From 455f0c2602350f229e6f58d624790c3d7448a68b Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Thu, 4 Nov 2010 04:30:23 -0700 Subject: [PATCH 01/16] Improved large file size error message. --- inc/config.php | 4 ++-- inc/display.php | 2 +- inc/functions.php | 16 +++++++++++++++- post.php | 9 +++++++-- 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/inc/config.php b/inc/config.php index 44dc60ec..fbaca0d8 100644 --- a/inc/config.php +++ b/inc/config.php @@ -40,7 +40,7 @@ define('ERROR_NOMOVE', 'The server failed to handle your upload.'); define('ERROR_FILEEXT', 'Unsupported image format.'); define('ERR_INVALIDIMG','Invalid image.'); - define('ERR_FILSIZE', 'The file was too large.'); + define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes'); define('ERR_MAXSIZE', 'The file was too big.'); // For resizing, max values @@ -48,7 +48,7 @@ define('THUMB_HEIGHT', 200); // Maximum image upload size in bytes - define('MAX_FILESIZE', 1048576); // 10MB + define('MAX_FILESIZE', 10*1024*1024); // 10MB // Maximum image dimensions define('MAX_WIDTH', 10000); define('MAX_HEIGHT', MAX_WIDTH); diff --git a/inc/display.php b/inc/display.php index b988e3bc..92f6eca8 100644 --- a/inc/display.php +++ b/inc/display.php @@ -15,7 +15,7 @@ } function error($message) { - die(Element('page.html', Array('index' => ROOT, 'title'=>'Error', 'subtitle'=>'An error has occured.', 'body'=>"

$message

Go back.

"))); + die(Element('page.html', Array('index' => ROOT, 'title'=>'Error', 'subtitle'=>'An error has occured.', 'body'=>"

$message

Go back.

"))); } class Post { diff --git a/inc/functions.php b/inc/functions.php index b465488c..e251c054 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1,4 +1,18 @@ $v) { + $replaces[$delim . $k . $delim] = $v; + } + return str_replace(array_keys($replaces), + array_values($replaces), $str); + } + + function commaize($n) { + $n = strval($n); + return (intval($n) < 1000) ? $n : commaize(substr($n, 0, -3)) . ',' . substr($n, -3); + } + function sql_open() { global $sql; $sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.'); @@ -502,4 +516,4 @@ function int_to_word($n) { return chr($n & 255).chr(($n >> 8) & 255); } -?> \ No newline at end of file +?> diff --git a/post.php b/post.php index 94b80f8c..52048be8 100644 --- a/post.php +++ b/post.php @@ -74,8 +74,13 @@ $post['filename'] = $_FILES['file']['name']; $post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); - if($post['has_file'] && $_FILES['file']['size'] > MAX_FILESIZE) - error(ERR_FILSIZE); + if($post['has_file']) { + $size = $_FILES['file']['size']; + if($size > MAX_FILESIZE) + error(sprintf3(ERR_FILESIZE, array( + 'filesz'=>commaize($size), + 'maxsz'=>commaize(MAX_FILESIZE)))); + } $trip = generate_tripcode($post['name']); $post['name'] = $trip[0]; From 5805de70b42d8674bcfd96cf57192f6c4a641d2c Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Thu, 4 Nov 2010 04:41:52 -0700 Subject: [PATCH 02/16] Reformatted error(), moved commaize() --- inc/display.php | 18 ++++++++++++++++-- inc/functions.php | 6 +----- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/inc/display.php b/inc/display.php index 92f6eca8..132dcac5 100644 --- a/inc/display.php +++ b/inc/display.php @@ -14,8 +14,21 @@ return round($size, 2).$units[$i]; } + function commaize($n) { + $n = strval($n); + return (intval($n) < 1000) ? $n : commaize(substr($n, 0, -3)) . ',' . substr($n, -3); + } + function error($message) { - die(Element('page.html', Array('index' => ROOT, 'title'=>'Error', 'subtitle'=>'An error has occured.', 'body'=>"

$message

Go back.

"))); + die(Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'Error', + 'subtitle'=>'An error has occured.', + 'body'=>"
" . + "

$message

" . + "

Go back.

" . + "
" + ))); } class Post { @@ -180,4 +193,5 @@ return $built; } }; -?> \ No newline at end of file +?> + diff --git a/inc/functions.php b/inc/functions.php index e251c054..10f23e7f 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -8,11 +8,6 @@ array_values($replaces), $str); } - function commaize($n) { - $n = strval($n); - return (intval($n) < 1000) ? $n : commaize(substr($n, 0, -3)) . ',' . substr($n, -3); - } - function sql_open() { global $sql; $sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.'); @@ -517,3 +512,4 @@ return chr($n & 255).chr(($n >> 8) & 255); } ?> + From 467ccdaf484b09a57367434344d72624e3dd1962 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 4 Nov 2010 23:07:50 +1100 Subject: [PATCH 03/16] ZIP support --- inc/config.php | 12 ++++++--- inc/functions.php | 66 ++++++++++++++++++++++++++++++++++++++++++++++ src/zip.png | Bin 0 -> 15221 bytes 3 files changed, 74 insertions(+), 4 deletions(-) create mode 100755 src/zip.png diff --git a/inc/config.php b/inc/config.php index 44dc60ec..fdbe6174 100644 --- a/inc/config.php +++ b/inc/config.php @@ -40,7 +40,7 @@ define('ERROR_NOMOVE', 'The server failed to handle your upload.'); define('ERROR_FILEEXT', 'Unsupported image format.'); define('ERR_INVALIDIMG','Invalid image.'); - define('ERR_FILSIZE', 'The file was too large.'); + define('ERR_FILESIZE', 'Maximum file size: %maxsz%
