simple-machines-forum/Sources/Attachments.php

538 lines
17 KiB
PHP
Raw Normal View History

2024-07-22 14:45:07 +00:00
<?php
/**
* This file contains handling attachments.
*
* Simple Machines Forum (SMF)
*
* @package SMF
* @author Simple Machines https://www.simplemachines.org
* @copyright 2022 Simple Machines and individual contributors
* @license https://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.1.2
*/
if (!defined('SMF'))
die('No direct access...');
/**
* Class Attachments
*
* This class handles adding/deleting attachments
*/
class Attachments
{
/**
* @var int $_msg The ID of the message this attachment is associated with
*/
protected $_msg = 0;
/**
* @var int|null $_board The ID of the board this attachment's post is in or null if it's not set
*/
protected $_board = null;
/**
* @var string|bool $_attachmentUploadDir An array of info about attachment upload directories or false
*/
protected $_attachmentUploadDir = false;
/**
* @var string $_attchDir The path to the current attachment directory
*/
protected $_attchDir = '';
/**
* @var int $_currentAttachmentUploadDir ID of the current attachment directory
*/
protected $_currentAttachmentUploadDir;
/**
* @var bool $_canPostAttachment Whether or not an attachment can be posted
*/
protected $_canPostAttachment;
/**
* @var array $_generalErrors An array of information about any errors that occurred
*/
protected $_generalErrors = array();
/**
* @var mixed $_initialError Not used?
*/
protected $_initialError;
/**
* @var array $_attachments Not used?
*/
protected $_attachments = array();
/**
* @var array $_attachResults An array of information about the results of each file
*/
protected $_attachResults = array();
/**
* @var array $_attachSuccess An array of information about successful attachments
*/
protected $_attachSuccess = array();
/**
* @var array $_response An array of response information. @used-by \sendResponse() when adding attachments
*/
protected $_response = array(
'error' => true,
'data' => array(),
'extra' => '',
);
/**
* @var array $_subActions An array of all valid sub-actions
*/
protected $_subActions = array(
'add',
'delete',
);
/**
* @var string|bool $_sa The current sub-action, or false if there isn't one
*/
protected $_sa = false;
/**
* Attachments constructor.
*
* Sets up some initial information - the message ID, board, current attachment upload dir, etc.
*/
public function __construct()
{
global $modSettings, $context;
$this->_msg = (int) !empty($_REQUEST['msg']) ? $_REQUEST['msg'] : 0;
$this->_board = (int) !empty($_REQUEST['board']) ? $_REQUEST['board'] : null;
$this->_currentAttachmentUploadDir = $modSettings['currentAttachmentUploadDir'];
$this->_attachmentUploadDir = $modSettings['attachmentUploadDir'];
$this->_attchDir = $context['attach_dir'] = $this->_attachmentUploadDir[$modSettings['currentAttachmentUploadDir']];
$this->_canPostAttachment = $context['can_post_attachment'] = !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1 && (allowedTo('post_attachment', $this->_board) || ($modSettings['postmod_active'] && allowedTo('post_unapproved_attachments', $this->_board)));
}
/**
* Handles calling the appropriate function based on the sub-action
*/
public function call()
{
global $smcFunc, $sourcedir;
require_once($sourcedir . '/Subs-Attachments.php');
// Need this. For reasons...
loadLanguage('Post');
$this->_sa = !empty($_REQUEST['sa']) ? $smcFunc['htmlspecialchars']($smcFunc['htmltrim']($_REQUEST['sa'])) : false;
if ($this->_canPostAttachment && $this->_sa && in_array($this->_sa, $this->_subActions))
$this->{$this->_sa}();
// Just send a generic message.
else
$this->setResponse(array(
'text' => $this->_sa == 'add' ? 'attach_error_title' : 'attached_file_deleted_error',
'type' => 'error',
'data' => false,
));
// Back to the future, oh, to the browser!
