! Fold in Subs-Attachment.php changes back into Display.php, ManageAttachments.php, Profile-Modify.php, Subs-Post.php, Subs.php

Sources/Display.php

@@ -1231,9 +1231,6 @@ function Download()
 		// This checks only the current board for $board/$topic's permissions.
 		isAllowedTo('view_attachments');
 
-
-
-
 		// Make sure this attachment is on this board.
 		// @todo: We must verify that $topic is the attachment's topic, or else the permission check above is broken.
 		$request = $smcFunc['db_query']('', '

Sources/ManageAttachments.php

@@ -834,6 +834,7 @@ function RemoveAllAttachments()
  * It allows query_types 'messages' and 'members', whichever is need by the
  * $condition parameter.
  * It does no permissions check.
+ * @internal
  *
  * @param array $condition
  * @param string $query_type
@@ -844,7 +845,7 @@ function removeAttachments($condition, $query_type = '', $return_affected_messag
 {
 	global $modSettings, $smcFunc;
 
-	//!!! This might need more work!
+	// @todo This might need more work!
 	$new_condition = array();
 	$query_parameter = array(
 		'thumb_attachment_type' => 3,
@@ -855,7 +856,7 @@ function removeAttachments($condition, $query_type = '', $return_affected_messag
 		foreach ($condition as $real_type => $restriction)
 		{
 			// Doing a NOT?
-			$is_not = substr($real_type, 0, 4) == 'not_';
+			$is_not = strpos($real_type, 'not_') === 0;
 			$type = $is_not ? substr($real_type, 4) : $real_type;
 
 			if (in_array($type, array('id_member', 'id_attach', 'id_msg')))
@@ -899,7 +900,12 @@ function removeAttachments($condition, $query_type = '', $return_affected_messag
 	{
 		// Figure out the "encrypted" filename and unlink it ;).
 		if ($row['attachment_type'] == 1)
+		{
+			// if attachment_type = 1, it's... an avatar in a custom avatar directory.
+			// wasn't it obvious? :P
+			// @todo look again at this.
 			@unlink($modSettings['custom_avatar_dir'] . '/' . $row['filename']);
+		}
 		else
 		{
 			$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);
@@ -947,6 +953,8 @@ function removeAttachments($condition, $query_type = '', $return_affected_messag
 			)
 		);
 
+	call_integration_hook('integrate_remove_attachments', array($attach));
+
 	if ($return_affected_messages)
 		return array_unique($msgs);
 }

Sources/Profile-Modify.php

@@ -1619,7 +1619,7 @@ function pmprefs($memID)
 }
 
 /**
- * Recursive function to retrieve avatar files
+ * Recursive function to retrieve server-stored avatar files
  *
  * @param string $directory
  * @param int $level

Sources/Subs-Post.php

@@ -2074,7 +2074,7 @@ function createAttachment(&$attachmentOptions)
 		$attachmentOptions['approved'] = 1;
 
 	$already_uploaded = preg_match('~^post_tmp_' . $attachmentOptions['poster'] . '_\d+$~', $attachmentOptions['tmp_name']) != 0;
-	$file_restricted = @ini_get('open_basedir') != '' && !$already_uploaded;
+	$file_restricted = ini_get('open_basedir') != '' && !$already_uploaded;
 
 	if ($already_uploaded)
 		$attachmentOptions['tmp_name'] = $attach_dir . '/' . $attachmentOptions['tmp_name'];
@@ -2305,8 +2305,8 @@ function createAttachment(&$attachmentOptions)
 			if (!(empty($size)) && ($size[2] != $old_format))
 			{
 				// Let's update the image information
-				// !!! This is becoming a mess: we keep coming back and update the database,
-				//  instead of getting it right the first time.
+				// @todo This is becoming a mess: we keep coming back and update the database,
+				// instead of getting it right the first time.
 				if (isset($validImageTypes[$size[2]]))
 				{
 					$attachmentOptions['mime_type'] = 'image/' . $validImageTypes[$size[2]];

Sources/Subs.php

@@ -2686,6 +2686,89 @@ function obExit($header = null, $do_footer = null, $from_index = false, $from_fa
 		exit;
 }
 