Your file\'s size: %sz%'); define('ERR_MAXSIZE', 'The file was too big.'); // For resizing, max values @@ -48,11 +48,15 @@ define('THUMB_HEIGHT', 200); // Maximum image upload size in bytes - define('MAX_FILESIZE', 1048576); // 10MB + define('MAX_FILESIZE', 6930209); // 10MB // Maximum image dimensions define('MAX_WIDTH', 10000); define('MAX_HEIGHT', MAX_WIDTH); + define('ALLOW_ZIP', true); + define('ZIP_IMAGE', 'src/zip.png'); + + /** Redraw the image using GD functions to strip any excess data (commonly ZIP archives) WARNING: Very beta. Currently strips animated GIFs too :( @@ -63,7 +67,7 @@ define('REDRAW_GIF', false); // Display the aspect ratio in a post's file info - define('SHOW_RATIO', false); + define('SHOW_RATIO', true); define('DIR_IMG', 'src/'); define('DIR_THUMB', 'thumb/'); @@ -92,7 +96,7 @@ define('URL_MATCH', '/^' . (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . '(' . preg_quote(ROOT, '/') . '|' . preg_quote(ROOT, '/') . '' . preg_quote(FILE_INDEX, '/') . '|' . preg_quote(ROOT, '/') . '' . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . ')$/'); - if(!defined(IS_INSTALLATION)) { + if(!defined('IS_INSTALLATION')) { if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG) or error("Couldn't create " . DIR_IMG . ". Install manually."); if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB) or error("Couldn't create " . DIR_IMG . ". Install manually."); if(!file_exists(DIR_RES)) @mkdir(DIR_RES) or error("Couldn't create " . DIR_IMG . ". Install manually."); diff --git a/inc/functions.php b/inc/functions.php index b465488c..237a7724 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1,4 +1,18 @@ $v) { + $replaces[$delim . $k . $delim] = $v; + } + return str_replace(array_keys($replaces), + array_values($replaces), $str); + } + + function commaize($n) { + $n = strval($n); + return (intval($n) < 1000) ? $n : commaize(substr($n, 0, -3)) . ',' . substr($n, -3); + } + function sql_open() { global $sql; $sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.'); @@ -15,6 +29,58 @@ } } + function post($post, $OP) { + global $sql; + if($OP) { + mysql_query( + sprintf("INSERT INTO `posts` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + $post['subject'], + $post['email'], + $post['name'], + $post['trip'], + $post['body'], + time(), + time(), + $post['thumb'], + $post['thumbwidth'], + $post['thumbheight'], + $post['file'], + $post['width'], + $post['height'], + $post['filesize'], + $post['filename'], + $post['filehash'], + $post['password'], + mysql_real_escape_string($_SERVER['REMOTE_ADDR']) + ), $sql) or error(mysql_error($sql)); + return mysql_insert_id($sql); + } else { + mysql_query( + sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + $post['thread'], + $post['subject'], + $post['email'], + $post['name'], + $post['trip'], + $post['body'], + time(), + time(), + $post['has_file']?$post['thumb']:null, + $post['has_file']?$post['thumbwidth']:null, + $post['has_file']?$post['thumbheight']:null, + $post['has_file']?$post['file']:null, + $post['has_file']?$post['width']:null, + $post['has_file']?$post['height']:null, + $post['has_file']?$post['filesize']:null, + $post['has_file']?$post['filename']:null, + $post['has_file']?$post['filehash']:null, + $post['password'], + mysql_real_escape_string($_SERVER['REMOTE_ADDR']) + ), $sql) or error(mysql_error($sql)); + return mysql_insert_id($sql); + } + } + function index($page) { global $sql, $board; diff --git a/src/zip.png b/src/zip.png new file mode 100755 index 0000000000000000000000000000000000000000..7886679ae22a16c0a6ac5e5e2ca624bc2be0e53c GIT binary patch literal 15221 zcmWk#bzD>58@?MGFq+W<(jhIVAUR69yAcTmrMosjrKLjwK?S9|bEt%%pnNGMHVKiQ z^nkJ7et&Ftce`hwd*1uTbDrlt$)?6Sv{cuq005xX)73I39Z~;(QIeD1KdIgyCmldR z<~kZc{RG!0=>+1XZln$XO&Qde_o1Y7-UqtoMgR~gOd9kQ0M1EYq5c9uhztO1xdMP< zApo%X7k8T}lRh8nX{lR=JMS*RdfShS)o{pWExoKr}OA)wD&v;KF>E9L)pyd=46W!&e+~k&%iUSIFhLMa;(Wb|7Y>_@emG@>7s=17=(C zG<0e1_#(Q$bpPPOd9H7a=zy31z`;&KUbB{ddrR&*{d4;FPi*Ww@*ZQ>+`Z-F+GZ*u9m2F+WO#CSAn-G4=|#emjqY$zTwzWVH2GK=xc$ktg#)+ ze&G!P`)ZfJ>3c4Bywny>l`!~;P0ZP_{MGLo7s8em=IW$_!i9J~M`Y($4yvR)8MxAi ze`O-@{bdPXlF0c9bxJSBJU_lO8>8b&=kasRZ&*=oFQ+MFxSiv4G92ySW7O{8@i?m~ zLNm=M(ftN`KV-(rX7@7H<euP|Pud!2`;RK5 zY5Vct{LYEh$g2%x>_n!-Nn17~$KRE*7h6lljs2M&qk(uq`t{=67W>)p6g&Cx<#RRSp&HLMpP1hbvBx#5#8tJc z)#93l{_}DS@#^$qt?L7%n2o%0?sH%m@wfp=&?+DG3dQdeul7Hz5gN{aWW*l5?mhWt zdz@E$aX}h_?ZFWCP;DbyO5f8PqSwWj{xV_zZ%3VYK6QKe(bC}9PT6ESxYWh#A4dnL zeV1!$?sAUy#_@$mkJE61Z2RQ=jr?AV%YzBEvqAc0`1pl0Fu8DbDt(}G_J8L&{{P?e zypB2fS>O`>`MZ$HTYh37eM%U%RI1f`*Y_P=1%YQvC$;b2u z=U5DpfKif>?*99B@QX;Pa`?ppM)hn|M|CQ$+x<(nZ*kaiL_(@`e`k&_>vr3<>zs0o zWwiq#pbEeefMp8n2UvkW1yU55w!CS+!EP3xC&+F;uvoM{{>F~bx6;$WdA{$&ztQ6y zFvOB^(Sf|^SOV`^$aY0}1ZGf~@}xNukH*9sxITx`YorZIBk|*d9A3pgKt>-K!8iGj zONx8BsBNMNM<3Kw!Z8=i@(PDv%p5}$h$^4** z8ve@*z^f$0`t)T!q_$6*SOMg~(Wl5ia;2Lu?m~JrWKtlXT&?fCi~TpZPUlHhJWa3O z&}vL4z0dmh%VdQo{fk^4gg1yX9CC)GP@DhKk?b)ed}r-13bNC)d|W?4Pbsc9G!m2h`gRrVuHbin&>AlmVIWQeN)H-HMOz{mv46cG!