1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-29 09:44:28 +01:00

Disable inline-expanding for non-images

This commit is contained in:
Savetheinternet 2011-10-01 21:43:23 +10:00
parent dd87c4d8f7
commit f228c07744
4 changed files with 40 additions and 15 deletions

View File

@ -336,7 +336,9 @@
$this->embed; $this->embed;
} elseif(!empty($this->file) && $this->file != 'deleted') { } elseif(!empty($this->file) && $this->file != 'deleted') {
// File info // File info
$built .= '<p class="fileinfo">File: <a href="' . $config['uri_img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' . $built .= '<p class="fileinfo">' .
'File: <a href="' . $config['uri_img'] . $this->file . '">' . $this->file . '</a> ' .
'<span class="unimportant">(' .
// Filesize // Filesize
format_bytes($this->filesize) . format_bytes($this->filesize) .
// File dimensions // File dimensions
@ -355,7 +357,17 @@
$built .= ')</span></p>' . $built .= ')</span></p>' .
// Thumbnail // Thumbnail
'<a href="' . $config['uri_img'] . $this->file.'" target="_blank"><img src="' . $config['uri_thumb'] . $this->thumb.'" style="width:'.$this->thumbx.'px;height:'.$this->thumby.'px;" alt="" /></a>'; '<a href="' .
$config['uri_img'] .$this->file .
'" target="_blank"' .
($this->thumb == 'file' ? ' class="file"' : '') .
'><img src="' .
($this->thumb == 'file' ?
$config['file_thumb']
:
$config['uri_thumb'] . $this->thumb
) .
'" style="width:' . $this->thumbx . 'px;height:' . $this->thumby . 'px;" alt="" /></a>';
} elseif($this->file == 'deleted') { } elseif($this->file == 'deleted') {
$built .= '<img src="' . $config['image_deleted'] . '" alt="" />'; $built .= '<img src="' . $config['image_deleted'] . '" alt="" />';
} }
@ -482,10 +494,10 @@
// Actual embedding // Actual embedding
$this->embed; $this->embed;
} elseif(!empty($this->file) && $this->file != 'deleted') { } elseif(!empty($this->file) && $this->file != 'deleted') {
// Image, not embedded shit // File info
$built = $built = '<p class="fileinfo">' .
// File link 'File: <a href="' . $config['uri_img'] . $this->file . '">' . $this->file . '</a> ' .
'<p class="fileinfo">File: <a href="' . $config['uri_img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' . '<span class="unimportant">(' .
// Filesize // Filesize
format_bytes($this->filesize) . format_bytes($this->filesize) .
// File dimensions // File dimensions
@ -504,7 +516,17 @@
$built .= ')</span></p>' . $built .= ')</span></p>' .
// Thumbnail // Thumbnail
'<a href="' . $config['uri_img'] . $this->file.'" target="_blank"><img src="' . $config['uri_thumb'] . $this->thumb.'" style="width:'.$this->thumbx.'px;height:'.$this->thumby.'px;" alt="" /></a>'; '<a href="' .
$config['uri_img'] .$this->file .
'" target="_blank"' .
($this->thumb == 'file' ? ' class="file"' : '') .
'><img src="' .
($this->thumb == 'file' ?
$config['file_thumb']
:
$config['uri_thumb'] . $this->thumb
) .
'" style="width:' . $this->thumbx . 'px;height:' . $this->thumby . 'px;" alt="" /></a>';
} elseif($this->file == 'deleted') { } elseif($this->file == 'deleted') {
$built = '<img src="' . $config['image_deleted'] . '" alt="" />'; $built = '<img src="' . $config['image_deleted'] . '" alt="" />';
} }

View File

@ -134,7 +134,7 @@ function rememberStuff() {
function init_expanding() { function init_expanding() {
link = document.getElementsByTagName('a'); link = document.getElementsByTagName('a');
for ( i in link ) { for ( i in link ) {
if(typeof link[i] == "object" && link[i].childNodes[0].src) { if(typeof link[i] == "object" && link[i].childNodes[0].src && link[i].className != 'file') {
link[i].onclick = function(e) { link[i].onclick = function(e) {
if(e.which == 2) { if(e.which == 2) {
return true; return true;

View File

@ -411,15 +411,14 @@
if(!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files'])) if(!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files']))
error($config['error']['unknownext']); error($config['error']['unknownext']);
if(in_array($post['extension'], $config['allowed_ext_files'])) $is_an_image = !in_array($post['extension'], $config['allowed_ext_files']);
$__file = true;
// Just trim the filename if it's too long // Just trim the filename if it's too long
if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…';
// Move the uploaded file // Move the uploaded file
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']); if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']);
if(!isset($__file)) { if($is_an_image) {
// Check IE MIME type detection XSS exploit // Check IE MIME type detection XSS exploit
$buffer = file_get_contents($post['file'], null, null, null, 255); $buffer = file_get_contents($post['file'], null, null, null, 255);
if(preg_match($config['ie_mime_type_detection'], $buffer)) { if(preg_match($config['ie_mime_type_detection'], $buffer)) {
@ -494,9 +493,12 @@
} }
$image->destroy(); $image->destroy();
} else { } else {
copy($config['file_thumb'], $post['thumb']); // not an image
$size = @getimagesize($post['thumb']); //copy($config['file_thumb'], $post['thumb']);
$post['thumb'] = 'file';
$size = @getimagesize($config['file_thumb']);
$post['thumbwidth'] = $size[0]; $post['thumbwidth'] = $size[0];
$post['thumbheight'] = $size[1]; $post['thumbheight'] = $size[1];
} }
@ -530,7 +532,8 @@
// Remove DIR_* before inserting them into the database. // Remove DIR_* before inserting them into the database.
if($post['has_file']) { if($post['has_file']) {
$post['file'] = substr_replace($post['file'], '', 0, strlen($board['dir'] . $config['dir']['img'])); $post['file'] = substr_replace($post['file'], '', 0, strlen($board['dir'] . $config['dir']['img']));
$post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . $config['dir']['thumb'])); if($is_an_image)
$post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . $config['dir']['thumb']));
} }
// Todo: Validate some more, remove messy code, allow more specific configuration // Todo: Validate some more, remove messy code, allow more specific configuration

View File

@ -134,7 +134,7 @@ function rememberStuff() {
function init_expanding() { function init_expanding() {
link = document.getElementsByTagName('a'); link = document.getElementsByTagName('a');
for ( i in link ) { for ( i in link ) {
if(typeof link[i] == "object" && link[i].childNodes[0].src) { if(typeof link[i] == "object" && link[i].childNodes[0].src && link[i].className != 'file') {
link[i].onclick = function(e) { link[i].onclick = function(e) {
if(e.which == 2) { if(e.which == 2) {
return true; return true;