Uploading files of any type

+ autoprefix+lint CSS

UTIL/kusaba_freshinstall.mysql.sql

@@ -470,6 +470,7 @@ INSERT INTO `PREFIX_ads` (`id`, `position`, `disp`, `boards`, `code`) VALUES (1,
 
 INSERT INTO `PREFIX_filetypes` 
 (`filetype`,               `mime`,                `image`,    `image_w`, `image_h`, `force_thumb`) VALUES
+(    '*',                    '',                     '',          0,         0,           1),
 (   'jpg',                   '',                     '',          0,         0,           0),
 (   'gif',                   '',                     '',          0,         0,           0),
 (   'png',                   '',                     '',          0,         0,           0),

UTIL/upgrade_to_any_filetype_uploads.sql

@@ -0,0 +1 @@
+INSERT INTO `filetypes` (`filetype`, `image_w`, `image_h`) VALUES ('*', '0', '0');

config.php

@@ -170,6 +170,7 @@ if (!$cache_loaded) {
 		$cf['KU_OPTIPNGLV']        = '2'; 	// Optipng optimization level, from 1 (fastest) to 7 (slowest)
 		$cf['KU_YOUTUBEWIDTH']     = 200; 	// Width to display embedded YouTube videos
 		$cf['KU_YOUTUBEHEIGHT']    = 164; 	// Height to display embedded YouTube videos
+		$cf['I0_BANNED_FILETYPES'] = 'php:htaccess:html'; // List of filetypes that should never be allowed to upload. These filetypes should only be allowed to upload if you properly set up your server to not execute them
 
 
 	// ------------------------------------- Misc settings --------------------------------------
@@ -313,6 +314,7 @@ if (!isset($tc_db) && !isset($preconfig_db_unnecessary) && (!isset($GLOBALS['ski
 	} else {
 		$tc_db->Connect(KU_DBHOST, KU_DBUSERNAME, KU_DBPASSWORD, KU_DBDATABASE) or die('SQL database connection error: ' . $tc_db->ErrorMsg());
 	}
+	mysqli_report(MYSQLI_REPORT_OFF);
 
 	$tc_db->EXECUTE("set names '".KU_DBCHARSET."'");
 

dwoo/templates/board_main_loop.tpl

@@ -210,7 +210,14 @@
          {if $embed.file_type eq 'css'} class="csswrap" {/if}
          {if %KU_NEWWINDOW}target="_blank"{/if}        
          href="{$file_path}/src/{$embed.file}.{$embed.file_type}">
-         <div id="thumb{$embed.file_id}"{if $embed.generic_icon eq ''} class="thumb playable-thumb" title="{t}Play{/t}"{/if}><img src="{$embed.nonstandard_file}" alt="{$post.id}" class="thumb" height="{$embed.thumb_h}" width="{$embed.thumb_w}" /></div>
+         {* FUCK THIS BULLSHIT LOGIC I WANNA KMS *}
+         {if $embed.generic_icon == 2}
+          <div id="thumb{$embed.file_id}" class="thumb generic-file-icon" style="background-color: hsl({color_from_extension($embed.file_type)}, 66%, 50%)">
+           <div class="gfi-extension">{$embed.file_type}</div>
+          </div>
+         {else}
+          <div id="thumb{$embed.file_id}"{if $embed.generic_icon eq ''} class="thumb playable-thumb" title="{t}Play{/t}"{/if}><img src="{$embed.nonstandard_file}" alt="{$post.id}" class="thumb" height="{$embed.thumb_h}" width="{$embed.thumb_w}" /></div>
+         {/if}
          </a>
         {/if}
        </figure>

