是 vbulletin 中 admin/functions.php 中的一段代码。 其中的一个函数:function acceptupload($moderate=0) { global $DB_site,$attachment,$attachment_size,$attachment_name; global $attachextensions,$maxattachsize,$bbuserinfo,$maxattachwidth, $maxattachheight; global $safeupload,$tmppath, $allowduplicates, $allowimgsizefailure; $attachment_name = strtolower($attachment_name); $extension=getextension($attachment_name); if (strpos(" $attachextensions "," $extension ")==0) { // invalid extension eval("standarderror(\"".gettemplate("error_attachbadtype")."\");"); exit; } if (is_uploaded_file($attachment)) { if ($safeupload) { $path = "$tmppath/$attachment_name"; move_uploaded_file($attachment, "$path"); $attachment = $path; }
$filesize=filesize($attachment); if ($maxattachsize!=0 and $filesize>$maxattachsize) { // too big! eval("standarderror(\"".gettemplate("error_attachtoobig")."\");"); exit; } if ($filesize!=$attachment_size) { // security error eval("standarderror(\"".gettemplate("error_attacherror")."\");"); exit; } if (strstr($attachment,"..")!="") { //security error eval("standarderror(\"".gettemplate("error_attacherror")."\");"); exit; } if ($extension=="gif" or $extension=="jpg" or $extension=="jpeg" or $extension=="jpe" or $extension=="png" or $extension=="swf") { // Picture file if ($imginfo=@getimagesize($attachment)) { if (($maxattachwidth>0 and $imginfo[0]>$maxattachwidth) or ($maxattachheight>0 and $imginfo[1]>$maxattachheight)) { eval("standarderror(\"".gettemplate("error_attachbaddimensions")."\");"); } if (!$imginfo[2]) { eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");"); } } elseif (!$allowimgsizefailure) { eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");"); } }
// read file $filenum = fopen($attachment,"rb"); $filestuff = fread($filenum,$filesize); fclose($filenum); unlink($attachment); $visible = iif($moderate,0,1); // add to db if (!$allowduplicates) { if ($result=$DB_site->query_first("SELECT attachmentid FROM attachment WHERE userid = '$bbuserinfo[userid]' AND filedata = '".addslashes($filestuff)."'")) { $threadresult=$DB_site->query_first("SELECT post.threadid as threadid,thread.title as title FROM post LEFT JOIN thread ON (thread.threadid = post.threadid) WHERE post.attachmentid=$result[attachmentid]"); $threadresult['title'] = htmlspecialchars($threadresult['title']); eval("standarderror(\"".gettemplate("error_attachexists")."\");"); exit; } } $DB_site->query("INSERT INTO attachment (attachmentid,userid,dateline,filename,filedata,visible) VALUES (NULL,$bbuserinfo[userid],".time().",'".addslashes($attachment_name)."','".addslashes($filestuff)."','$visible')"); $attachmentid=$DB_site->insert_id(); } return $attachmentid; }
不好意思,再贴一遍function acceptupload($moderate=0) { global $DB_site,$attachment,$attachment_size,$attachment_name; global $attachextensions,$maxattachsize,$bbuserinfo,$maxattachwidth, $maxattachheight; global $safeupload,$tmppath, $allowduplicates, $allowimgsizefailure; $attachment_name = strtolower($attachment_name); $extension=getextension($attachment_name); if (strpos(" $attachextensions "," $extension ")==0) { // invalid extension eval("standarderror(\"".gettemplate("error_attachbadtype")."\");"); exit; } if (is_uploaded_file($attachment)) { if ($safeupload) { $path = "$tmppath/$attachment_name"; move_uploaded_file($attachment, "$path"); $attachment = $path; }
