From 455f0c2602350f229e6f58d624790c3d7448a68b Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Thu, 4 Nov 2010 04:30:23 -0700 Subject: [PATCH 01/16] Improved large file size error message. --- inc/config.php | 4 ++-- inc/display.php | 2 +- inc/functions.php | 16 +++++++++++++++- post.php | 9 +++++++-- 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/inc/config.php b/inc/config.php index 44dc60ec..fbaca0d8 100644 --- a/inc/config.php +++ b/inc/config.php @@ -40,7 +40,7 @@ define('ERROR_NOMOVE', 'The server failed to handle your upload.'); define('ERROR_FILEEXT', 'Unsupported image format.'); define('ERR_INVALIDIMG','Invalid image.'); - define('ERR_FILSIZE', 'The file was too large.'); + define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes'); define('ERR_MAXSIZE', 'The file was too big.'); // For resizing, max values @@ -48,7 +48,7 @@ define('THUMB_HEIGHT', 200); // Maximum image upload size in bytes - define('MAX_FILESIZE', 1048576); // 10MB + define('MAX_FILESIZE', 10*1024*1024); // 10MB // Maximum image dimensions define('MAX_WIDTH', 10000); define('MAX_HEIGHT', MAX_WIDTH); diff --git a/inc/display.php b/inc/display.php index b988e3bc..92f6eca8 100644 --- a/inc/display.php +++ b/inc/display.php @@ -15,7 +15,7 @@ } function error($message) { - die(Element('page.html', Array('index' => ROOT, 'title'=>'Error', 'subtitle'=>'An error has occured.', 'body'=>"

$message

Go back.

"))); + die(Element('page.html', Array('index' => ROOT, 'title'=>'Error', 'subtitle'=>'An error has occured.', 'body'=>"

$message

Go back.

"))); } class Post { diff --git a/inc/functions.php b/inc/functions.php index b465488c..e251c054 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1,4 +1,18 @@ $v) { + $replaces[$delim . $k . $delim] = $v; + } + return str_replace(array_keys($replaces), + array_values($replaces), $str); + } + + function commaize($n) { + $n = strval($n); + return (intval($n) < 1000) ? $n : commaize(substr($n, 0, -3)) . ',' . substr($n, -3); + } + function sql_open() { global $sql; $sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.'); @@ -502,4 +516,4 @@ function int_to_word($n) { return chr($n & 255).chr(($n >> 8) & 255); } -?> \ No newline at end of file +?> diff --git a/post.php b/post.php index 94b80f8c..52048be8 100644 --- a/post.php +++ b/post.php @@ -74,8 +74,13 @@ $post['filename'] = $_FILES['file']['name']; $post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); - if($post['has_file'] && $_FILES['file']['size'] > MAX_FILESIZE) - error(ERR_FILSIZE); + if($post['has_file']) { + $size = $_FILES['file']['size']; + if($size > MAX_FILESIZE) + error(sprintf3(ERR_FILESIZE, array( + 'filesz'=>commaize($size), + 'maxsz'=>commaize(MAX_FILESIZE)))); + } $trip = generate_tripcode($post['name']); $post['name'] = $trip[0]; From 5805de70b42d8674bcfd96cf57192f6c4a641d2c Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Thu, 4 Nov 2010 04:41:52 -0700 Subject: [PATCH 02/16] Reformatted error(), moved commaize() --- inc/display.php | 18 ++++++++++++++++-- inc/functions.php | 6 +----- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/inc/display.php b/inc/display.php index 92f6eca8..132dcac5 100644 --- a/inc/display.php +++ b/inc/display.php @@ -14,8 +14,21 @@ return round($size, 2).$units[$i]; } + function commaize($n) { + $n = strval($n); + return (intval($n) < 1000) ? $n : commaize(substr($n, 0, -3)) . ',' . substr($n, -3); + } + function error($message) { - die(Element('page.html', Array('index' => ROOT, 'title'=>'Error', 'subtitle'=>'An error has occured.', 'body'=>"

$message

Go back.

"))); + die(Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'Error', + 'subtitle'=>'An error has occured.', + 'body'=>"
" . + "

$message

" . + "

Go back.

" . + "
" + ))); } class Post { @@ -180,4 +193,5 @@ return $built; } }; -?> \ No newline at end of file +?> + diff --git a/inc/functions.php b/inc/functions.php index e251c054..10f23e7f 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -8,11 +8,6 @@ array_values($replaces), $str); } - function commaize($n) { - $n = strval($n); - return (intval($n) < 1000) ? $n : commaize(substr($n, 0, -3)) . ',' . substr($n, -3); - } - function sql_open() { global $sql; $sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.'); @@ -517,3 +512,4 @@ return chr($n & 255).chr(($n >> 8) & 255); } ?> + From 467ccdaf484b09a57367434344d72624e3dd1962 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 4 Nov 2010 23:07:50 +1100 Subject: [PATCH 03/16] ZIP support --- inc/config.php | 12 ++++++--- inc/functions.php | 66 ++++++++++++++++++++++++++++++++++++++++++++++ src/zip.png | Bin 0 -> 15221 bytes 3 files changed, 74 insertions(+), 4 deletions(-) create mode 100755 src/zip.png diff --git a/inc/config.php b/inc/config.php index 44dc60ec..fdbe6174 100644 --- a/inc/config.php +++ b/inc/config.php @@ -40,7 +40,7 @@ define('ERROR_NOMOVE', 'The server failed to handle your upload.'); define('ERROR_FILEEXT', 'Unsupported image format.'); define('ERR_INVALIDIMG','Invalid image.'); - define('ERR_FILSIZE', 'The file was too large.'); + define('ERR_FILESIZE', 'Maximum file size: %maxsz%