$this->sendResponse();
}
/**
* Handles deleting the attachment
*/
public function delete()
{
global $sourcedir;
// Need this, don't ask why just nod your head.
require_once($sourcedir . '/ManageAttachments.php');
$attachID = !empty($_REQUEST['attach']) && is_numeric($_REQUEST['attach']) ? (int) $_REQUEST['attach'] : 0;
// Need something to work with.
if (!$attachID || (!empty($_SESSION['already_attached']) && !isset($_SESSION['already_attached'][$attachID])))
return $this->setResponse(array(
'text' => 'attached_file_deleted_error',
'type' => 'error',
'data' => false,
));
// Lets pass some params and see what happens :P
$affectedMessage = removeAttachments(array('id_attach' => $attachID), '', true, true);
// Gotta also remove the attachment from the session var.
unset($_SESSION['already_attached'][$attachID]);
// $affectedMessage returns an empty array array(0) which php treats as non empty... awesome...
$this->setResponse(array(
'text' => !empty($affectedMessage) ? 'attached_file_deleted' : 'attached_file_deleted_error',
'type' => !empty($affectedMessage) ? 'info' : 'warning',
'data' => $affectedMessage,
));
}
/**
* Handles adding an attachment
*/
public function add()
{
// You gotta be able to post attachments.
if (!$this->_canPostAttachment)
return $this->setResponse(array(
'text' => 'attached_file_cannot',
'type' => 'error',
'data' => false,
));
// Process them at once!
$this->processAttachments();
// The attachments was created and moved the the right folder, time to update the DB.
if (!empty($_SESSION['temp_attachments']))
$this->createAttach();
// Set the response.
$this->setResponse();
}
/**
* Moves an attachment to the proper directory and set the relevant data into $_SESSION['temp_attachments']
*/
protected function processAttachments()
{
global $context, $modSettings, $smcFunc, $user_info, $txt;
if (!isset($_FILES['attachment']['name']))
$_FILES['attachment']['tmp_name'] = array();
// If there are attachments, calculate the total size and how many.
$context['attachments']['total_size'] = 0;
$context['attachments']['quantity'] = 0;
// If this isn't a new post, check the current attachments.
if (isset($_REQUEST['msg']))
{
$context['attachments']['quantity'] = count($context['current_attachments']);
foreach ($context['current_attachments'] as $attachment)
$context['attachments']['total_size'] += $attachment['size'];
}
// A bit of house keeping first.
if (!empty($_SESSION['temp_attachments']) && count($_SESSION['temp_attachments']) == 1)
unset($_SESSION['temp_attachments']);
// Our infamous SESSION var, we are gonna have soo much fun with it!
if (!isset($_SESSION['temp_attachments']))
$_SESSION['temp_attachments'] = array();
// Make sure we're uploading to the right place.
if (!empty($modSettings['automanage_attachments']))
automanage_attachments_check_directory();
// Is the attachments folder actually there?
if (!empty($context['dir_creation_error']))
$this->_generalErrors[] = $context['dir_creation_error'];
// The current attach folder ha some issues...
elseif (!is_dir($this->_attchDir))
{
$this->_generalErrors[] = 'attach_folder_warning';
log_error(sprintf($txt['attach_folder_admin_warning'], $this->_attchDir), 'critical');
}
// If this isn't a new post, check the current attachments.
if (empty($this->_generalErrors) && $this->_msg)
{
$context['attachments'] = array();
$request = $smcFunc['db_query']('', '
SELECT COUNT(*), SUM(size)
FROM {db_prefix}attachments
WHERE id_msg = {int:id_msg}
AND attachment_type = {int:attachment_type}',
array(
'id_msg' => (int) $this->_msg,
'attachment_type' => 0,
)
);
list ($context['attachments']['quantity'], $context['attachments']['total_size']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
}
else
$context['attachments'] = array(
'quantity' => 0,
'total_size' => 0,
);
// Check for other general errors here.