+/**
+ * Get the size of a specified image with better error handling.
+ * @todo see if it's better in Subs-Graphics, but one step at the time.
+ * Uses getimagesize() to determine the size of a file.
+ * Attempts to connect to the server first so it won't time out.
+ *
+ * @param string $url
+ * @return array or false, the image size as array (width, height), or false on failure
+ */
+function url_image_size($url)
+{
+	global $sourcedir;
+	
+	// Make sure it is a proper URL.
+	$url = str_replace(' ', '%20', $url);
+
+	// Can we pull this from the cache... please please?
+	if (($temp = cache_get_data('url_image_size-' . md5($url), 240)) !== null)
+		return $temp;
+	$t = microtime();
+
+	// Get the host to pester...
+	preg_match('~^\w+://(.+?)/(.*)$~', $url, $match);
+
+	// Can't figure it out, just try the image size.
+	if ($url == '' || $url == 'http://' || $url == 'https://')
+	{
+		return false;
+	}
+	elseif (!isset($match[1]))
+	{
+		$size = @getimagesize($url);
+	}
+	else
+	{
+		// Try to connect to the server... give it half a second.
+		$temp = 0;
+		$fp = @fsockopen($match[1], 80, $temp, $temp, 0.5);
+
+		// Successful?  Continue...
+		if ($fp != false)
+		{
+			// Send the HEAD request (since we don't have to worry about chunked, HTTP/1.1 is fine here.)
+			fwrite($fp, 'HEAD /' . $match[2] . ' HTTP/1.1' . "\r\n" . 'Host: ' . $match[1] . "\r\n" . 'User-Agent: PHP/SMF' . "\r\n" . 'Connection: close' . "\r\n\r\n");
+
+			// Read in the HTTP/1.1 or whatever.
+			$test = substr(fgets($fp, 11), -1);
+			fclose($fp);
+
+			// See if it returned a 404/403 or something.
+			if ($test < 4)
+			{
+				$size = @getimagesize($url);
+
+				// This probably means allow_url_fopen is off, let's try GD.
+				if ($size === false && function_exists('imagecreatefromstring'))
+				{
+					include_once($sourcedir . '/Subs-Package.php');
+
+					// It's going to hate us for doing this, but another request...
+					$image = @imagecreatefromstring(fetch_web_data($url));
+					if ($image !== false)
+					{
+						$size = array(imagesx($image), imagesy($image));
+						imagedestroy($image);
+					}
+				}
+			}
+		}
+	}
+
+	// If we didn't get it, we failed.
+	if (!isset($size))
+		$size = false;
+
+	// If this took a long time, we may never have to do it again, but then again we might...
+	if (array_sum(explode(' ', microtime())) - array_sum(explode(' ', $t)) > 0.8)
+		cache_put_data('url_image_size-' . md5($url), $size, 240);
+
+	// Didn't work.
+	return $size;
+}
+
 /**
  * 
  * @param array &$topic_context
@@ -3032,7 +3115,19 @@ function template_footer()
 
 }
 
-// Get an attachment's encrypted filename.  If $new is true, won't check for file existence.
+/**
+ * Get an attachment's encrypted filename. If $new is true, won't check for file existence.
+ * @todo this currently returns the hash if new, and the full filename otherwise.
+ * Something messy like that.
+ * @todo and of course everything relies on this behavior and work around it. :P.
+ * Converters included.
+ *
+ * @param $filename
+ * @param $attachment_id
+ * @param $dir
+ * @param $new
+ * @param $file_hash
+ */
 function getAttachmentFilename($filename, $attachment_id, $dir = null, $new = false, $file_hash = '')
 {
 	global $modSettings, $smcFunc;
@@ -3042,6 +3137,7 @@ function getAttachmentFilename($filename, $attachment_id, $dir = null, $new = fa
 		return sha1(md5($filename . time()) . mt_rand());
 
 	// Grab the file hash if it wasn't added.
+	// @todo: Locate all places that don't call a hash and fix that.
 	if ($file_hash === '')
 	{
 		$request = $smcFunc['db_query']('', '
@@ -3076,7 +3172,14 @@ function getAttachmentFilename($filename, $attachment_id, $dir = null, $new = fa
 	return $path . '/' . $attachment_id . '_' . $file_hash;
 }
 
-// Older attachments may still use this function.
+/**
+ * Older attachments may still use this function.
+ *
+ * @param $filename
+ * @param $attachment_id
+ * @param $dir
+ * @param $new
+ */
 function getLegacyAttachmentFilename($filename, $attachment_id, $dir = null, $new = false)
 {
 	global $modSettings, $db_character_set;
@@ -3091,6 +3194,7 @@ function getLegacyAttachmentFilename($filename, $attachment_id, $dir = null, $ne
 			'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy');
 		$clean_name = strtr($clean_name, array("\xde" => 'TH', "\xfe" =>
 			'th', "\xd0" => 'DH', "\xf0" => 'dh', "\xdf" => 'ss', "\x8c" => 'OE',
+			// @todo My IDE is showing \c6 as a bad escape sequence.
 			"\x9c" => 'oe', "\c6" => 'AE', "\xe6" => 'ae', "\xb5" => 'u'));
 	}
 	// Sorry, no spaces, dots, or anything else but letters allowed.