Your file\'s size: %sz%'); define('ERR_MAXSIZE', 'The file was too big.'); // For resizing, max values @@ -48,11 +48,15 @@ define('THUMB_HEIGHT', 200); // Maximum image upload size in bytes - define('MAX_FILESIZE', 1048576); // 10MB + define('MAX_FILESIZE', 6930209); // 10MB // Maximum image dimensions define('MAX_WIDTH', 10000); define('MAX_HEIGHT', MAX_WIDTH); + define('ALLOW_ZIP', true); + define('ZIP_IMAGE', 'src/zip.png'); + + /** Redraw the image using GD functions to strip any excess data (commonly ZIP archives) WARNING: Very beta. Currently strips animated GIFs too :( @@ -63,7 +67,7 @@ define('REDRAW_GIF', false); // Display the aspect ratio in a post's file info - define('SHOW_RATIO', false); + define('SHOW_RATIO', true); define('DIR_IMG', 'src/'); define('DIR_THUMB', 'thumb/'); @@ -92,7 +96,7 @@ define('URL_MATCH', '/^' . (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . '(' . preg_quote(ROOT, '/') . '|' . preg_quote(ROOT, '/') . '' . preg_quote(FILE_INDEX, '/') . '|' . preg_quote(ROOT, '/') . '' . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . ')$/'); - if(!defined(IS_INSTALLATION)) { + if(!defined('IS_INSTALLATION')) { if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG) or error("Couldn't create " . DIR_IMG . ". Install manually."); if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB) or error("Couldn't create " . DIR_IMG . ". Install manually."); if(!file_exists(DIR_RES)) @mkdir(DIR_RES) or error("Couldn't create " . DIR_IMG . ". Install manually."); diff --git a/inc/functions.php b/inc/functions.php index b465488c..237a7724 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1,4 +1,18 @@ $v) { + $replaces[$delim . $k . $delim] = $v; + } + return str_replace(array_keys($replaces), + array_values($replaces), $str); + } + + function commaize($n) { + $n = strval($n); + return (intval($n) < 1000) ? $n : commaize(substr($n, 0, -3)) . ',' . substr($n, -3); + } + function sql_open() { global $sql; $sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.'); @@ -15,6 +29,58 @@ } } + function post($post, $OP) { + global $sql; + if($OP) { + mysql_query( + sprintf("INSERT INTO `posts` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + $post['subject'], + $post['email'], + $post['name'], + $post['trip'], + $post['body'], + time(), + time(), + $post['thumb'], + $post['thumbwidth'], + $post['thumbheight'], + $post['file'], + $post['width'], + $post['height'], + $post['filesize'], + $post['filename'], + $post['filehash'], + $post['password'], + mysql_real_escape_string($_SERVER['REMOTE_ADDR']) + ), $sql) or error(mysql_error($sql)); + return mysql_insert_id($sql); + } else { + mysql_query( + sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + $post['thread'], + $post['subject'], + $post['email'], + $post['name'], + $post['trip'], + $post['body'], + time(), + time(), + $post['has_file']?$post['thumb']:null, + $post['has_file']?$post['thumbwidth']:null, + $post['has_file']?$post['thumbheight']:null, + $post['has_file']?$post['file']:null, + $post['has_file']?$post['width']:null, + $post['has_file']?$post['height']:null, + $post['has_file']?$post['filesize']:null, + $post['has_file']?$post['filename']:null, + $post['has_file']?$post['filehash']:null, + $post['password'], + mysql_real_escape_string($_SERVER['REMOTE_ADDR']) + ), $sql) or error(mysql_error($sql)); + return mysql_insert_id($sql); + } + } + function index($page) { global $sql, $board; diff --git a/src/zip.png b/src/zip.png new file mode 100755 index 0000000000000000000000000000000000000000..7886679ae22a16c0a6ac5e5e2ca624bc2be0e53c GIT binary patch literal 15221 zcmeAS@N?(olHy`uVBq!ia0y~yU}ykg4mJh`hQoG=rx_R+7>k44ofy`glX=O&z`&C3 z=LqiJ#!!MBL7Yq!g1`G_Z5*Qe)W-u^_7tGle zXv4r@_1V+KF{C2y?Oo12+rG}R|4_fl#dG2mjX+ip| z`d)VT`q$qz`{uv@^gHhQ-c$dhf0{3sl;B}o{iN6Qm9ZRu8~?K0@W|AuRW{52uB*BH z)q>es;Q5!{d$S8C_kwygV*FQjbKT^(Z`%()-fDDBLg--mohNM;|M#zaFT-9I z`SOBM<0iLxyT2Cfu1el$p5M`^kj!}g`Sr6A_K*E4@5gSsYjK;m{rr8!+q@GL&);ox z;`zRN5=-~V6NO=?UP(o=nP~5Qd%=s5eSwtR<{Mi#$8J_Uw$@gU`#tl#=kKj#WPeD0 z|Mgh@|Bnyz|9x5h`_G@}_Vte@FnDadS0JzLxgp?#JHx%mmjP)%W2e~)ZL!%ecwp0A zmB;VSevoJ=Ket2qfK<^IvAXRx`4#I6-`oFr$iMr~n{@lz->vWeJoobck7MTl9w6ReT{@aaU*ZP1e}nIrrPXnq8}PPvA?v z`6U0CmGQgD8%vLEll*?Z;y}S}-)+&UITJTlI`{atr)VB{UwSn({OzCa_&-VS-`Bpc zUjEnlAJdo6`v2eS?SCAv|8v|?j&I+$t?POBeOao{yYJ`O{9pf9)&F~5Uw3YT&bO_T zSSA-FaO`=ohFSK(%}K>}U$;pz=^35NGGEhq?*I3Mxy}c28~3LkGrJyBe3q~N-{<-A zKbPD8eHnPu?vUBziKnOO-ZorsU*gfH+xGj$r~Ut4@0a_i|NoPI_5Tm;_BN)|{`N9d zKi$6X>)M0%e=pnfMpUh-6Id-@^Ye84JGKwK`ZW)^WjQsRM3TNwRhhx^^MCJw$UnY} z^A$akpT6dKTFKnN|8&lj%~97*cSV|?zW2-i|7Ux7sqET^>+8O*e*FKj{lCX^RwjJBulq7@&$qJ? zU#G75{rmp^e-C!w|NE|C>+x6C7kby%Jk`GYLihnF9Nn7~9ixQ4+&y^e&4Tm2O!MQ@ zKT2+wj@p^fJ>}kH*XLh>B5+JJnYgK3zZa?Jnoa=f{5*G}v35x7A5_FLPS;VgJrQpH9mQ zudFN4`8M<8?)c8H{GWb3xc~p}eQN{#T`v|LJgGk4rsDVQ`*uH0xZ7Q7+?8^2Qr?{M zdzH=I`ulcF&J%mRRZ33USa89b{iTdc8A2F1C#ZQ9hB6&4VxJwbdEq8aiNL0*DiTrq z@63LBdST?>y^nTpm;UuWR_XcfxWc2N{lB-@|K5I=>0PkV&g#^ney#xdo|yk%PHC@~ zIa1E=)N@e3{^#j~lIe3UGWs48WHMCxI(JU}17>-NIo0oW-mMmR7(D-1i28E|_oitK zsefx(UkEe&sAZ~oS3F;P`o&2P^6EdU9QgGxqqeSbzv73VUm||>J(;_|Z|eK0oVCGg ze!V$g_ib~0fBiq_KV|Gy9+w)WC-I#4pI`TRHebp4|L6bzIsf32x4!J3C+hYu5B&YI z+}^h0{_lI{7N5@;vlnv8atbhUu3!{8>7%`_Bt^`&*55UoN`y-}}&J&eLc6?Z!cM`=2NK7}DpK zhJBwojb+VV{r^iDCJP<-UjNK^{>wf~mfcPUT`Y$a!ps)eeZ2mZFO7N56@JI{Tm1O+ z-;2FCd46dcf8P{&hb%^p3YH%a*zIqe+}@dbRn6?liw2fAyYGEnckaKmhoZmz$0NeK zpEv${EdPH8H;-Vu^#{wxw(l$b-I?AmWN~fsWOn$sKZ$|sfrX$j=LB`F!k_W7oNBCd z_<0UwJ(K3ub(|G4@!wzN-~L@K@)8XCoDJ90n3n7Bc+kZ6N9y^UV!!l*+fwH4Nl#+e zJgvt*L%QR)gi3%+hu{w8^PPe&e^qYVX)sK0U^&ss66d@wkY$E0gANnJevSr~`tRlS z<+4I1&;QqZbBZy3ShvOMOZ#m1bMkTt-@4x0Sw5)IHT|kR=^U?