// If we have an initial error, delete the files.
if (!empty($this->_generalErrors))
{
// And delete the files 'cos they ain't going nowhere.
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
if (file_exists($_FILES['attachment']['tmp_name'][$n]))
unlink($_FILES['attachment']['tmp_name'][$n]);
$_FILES['attachment']['tmp_name'] = array();
// No point in going further with this.
return;
}
// Loop through $_FILES['attachment'] array and move each file to the current attachments folder.
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
{
if ($_FILES['attachment']['name'][$n] == '')
continue;
// First, let's first check for PHP upload errors.
$errors = array();
if (!empty($_FILES['attachment']['error'][$n]))
{
if ($_FILES['attachment']['error'][$n] == 2)
$errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit']));
else
log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]);
// Log this one, because...
if ($_FILES['attachment']['error'][$n] == 6)
log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical');
// Weird, no errors were cached, still fill out a generic one.
if (empty($errors))
$errors[] = 'attach_php_error';
}
// Try to move and rename the file before doing any more checks on it.
$attachID = 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand());
$destName = $this->_attchDir . '/' . $attachID;
// No errors, YAY!
if (empty($errors))
{
// The reported MIME type of the attachment might not be reliable.
$detected_mime_type = get_mime_type($_FILES['attachment']['tmp_name'][$n], true);
if ($detected_mime_type !== false)
$_FILES['attachment']['type'][$n] = $detected_mime_type;
$_SESSION['temp_attachments'][$attachID] = array(
'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])),
'tmp_name' => $destName,
'size' => $_FILES['attachment']['size'][$n],
'type' => $_FILES['attachment']['type'][$n],
'id_folder' => $modSettings['currentAttachmentUploadDir'],
'errors' => array(),
);
// Move the file to the attachments folder with a temp name for now.
if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName))
smf_chmod($destName, 0644);
// This is madness!!
else
{
// File couldn't be moved.
$_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout';
if (file_exists($_FILES['attachment']['tmp_name'][$n]))
unlink($_FILES['attachment']['tmp_name'][$n]);
}
}
// Fill up a nice array with some data from the file and the errors encountered so far.
else
{
$_SESSION['temp_attachments'][$attachID] = array(
'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])),
'tmp_name' => $destName,
'errors' => $errors,
);
if (file_exists($_FILES['attachment']['tmp_name'][$n]))
unlink($_FILES['attachment']['tmp_name'][$n]);
}
// If there's no errors to this point. We still do need to apply some additional checks before we are finished.
if (empty($_SESSION['temp_attachments'][$attachID]['errors']))
attachmentChecks($attachID);
}
// Mod authors, finally a hook to hang an alternate attachment upload system upon
// Upload to the current attachment folder with the file name $attachID or 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand())
// Populate $_SESSION['temp_attachments'][$attachID] with the following:
// name => The file name
// tmp_name => Path to the temp file ($this->_attchDir . '/' . $attachID).
// size => File size (required).
// type => MIME type (optional if not available on upload).
// id_folder => $modSettings['currentAttachmentUploadDir']
// errors => An array of errors (use the index of the $txt variable for that error).
// Template changes can be done using "integrate_upload_template".
call_integration_hook('integrate_attachment_upload', array());
}
/**
* Actually attaches the file
*/
protected function createAttach()
{
global $txt, $user_info, $modSettings;
// Create an empty session var to keep track of all the files we attached.
if (!isset($_SESSION['already_attached']))
$_SESSION['already_attached'] = array();
foreach ($_SESSION['temp_attachments'] as $attachID => $attachment)
{
$attachmentOptions = array(
'post' => $this->_msg,
'poster' => $user_info['id'],
'name' => $attachment['name'],
'tmp_name' => $attachment['tmp_name'],
'size' => isset($attachment['size']) ? $attachment['size'] : 0,
'mime_type' => isset($attachment['type']) ? $attachment['type'] : '',
'id_folder' => isset($attachment['id_folder']) ? $attachment['id_folder'] : $modSettings['currentAttachmentUploadDir'],
'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment'),
'errors' => array(),
);
if (empty($attachment['errors']))
{
if (createAttachment($attachmentOptions))
{
// Avoid JS getting confused.