$filesize=filesize($attachment); if ($maxattachsize!=0 and $filesize>$maxattachsize) { // too big! eval("standarderror(\"".gettemplate("error_attachtoobig")."\");"); exit; } if ($filesize!=$attachment_size) { // security error eval("standarderror(\"".gettemplate("error_attacherror")."\");"); exit; } if (strstr($attachment,"..")!="") { //security error eval("standarderror(\"".gettemplate("error_attacherror")."\");"); exit; } if ($extension=="gif" or $extension=="jpg" or $extension=="jpeg" or $extension=="jpe" or $extension=="png" or $extension=="swf") { // Picture file if ($imginfo=@getimagesize($attachment)) { if (($maxattachwidth>0 and $imginfo[0]>$maxattachwidth) or ($maxattachheight>0 and $imginfo[1]>$maxattachheight)) { eval("standarderror(\"".gettemplate("error_attachbaddimensions")."\");"); } if (!$imginfo[2]) { eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");"); } } elseif (!$allowimgsizefailure) { eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");"); } }
// read file $filenum = fopen($attachment,"rb"); $filestuff = fread($filenum,$filesize); fclose($filenum); unlink($attachment); $visible = iif($moderate,0,1); // add to db if (!$allowduplicates) { if ($result=$DB_site->query_first("SELECT attachmentid FROM attachment WHERE userid = '$bbuserinfo[userid]' AND filedata = '".addslashes($filestuff)."'")) { $threadresult=$DB_site->query_first("SELECT post.threadid as threadid,thread.title as title FROM post LEFT JOIN thread ON (thread.threadid = post.threadid) WHERE post.attachmentid=$result[attachmentid]"); $threadresult['title'] = htmlspecialchars($threadresult['title']); eval("standarderror(\"".gettemplate("error_attachexists")."\");"); exit; } } $DB_site->query("INSERT INTO attachment (attachmentid,userid,dateline,filename,filedata,visible) VALUES (NULL,$bbuserinfo[userid],".time().",'".addslashes($attachment_name)."','".addslashes($filestuff)."','$visible')"); $attachmentid=$DB_site->insert_id(); } return $attachmentid; }
其中的一个函数:function acceptupload($moderate=0) {
global $DB_site,$attachment,$attachment_size,$attachment_name;
global $attachextensions,$maxattachsize,$bbuserinfo,$maxattachwidth, $maxattachheight;
global $safeupload,$tmppath, $allowduplicates, $allowimgsizefailure; $attachment_name = strtolower($attachment_name);
$extension=getextension($attachment_name); if (strpos(" $attachextensions "," $extension ")==0) {
// invalid extension
eval("standarderror(\"".gettemplate("error_attachbadtype")."\");");
exit;
}
if (is_uploaded_file($attachment)) {
if ($safeupload) {
$path = "$tmppath/$attachment_name";
move_uploaded_file($attachment, "$path");
$attachment = $path;
}
$filesize=filesize($attachment);
if ($maxattachsize!=0 and $filesize>$maxattachsize) {
// too big!