+ZMpEVNf7}-J6=zC z@b`UvefnQd#@!G4L)DF6bR77^TJi0n)9_to1mCPdbIGdyo#;h0hz+@$`0zM`Y>7Txuio<7L7{bM!B?$Dv> z%=50loA@B-cf_lC`+whk-}nD|{om{QtY1z?YVOxk7fn)jH zvZ(F+zqN$6m^SQ8VR+2Zz;dp2_Q~qJKPnPT_f4HnT;BXvEIvx!&i%mr`kSfKWoL8# zuQ{;GI{jzc_^=@XaSeB$|D;NS=QpJ`j!#2?n$HH&=n|2EmF zEaCQkg+Q4HmhS@}ss8-t%qYMZxPx7VLG8kGVTMWnqz>qdu2}Qf&9{lICeS*2`YO&l zS$B8W{LtWj&(I%QZ};-nQnmXn-Y5U~FH`<1`@yq+7vr313@N)k6ik`j1QoCDapYA| zxX<9Mrst^h;P;X)2DYZ_DLnfQ|2wr-LoBe{ncsHHZT=5}53dCKzx_6IRiZmnm~}8` zMGV6Yp@uHWjvkhd^2Mr-918y1znprtb}jS1usc@rewRMq`F8T)e0gtcGqLYKPyATA zhDYF!er9^6gZ=~VKQ}oVSR$vqba*ql;m_yKrVU4B6=r-FKcGIRz$u(pM(<|XWWP`S zR$1%8I;*ZG_QjOq949~ZIr zemx!d^yRe^y1980^8XrGVt2DYSe*29KJS6)lcK`dOTvzQYRH=rlB~uwgNc(ySjvLK}?H?kOb?x$4i_#jvKw5tX*{H5&!+8_q}-={aH0y8iX@z z*c!7~FKp9g=snGFOt67Vq49j`eRDY>9?k>5Ors;3V(o>uRx7>rXM1p;De@`r3$-gx zHrgDR9F=Uy>A)H#G$EB`gXo4(o`lmyjsB@J;-XBOk~j0WY_LCX>86r!l|hU>p!@p% ze_vylB`7rM3Pspwcp9u?u?c3lQO?MbP>_50)WhCpmM8TRUpD?*m#oHkla)a{WTVRD z=mX+EHVZOnm_{V-Y}m&%;a?YHgz5nv?=5R0v)F2w3sQEmE%6Pi%< zK;(zl{wWTufg3b-e4h0`Qc+1!o^?WDg}io&jfn4^N2M+s;~z+$c(C!kGgDafzWNZ> zf*6Jf$Ap~>EFb=QG_0{aCOwVCnN{Ft^z`?O{`%bddHB<-tsh^8r%$pH+VF25)098o zlN$oB+3PV&xHCNHRcd_D+Y(+W{=z}{;%ep)t_VY~ROUG0Enz$iB@Bw(|NSM`C~K%I zJ9smtWO+XLzm3I4o=M@$hN6nY6BoEMl>YKH`sgj-z#H3XmZ0a_v{N8qpQMBK|D_BZ z2_fCnuJq^xGf(5Ga52zmJTAg~;+x~Iz1OqvFbYg;Fzu54Q6qZDeBa03X7l|&&)!YG zrh7ZU<&oZmga0P-MMmUu*X?JD_*p-j@k^|Oro&M)j|sKqDiUciv!d6}-}KRfX@&!f zL|?Y@WN+h*vYct3|33~oaMP%vh;i$QV3q|;u1t6ReR<;IR#)kOCUVFC|ov`PAvuaE9)7Y@nsxv}T z6OODts+8wZ;Q8-o-SbD5rw(pvJhSzLz#7Gf%8)!amL(so93tPUu&iJx5MkWW#AV^U z;l9e|sy79^sYkUBYA~f7n$EEBzFjNJ6a~AIs%0Vtu7V9;nfO2@d>lg!c|Y+7<0L4wX(~W1c>wB&_69ME>nEQP*yNX=*Imek_Rl9 z0vJ^uSUGKY-OsXFaKWy$tZ1(Q6^T&h7s3g4k_=2?0ufvd3=Y|z2h5cjE!h_Zu5(B@ z{wYG@fsNYhhHrBu7(E5N8ehu3uW(!Yi`?x-el~I?GgIm!k5W|w1kH*O4nD%x~sWZd^(|Qz0`qC<-@;eERVGsa(N6+ z{rb(aVoh@EUS$ z*G{B|^Kc#$JdpDJV1DCz@8w-AfelNInnh(9!UQ@P4j8XsxUZL%>FIEbG3;rq5T8ZD zwqA`XeM>pz8dK(9VVJn2#bZgrk{MgR->WXa$?#yUxiV>@)w|r!O>EsQpdG-z@1B-2gQtvm2tt=XKCTTtG+E7Q+q4;e&}3zzLS|{gQ&EJWNo^4Qy^o4U_uC6 zL&aLADO@3IHm*>a(aWIw;BVZ{y30$BZ*)=F!N&RP=l>mQ6MnKatmS6d$LOH)U|+;e z&&f=meurLkW)b_lZTsHbN?}jYnKgU|Jd!7#D7VOWIBBqh^T|c`50Aw6SNyzWB);%< zN4F!>{mzi9x6CpbIvA$j6k%K;W!`La^ZO%>gBDC1nhLMo%b&Vxo#e|I*FW9tV=-zD z``69zxQgMKFvFy}#i|TKJnQejXR=iZP=2s{^_J*5nG0LBA~aRJ>t1@t-%1r&Gu<_q z^N8h#1I)X#7XBAJ@{@_>L%VEQgt-8BU>D2Pn#%H8jSAFfd->dvm>9abE4#x4D~t{x4#zWz}G^m|kRD zneX0|#(2_p;x!qwpApYz{#^AWkfp;_x3H=9!|i`N>|W#^_bI)`wjq0>L)DGx{|jvy zjHfoJt2)Fo`kXwmt26nj!@5g(JDC>DEO-z!VV5&U!)v3hyB37BytkBWVwn8pG#{VE zg9g5u*Bop@KlD@*E?&K7Ce7&fv;Nb4p#$H8C0xldJ09JddOhmb-T2IB z*3-|rHQ2o{X1xD?#>aa%dW`+68NLM{*z~W9QHyWIQJn*# zoL=XqcKMm?R2h^eRI6tY(8%nyNkVIWE^(8%{ z2?YnD7(?t6?q)GOkyXguz2mqC%ZZ1-Jj~;R>{%Xi2^e@R9r;zcZeoG`lHN96)pbu6F+IL}K!YhoX}Sob*R9)ca}IpJz0}9YVXhO? z%Z2aeOL3oMIL6v=^~9z9!X9^@uC{6l;byH`BQMDFQs%*ghTAK4H!{K9e|wXGu;hQcsYe(0u{7l0J|JeyEaBd; zi!mfp>we5@raz`1dYD!-m|YAFWzl;nevvtLf&0J6UDr>259VF3*tqccfjZH-0xLWM zj?Rx_l@VnKVm@!)RhZlNcNRlk>7DCWf4*BC|MOIMoN&15+_&eM_f_i@GXJvK*%*5K z-tlZ1#vd00#hte7{jm5z-u&#@s;6c#{R-LDWhKN=JB4XWtixZ?1N;8VPi5Nn$^KQC z0awhqULgg>f>ef@azVxkL9PnL%%a*iCRHT-*z=i5;I;bEbM+OIJM=zH*W0G@Agzl< zM{+0EAFh8~Z&sg`~Cj^pDG%J6c`T`IR2>=?OC;6;r2?K?K)4QrIPe|i*(Lf9of`i!f7e|cLfvx10Yot_?POo&7)FU144Z#P} z?mBGqXZ~Os#Z;lkwZVdA#nY?P7+C8J_h;SN`s-?VTitXYQ|~LPml^A|_Wr&e)a3O) z%!SS1^4bRz4p>ggRtb=t!g=Ctq?Qo_|Ai?{QX%#Y*98||GSN~LaF*KW63VLSsM-Cz zJEBu|T562&(Vc3iHt77TUUh&?ZNuj~MGw-M?mrLXV7zti`lbYiO(OdyFoo>hU6aIk z_x?4jO5Lfm{)BKXFM1p2-gNEz_iTp0A_bRt7Hs|ZZ>~d|dEpBW1&87|CTj+zrh`?H zdD2G|cl=D`xVq@vFGjs(E42G|a%wesOq&w^YlGWRAnm; z^yR;A`=34K>G@WM$en*YQ||wrp2GAlV3|V6<<6!95&wn4F7v-=tIfL0`FXld!xzST zPeLzTy7zK%sc0>e0-w;5D2u7w*49EFelPyTaGPzyE5;fA3^(p^uZX>~s!w5(&WF{d z%!LkDf9Q%=$1&V&@-vLsnworMq0-cCCyh*&RPf$l+y0>^-6r|NkK^|Hs&ytXzjHc} zFPad@c_Hpo2n$0@=`oAKeVg^Fa;`3jao+E|tbQSjLXh%|b4zcZ_B5EzP_U0hqFg)T zfK|MpoluCm!RmDfyC%wQxY}^))=n-i#jnnjv;@P2J=fHJ__Ex-_QRTV+tt$l?&og5 z%XYri+lWz7uiDoTm@{76^qQX#jb@$(RhyGjNuAi8Az*SxG;FJR!#Ol+c zSZ3w38C>4mkZQLiHia)G_0B7K29x>cU9b4+OjzP|a@(`TVQiXhIt{;X)PBFq?q7K- znC*PcGh^%5?j6T%-xbz7Hh3m^&`V!kaCwi}MA$#qI^l0W8D$Fa+E&C>Spj5KruI!ReKW*l%%S$Zk=TQ1_ zN-QhUv*3imsxvu$3`b7Q|IngdBKCiYx^3o%Ez51!Dl;<`uqQPHHF$CcJP7}w!5y)I zo8yP~k5hGA;Vc^U_thDVCLB*Ze5mxw0#)Z&rPv48ttuxfOwaXyzDy+e8s96a1~aw@ z4~84;a*S=Yy|Hf^D`R{fJ z?3?es;?w%I3GXlV*L`_#(!cK0gN^;QZ+ho5a!b4j}?>(|@+c30%y+-KF>dCBw7MxFJ#-mZKv zuB)ZaR(hzjg~@zhb-(Sm7k8Yd*6#HBE>-Z~>3D?rf-T1*@3*VO97>k^JY&DY0jD+l zyPUh1F{rJce{AbP=?h#jXY|S)Shdtv96J^DLu0}5+}o-_r5!t(Ufx-}V)w5VdMq<_ znI%e1g|9#OJZ*7%xxj3`1hM7ou5K1cikH3=C#^YO?Ca`ljB!ua?K}TSu;IVhfr*8e z{C>$APjzDGdb<10R-gaP4q+>Iue15K$Nu<_4tJZR4X@Yj)(da&VpjM4dx}*@i%}`j zyNeC>LDijZmaTI4_FFBBRbT%-s=q^f#yMHH-P)6U zOR_`b-mm}5e4zT(IR(9+%hYz>?Ok*^q+zGorhLOxt(j*^M60wCHoG=Rbu=)D?wOd^ zrC=e#v+DnB@#D|t=oI|)b16Qr^gX=jaCW(g`J?%}fBio!|L?;_mKoXi?l;A=cm$t1 zl+3`QFmv&N^{?+}-C#C2u%t;v|XyW@I z&E{jL{~L~g>79yud=`ZLJJW5!@S<+_0Wr=yE4VcGsCCr5aF)Mylu49j8&|<%r2{KO z)-`Pld$ighgvEjFZJ3VBkr-LMt-nIOXD{BCTfgVJ=Spb@e_!9y?Uk#$176Fua!k6< zGwWRSvgEhHVzYye%<@w(i``o57}FTn5Pq2LL%Py|xazl8S#y=jSt|a0o`0XUA*SWP zgq&=RK=&2Ze9X7kX6%@oWjH-G!2jUpSqJrYzqzzi6lZtV0W$Wlmx5aGuLf<8+9`K z;5xIl+g2D0|5(a!YyZ;1ntI*^%<>g#`|E1DvJK>uX1uaqFlpLc*5h~D)*ct@6v*Dl zaX?k4i<_f+x(K7&(|1>|M0`5`UwisC@0DwrLUvD`v0z>KYPEJVw-@o!;p?vk>70J< z{5O#4UwmC$Ig9$+)T`SV^4+5^&hGvy&KUP)k$9=4&FksARz6lXHR|AZ`TK}3D|l(b z@wnC{MdBWr9)c?uEt(|N`1iYL!kw=8+24Q5|IE_SV%)HuzplE_IsTvT3fIY6eI1NH ztgZ!Y&suw+K!