|
@ -74,8 +74,13 @@ |
|
|
$post['filename'] = $_FILES['file']['name']; |
|
|
$post['filename'] = $_FILES['file']['name']; |
|
|
$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); |
|
|
$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); |
|
|
|
|
|
|
|
|
if($post['has_file'] && $_FILES['file']['size'] > MAX_FILESIZE) |
|
|
if($post['has_file']) { |
|
|
error(ERR_FILSIZE); |
|
|
$size = $_FILES['file']['size']; |
|
|
|
|
|
if($size > MAX_FILESIZE) |
|
|
|
|
|
error(sprintf3(ERR_FILESIZE, array( |
|
|
|
|
|
'sz'=>commaize($size), |
|
|
|
|
|
'maxsz'=>commaize(MAX_FILESIZE)))); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
$trip = generate_tripcode($post['name']); |
|
|
$trip = generate_tripcode($post['name']); |
|
|
$post['name'] = $trip[0]; |
|
|
$post['name'] = $trip[0]; |
|
@ -91,7 +96,8 @@ |
|
|
$post['file_id'] = rand(0, 1000000000); |
|
|
$post['file_id'] = rand(0, 1000000000); |
|
|
$post['file'] = DIR_IMG . $post['file_id'] . '.' . $post['extension']; |
|
|
$post['file'] = DIR_IMG . $post['file_id'] . '.' . $post['extension']; |
|
|
$post['thumb'] = DIR_THUMB . $post['file_id'] . '.png'; |
|
|
$post['thumb'] = DIR_THUMB . $post['file_id'] . '.png'; |
|
|
if(!in_array($post['extension'], $allowed_ext)) error(ERROR_FILEEXT); |
|
|
$post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; |
|
|
|
|
|
if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
// Check string lengths |
|
|
// Check string lengths |
|
@ -102,8 +108,6 @@ |
|
|
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); |
|
|
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); |
|
|
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); |
|
|
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
markup($post['body']); |
|
|
markup($post['body']); |
|
|
|
|
|
|
|
|
if($post['has_file']) { |
|
|
if($post['has_file']) { |
|
@ -112,6 +116,11 @@ |
|
|
// Move the uploaded file |
|
|
// Move the uploaded file |
|
|
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); |
|
|
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); |
|
|
|
|
|
|
|
|
|
|
|
if($post['zip']) { |
|
|
|
|
|
$post['file'] = ZIP_IMAGE; |
|
|
|
|
|
$post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
$size = @getimagesize($post['file']); |
|
|
$size = @getimagesize($post['file']); |
|
|
$post['width'] = $size[0]; |
|
|
$post['width'] = $size[0]; |
|
|
$post['height'] = $size[1]; |
|
|
$post['height'] = $size[1]; |
|
@ -132,7 +141,7 @@ |
|
|
|
|
|
|
|
|
$image = createimage($post['extension'], $post['file']); |
|
|
$image = createimage($post['extension'], $post['file']); |
|
|
|
|
|
|
|
|
if(REDRAW_IMAGE) { |
|
|
if(REDRAW_IMAGE && !$post['zip']) { |
|
|
switch($post['extension']) { |
|
|
switch($post['extension']) { |
|
|
case 'jpg': |
|
|
case 'jpg': |
|
|
case 'jpeg': |
|
|
case 'jpeg': |
|
@ -156,7 +165,6 @@ |
|
|
// Create a thumbnail |
|
|
// Create a thumbnail |
|
|
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); |
|
|
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$post['thumbwidth'] = $thumb['width']; |
|
|
$post['thumbwidth'] = $thumb['width']; |
|
|
$post['thumbheight'] = $thumb['height']; |
|
|
$post['thumbheight'] = $thumb['height']; |
|
|
} |
|
|
} |
|
@ -167,54 +175,101 @@ |
|
|
sql_open(); |
|
|
sql_open(); |
|
|
mysql_safe_array($post); |
|
|
mysql_safe_array($post); |
|
|
|
|
|
|
|
|
if($OP) { |
|
|
$id = post($post, $OP); |
|
|
mysql_query( |
|
|
|
|
|
sprintf("INSERT INTO `posts` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", |
|
|
if($post['zip']) { |
|
|
$post['subject'], |
|
|
// Open ZIP |
|
|
$post['email'], |
|
|
$zip = zip_open($post['zip']); |
|
|
$post['name'], |
|
|
// Read files |
|
|
$post['trip'], |
|
|
while($entry = zip_read($zip)) { |
|
|
$post['body'], |
|
|
$filename = basename(zip_entry_name($entry)); |
|
|
time(), |
|
|
$extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); |
|
|
time(), |
|
|
|
|
|
$post['thumb'], |
|
|
if(in_array($extension, $allowed_ext)) { |
|
|