eval("standarderror(\"".gettemplate("error_attachtoobig")."\");");
exit;
}
if ($filesize!=$attachment_size) {
// security error
eval("standarderror(\"".gettemplate("error_attacherror")."\");");
exit;
}
if (strstr($attachment,"..")!="") {
//security error
eval("standarderror(\"".gettemplate("error_attacherror")."\");");
exit;
}
if ($extension=="gif" or $extension=="jpg" or $extension=="jpeg" or $extension=="jpe" or $extension=="png" or $extension=="swf") { // Picture file
if ($imginfo=@getimagesize($attachment)) {
if (($maxattachwidth>0 and $imginfo[0]>$maxattachwidth) or ($maxattachheight>0 and $imginfo[1]>$maxattachheight)) {
eval("standarderror(\"".gettemplate("error_attachbaddimensions")."\");");
}
if (!$imginfo[2]) {
eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
}
} elseif (!$allowimgsizefailure) {
eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
}
}
// read file
$filenum = fopen($attachment,"rb");
$filestuff = fread($filenum,$filesize);
fclose($filenum);
unlink($attachment);
$visible = iif($moderate,0,1);
// add to db
if (!$allowduplicates) {
if ($result=$DB_site->query_first("SELECT attachmentid
FROM attachment
WHERE userid = '$bbuserinfo[userid]'
AND filedata = '".addslashes($filestuff)."'")) {
$threadresult=$DB_site->query_first("SELECT post.threadid as threadid,thread.title as title FROM post
LEFT JOIN thread ON (thread.threadid = post.threadid)
WHERE post.attachmentid=$result[attachmentid]");
$threadresult['title'] = htmlspecialchars($threadresult['title']);
eval("standarderror(\"".gettemplate("error_attachexists")."\");");
exit;
}
}
$DB_site->query("INSERT INTO attachment (attachmentid,userid,dateline,filename,filedata,visible) VALUES (NULL,$bbuserinfo[userid],".time().",'".addslashes($attachment_name)."','".addslashes($filestuff)."','$visible')");
$attachmentid=$DB_site->insert_id();
}
return $attachmentid;
}
global $DB_site,$attachment,$attachment_size,$attachment_name;
global $attachextensions,$maxattachsize,$bbuserinfo,$maxattachwidth, $maxattachheight;
global $safeupload,$tmppath, $allowduplicates, $allowimgsizefailure; $attachment_name = strtolower($attachment_name);
$extension=getextension($attachment_name); if (strpos(" $attachextensions "," $extension ")==0) {
// invalid extension
eval("standarderror(\"".gettemplate("error_attachbadtype")."\");");
exit;
}
if (is_uploaded_file($attachment)) {
if ($safeupload) {
$path = "$tmppath/$attachment_name";
move_uploaded_file($attachment, "$path");
$attachment = $path;
}
$filesize=filesize($attachment);
if ($maxattachsize!=0 and $filesize>$maxattachsize) {
// too big!
eval("standarderror(\"".gettemplate("error_attachtoobig")."\");");
exit;
}
if ($filesize!=$attachment_size) {
// security error
eval("standarderror(\"".gettemplate("error_attacherror")."\");");
exit;
}
if (strstr($attachment,"..")!="") {
//security error
eval("standarderror(\"".gettemplate("error_attacherror")."\");");
exit;
}
if ($extension=="gif" or $extension=="jpg" or $extension=="jpeg" or $extension=="jpe" or $extension=="png" or $extension=="swf") { // Picture file
if ($imginfo=@getimagesize($attachment)) {
if (($maxattachwidth>0 and $imginfo[0]>$maxattachwidth) or ($maxattachheight>0 and $imginfo[1]>$maxattachheight)) {
eval("standarderror(\"".gettemplate("error_attachbaddimensions")."\");");
}
if (!$imginfo[2]) {
eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
}
} elseif (!$allowimgsizefailure) {
eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
}
}
// read file
$filenum = fopen($attachment,"rb");
$filestuff = fread($filenum,$filesize);
fclose($filenum);
unlink($attachment);
$visible = iif($moderate,0,1);
// add to db
if (!$allowduplicates) {
if ($result=$DB_site->query_first("SELECT attachmentid
FROM attachment
WHERE userid = '$bbuserinfo[userid]'
AND filedata = '".addslashes($filestuff)."'")) {
$threadresult=$DB_site->query_first("SELECT post.threadid as threadid,thread.title as title FROM post
LEFT JOIN thread ON (thread.threadid = post.threadid)
WHERE post.attachmentid=$result[attachmentid]");
$threadresult['title'] = htmlspecialchars($threadresult['title']);
eval("standarderror(\"".gettemplate("error_attachexists")."\");");
exit;
}
}
$DB_site->query("INSERT INTO attachment (attachmentid,userid,dateline,filename,filedata,visible) VALUES (NULL,$bbuserinfo[userid],".time().",'".addslashes($attachment_name)."','".addslashes($filestuff)."','$visible')");
$attachmentid=$DB_site->insert_id();
}
return $attachmentid;
}