%g+!?#B#y5x@t1?}>vea<&wY1mb+9F~mTMYeM84V(THUgH15#S{PI zka!v6>|1-+nq0`{uRP(rD|vz6xvP~-yY*Cy_uUIOt!sRuHaq8%>7-M01P*3@3twHo zS@-8QmW+ezmrZaDZcuWtug_n*zrlo4?NZBiu35S}FYk!pN^t7gwbN<+_O-$7fe)(h zRqNjV^;Y4f$m@@DQ$x3|o%Uwtf%&VyiZe$1SuFQ;g&!+Rp4UzeKi(C>ldSa%8^7o6 z{d#R~XjmzqqRjcS+qvd9DjxT;^VfZ7w!Z4bRQ!Ft}<~iOuIlB)d3D z164k)WL1^rAW)d5x~ z#f~IwpS(@jvX0svn`)3X3&W`vj6ir>vB;W zN0|$Aq?s(_*RK{0+1&1`d{Bw?fgMXjQuA4}+iR5jw3ZdSF@3(O?r{5!W$=^uYy9o3 z!U`|9a&ud=YA}82HW8h8n<-3iac)Y9z@j>auvL#)cCw14K4S6tqaM2A%Gy6GW-$pV z1pF2*`sQAGqW;y}%UwRjfenQ$D<YO@Su4-EgW&+vjMV&nKcC4~zV>^XBy~;q#OHldNlY`FZ!v6LQ^j#ToOSaqnO?)t z=<794>J?c&FrTlxSbetV-S?&-7Ar@^75)vcN?chsr6+})oMI$+uyfLVZhfb|di zm)_duy6B4km8E{A2a^OD1o%Q^qbIfqDKyp0^k4mDJx9RYjeci5H!)1L$qJn5e79<8 z?vg99xBo>+Y(MmC^DeVk^Rju}f6l9a(Ei}f*x+?dyFdMFjOf�f3Wz$7>`~IA!cyPH+NyxqU z>&uy$CS=`aQd!COVd8-%|HwQ+hTV}(!cVjsj=no1scs@9Ni#G20$(DU6=Jpg}p?hR4(5rO;Wf8Fd;*!{V* z@4$75M?W-E?gme=vMPTN%+eMxz2o|Op+4oNVnO9CEHkoSJvTOe=G)M5z}KkLoOg1* zcY6{Q)q3Gnrp&g+b#P)raSHE=8{<1 z;^2RL&4P_$zA`qeKSf>(*jxB5(&f{w5C3dqc>-8wWZo=S{1k87c;bb{$~j7W+m9c5 z`l&SZgHwmY*A))C8%#7AC9XShZ1D1$y4vkjIJe-n9-q64I`>q<_WOz?w0~iLBWC^~ zwA(p!fuZHETa5mkIj^T%zTWQFo1DsXUDTk&^U*QP@4y4;7$xBhDt zIPf>QCvvKVjd0dHG zTNyhIuh{l~VJ`6HR%B{kkx*%OZGQmMj`lNWjly=n&CTEaY+7{Q&b(8z%DErE7q9=* zapJP^p-bZG<@O47KdQT&JPwG?kl>c*Sa5^U!*0Ut@4gPc1m=>#RX(+AqNJz?k zUAO0IcmATeGfX%cCwOiz+Lgb{OJQlm#DnpI2R>Sze<-?lZuO=BwvxYHR*j}hzjX%e z*SGi+y5XsPiE4+Ld2Y`FJ*T}pj!I8r*v`dyZP(wo`TOHuU7M};>8{zOeT+M4%*jE|OoHP-cT*rhXJMRhSZ!&Bwg%edu=g|9~IYb#VY9rse6=xD%_;h3i?}Tji1+A_NPbdkH`mIMwXR#B(^$pJm*jFT@ZEAv`$R$)v+0Ortau$ zy6USu!Tmy1xsa)UM}oHOnoCvt@2-yj`ug;LC(#4CE_w4dRvo*wea}-}^Bs?6-|vW= z^5EafG+V2z4|6uu?~gc`sCX!_Gs6EA<9{c|6<*u;PH4?w73>PoRJ;(u_i|0Ql5dlz zBgZO+niPQ>iVX`^^GY?wWGxDG_5gnj~^5Xp<@HSC&vGmsQfCmiF^!PGM+R&)EEPN#orA`5Xne|Li}w zHox}u*>@$&t#ieNY_!;auZj4!Z)St@r_|%my#3A|nJfD2pI22xrTx!MGOMDG6=__v zG89&F3hhBAMdZ&PwxDzq&Gnsk6=KWZ>@o6Mes*L1gtM2d}Wb z3@1*B1~F?c+|dvf=%kwPJnDJ7%^d~j1cg(l#JVOlc(0AuXHDCEFaB+uF>8IdV?!6? zj)twq*Y^KBo4@a6ZeH>1->#fxyT0#z|91;ZyME^xd65f!J+AX-F^paU8n>~yUAS|N%iA~2MjGO?wLiDnOf|gP zyP%8X@ss^q>+Ww9VAWu{WAxy@+G9RR>HDw3w(mM0mA!WB-?{H=p5NWXv@LyA!uqaO zdAaPmaK9&KYF<`ueAfTuN&W3f2To4jp~S#lekjDD=Rr$EL9ABnI>(<=W_{S+(P+_; za7ge#O7;>529~VZK58$&%Cpza{uTPApCLxfK>KOx))QWvL|Zh(U$48pcgxS3-AB5A zI4sUO;jbDhanvq})2k_GE!UZ&->*B}apHVnXSDsqj?!aRlI7=a*nB)tmc4H0Grhp3 zPlwz2L$?-4J?i3cA4+MCF2)fYY| zxZCn==)S+RZ4?=^OY?dftph%-yZy=X|E?P;YCqpc*K0cL%inZ#!Nar7w=5Q%W-+>U zdPnv#vDIt0-D+OUvU}bBf4|P(E4l3Z{p6+R2VYLK)?(Oay~f^r^5=tdZX6A4@}B5m z*uHg>(nURPacPUl#zn$c+)|lVIK`HwMsH+#z$<+2Q5S=zk8g0pF2=`89`tAbl1Tr% zZ?+Pr*J}$|`-Ig~xh;RamNJfgdOApwqdal`xutrw(-m*rSJ}5ersuC-3&S0Ul?SAL z{x54f*yC&TPFg5OUdRU2pQ+CC*bwjW;g}s~lB9fh{2rf#kg3+1ep_7w8Ml_GcQ9OO z(3-($L>eQ!w=Qm!vY7=@O>)`y;vinZ# z`g?P_ZgZjJ&gjP;tgQPdN7a8#IWwK1rGZOFpMy8nabm({n|oP7LL6B<*OdP*WV*C) z*Oo4+09LOCj%|0GyjdozXvnxST(eopypmyJU|syj`}Q<+GY&Qq$?IP7zL@S#p-b8b#N#<8!Z^Snxz!iEZC= z!RFf=g2Gq|SPhsWydy5MtXP^LtbIs)t1@Fl#D@#d{YvWhb1@0VURzwS zCVh=K=hk3$w8W>|wSiUBvF7Ke0|q(!Rc;jR6gt84R(p|hRt4$^OHr^TzebWXvxVa zzcMWOB;^UOW` zty8BjDJt8UA-=$f<>zKK?+2Uf#KTUk-K$s1Qpb2-NMV|hY`ou7UuePEzwURR9{O_4$ z)bDH8UYS3B`zT%Uz!4RXjT!rY{4{5~vH0rkrt-sj+ak%`vA2DjqB z^8TucbyYnPD!!uI<@uxE*KVCTz`Us7op;IgJ7(#&bMIO0`&x63@ww!E zqxA9(2ic@;$~~H#g>J}B_W1tA;J1~^ie;Xc)YTlCf*4-Lc{ecak6~cyV4RZh`p~4E zUiGCi;m6;v*j1nX*R|nQ`ikh?SC6jy7QVXt-s-e~srCoNE#?V-wqOtA&&hMxz+NKh zX#XR7diCr7T88}1N3=KJ&wqaByjT9wf1FD4lk?tHvwyLE{%R#}asHyxO)h(@!u;~Z zn9lsU-B_G*JjP=~b5fwkhH8%wpJD_*i>sV)EcXgfS-^5h@g}4A1@#8cY*B^Rujg{l z;AgxQ_I_tWe8VO)t_5rkYX$s{9qQd!x3zl}|CBS+_1#zea`bFj@y#;yT$JV#zP~5# zSHGUL`{7jk`cu_)fN^uy%=jKYwGYQP=LYHPa{k%oR#r zGi~9H?HVjIR$DtX-JPHiexXOzv1!NYRJJ>e2Cml`W_dDdID4JF{F3Wc%z-6b2J%b{ z5)5mm{ppTmX}M-J;eZ3j#JyKSS83c`TeNP^{pXD_*ZnvA$eN(};kNf-2Kf#DWrY6f zt*CX7o5a&kIj~Gx_m}#J3-ptT^uX^G})L?Pr`z%+ExqC-=U2E>>kL zKAAyyqQdG9SmS^wbik=; zf7h?ym(Ks<{Wo(C^OUQrm;)Fu^|JKsd?#>kS6i0m`qR&ka<7^5Wwp|@H|DVy>(ANM z&;Rm)o$+_~%+=jNC06E3td#GUR~bzR7HXE6@9-tJaAy9AIq#-#bYB-yl_d9m#+0hr zd-696lr+~o+cxw4)y++-PqzP$H({Nj>$)fSUV!LfKTfBn=U+VquGK9FIC`e}utD<(8tT^)Nxf5J6U`%-P0 z%(cmDw*82DuxWn8+pC4T(^Be8$%zyMh->c{NFrQOUuWL!XK&YktwCXsA{|*fH*3+uf@>D+FYp9KCuv2|7ub|!f z&chp}*CLc$`x7j7Ev#U8Q1J9+Bb)hT!Na-RNK*Vz+4wc^3`jUV2(+r$eWVExm7d~S@)|GyI@ z4z(urd`5`u|@` z>tpkZ+vZMh^w}yF)LY&5f3~y#`PcquHTFkddDiM#*($#}amkV z{}9~x?l5SZiZk<%*Ty&3pR8~_=574#L`BrGb&}R8ck)*-)H3O0iCu{Lzh{a=*@F2B z;Wzgw+P!4Q__PLRP`}Q~FzpoFm zZ3=8&&HP4G@z8mvmVEX%`sp=h{r0iS{r0S1G!7hP{HGk)!#!DV-t=E5ZWgw`_dfh~ zxAJH8Wyc@wi1-x<+P-i*uWa+|y_O5)#SZYFW05yusr{c5KW}6Cv2LR>`KJFna>`Ft zI2@ZMS!Moi#zEGYe69c&iL3qrhK|qqF8No$J}ZN8xYXY0m?%vKed{A8(1j7UHr>B0=w({kq5LbH0X`1(e%%f7R!GF`fO3 zJo|_BM?cw1dhhQjO06+@oGdy0hT5h57L1Qv3x(zT`u7`XmDh39`JH>;bK>vIozEUU zIq}!pnBD#J>z4=YY>JCLp6p#C^FXI|e$VujJp~ybRsOG(>_1--a_n&1gZt{y#d{Ku z?UMXu#oDNC!=~}!xmVNLi3*>-?GSiqsd(sKV9WI*T=(X9e7_NKbmhyr_3<^2Cz`USarmLoWsPg1}$>OfRM@-={>PkerU zj6n82gM$xRJDGd9nZ8Wg^ZZW_KZA|lyEP5}_D%TxWl4@Y`;YQv4rM-n{@i}_od3Mc z9>c~vubKX={`pm~!Cw8mt?lEJk~M#mjmpj`{Nz8Q@ca9@36+fT#_QL;+w@O#7VDRT z^R+p*o#M=&|KjUL#lxE?ZQ7%9@Z9Rjmt@k49*Oy#ZP~lsBfvZ+?eF3EH?z)t?c`Qt zIM5ht-qN=}Uh4lnM!D1P82aZ=n>P1w`0|-g?