$post['thumbwidth'], |
|
|
if (zip_entry_open($zip, $entry, 'r')) { |
|
|
$post['thumbheight'], |
|
|
|
|
|
$post['file'], |
|
|
// Fake post |
|
|
$post['width'], |
|
|
$dump_post = Array( |
|
|
$post['height'], |
|
|
'subject' => $post['subject'], |
|
|
$post['filesize'], |
|
|
'email' => $post['email'], |
|
|
$post['filename'], |
|
|
'name' => $post['name'], |
|
|
$post['filehash'], |
|
|
'trip' => $post['trip'], |
|
|
$post['password'], |
|
|
'body' => '', |
|
|
mysql_real_escape_string($_SERVER['REMOTE_ADDR']) |
|
|
'thread' => $id, |
|
|
), $sql) or error(mysql_error($sql)); |
|
|
'password' => '', |
|
|
|
|
|
'has_file' => true, |
|
|
|
|
|
'file_id' => rand(0, 1000000000), |
|
|
|
|
|
'filename' => $filename |
|
|
|
|
|
); |
|
|
|
|
|
|
|
|
|
|
|
$dump_post['file'] = DIR_IMG . $dump_post['file_id'] . '.' . $extension; |
|
|
|
|
|
$dump_post['thumb'] = DIR_THUMB . $dump_post['file_id'] . '.png'; |
|
|
|
|
|
|
|
|
|
|
|
// Extract the image from the ZIP |
|
|
|
|
|
$fp = fopen($dump_post['file'], 'w+'); |
|
|
|
|
|
fwrite($fp, zip_entry_read($entry, zip_entry_filesize($entry))); |
|
|
|
|
|
fclose($fp); |
|
|
|
|
|
|
|
|
|
|
|
$size = @getimagesize($dump_post['file']); |
|
|
|
|
|
$dump_post['width'] = $size[0]; |
|
|
|
|
|
$dump_post['height'] = $size[1]; |
|
|
|
|
|
|
|
|
|
|
|
// Check if the image is valid |
|
|
|
|
|
if($dump_post['width'] < 1 || $dump_post['height'] < 1) { |
|
|
|
|
|
unlink($dump_post['file']); |
|
|
} else { |
|
|
} else { |
|
|
mysql_query( |
|
|
if($dump_post['width'] > MAX_WIDTH || $dump_post['height'] > MAX_HEIGHT) { |
|
|
sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", |
|
|
unlink($dump_post['file']); |
|
|
$post['thread'], |
|
|
error(ERR_MAXSIZE); |
|
|
$post['subject'], |
|
|
} else { |
|
|
$post['email'], |
|
|
$dump_post['filehash'] = md5_file($dump_post['file']); |
|
|
$post['name'], |
|
|
$dump_post['filesize'] = filesize($dump_post['file']); |
|
|
$post['trip'], |
|
|
|
|
|
$post['body'], |
|
|
$image = createimage($extension, $dump_post['file']); |
|
|
time(), |
|
|
|
|
|
time(), |
|
|
$success = true; |
|
|
$post['has_file']?$post['thumb']:null, |
|
|
if(REDRAW_IMAGE) { |
|
|
$post['has_file']?$post['thumbwidth']:null, |
|
|
switch($extension) { |
|
|
$post['has_file']?$post['thumbheight']:null, |
|
|
case 'jpg': |
|
|
$post['has_file']?$post['file']:null, |
|
|
case 'jpeg': |
|
|
$post['has_file']?$post['width']:null, |
|
|
imagejpeg($image, $dump_post['file'], JPEG_QUALITY); |
|
|
$post['has_file']?$post['height']:null, |
|
|
break; |
|
|
$post['has_file']?$post['filesize']:null, |
|
|
case 'png': |
|
|
$post['has_file']?$post['filename']:null, |
|
|
imagepng($image, $dump_post['file'], 7); |
|
|
$post['has_file']?$post['filehash']:null, |
|
|
break; |
|
|
$post['password'], |
|
|
case 'gif': |
|
|
mysql_real_escape_string($_SERVER['REMOTE_ADDR']) |
|
|
if(REDRAW_GIF) |
|
|
), $sql) or error(mysql_error($sql)); |
|
|
imagegif($image, $dump_post['file']); |
|
|
|
|
|
break; |
|
|
|
|
|
case 'bmp': |
|
|
|
|
|
imagebmp($image, $dump_post['file']); |
|
|
|
|
|
break; |
|
|
|
|
|
default: |
|
|
|
|
|
$success = false; |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Create a thumbnail |
|
|
|
|
|
$thumb = resize($image, $dump_post['width'], $dump_post['height'], $dump_post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); |
|
|
|
|
|
|
|
|
|
|
|
$dump_post['thumbwidth'] = $thumb['width']; |
|
|
|
|
|
$dump_post['thumbheight'] = $thumb['height']; |
|
|
|
|
|
|
|
|
|
|
|
// Create the post |
|
|
|
|
|
post($dump_post, false); |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Close the ZIP |
|
|
|
|
|
zip_entry_close($entry); |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
zip_close($zip); |
|
|
|
|
|
unlink($post['zip']); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
$id = mysql_insert_id($sql); |
|
|
|
|
|
buildThread(($OP?$id:$post['thread'])); |
|
|
buildThread(($OP?$id:$post['thread'])); |
|
|
|
|
|
|
|
|
if(!$OP) { |
|
|
if(!$OP) { |
|
|