+yKuvVp~dtx zXzxFqw36ztEVHf%0v9GJPkGn@X&7qG6Z}EC6B|!=d2ORO$k=PJ-MysO%Z=j3xD-Vp zXVL|`pea`pV<*{UGNTqja6wfRC_q6*pFx~8>&+mAl7Ivl7@$N!kf&kDFmCv*4Ih;zfw1eCkZCk_}VqSRa*3#cb7&9}CD{&+TPlA79vRy&kw&+J8Zu zLlWksp-1C(HwGk858kYmq>*Jm;}p(-^J>t#zH%?Msk=BEQCkK@E(VOy(y5+dCkj%b zz2sk~$;d}|kkJMFzvQ2d2GFRUG-ZTPp(sC;gxYt|Ux>k5Z=<^0fmM%dT)bJK5!KB6f06mxqV9QA6Ckg{N$2kz#)h8(J=@ zpP@O%2N{Z6m4ijgNAIN!u;!5Gi}a`dV>dnoYc)#3=jGvP4rC8u-{}E|Z9kYP$ZHw7 z8c30TJZ`qWIXf!(#Fw4t3I%cMp}@X#TQ8+W7i8O8Qv_QNAE0~-EguMjbB{C30Wsd| z*m3-kIoP2&gVJiLCYY|w@hLN$9a_Iyu8}k%yPG2(xVS=(8NwLQ#+g7xpQ4x^MU%&Q zL%+960_o$xFe8eJH*V4cBYz!E14EzRcCd|iQe$e1;@>qP$6~;C>$HD`r`MX4(K+@H zZo&{ydw8Y?q>-i3ipF(3FwVq-i;V@`{Gf&YX`|ZY-Ft$rGXN`vY3kg-)v?oiSKfF@ zxUJelJ(+5VvIQ_72BLKJfAVSUcX|S34at7gbXEUA81xeguvs<<<~X3)&RQ4&(c8B7 zyHNe$%&QcTtq_{VptaV{n>?D#-@Ti>>~fM;LDiwm;#pY#VM&6`!1+vxQdO&I+?T^d zuE0@jonMU41{~N8ir1HdfRs%*dWYZI?HWSZ*#K*63# zoDUs=NXm8L1{+F~gFLB#Q~(-Vh5Cw)RH-6Yg=a=$na}hGauHCoM$yj0S42BLem)*( zWb{nM!2!X0@kZe!9kTps$W-EU)q$)mAA%7C%d8g~bhJR{1L%Dw^gn*%<**3m z(|>c~umg{32B}WoLp>u$NrF%=@AUiH0!P)TcdA<*)}5@! zg$gY_TtC+g@%!rf>s{evH&*VB4K~MpZ5w5%<+F{j^t}fu$0;K0b_F4ofIl;+GoDI8 zvk@cM61n3~>oFugC<=D}SOC1is6K<_@~Q?$zGwE=W<(u>=_?NcAu?Ko+JUhi@5_V8 z5&CdelXFIm+gWR5@Hf?KJ91R_#GX-b2b;3d&r6T9v2g``y~)jJ51+@BbD$N#rXWGA zqDJF(2Bd|ttlQJuLElu6-HPllldCER0JdhZr9uG+A3e0Z0O&5oTeEtE>&SsEJ62hE z8+B654$@=LkK5$l57+r1`Z|biF|L~bnL0Ru-~X;-T1Rngm)DTl45+KAai$>!@LXN?{I; z>!blFpU{{>uvC!n%TVoq0O;d z<@rbt@e5?V?gXb(aBWW)&3#b;yB_CWIt^r%Kh-UFEiY_6U5*O-31I6)*d4)eTN4KP z`MFM@(S__G87X2|=5niP6Mhbf3_gbZO;~o8vni2#ojN1RDJ`Pj1KcWw`xk*)XVqQ+ z+F)03#=7OTx%|+YZk>s&XFUw!rWF0lVgi7ktbx|+x!ymwoocbSr3PN|_wTR~ZAt6$LeD2Oy_+rNDQr5vOH*@b9zF_ICHNX-6Fvb z6RQ-*#nH;V1m_{ZIs3|@u#kYO8KbA7dFkPFXA;vJU1X$U!l}y<<7E(U26AO|wIoM{ z*MW1XENh!81q;&wNi4y+EB3$gktQv{PIA~ep4cgzi6=+ZQ3L%Tgdn!xwo5Mud~jj) zLleSEXz%EI62YX$@-mtZt@|KrG)%z{@kOQ+w)R5@x573Mj-Qfcd$XOCst(2^Th9Et z^9V=+@_sUdDzC{WDE~ZN5gk+jH^v9dF8k$G*K=$Z&K>-G0g+9xzDfmFBY{68s1o~5 z2!PWxVD`Z(f~Er44>he0v0UHV#B6T}8pLiIxcu^9s4dX8fPKD;LzDG*zacVy#)Bca zMD9>qc?N2;6v)iaTNA{LG2k8}I)eR$m#ylR5qSSuUb>e6!e@OI)eu_c{Yn%rD7vHD z$j$-iz5YTxC6(PRa(Z2KAVAJOn?d2~JA_+H1f?LKM269Yjpq;#oJ5GWVnrxWi9`l6CG%XJ5DyYUiVy=DeU(v}Q} zkHIZmb*lb-GGZ7qOWx>{g@~LlAO@%aa(O5bA%qji@XKg-@`H6m{giJPxa_4r);zOY zlM=Np+tyuX`E>s-M?8>oG)_mSfJMe0R@Ny| z_~%@`CcJaySKgfc`I5_{KS~AP?x9rw%7HNZh5we%W_>I~w{%VCK&?_`80fSVD5C~A zu|PMIzR}>NV?M@S+OtFV^2_nN)S^rU-wD3Xk{hB{2z3blsqOHh;mWxml5)M%g>p=L@- zHq#$%53*EqUGfIjxOt!SbdKmkMt`5{%Db4WL4H#)psmKV!CMIsl07WQWyFBmRL@k% z4C8L}^UvoI^;!OE<>}99h3ePdf>)Q&q@u%Lzzov=wXpjbeY#L#Xox7$0B^q8E4@bj z1sH~+W=5w5m~@xcYZT)xsiBdzJd8A(T-Z$1LS;`p=x0RH!?mpY;S*iWh%r|eFd}ZH z|6*^!gQ~6f@c?B4q_#`3=+8BvoyxRelHO@3*tzG(V>yMHMAUjv?inAJ79`WG5tM1J%^O6U zV5*)@&b`f2_;`pmHHULhY`(Nu+byUt5u&ZnQvq zE+N`Y$Z)sq!QoO=jS7&;^_hGUxV|~yz1Vg>WAi+=!0@)gw9tPbq*&j@oO!%H(OQdK z=D#{@Ci-r+kDw_>E^KtyPD~b{|DGFv%~B0D$M|OImKYy{=Cvj*E9edN8>t(qw#nT2 z9*#^yUBY9H5?4{xXma7k!^J?X7Z|f)O$qunG1u%0G&A>Sf-U=cqTN7Cm|4XL$-GyW zmQ)`Ccb#?OXHQRk00OiB6ir#%)l~`NxqQH1U0y_xGgt}Wj~|S*^X2@^*NMMRIrDbn z93=I=Qv5|1Oe|hEKiBS<+8Gx=NMeenH#byIyAld|*Mzvk(J%b=pA&s@*C(F=c3qcx z?ifOWJ9y9ZJ#X-T$?<4gBHa2v`oGU(yq92y1rn$u(DItq_o?O0cOfh>U|u?SxxGRj zwUQDXck%8VSRl{b0u`D7^UKtgPK(tqc(WyNH6dgHh?z4$(_#KV{wazgit26r;Q{s%k{ss|9NLk ze&e|W>S8|Tbcw*uE&KYE^qwD)7;A?BF7tlsza{6}S~zdkkwK97~+o{9vs63azY9^qO)sMHCNf&D4mQ06E-m?_o< zCrWMGNKJWWa5ff8WdjjKVnjf)nIrcpK{zRM(W=Ws^jMq=7cw-#KBABL3eJ ztzh~7s0@{pzl$1qFy^`6BxLt+BL zx~ivM`J`8EPlgh=KU;8<4zU%bLoR5n1Q{v-$&>Gs9EJ z<-5YN$i-Ah+x6uE#rIAk4X5@QN#cbQ-1mCKvyFm%tep272xRD}tqEQ!{CnZ9rS!M| zS)#h`H2dB35PSJGm?cuowM83sEeQp%^k(^{@G3CVR1=HXM*b8__~VVWf+qP-Z2~{} zgx!)~DeXBYe&V^pH9-n}mPyMkh_1!h#|Hp}_vJfu!}g-sJedr-JYKkE>#sNDtsCAS zne|Sh58Bsum2WGtynA0R;=er`$h`e&$FZW_j2GgDt=pd8=NLn;@v#pFs%^(rXRD9m zu5H${C?YNf^xJkn8r_JyWrX!q{+DdBLup!&%-3sJW_|TFRRQ=L+k<9>Eml(9=oL=- zKN*#Jq?&GDe@2;&p?NhC_5Q)G1#6M{=U2wOcbwW{)E(oTQ8u5*abEmr=cwHo=o9`h zNH|G*!9Y=tPtlo=eMHT4Dx>Jg7U~{$mU!PR@GvzQY()w46z#e5+R{>pZ#Z3FxW z;JJ+5a~?0WZvBO5bVM+g<(pmzik4lJ+>``Wr|YBtgprYa)IF&XyWm@$_a-_RtO zfv;R*ox>m^yB;&`fS-=TkD}CLHjwktTegt9%G(9qRjUHGWs~T&2rG2n78R}|&doT2GFH8Pn|&>gaLVGknBr1&dclMDCb?*12YqZ*fTqipQKfc{*o!34nc}Qzhj$&? zp9@BXJ6Rb`;rR?V@79gkpv$bVo}qdSdDs)Ea$N`2d>JrBe@R8-a`ure6jb!9ukO}& zANq(<&F%+f#uGCU;2tTVp#Ei>+p%$L!bOj#ZfB1bGYtBi*wi3fB=PN#hl368Gqo*H z{0KFqU)=!e7EE~R=^WK7$*%u8ZK+%}(z?4e8anDM63wtt%TbaG=exX{%-jD;JgnO4 z@^@aMOKV8ew!M6J{kYN?3h~wNqBN$hWXe{O4v0JT?K_?=v9b=KCm=VH4?_6; zGD;-!GSzIn#9i&e7NFb2Sij!WDuXj^2KlgCas3~pJ{LX(g4$v?Ja)P^UOO$*`9q6K zLVs0RkOiR7#+MIDFgL>|N#Y`g&eTdn3Um_^b=oN*iSjVqG{-1q84CMYDBTfcgjOLBU*B0NH0crJcrJ@%f9d^lqllCEMrS z{7GbegIr;EdV1^B1}i@?)fo7?m*Dava;Xoj0C>Q}Jj;!Le^% zX3vJGEH%qUyJN_4r(KgV-Rif$W(j#*4Mc+fz%P$u)NpKCK;5TLtSfuQZ?cF&+Ni5M ziBC1AieFeiyLRNXvn<*Y??IluF$WG@xNnzdDDtAd2;_v|EuH?lIuxk0a8yT3EqyU> zDHX0eUZt0V#vbYs#ty{E8-Z5B$pZa#{HRXotP!Xt_PC;i^q{(KNb8om<=DLe1Qxy13Xpk2Q{S$LT_SU%Sf?GIWT zm>trdYl|dT;LYCa7BL|x8xj-WF`&b$Pb!L)yue3AcmKQtBV z{V&BZ$P5(#sm%6sfY(nqFawWhsemKyu*D_;6oT&iagF;T@Ak5HOio(%|= z?z55kv!!UIjVPNUni$!d8Ma**K#r=ndJDhb_TbdHn*5J`KL1h8mQ5@Nf{q>ZE0u`> zJL777v z*cffgldCZ>F?gYZFK?