+ARk!?N+Y%f@rl7O`I0-1FpN`ms&t zPgLJKedzO#yA0=l-<$g2-HsJ^0t>6%S$>$izT-dlbDvq*{`zML`_Hh}`(68fg5ig8 zRfD}!KWiobS%t4nwqo_`6+cL)Ykx}rc|g4R<-5GK^%q|=JU%ernDf)Ix5j0>pXbj^ zcz)C~m#-sKW*T=$|G6WYRV6AO8=n@HHboiv`WVa=J-AYf^}Or9)4NuuG5lCk>#h7+ z<*!wP`qtMB{1aqvysWLMzw+|Too8Qb83VJ*s@{D+T|Qq*ysYS$XXQVZN%IP0JZeg| zxj*}<{Au4|;XATIQ>`_!$`gvdgdaQq{&7w5z3Q|r4U+@YOl>ucz^KKQ3cYQTg-B~ z?%mO=TT&0YHkDmnzxU&m|H|JP_A52~SE>88n)8HS;zMIbIf47iy56#nr^sCQ{CNF+ z*H^ju9)E8%RF)i@SW|H<`tz@clI?1f>@99zXZ;Y)Y-6dOpXq zO1_}j@mk~$jRWSVK3{tMRrxdjmQI)c}pk%6e}q@|A_mCH0ux77FR__CT*1+XHF$-3qG~>?O#^sHogxc(PF#> zl@*hx?KM;n3H-(Q^S`L%@3blW_l^IbS9w{>{hrzH($Avn$y3&xXa695oKY3E`)Gvi%ax3jt=0Ch{{9tmFMW+7#dr?1n zg+2tj%n0F}Hd%r3`o+#=u2+|RyKTzd!#sZa6=kCAaLtLxC;Zz`K5ly&U)Pn&a(rVJEZEoIgKVSI&An z`^syFm(xvrtkP7@Zi>3rf9W`*9)J2ne~EX}53JKdrs(O;?p_l8Ttal|dX}0PErUlt zcTQk1=s&lCXb_?r;^Ix~*=?KA{hs4RfEY-8`|u zRI7Vah{C1>mkP%=sa+5M+Zsj5?-MwnyJ`(fjgW}=k9#vc5|*BR)ZP)j%azyViT^2u zr)~dj!yTjJFQsq(z;wr|YX7BeL6^ii-o@D4^|7ohJGd@xHbEb7Nso=-XP z*VP+U&uumOk)oYgb?@CIN71Ybo9PR3RUd3V`>*%O*J&)%EEv;Sc?8$g-nTp4#HqRc zYenjXGG)g6jeLte5*S^s@(8Y}jAmQP#SwTo`TY7VACAuYD}AzV!hsD6NeWF{^O+TU zs{WYAM(v&WV5<|~Vvm4m?}dLa)}QCHoUnh|+<*1kpZ9D&rav)@fq{X+)78&qol`;+ E0D3FrYybcN literal 0 HcmV?d00001 From f9357612af9660968d57947e8e4b303c7e0536ea Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 4 Nov 2010 23:09:01 +1100 Subject: [PATCH 04/16] Zip support --- post.php | 161 +++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 108 insertions(+), 53 deletions(-) diff --git a/post.php b/post.php index 94b80f8c..e4303fca 100644 --- a/post.php +++ b/post.php @@ -74,8 +74,13 @@ $post['filename'] = $_FILES['file']['name']; $post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); - if($post['has_file'] && $_FILES['file']['size'] > MAX_FILESIZE) - error(ERR_FILSIZE); + if($post['has_file']) { + $size = $_FILES['file']['size']; + if($size > MAX_FILESIZE) + error(sprintf3(ERR_FILESIZE, array( + 'sz'=>commaize($size), + 'maxsz'=>commaize(MAX_FILESIZE)))); + } $trip = generate_tripcode($post['name']); $post['name'] = $trip[0]; @@ -91,7 +96,8 @@ $post['file_id'] = rand(0, 1000000000); $post['file'] = DIR_IMG . $post['file_id'] . '.' . $post['extension']; $post['thumb'] = DIR_THUMB . $post['file_id'] . '.png'; - if(!in_array($post['extension'], $allowed_ext)) error(ERROR_FILEEXT); + $post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; + if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT); } // Check string lengths @@ -102,8 +108,6 @@ if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); - - markup($post['body']); if($post['has_file']) { @@ -112,6 +116,11 @@ // Move the uploaded file if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); + if($post['zip']) { + $post['file'] = ZIP_IMAGE; + $post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); + } + $size = @getimagesize($post['file']); $post['width'] = $size[0]; $post['height'] = $size[1]; @@ -132,7 +141,7 @@ $image = createimage($post['extension'], $post['file']); - if(REDRAW_IMAGE) { + if(REDRAW_IMAGE && !$post['zip']) { switch($post['extension']) { case 'jpg': case 'jpeg': @@ -156,7 +165,6 @@ // Create a thumbnail $thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); - $post['thumbwidth'] = $thumb['width']; $post['thumbheight'] = $thumb['height']; } @@ -167,54 +175,101 @@ sql_open(); mysql_safe_array($post); - if($OP) { - mysql_query( - sprintf("INSERT INTO `posts` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", - $post['subject'], - $post['email'], - $post['name'], - $post['trip'], - $post['body'], - time(), - time(), - $post['thumb'], - $post['thumbwidth'], - $post['thumbheight'], - $post['file'], - $post['width'], - $post['height'], - $post['filesize'], - $post['filename'], - $post['filehash'], - $post['password'], - mysql_real_escape_string($_SERVER['REMOTE_ADDR']) - ), $sql) or error(mysql_error($sql)); - } else { - mysql_query( - sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", - $post['thread'], - $post['subject'], - $post['email'], - $post['name'], - $post['trip'], - $post['body'], - time(), - time(), - $post['has_file']?$post['thumb']:null, - $post['has_file']?$post['thumbwidth']:null, - $post['has_file']?$post['thumbheight']:null, - $post['has_file']?$post['file']:null, - $post['has_file']?$post['width']:null, - $post['has_file']?$post['height']:null, - $post['has_file']?$post['filesize']:null, - $post['has_file']?$post['filename']:null, - $post['has_file']?$post['filehash']:null, - $post['password'], - mysql_real_escape_string($_SERVER['REMOTE_ADDR']) - ), $sql) or error(mysql_error($sql)); + $id = post($post, $OP); + + if($post['zip']) { + // Open ZIP + $zip = zip_open($post['zip']); + // Read files + while($entry = zip_read($zip)) { + $filename = basename(zip_entry_name($entry)); + $extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); + + if(in_array($extension, $allowed_ext)) { + if (zip_entry_open($zip, $entry, 'r')) { + + // Fake post + $dump_post = Array( + 'subject' => $post['subject'], + 'email' => $post['email'], + 'name' => $post['name'], + 'trip' => $post['trip'], + 'body' => '', + 'thread' => $id, + 'password' => '', + 'has_file' => true, + 'file_id' => rand(0, 1000000000), + 'filename' => $filename + ); + + $dump_post['file'] = DIR_IMG . $dump_post['file_id'] . '.' . $extension; + $dump_post['thumb'] = DIR_THUMB . $dump_post['file_id'] . '.png'; + + // Extract the image from the ZIP + $fp = fopen($dump_post['file'], 'w+'); + fwrite($fp, zip_entry_read($entry, zip_entry_filesize($entry))); + fclose($fp); + + $size = @getimagesize($dump_post['file']); + $dump_post['width'] = $size[0]; + $dump_post['height'] = $size[1]; + + // Check if the image is valid + if($dump_post['width'] < 1 || $dump_post['height'] < 1) { + unlink($dump_post['file']); + } else { + if($dump_post['width'] > MAX_WIDTH || $dump_post['height'] > MAX_HEIGHT) { + unlink($dump_post['file']); + error(ERR_MAXSIZE); + } else { + $dump_post['filehash'] = md5_file($dump_post['file']); + $dump_post['filesize'] = filesize($dump_post['file']); + + $image = createimage($extension, $dump_post['file']); + + $success = true; + if(REDRAW_IMAGE) { + switch($extension) { + case 'jpg': + case 'jpeg': + imagejpeg($image, $dump_post['file'], JPEG_QUALITY); + break; + case 'png': + imagepng($image, $dump_post['file'], 7); + break; + case 'gif': + if(REDRAW_GIF) + imagegif($image, $dump_post['file']); + break; + case 'bmp': + imagebmp($image, $dump_post['file']); + break; + default: + $success = false; + } + } + + + // Create a thumbnail + $thumb = resize($image, $dump_post['width'], $dump_post['height'], $dump_post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); + + $dump_post['thumbwidth'] = $thumb['width']; + $dump_post['thumbheight'] = $thumb['height']; + + // Create the post + post($dump_post, false); + } + } + + // Close the ZIP + zip_entry_close($entry); + } + } + } + zip_close($zip); + unlink($post['zip']); } - $id = mysql_insert_id($sql); buildThread(($OP?$id:$post['thread'])); if(!$OP) { From 7b43892527e7cfdd86c3b8d451a21939e5982508 Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Thu, 4 Nov 2010 06:35:59 -0700 Subject: [PATCH 05/16] Support for site-instance specific configuration in instance-config.php --- inc/config.php | 110 ++++++++++++++++++++++++------------------------- post.php | 3 ++ test.php | 3 ++ 3 files changed, 61 insertions(+), 55 deletions(-) diff --git a/inc/config.php b/inc/config.php index 13c8e9e1..43f4a449 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,104 +1,104 @@ Your file\'s size: %filesz% bytes'); - define('ERR_MAXSIZE', 'The file was too big.'); + define('ERROR_LURK', 'Lurk some more before posting.', true); + define('ERROR_BOT', 'You look like a bot.', true); + define('ERROR_TOOLONG', 'The %s field was too long.', true); + define('ERROR_TOOLONGBODY', 'The body was too long.', true); + define('ERROR_TOOSHORTBODY', 'The body was too short or empty.', true); + define('ERROR_NOIMAGE', 'You must upload an image.', true); + define('ERROR_NOMOVE', 'The server failed to handle your upload.', true); + define('ERROR_FILEEXT', 'Unsupported image format.', true); + define('ERR_INVALIDIMG','Invalid image.', true); + define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); + define('ERR_MAXSIZE', 'The file was too big.', true); // For resizing, max values - define('THUMB_WIDTH', 200); - define('THUMB_HEIGHT', 200); + define('THUMB_WIDTH', 200, true); + define('THUMB_HEIGHT', 200, true); // Maximum image upload size in bytes - define('MAX_FILESIZE', 10*1024*1024); // 10MB + define('MAX_FILESIZE', 10*1024*1024, true); // 10MB // Maximum image dimensions - define('MAX_WIDTH', 10000); - define('MAX_HEIGHT', MAX_WIDTH); + define('MAX_WIDTH', 10000, true); + define('MAX_HEIGHT', MAX_WIDTH, true); - define('ALLOW_ZIP', true); - define('ZIP_IMAGE', 'src/zip.png'); + define('ALLOW_ZIP', true, true); + define('ZIP_IMAGE', 'src/zip.png', true); /** Redraw the image using GD functions to strip any excess data (commonly ZIP archives) WARNING: Very beta. Currently strips animated GIFs too :( **/ - define('REDRAW_IMAGE', true); + define('REDRAW_IMAGE', false, true); // Redrawing configuration - define('JPEG_QUALITY', 100); - define('REDRAW_GIF', false); + define('JPEG_QUALITY', 100, true); + define('REDRAW_GIF', false, true); // Display the aspect ratio in a post's file info - define('SHOW_RATIO', true); + define('SHOW_RATIO', true, true); - define('DIR_IMG', 'src/'); - define('DIR_THUMB', 'thumb/'); - define('DIR_RES', 'res/'); + define('DIR_IMG', 'src/', true); + define('DIR_THUMB', 'thumb/', true); + define('DIR_RES', 'res/', true); // The root directory, including the trailing slash, for Tinyboard. // examples: '/', '/board/', '/chan/' - define('ROOT', '/'); - define('POST_URL', ROOT . 'post.php'); - define('FILE_INDEX', 'index.html'); - define('FILE_PAGE', '%d.html'); + define('ROOT', '/', true); + define('POST_URL', ROOT . 'post.php', true); + define('FILE_INDEX', 'index.html', true); + define('FILE_PAGE', '%d.html', true); // Automatically convert things like "..." to Unicode characters ("�") - define('AUTO_UNICODE', true); + define('AUTO_UNICODE', true, true); // Whether to turn URLs into functional links - define('MARKUP_URLS', true); - define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '([\w\-]+\.)+[a-zA-Z]{2,6}' . '(\/([\w\-~\.#\/?=&;:+%]+))?' . '/'); + define('MARKUP_URLS', true, true); + define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '([\w\-]+\.)+[a-zA-Z]{2,6}' . '(\/([\w\-~\.#\/?