions
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png');
// Allowed additional file extensions (not images; downloadable files)
$config['allowed_ext_files'] = Array('mp3');
// Thumbnail to use for the downloadable files (not images)
$config['file_thumb'] = 'static/file.png';
// The names on the post buttons. (On most imageboards, these are both "Post".)
$config['button_newtopic'] = 'New Topic';

22
inc/display.php
View File

@ -259,14 +259,16 @@
if(!empty($this->file) && $this->file != 'deleted') {
$built .= '<p class="fileinfo">File: <a href="' . $config['uri_img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
// Filesize
format_bytes($this->filesize) . ', ' .
format_bytes($this->filesize) .
// File dimensions
$this->filex . 'x' . $this->filey;
($this->filex && $this->filey ?
', ' . $this->filex . 'x' . $this->filey
: '' );
// Aspect Ratio
if($config['show_ratio']) {
$fraction = fraction($this->filex, $this->filey, ':');
$built .= ', ' . $fraction;
}
if($config['show_ratio'] && $this->filex && $this->filey) {
$fraction = fraction($this->filex, $this->filey, ':');
$built .= ', ' . $fraction;
}
// Filename
$built .= ', ' . $this->filename . ')</span></p>' .
@ -377,11 +379,13 @@
$built = '<p class="fileinfo">File: <a href="' . $config['uri_img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
// Filesize
format_bytes($this->filesize) . ', ' .
format_bytes($this->filesize) .
// File dimensions
$this->filex . 'x' . $this->filey;
($this->filex && $this->filey ?
', ' . $this->filex . 'x' . $this->filey
: '' );
// Aspect Ratio
if($config['show_ratio']) {
if($config['show_ratio'] && $this->filex && $this->filey) {
$fraction = fraction($this->filex, $this->filey, ':');
$built .= ', ' . $fraction;
}

9
inc/functions.php
View File

@ -363,7 +363,7 @@
$query->bindValue(':height', $post['height'], PDO::PARAM_INT);
$query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT);
$query->bindValue(':filename', $post['filename']);
$query->bindValue(':filehash', $post['filehash']);
$query->bindValue(':filehash', $post['file']);
} else {
$query->bindValue(':thumb', null, PDO::PARAM_NULL);
$query->bindValue(':thumbwidth', null, PDO::PARAM_NULL);
@ -1363,12 +1363,13 @@
}
break;
default:
error('Unknwon file extension.');
error($config['error']['unknownext']);
}
return $image;
}
function resize($src, $width, $height, $destination_pic, $max_width, $max_height, $ext) {
function resize($src, $width, $height, $destination_pic, $max_width, $max_height, $ext) {
global $config;
$return = Array();
$x_ratio = $max_width / $width;
@ -1414,7 +1415,7 @@
imagebmp($tmp, $destination_pic);
break;
default:
error('Unknwon file extension.');
error($config['error']['unknownext']);
}
imagedestroy($src);

86
post.php
View File

@ -384,51 +384,65 @@
}
if($post['has_file']) {
if(!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files']))
error($config['error']['unknownext']);
if(in_array($post['extension'], $config['allowed_ext_files']))
$__file = true;
// Just trim the filename if it's too long
if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…';
// Move the uploaded file
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']);
$size = @getimagesize($post['file']);
$post['width'] = $size[0];
$post['height'] = $size[1];
// Check if the image is valid
if($post['width'] < 1 || $post['height'] < 1) {
undoImage($post);
error($config['error']['invalidimg']);
}
if($post['width'] > $config['max_width'] || $post['height'] > $config['max_height']) {
undoImage($post);
error($config['error']['maxsize']);
}
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($post['file'], null, null, null, 255);
if(preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
error($config['error']['mime_exploit']);
}
$post['filehash'] = $config['file_hash']($post['file']);
$post['filesize'] = filesize($post['file']);
if($config['minimum_copy_resize'] && $post['width'] <= $config['thumb_width'] && $post['height'] <= $config['thumb_height'] && $post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
// Copy, because there's nothing to resize
copy($post['file'], $post['thumb']);
if(!isset($__file)) {
$size = @getimagesize($post['file']);
$post['width'] = $size[0];
$post['height'] = $size[1];
$post['thumbwidth'] = $post['width'];
$post['thumbheight'] = $post['height'];
} else {
$image = createimage($post['extension'], $post['file']);
// Check if the image is valid
if($post['width'] < 1 || $post['height'] < 1) {
undoImage($post);
error($config['error']['invalidimg']);
}
// Create a thumbnail
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], $config['thumb_width'], $config['thumb_height'], ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension']));
if($post['width'] > $config['max_width'] || $post['height'] > $config['max_height']) {
undoImage($post);
error($config['error']['maxsize']);
}
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($post['file'], null, null, null, 255);
if(preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
error($config['error']['mime_exploit']);
}
$post['thumbwidth'] = $thumb['width'];
$post['thumbheight'] = $thumb['height'];
if($config['minimum_copy_resize'] && $post['width'] <= $config['thumb_width'] && $post['height'] <= $config['thumb_height'] && $post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
// Copy, because there's nothing to resize
copy($post['file'], $post['thumb']);
$post['thumbwidth'] = $post['width'];
$post['thumbheight'] = $post['height'];
} else {
$image = createimage($post['extension'], $post['file']);
// Create a thumbnail
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], $config['thumb_width'], $config['thumb_height'], ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension']));
$post['thumbwidth'] = $thumb['width'];
$post['thumbheight'] = $thumb['height'];
}
} else {
copy($config['file_thumb'], $post['thumb']);
$size = @getimagesize($post['thumb']);
$post['thumbwidth'] = $size[0];
$post['thumbheight'] = $size[1];
}
$post['filehash'] = $config['file_hash']($post['file']);
$post['filesize'] = filesize($post['file']);
}
if($post['has_file'] && $config['image_reject_repost'] && $p = getPostByHash($post['filehash'])) {

BIN
static/file.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.0 KiB

Write Preview
Loading…
Cancel
Save