>qe|DF4#wgayA<@gDIv!XjfCd+O`1Rxea7Sz#ue)8Fl^i|n zzvc#hneYo}tBs_bvw^mBbEV(3a+r%=L-IjzWRtN!qQ0f=oyMC(6xI1EO;B6G+K^^1 zH_I=%vW$bt*$3G~ew1FV@?0`i86>uX%DEv~n&Xc{+zU!wEb`*p`FSvF;yt+Q8xKq@ zZcYqMb{&TTu>i7n!|15&brCRzMW4k4$uLSBD~v-1-53D|I!kVctfz3^_~@4=HAfAUrX@|rU-g=S zJY{dQmzqnF6;H~ioffX_**iX-w{+iek`H~IdO0bA6UP~VQ2Mjt8D7VZENwY-*2>sL zhO9Wt%nyc++mP3XcKI$^nZiW^=Bh5FD}{wo)Z~t;5_F^Iczb+AXaP%)5k8-9@PkCK z<+97%2QqM`_X1e3iVl~BjyJLMWdwTc;+fXOP{Yp@es;5ew08Zh#(Klhl%Q{G#gf<; zN5aS~9)x)7E#Yi7NFeCo;@rwS?#8p`&Iby{3+L%>|1uBZy8<9GMs&Ltf?N#r`56QH zav~J~tqI$G?~E9}_NB?MbmC=t%dhr`(Z(mQG|b}&7;#qzu!3zB9SfF9Ysj79%%kl# z2YOu?edYq z`Q!3NI zhx}&~-fzD%F|gR~fvwArl_tzVzEt{!AAwz^k-wqNH6Xmbcb#;5P9osvT>i4#!@D>b|sn-$M?bof(TVb0u=)#Epr#ShW zrLQEa*_1q(kfIoOyW%9-bU<3+(yDP?Em$b&j{K9fGAWI|&LPfhpo0oF+fCT@8*tv5 zEfPLhx-)e(Iy%v^QgE8878?`2&j?!ia4aXOi|Cfftc(hx2G#|(-&0=?Vw!P~7UzwM zAJG@cQkQ`|Bx!RLYgzVYx##QB1Z0TI>t~^tX=0bmI7twsYLUH7lX8RJ)u_z=$L&~F z#;xJP#k|hs_!%RCOr7ucVes1~Nv`7DwNsG;OEoUX+v7wH7PO?6@9U<>;a~q3N#r|M zx%WHma?fwkBgBqK0~cU!v6+Ejj{ zcs+H>Y9QL3VV)0FRzrI&&e8j=nKlgyX!|(t@~^0T)$0z}@}5R|=glU%XWskJuOAan z_4cGF|EWFG@Rge4&t{%7Z@vvZhFEE6RdZV1RV#g&3!oZ63Hb835~3fa|H9?KAW0qF z{c(f$_J`B`klg^doH})bPz*)eggfqO*!OnfStG zBOIYa4F3cm@afx!Aq&ip*nBkkONEZL0c#QR!eoFt{n7!G0WjB0A@r^LfYC7)bFv$6 zI#Kp!8bYoc_8W=Hi@chyykldmDVZpPIu~iEXV0?BuCp8znW~OT0d=C<~3eC%oe9KqYHWB}6* zL&|5oes7%v?H>usngZsNn0EDdt(n=GdOplqi`xvYs!RQ=WBqlPWEh0*8hO7usJ!VQ z3a@(Gw86iBVltmvj!o4@Gg@nRCqY(}tw{XvxpLmkne?(0%GI@jwpdIP0|_N8%3?9X zt8^Tkm@Vs$?n!%}x;8?|e)PstGq~NW+O;9&8P9c}SR3QDuhE+kO@A`h){qO?=r1{) z`~Y>>M@vK+_NlGElbBPzIzIOmt|KWK_kt1wkUilw7)Th4dkCa*bhl-cKh3uA7WeB-Iw6Sf>ec|3**Q%dTq|68M3Gq#fQ!+iMUpTl+?4EZQ#_u~IZy@^pnup4M ze@pnKP&N*cogMG=8D_1iYyXw-4$@OUaCJVp9Q>cr>6fXE!ObisF`!?mR!u(VaIkoO z$SmF<3vn~Ct(pIa6g3;Cf?eEOrs;bg;7SdrP!ESDFqW2SVkHH*VQ6GQVxm{eu^B$+ z>|TWaB7T_uwgR`BYfT>Y-Sh2ha!%{x<{Xq^_e&=#q+$yA<}rf(1CD6~si(jqq6&Qt zPYjJ8Of!<*~2k4y(FQ=s=D=^4R@r0q_(>B_T~o>!hCL`k(T$w>g~Bn`Tyk@CH2frn@!enkiHt zMcKZnVF1Yy6y?$eW|gbJhWfx7Sz-9+CWU(`o&fz_;l92i!b_%rtTwthNhkuy@Dl~6 z@vGNBm~zU*oTKH5FChFbOd?6ukK;(_B^lIDG+;4=Gjsw}nN*G&VCHOlutezAoF`Cj zh1j;`;*?GD0cMt$e57VwB(WztOXY223*Hp%j>eKD8Ttf!jLV=)7m#rSt<{mjJq+x= zZ-5*MtGmUIdnYr)3}0Qp%On~&>*MlddbDg!oS(dZgE3*D(cBv150wGi8rc4TR93h$ ziGO5k69A!Xao;zLgOLMNU`D6ecmCyvV}0zM##L^|wiEYIcZPxuQ?*efnl~DMfR=eY zAoz38!yDoVf{)Uy4gPvp8Fx$95k(WSF0ox-B-^M3s+crKF&n+NaON>k zM9>C+7X7%=2h6pzyUuZUVIT$yG;?Ou+C`R=`j=iHp#A{UamA1L!wG7i{`FzVZ+2m5 z5`lUqI`|`(H+GNgWiS1+yn^z;(5{DUWwH=_i?9K*4w60Go1QH9vz@Q|#x8zrMSG@Spp9OWB9uA!0<;myYt!@}=#&dDOqm_M@3&f+q9IF+P z_LUb9K($L6+lBIO8vCVLKrS|9t%QFZhA+HzAWdpl;!Uy|kjA7VLWK4W2TPf=l$d0G zxg67;M>}Z?jaso)rfO}hT=*O}oJ){hdg$2=Fvth`?->NoE#C1`DOpzRKaQRNZE#>@ zy}}v?$vKt7bmKMQ^V~VQr$;guih`Bz^`=CG5%K20rn3PGJm3g`lR&wy+aI&L^pPQ4 zHY59$-AEsTHfqbO(xGQ&sGh`ige}*2n&zpY*%V$g9V$>*(?9k_G*Sd}sH>g%6hv(k z#ct9kd=_uP_-!ms>iZ2{!T5P{eD|U#j+8dGs%V4!-i9=5^+j46`>}$*UM|E1xsN#N zHYT{4={82`;tm`c57`7q)x$`g8fB0vzMmkr?;=JwdOT|jvhh#g4{Gz@baseB3Tu=Q@k^P!Hs8~P z)Z;tHJ;)b9GTL*%D?N~?rvA78HmSB8(dAS!JYawwsLj7jwSzpJmCZyWD6{&et*S+r z>H_O~F&lA?b0&>v-kCRW3kIJ6o<<@UoFLVJl=uGkC3F32^q;~sP0iOfUOPFfqxX0J zl~;}!<1a(`7XHA><-gjBJV@W!V2xB^%K@0Ocx#flVa+Mw57!RoXSq$|b>}>^!N>k> zBwmDv%u+(;(qnHkSklDe1wUFNejw%iVruf7_UdIZS?)|VnJH*09rB`Uk72p{x%Z8R z@r@zs+Tx=c{`?(zrys}(Rb=TAjskR%`m!d~JXle_Tu}fM7Ac!)0Z-s6MI1c|cE&d zhS}IM^Uvk#1v45Z$D=GD67}e8aKFj|D9GnSP+ygk00TeqU_(0|+>jr@QkjXGsd1W? z&YWdY3lZmfRQI5^{mdTQTxz>J6ChatJ>sD_lHO>`(1sR3I)ljm+y$K%2h;Vb*>II+ z#isoyn<(N*`={{#y{~>hAHGYc`{nbV3GaC;J$LRR|*oMWVUL1$%181z!WgVY< zszeMwJpQ#r-)Mq*CV_9yLV{cze1Rl4P(7MTsGved>i~c7+dlfkwe>r?s^6jA_^-E{ z&c(?tr4N^pl(=0`arhzLMUDL=~7SMc95D#jkADujLQpQyC>dp=~= zZsUnhL*L1pN7Hv@f_lQvZ-<(!POREEh0JjKMgCXho707n_yoQVez^Y*NZkW_igDUV zgW!uQ4{B6lkmq-QK9CUd3Y_>-E|GlAky)toZEUp%Go$jzmW4r~u?zP29sqZ?xox9Q zVOwVKAg`{*eM#!^`el7`noC|dcCHDxpQ!A@goa*bjFdQX5eZrB9~0deHd;?fpuCOLT|IRI~3Cl-#3_HKXczNyQ|HGy6 zqg3ghkMeT-p%Ow@7P?x)E15o*aNu(d`%S&4-Sd%pJC&(jcHEY)M`im z2D7>mRxgo5q!yY@N2gvsat1bDGURnc!`9TccAZbbm!Yf6So9>QLYW$j%s>_CEc8n~Emc*|yxzhA-jT!v=CE zqv7_$^&Cp>i++_r3|PXO^}9W>Hy06FR?2Jhv!73OZ?!>)cd(%7 zcL&@JgyT@~HJJ~WE*&LyX8i*wzkQ^oO1xP@4cQJ0-^WRfr+ySW(q7SbGSr*|GSr|) zqUa&em4I0qb&k~Qg7eXz0g3wtpLTl$4n^LNtaRF*oBeBIc{OsngIhucKjKrb&Lc3cm=Q}vr zk8MIt!&Fj_rD^{bP>>=G*D!RT#$hm!6zCCsYxMy~!MyO)fC6YmJAjGjMaF=PSXeA& ztntKt+9+YO>(9#CC_zb%Lg#RM6RoNo6r{V>SIdQ!h$&4gaPReh_)m~n#gQ=?ZaMtv zITj=05Y&5rxSQi#5gI41OfHJs(2uXn;ypO&WcYoT@8h!B)49)7%f-5<^R`1(n z=+*37>7he!Niq1rSEhve<_9s_$AhJ9dz zR_f=-;L|TNh<%n!mPQRe%I@8`Orr;srS@u3SN)k6N9B)2D9*y(BSH-?FBeue=qI^) zZ^kW>dMs-2$BZa7kx3Pm)h`^;ga@*r6TEo(ue=wh6PXbp7rBP|z2+;HSJ0!uQgK-O z7|gHq?{O2~r`KK=i zT&@w9LD$FkfQ-`o{E|;LA6~96G8`>Jnl`kWCi34xr(4q2etQi!PmV?{kAFNoTLLC8 zmh-TCot2Ab0Z}@TGkNVj`U!mh9qR$)AJ>7eP^9tf=_qg}7l~5i&wxhIf8#xlS7Ajq z@ZmVU#1FjiXtspSJ>NRyk8NNTT`C7V7~Yi&r9CWt>AEqb_k=FViYuSmGGpTNjmTgU zTv-nciMN+EGL$J{8LSe6PHJC`ch`6VXXP;l0^5QFMU+U}Hb9@rJ--6y7=cf z24v#vn zXlMx5|1JW;yn2=~UdN;bd(T8+*wv_ovc`7E*PI}0V;{Xe6*o^TW%Pem;4bLZgj2Z__Sd^y5B1co^Omec*^Ns>ouUDy7`Td@g!{*p4Jdz$*wm(aUX8AV5iIN zw*KbmcYid%B(h;WesArh(uP+&Ldv0}3n8%2&c%Pv^OA=#4BFvAqqvi_ciAtvZ#{K85T^9^}H zWNFboH$-(rbZWEYwa4c6!