=&;:+%]+))?' . '/', true); // Allowed file extensions - $allowed_ext = Array('jpg', 'jpeg', 'bmp', 'gif', 'png'); + $allowed_ext = Array('jpg', 'jpeg', 'bmp', 'gif', 'png', true); - define('BUTTON_NEWTOPIC', 'New Topic'); - define('BUTTON_REPLY', 'New Reply'); + define('BUTTON_NEWTOPIC', 'New Topic', true); + define('BUTTON_REPLY', 'New Reply', true); - define('ALWAYS_NOKO', false); + define('ALWAYS_NOKO', false, true); - define('URL_MATCH', '/^' . (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . '(' . preg_quote(ROOT, '/') . '|' . preg_quote(ROOT, '/') . '' . preg_quote(FILE_INDEX, '/') . '|' . preg_quote(ROOT, '/') . '' . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . ')$/'); + define('URL_MATCH', '/^' . (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . '(' . preg_quote(ROOT, '/') . '|' . preg_quote(ROOT, '/') . '' . preg_quote(FILE_INDEX, '/') . '|' . preg_quote(ROOT, '/') . '' . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . ')$/', true); if(!defined('IS_INSTALLATION')) { - if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG) or error("Couldn't create " . DIR_IMG . ". Install manually."); - if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB) or error("Couldn't create " . DIR_IMG . ". Install manually."); - if(!file_exists(DIR_RES)) @mkdir(DIR_RES) or error("Couldn't create " . DIR_IMG . ". Install manually."); + if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); + if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); + if(!file_exists(DIR_RES)) @mkdir(DIR_RES) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); } -?> \ No newline at end of file +?> diff --git a/post.php b/post.php index a52de611..f6615ef9 100644 --- a/post.php +++ b/post.php @@ -2,6 +2,9 @@ require 'inc/functions.php'; require 'inc/display.php'; require 'inc/template.php'; + if (file_exists('inc/instance-config.php')) { + require 'inc/instance-config.php'; + } require 'inc/config.php'; require 'inc/user.php'; diff --git a/test.php b/test.php index 0cab3ac6..73a4a0d8 100644 --- a/test.php +++ b/test.php @@ -4,6 +4,9 @@ require 'inc/functions.php'; require 'inc/display.php'; require 'inc/template.php'; + if (file_exists('inc/instance-config.php')) { + require 'inc/instance-config.php'; + } require 'inc/config.php'; require 'inc/user.php'; From dd9f0bb91765c2f01bb07957cee232a380f4e5a6 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 00:44:55 +1100 Subject: [PATCH 06/16] Added a gitignore file. --- .gitignore | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..d877863f --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +# static html +\d.html + +# directories +res/ +src/ +thumb/ + +# instance-config +inc/instance-config.php \ No newline at end of file From 05dd518cb9ff2788f8b8d5dfc15ae511f7df7729 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 00:46:14 +1100 Subject: [PATCH 07/16] Fixed HTML files for gitignore. --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index d877863f..8108863c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ # static html -\d.html +*.html # directories res/ From ad4d8ee0db2d1833a368ebee2099898cf251af97 Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Thu, 4 Nov 2010 06:56:21 -0700 Subject: [PATCH 08/16] Converted readme to unix line endings. Added part about instance-config.php. --- README.md | 91 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 46 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index 3c9a6bf3..fd4e0f3b 100644 --- a/README.md +++ b/README.md @@ -1,45 +1,46 @@ -# Tinyboard - A lightweight PHP imageboard. - -## About -Tinyboard is an imageboard software package written in PHP. It aims to maintain a stable, fast, clean and user-friendly engine for imageboards. Development for Tinyboard started in October 2010 and the project is being lead by [OmegaSDG][o] ("Omega Software Develop Group"). You can contact the development team over IRC at irc.n0v4.com #tinyboard. - -Tinyboard is not currently at a stable state. - -[o]: http://omegadev.org/ - -## Installation - 1. Tinyboard requires a MySQL database and a user to work. Create one. - 2. Import 'install.sql' into the database. There are several ways to do this. - - using phpMyAdmin - - `mysql -uUSERNAME -pPASSWORD DATABASE < install.sql` - 3. Edit '[inc/config.php][c]' to suit your installation - 4. Make sure that the directories used by Tinyboard are writable. Depending on your setup, you may need to `chmod` the directories to 777. - The default directories are: - - ./res - - ./src - - ./thumb - - . (document root) - 5. Ensure everything is okay by running [test.php][t] in a browser. The script will try and help you correct your errors. - 6. Run the [post.php][p] script. It should create an index.html and redirect you to it if everything is okay. - 7. Optional (highly recommended): Either delete or chmod as unreadable the following files: [test.php][t], [install.sql][i], and this [README][r]. - -[t]: http://github.com/savetheinternet/Tinyboard/blob/master/test.php -[p]: http://github.com/savetheinternet/Tinyboard/blob/master/post.php -[c]: http://github.com/savetheinternet/Tinyboard/blob/master/inc/config.php -[i]: http://github.com/savetheinternet/Tinyboard/blob/master/install.sql -[r]: http://github.com/savetheinternet/Tinyboard/blob/master/README.md - -## License -Copyright (c) 2010 by Omega Software Development Group - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above copyright -notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. \ No newline at end of file +# Tinyboard - A lightweight PHP imageboard. + +## About +Tinyboard is an imageboard software package written in PHP. It aims to maintain a stable, fast, clean and user-friendly engine for imageboards. Development for Tinyboard started in October 2010 and the project is being lead by [OmegaSDG][o] ("Omega Software Develop Group"). You can contact the development team over IRC at irc.n0v4.com #tinyboard. + +Tinyboard is not currently at a stable state. + +[o]: http://omegadev.org/ + +## Installation + 1. Tinyboard requires a MySQL database and a user to work. Create one. + 2. Import 'install.sql' into the database. There are several ways to do this. + - using phpMyAdmin + - `mysql -uUSERNAME -pPASSWORD DATABASE < install.sql` + 3. Create an 'instance-config.php'. It should be a PHP script that redefines some values in '[inc/config.php][c]' to suit your installation. + 4. Make sure that the directories used by Tinyboard are writable. Depending on your setup, you may need to `chmod` the directories to 777. + The default directories are: + - ./res + - ./src + - ./thumb + - . (document root) + 5. Ensure everything is okay by running [test.php][t] in a browser. The script will try and help you correct your errors. + 6. Run the [post.php][p] script. It should create an index.html and redirect you to it if everything is okay. + 7. Optional (highly recommended): Either delete or chmod as unreadable the following files: [test.php][t], [install.sql][i], and this [README][r]. + +[t]: http://github.com/savetheinternet/Tinyboard/blob/master/test.php +[p]: http://github.com/savetheinternet/Tinyboard/blob/master/post.php +[c]: http://github.com/savetheinternet/Tinyboard/blob/master/inc/config.php +[i]: http://github.com/savetheinternet/Tinyboard/blob/master/install.sql +[r]: http://github.com/savetheinternet/Tinyboard/blob/master/README.md + +## License +Copyright (c) 2010 by Omega Software Development Group + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above copyright +notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + From 0296a7666f4e9fa2827edf6cc095fb05ad73440b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 01:02:13 +1100 Subject: [PATCH 09/16] Comments in configs --- inc/config.php | 15 +++++++++++++++ inc/instance-config.php | 19 +++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 inc/instance-config.php diff --git a/inc/config.php b/inc/config.php index 43f4a449..66b1e815 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,4 +1,19 @@ \ No newline at end of file From abc0cda57505b3040d8340e2d7e2d99edf55e354 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 01:06:53 +1100 Subject: [PATCH 10/16] ASCII art fix --- inc/config.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/config.php b/inc/config.php index 66b1e815..c29b1861 100644 --- a/inc/config.php +++ b/inc/config.php @@ -4,11 +4,11 @@ * .d88888b d888888P .88888. 888888ba * 88. "' 88 d8' `8b 88 `8b * `Y88888b. 88 88 88 a88aaaa8P' - * `8b 88 88 88 88 + * `8b 88 88 88 88 * d8' .8P 88 Y8. .8P 88 * Y88888P dP `8888P' dP * - * Do not edit this file. Edit instance-config instead! + * Do not edit this file. Edit instance-config.php instead! * * This is the default configuration. You can copy values from here and use them in * your instance-config.php From 512227eaa946cdafb82ca6640db9e68a12de01e3 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 01:08:01 +1100 Subject: [PATCH 11/16] ASCII art fix --- inc/config.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inc/config.php b/inc/config.php index c29b1861..4f38bb7e 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,12 +1,12 @@ Date: Fri, 5 Nov 2010 01:09:25 +1100 Subject: [PATCH 12/16] ASCII art fix --- inc/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 4f38bb7e..5e60f7e1 100644 --- a/inc/config.php +++ b/inc/config.php @@ -4,7 +4,7 @@ * .d88888b d888888P .88888. 888888ba * 88. "' 88 d8' `8b 88 `8b * `Y88888b. 88 88 88 a88aaaa8P' - * `8b 88 88 88 88 + * `8b 88 88 88 88 * d8' .8P 88 Y8. .8P 88 * Y88888P dP `8888P' dP * From 20a8dff1498749137521e92e80a234326f108bf4 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 5 Nov 2010 01:10:45 +1100 Subject: [PATCH 13/16] Removal of ASCII --- inc/config.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/inc/config.php b/inc/config.php index 5e60f7e1..ecd51761 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,12 +1,7 @@ Date: Fri, 5 Nov 2010 01:16:23 +1100 Subject: [PATCH 14/16] Informing instead of demanding with the "do not edit" sign. --- inc/config.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index ecd51761..fbbfaa74 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,7 +1,8 @@ Date: Fri, 5 Nov 2010 01:18:23 +1100 Subject: [PATCH 15/16] Shorten warning --- inc/config.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/inc/config.php b/inc/config.php index fbbfaa74..ce005839 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1,10 +1,8 @@ Date: Thu, 4 Nov 2010 07:25:20 -0700 Subject: [PATCH 16/16] Merge branch 'sti', remote branch 'origin'