$attachmentOptions['attachID'] = $attachmentOptions['id'];
unset($attachmentOptions['id']);
$_SESSION['already_attached'][$attachmentOptions['attachID']] = $attachmentOptions['attachID'];
if (!empty($attachmentOptions['thumb']))
$_SESSION['already_attached'][$attachmentOptions['thumb']] = $attachmentOptions['thumb'];
if ($this->_msg)
assignAttachments($_SESSION['already_attached'], $this->_msg);
}
}
else
{
// Sort out the errors for display and delete any associated files.
$log_these = array('attachments_no_create', 'attachments_no_write', 'attach_timeout', 'ran_out_of_space', 'cant_access_upload_path', 'attach_0_byte_file');
foreach ($attachment['errors'] as $error)
{
$attachmentOptions['errors'][] = sprintf($txt['attach_warning'], $attachment['name']);
if (!is_array($error))
{
$attachmentOptions['errors'][] = $txt[$error];
if (in_array($error, $log_these))
log_error($attachment['name'] . ': ' . $txt[$error], 'critical');
}
else
$attachmentOptions['errors'][] = vsprintf($txt[$error[0]], (array) $error[1]);
}
if (file_exists($attachment['tmp_name']))
unlink($attachment['tmp_name']);
}
// You don't need to know.
unset($attachmentOptions['tmp_name']);
unset($attachmentOptions['destination']);
// Regardless of errors, pass the results.
$this->_attachResults[] = $attachmentOptions;
}
// Temp save this on the db.
if (!empty($_SESSION['already_attached']))
$this->_attachSuccess = $_SESSION['already_attached'];
unset($_SESSION['temp_attachments']);
// Allow user to see previews for all of this post's attachments, even if the post hasn't been submitted yet.
if (!isset($_SESSION['attachments_can_preview']))
$_SESSION['attachments_can_preview'] = array();
if (!empty($_SESSION['already_attached']))
$_SESSION['attachments_can_preview'] += array_fill_keys(array_keys($_SESSION['already_attached']), true);
}
/**
* Sets up the response information
*
* @param array $data Data for the response if we're not adding an attachment
*/
protected function setResponse($data = array())
{
global $txt;
// Some default values in case something is missed or neglected :P
$this->_response = array(
'text' => 'attach_php_error',
'type' => 'error',
'data' => false,
);
// Adding needs some VIP treatment.
if ($this->_sa == 'add')
{
// Is there any generic errors? made some sense out of them!
if ($this->_generalErrors)
foreach ($this->_generalErrors as $k => $v)
$this->_generalErrors[$k] = (is_array($v) ? vsprintf($txt[$v[0]], (array) $v[1]) : $txt[$v]);
// Gotta urlencode the filename.
if ($this->_attachResults)
foreach ($this->_attachResults as $k => $v)
$this->_attachResults[$k]['name'] = urlencode($this->_attachResults[$k]['name']);
$this->_response = array(
'files' => $this->_attachResults ? $this->_attachResults : false,
'generalErrors' => $this->_generalErrors ? $this->_generalErrors : false,
);
}
// Rest of us mere mortals gets no special treatment...
elseif (!empty($data))
if (!empty($data['text']) && !empty($txt[$data['text']]))
$this->_response['text'] = $txt[$data['text']];
}
/**
* Sends the response data
*/
protected function sendResponse()
{
global $smcFunc, $modSettings, $context;
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput']))
@ob_start('ob_gzhandler');
else
ob_start();
// Set the header.
header('content-type: application/json; charset=' . $context['character_set'] . '');
echo $smcFunc['json_encode']($this->_response ? $this->_response : array());
// Done.
obExit(false);
die;
}
}
?>