*MWF$y!|tscBp+wb_!l*;OlC{rR=--$WHzd!Bv%BuwjUQ~=6m})nlVx!!1R8xHc zseT}cf6d|GHQF{rJ_-`)O z3uO##_IF^|SHjlzXU8-Lk6q?O;)EvJWY65i??*20WvjDzhbtG9JrTmTe7j0tJI;sX zD}cP9G>o+|7}Zblup1r6;U3>Z1wejHbnkRsL0U7UpCTN{E2t>VK0TOhXvGb^B5;0* z%|tiyy79)h`H}IZMPAA~+4p5(+cZc+OdSl~5Pl#hsqSVD Date: Thu, 4 Nov 2010 23:09:01 +1100 Subject: [PATCH 04/16] Zip support --- post.php | 161 +++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 108 insertions(+), 53 deletions(-) diff --git a/post.php b/post.php index 94b80f8c..e4303fca 100644 --- a/post.php +++ b/post.php @@ -74,8 +74,13 @@ $post['filename'] = $_FILES['file']['name']; $post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); - if($post['has_file'] && $_FILES['file']['size'] > MAX_FILESIZE) - error(ERR_FILSIZE); + if($post['has_file']) { + $size = $_FILES['file']['size']; + if($size > MAX_FILESIZE) + error(sprintf3(ERR_FILESIZE, array( + 'sz'=>commaize($size), + 'maxsz'=>commaize(MAX_FILESIZE)))); + } $trip = generate_tripcode($post['name']); $post['name'] = $trip[0]; @@ -91,7 +96,8 @@ $post['file_id'] = rand(0, 1000000000); $post['file'] = DIR_IMG . $post['file_id'] . '.' . $post['extension']; $post['thumb'] = DIR_THUMB . $post['file_id'] . '.png'; - if(!in_array($post['extension'], $allowed_ext)) error(ERROR_FILEEXT); + $post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; + if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT); } // Check string lengths @@ -102,8 +108,6 @@ if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); - - markup($post['body']); if($post['has_file']) { @@ -112,6 +116,11 @@ // Move the uploaded file if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); + if($post['zip']) { + $post['file'] = ZIP_IMAGE; + $post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); + } + $size = @getimagesize($post['file']); $post['width'] = $size[0]; $post['height'] = $size[1]; @@ -132,7 +141,7 @@ $image = createimage($post['extension'], $post['file']); - if(REDRAW_IMAGE) { + if(REDRAW_IMAGE && !$post['zip']) { switch($post['extension']) { case 'jpg': case 'jpeg': @@ -156,7 +165,6 @@ // Create a thumbnail $thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); - $post['thumbwidth'] = $thumb['width']; $post['thumbheight'] = $thumb['height']; } @@ -167,54 +175,101 @@ sql_open(); mysql_safe_array($post); - if($OP) { - mysql_query( - sprintf("INSERT INTO `posts` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", - $post['subject'], - $post['email'], - $post['name'], - $post['trip'], - $post['body'], - time(), - time(), - $post['thumb'], - $post['thumbwidth'], - $post['thumbheight'], - $post['file'], - $post['width'], - $post['height'], - $post['filesize'], - $post['filename'], - $post['filehash'], - $post['password'], - mysql_real_escape_string($_SERVER['REMOTE_ADDR']) - ), $sql) or error(mysql_error($sql)); - } else { - mysql_query( - sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", - $post['thread'], - $post['subject'], - $post['email'], - $post['name'], - $post['trip'], - $post['body'], - time(), - time(), - $post['has_file']?$post['thumb']:null, - $post['has_file']?$post['thumbwidth']:null, - $post['has_file']?$post['thumbheight']:null, - $post['has_file']?$post['file']:null, - $post['has_file']?$post['width']:null, - $post['has_file']?$post['height']:null, - $post['has_file']?$post['filesize']:null, - $post['has_file']?$post['filename']:null, - $post['has_file']?$post['filehash']:null, - $post['password'], - mysql_real_escape_string($_SERVER['REMOTE_ADDR']) - ), $sql) or error(mysql_error($sql)); + $id = post($post, $OP); + + if($post['zip']) { + // Open ZIP + $zip = zip_open($post['zip']); + // Read files + while($entry = zip_read($zip)) { + $filename = basename(zip_entry_name($entry)); + $extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); + + if(in_array($extension, $allowed_ext)) { + if (zip_entry_open($zip, $entry, 'r')) { + + // Fake post + $dump_post = Array( + 'subject' => $post['subject'], + 'email' => $post['email'], + 'name' => $post['name'], + 'trip' => $post['trip'], + 'body' => '', + 'thread' => $id, + 'password' => '', + 'has_file' => true, + 'file_id' => rand(0, 1000000000), + 'filename' => $filename + ); + + $dump_post['file'] = DIR_IMG . $dump_post['file_id'] . '.' . $extension; + $dump_post['thumb'] = DIR_THUMB . $dump_post['file_id'] . '.png'; + + // Extract the image from the ZIP + $fp = fopen($dump_post['file'], 'w+'); + fwrite($fp, zip_entry_read($entry, zip_entry_filesize($entry))); + fclose($fp); + + $size = @getimagesize($dump_post['file']); + $dump_post['width'] = $size[0]; + $dump_post['height'] = $size[1]; + + // Check if the image is valid + if($dump_post['width'] < 1 || $dump_post['height'] < 1) { + unlink($dump_post['file']); + } else { + if($dump_post['width'] > MAX_WIDTH || $dump_post['height'] > MAX_HEIGHT) { + unlink($dump_post['file']); + error(ERR_MAXSIZE); + } else { + $dump_post['filehash'] = md5_file($dump_post['file']); + $dump_post['filesize'] = filesize($dump_post['file']); + + $image = createimage($extension, $dump_post['file']); + + $success = true; + if(REDRAW_IMAGE) { + switch($extension) { + case 'jpg': + case 'jpeg': + imagejpeg($image, $dump_post['file'], JPEG_QUALITY); + break; + case 'png': + imagepng($image, $dump_post['file'], 7); + break; + case 'gif': + if(REDRAW_GIF) + imagegif($image, $dump_post['file']); + break; + case 'bmp': + imagebmp($image, $dump_post['file']); + break; + default: + $success = false; + } + } + + + // Create a thumbnail + $thumb = resize($image, $dump_post['width'], $dump_post['height'], $dump_post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); + + $dump_post['thumbwidth'] = $thumb['width']; + $dump_post['thumbheight'] = $thumb['height']; + + // Create the post + post($dump_post, false); + } + } + + // Close the ZIP + zip_entry_close($entry); + } + } + } + zip_close($zip); + unlink($post['zip']); } - $id = mysql_insert_id($sql); buildThread(($OP?$id:$post['thread'])); if(!$OP) { From 7b43892527e7cfdd86c3b8d451a21939e5982508 Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Thu, 4 Nov 2010 06:35:59 -0700 Subject: [PATCH 05/16] Support for site-instance specific configuration in instance-config.php --- inc/config.php | 110 ++++++++++++++++++++++++------------------------- post.php | 3 ++ test.php | 3 ++ 3 files changed, 61 insertions(+), 55 deletions(-) diff --git a/inc/config.php b/inc/config.php index 13c8e9e1..43f4a449 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,104 +1,104 @@ Your file\'s size: %filesz% bytes'); - define('ERR_MAXSIZE', 'The file was too big.'); + define('ERROR_LURK', 'Lurk some more before posting.', true); + define('ERROR_BOT', 'You look like a bot.', true); + define('ERROR_TOOLONG', 'The %s field was too long.', true); + define('ERROR_TOOLONGBODY', 'The body was too long.', true); + define('ERROR_TOOSHORTBODY', 'The body was too short or empty.', true); + define('ERROR_NOIMAGE', 'You must upload an image.', true); + define('ERROR_NOMOVE', 'The server failed to handle your upload.', true); + define('ERROR_FILEEXT', 'Unsupported image format.', true); + define('ERR_INVALIDIMG','Invalid image.', true); + define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); + define('ERR_MAXSIZE', 'The file was too big.', true); // For resizing, max values - define('THUMB_WIDTH', 200); - define('THUMB_HEIGHT', 200); + define('THUMB_WIDTH', 200, true); + define('THUMB_HEIGHT', 200, true); // Maximum image upload size in bytes - define('MAX_FILESIZE', 10*1024*1024); // 10MB + define('MAX_FILESIZE', 10*1024*1024, true); // 10MB // Maximum image dimensions - define('MAX_WIDTH', 10000); - define('MAX_HEIGHT', MAX_WIDTH); + define('MAX_WIDTH', 10000, true); + define('MAX_HEIGHT', MAX_WIDTH, true); - define('ALLOW_ZIP', true); - define('ZIP_IMAGE', 'src/zip.png'); + define('ALLOW_ZIP', true, true); + define('ZIP_IMAGE', 'src/zip.png', true); /** Redraw the image using GD functions to strip any excess data (commonly ZIP archives) WARNING: Very beta. Currently strips animated GIFs too :( **/ - define('REDRAW_IMAGE', true); + define('REDRAW_IMAGE', false, true); // Redrawing configuration - define('JPEG_QUALITY', 100); - define('REDRAW_GIF', false); + define('JPEG_QUALITY', 100, true); + define('REDRAW_GIF', false, true); // Display the aspect ratio in a post's file info - define('SHOW_RATIO', true); + define('SHOW_RATIO', true, true); - define('DIR_IMG', 'src/'); - define('DIR_THUMB', 'thumb/'); - define('DIR_RES', 'res/'); + define('DIR_IMG', 'src/', true); + define('DIR_THUMB', 'thumb/', true); + define('DIR_RES', 'res/', true); // The root directory, including the trailing slash, for Tinyboard. // examples: '/', '/board/', '/chan/' - define('ROOT', '/'); - define('POST_URL', ROOT . 'post.php'); - define('FILE_INDEX', 'index.html'); - define('FILE_PAGE', '%d.html'); + define('ROOT', '/', true); + define('POST_URL', ROOT . 'post.php', true); + define('FILE_INDEX', 'index.html', true); + define('FILE_PAGE', '%d.html', true); // Automatically convert things like "..." to Unicode characters ("�") - define('AUTO_UNICODE', true); + define('AUTO_UNICODE', true, true); // Whether to turn URLs into functional links - define('MARKUP_URLS', true); - define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '([\w\-]+\.)+[a-zA-Z]{2,6}' . '(\/([\w\-~\.#\/?=&;:+%]+))?' . '/'); + define('MARKUP_URLS', true, true); + define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '([\w\-]+\.)+[a-zA-Z]{2,6}' . '(\/([\w\-~\.#\/?=&;:+%]+))?' . '/', true); // Allowed file extensions - $allowed_ext = Array('jpg', 'jpeg', 'bmp', 'gif', 'png'); + $allowed_ext = Array('jpg', 'jpeg', 'bmp', 'gif', 'png', true); - define('BUTTON_NEWTOPIC', 'New Topic'); - define('BUTTON_REPLY', 'New Reply'); + define('BUTTON_NEWTOPIC', 'New Topic', true); + define('BUTTON_REPLY', 'New Reply', true); - define('ALWAYS_NOKO', false); + define('ALWAYS_NOKO', false, true); - define('URL_MATCH', '/^' . (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . '(' . preg_quote(ROOT, '/') . '|' . preg_quote(ROOT, '/') . '' . preg_quote(FILE_INDEX, '/') . '|' . preg_quote(ROOT, '/') . '' . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . ')$/'); + define('URL_MATCH', '/^' . (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . '(' . preg_quote(ROOT, '/') . '|' . preg_quote(ROOT, '/') . '' . preg_quote(FILE_INDEX, '/') . '|' . preg_quote(ROOT, '/') . '' . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . ')$/', true); if(!defined('IS_INSTALLATION')) { - if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG) or error("Couldn't create " . DIR_IMG . ". Install manually."); - if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB) or error("Couldn't create " . DIR_IMG . ". Install manually."); - if(!file_exists(DIR_RES)) @mkdir(DIR_RES) or error("Couldn't create " . DIR_IMG . ". Install manually."); + if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); + if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); + if(!file_exists(DIR_RES)) @mkdir(DIR_RES) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); } -?> \ No newline at end of file +?> diff --git a/post.php b/post.php index a52de611..f6615ef9 100644 --- a/post.php +++ b/post.php @@ -2,6 +2,9 @@ require 'inc/functions.php'; require 'inc/display.php'; require 'inc/template.php'; + if (file_exists('inc/instance-config.php')) { + require 'inc/instance-config.php'; + } require 'inc/config.php'; require 'inc/user.php'; diff --git a/test.php b/test.php index 0cab3ac6..73a4a0d8 100644 --- a/test.php +++ b/test.php @@ -4,6 +4,9 @@ require 'inc/functions.php'; require 'inc/display.php'; require 'inc/template.php'; + if (file_exists('inc/instance-config.php')) { + require 'inc/instance-config.php'; + } require 'inc/config.php'; require 'inc/user.php'; From dd9f0bb91765c2f01bb07957cee232a380f4e5a6 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 00:44:55 +1100 Subject: [PATCH 06/16] Added a gitignore file. --- .gitignore | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..d877863f --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +# static html +\d.html + +# directories +res/ +src/ +thumb/ + +# instance-config +inc/instance-config.php \ No newline at end of file From 05dd518cb9ff2788f8b8d5dfc15ae511f7df7729 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 00:46:14 +1100 Subject: [PATCH 07/16] Fixed HTML files for gitignore. --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index d877863f..8108863c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ # static html -\d.html +*.html # directories res/ From ad4d8ee0db2d1833a368ebee2099898cf251af97 Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Thu, 4 Nov 2010 06:56:21 -0700 Subject: [PATCH 08/16] Converted readme to unix line endings. Added part about instance-config.php. --- README.md | 91 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 46 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index 3c9a6bf3..fd4e0f3b 100644 --- a/README.md +++ b/README.md @@ -1,45 +1,46 @@ -# Tinyboard - A lightweight PHP imageboard. - -## About -Tinyboard is an imageboard software package written in PHP. It aims to maintain a stable, fast, clean and user-friendly engine for imageboards. Development for Tinyboard started in October 2010 and the project is being lead by [OmegaSDG][o] ("Omega Software Develop Group"). You can contact the development team over IRC at irc.n0v4.com #tinyboard. - -Tinyboard is not currently at a stable state. - -[o]: http://omegadev.org/ - -## Installation - 1. Tinyboard requires a MySQL database and a user to work. Create one. - 2. Import 'install.sql' into the database. There are several ways to do this. - - using phpMyAdmin - - `mysql -uUSERNAME -pPASSWORD DATABASE < install.sql` - 3. Edit '[inc/config.php][c]' to suit your installation - 4. Make sure that the directories used by Tinyboard are writable. Depending on your setup, you may need to `chmod` the directories to 777. - The default directories are: - - ./res - - ./src - - ./thumb - - . (document root) - 5. Ensure everything is okay by running [test.php][t] in a browser. The script will try and help you correct your errors. - 6. Run the [post.php][p] script. It should create an index.html and redirect you to it if everything is okay. - 7. Optional (highly recommended): Either delete or chmod as unreadable the following files: [test.php][t], [install.sql][i], and this [README][r]. - -[t]: http://github.com/savetheinternet/Tinyboard/blob/master/test.php -[p]: http://github.com/savetheinternet/Tinyboard/blob/master/post.php -[c]: http://github.com/savetheinternet/Tinyboard/blob/master/inc/config.php -[i]: http://github.com/savetheinternet/Tinyboard/blob/master/install.sql -[r]: http://github.com/savetheinternet/Tinyboard/blob/master/README.md - -## License -Copyright (c) 2010 by Omega Software Development Group - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above copyright -notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. \ No newline at end of file +# Tinyboard - A lightweight PHP imageboard. + +## About +Tinyboard is an imageboard software package written in PHP. It aims to maintain a stable, fast, clean and user-friendly engine for imageboards. Development for Tinyboard started in October 2010 and the project is being lead by [OmegaSDG][o] ("Omega Software Develop Group"). You can contact the development team over IRC at irc.n0v4.com #tinyboard. + +Tinyboard is not currently at a stable state. + +[o]: http://omegadev.org/ + +## Installation + 1. Tinyboard requires a MySQL database and a user to work. Create one. + 2. Import 'install.sql' into the database. There are several ways to do this. + - using phpMyAdmin + - `mysql -uUSERNAME -pPASSWORD DATABASE < install.sql` + 3. Create an 'instance-config.php'. It should be a PHP script that redefines some values in '[inc/config.php][c]' to suit your installation. + 4. Make sure that the directories used by Tinyboard are writable. Depending on your setup, you may need to `chmod` the directories to 777. + The default directories are: + - ./res + - ./src + - ./thumb + - . (document root) + 5. Ensure everything is okay by running [test.php][t] in a browser. The script will try and help you correct your errors. + 6. Run the [post.php][p] script. It should create an index.html and redirect you to it if everything is okay. + 7. Optional (highly recommended): Either delete or chmod as unreadable the following files: [test.php][t], [install.sql][i], and this [README][r]. + +[t]: http://github.com/savetheinternet/Tinyboard/blob/master/test.php +[p]: http://github.com/savetheinternet/Tinyboard/blob/master/post.php +[c]: http://github.com/savetheinternet/Tinyboard/blob/master/inc/config.php +[i]: http://github.com/savetheinternet/Tinyboard/blob/master/install.sql +[r]: http://github.com/savetheinternet/Tinyboard/blob/master/README.md + +## License +Copyright (c) 2010 by Omega Software Development Group + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above copyright +notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + From 0296a7666f4e9fa2827edf6cc095fb05ad73440b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 01:02:13 +1100 Subject: [PATCH 09/16] Comments in configs --- inc/config.php | 15 +++++++++++++++ inc/instance-config.php | 19 +++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 inc/instance-config.php diff --git a/inc/config.php b/inc/config.php index 43f4a449..66b1e815 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,4 +1,19 @@ \ No newline at end of file From abc0cda57505b3040d8340e2d7e2d99edf55e354 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 01:06:53 +1100 Subject: [PATCH 10/16] ASCII art fix --- inc/config.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/config.php b/inc/config.php index 66b1e815..c29b1861 100644 --- a/inc/config.php +++ b/inc/config.php @@ -4,11 +4,11 @@ * .d88888b d888888P .88888. 888888ba * 88. "' 88 d8' `8b 88 `8b * `Y88888b. 88 88 88 a88aaaa8P' - * `8b 88 88 88 88 + * `8b 88 88 88 88 * d8' .8P 88 Y8. .8P 88 * Y88888P dP `8888P' dP * - * Do not edit this file. Edit instance-config instead! + * Do not edit this file. Edit instance-config.php instead! * * This is the default configuration. You can copy values from here and use them in * your instance-config.php From 512227eaa946cdafb82ca6640db9e68a12de01e3 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 01:08:01 +1100 Subject: [PATCH 11/16] ASCII art fix --- inc/config.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inc/config.php b/inc/config.php index c29b1861..4f38bb7e 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,12 +1,12 @@ Date: Fri, 5 Nov 2010 01:09:25 +1100 Subject: [PATCH 12/16] ASCII art fix --- inc/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 4f38bb7e..5e60f7e1 100644 --- a/inc/config.php +++ b/inc/config.php @@ -4,7 +4,7 @@ * .d88888b d888888P .88888. 888888ba * 88. "' 88 d8' `8b 88 `8b * `Y88888b. 88 88 88 a88aaaa8P' - * `8b 88 88 88 88 + * `8b 88 88 88 88 * d8' .8P 88 Y8. .8P 88 * Y88888P dP `8888P' dP * From 20a8dff1498749137521e92e80a234326f108bf4 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 01:10:45 +1100 Subject: [PATCH 13/16] Removal of ASCII --- inc/config.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/inc/config.php b/inc/config.php index 5e60f7e1..ecd51761 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,12 +1,7 @@ Date: Fri, 5 Nov 2010 01:16:23 +1100 Subject: [PATCH 14/16] Informing instead of demanding with the "do not edit" sign. --- inc/config.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index ecd51761..fbbfaa74 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,7 +1,8 @@ Date: Fri, 5 Nov 2010 01:18:23 +1100 Subject: [PATCH 15/16] Shorten warning --- inc/config.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/inc/config.php b/inc/config.php index fbbfaa74..ce005839 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,10 +1,8 @@