dwoo/templates/board_post_box.tpl

@@ -1,6 +1,6 @@
 <div class="postarea">
 <a id="postbox"></a>
-{if not $isthread}<div class="i0svcel">!i0-pb</div>{/if}<form name="postform" id="postform" action="{%KU_CGIPATH}/board.php" method="post" enctype="multipart/form-data" class="main-reply-form" data-maxfiles="{$board.maxfiles}" data-allowed-filetypes="{foreach name=files item=filetype from=$board.filetypes_allowed}{$filetype}{if $.foreach.files.last}{else},{/if}{/foreach}">
+{if not $isthread}<div class="i0svcel">!i0-pb</div>{/if}<form name="postform" id="postform" action="{%KU_CGIPATH}/board.php" method="post" enctype="multipart/form-data" class="main-reply-form" data-maxfiles="{$board.maxfiles}" data-allowed-filetypes="{foreach name=files item=filetype from=$board.filetypes_allowed}{$filetype}{if $.foreach.files.last}{else},{/if}{/foreach}"{if $board.any_filetype} data-allowed-all-filetypes="*"{/if}>
 	<input type="hidden" name="board" value="{$board.name}" />
 	<input type="hidden" name="replythread" value="<!sm_threadid>" />
 	<input type="hidden" name="makepost" value="1" />
@@ -81,7 +81,7 @@
 		</tr>
 		{/if}
 		<input type="hidden" name="legacy-posting" value="1" />
-		{if $board.filetypes_allowed}
+		{if $board.filetypes_allowed || $board.any_filetype}
 			<tr class="file-row">
 				<td class="postblock">
 					<span class="file-count">{t}File{/t}</span>
@@ -213,12 +213,22 @@
 						<summary style="text-align: center;">[<b class="xlink">{t}Info{/t}</b>]</summary>
 						<ul class="blotter-entries">
 							<li>{t}Supported file types are{/t}: {strip}
-							{if $board.filetypes_allowed neq ''}
+							{if ($board.filetypes_allowed neq '' && !empty($board.filetypes_allowed))}
-								{foreach name=files item=filetype from=$board.filetypes_allowed}
+								{foreach name=types item=filetype from=$board.filetypes_allowed}
-									{$filetype|upper}{if $.foreach.files.last}{else}, {/if}
+									{$filetype|upper}{if $.foreach.types.last}{else}, {/if}
 								{/foreach}
 							{else}
-								{t}None{/t}
+								{if $board.any_filetype}
+									{t}All{/t}
+									{if %I0_BANNED_FILETYPES}
+										{t} except {/t}
+										{foreach name=types from=explode(':', %I0_BANNED_FILETYPES) item=filetype}
+											{$filetype|upper}{if $.foreach.types.last}{else}, {/if}
+										{/foreach}
+									{/if}
+								{else}
+									{t}None{/t}
+								{/if}
 							{/if}.{/strip}
 							</li>
 							<li>{t}Supported embed types are{/t}: {strip}

inc/classes/board-post.class.php

@@ -117,7 +117,12 @@ class Board {
 					}
 				}
 				foreach($filetypes_allowed as $filetype) {
-					$this->board['filetypes_allowed'] []= $filetype['filetype'];
+					if ($filetype['filetype']=="*") {
+						$this->board['any_filetype'] = true;
+						$this->board['filetypes_allowed'] = array();
+					}
+					else
+						$this->board['filetypes_allowed'] []= $filetype['filetype'];
 				}
 				$ftypes = $tc_db->GetAll("SELECT `filetype` FROM `" . KU_DBPREFIX . "embeds`");
 				$this->board['filetypes'] = array();
@@ -756,25 +761,31 @@ class Board {
 			) {
 				if(!isset($filetype_info[$embed['file_type']]))
 					$filetype_info[$embed['file_type']] = getfiletypeinfo($embed['file_type']);
-				$embed['nonstandard_file'] = KU_WEBPATH . '/inc/filetypes/' . $filetype_info[$embed['file_type']][0];
+				if ($filetype_info[$embed['file_type']][0] == "*") {
-				if($embed['thumb_w']!=0&&$embed['thumb_h']!=0) {
+					$embed['generic_icon'] = 2;
-					if(file_exists(KU_BOARDSDIR.$this->board['name'].'/thumb/'.$embed['file'].'s.jpg'))
+					$embed['nonstandard_file'] = true;
-						$embed['nonstandard_file'] = KU_WEBPATH . '/' .$this->board['name'].'/thumb/'.$embed['file'].'s.jpg';
+				}
-					elseif(file_exists(KU_BOARDSDIR.$this->board['name'].'/thumb/'.$embed['file'].'s.png'))
+				else {
-						$embed['nonstandard_file'] = KU_WEBPATH . '/' .$this->board['name'].'/thumb/'.$embed['file'].'s.png';
+					$embed['nonstandard_file'] = KU_WEBPATH . '/inc/filetypes/' . $filetype_info[$embed['file_type']][0];
-					elseif(file_exists(KU_BOARDSDIR.$this->board['name'].'/thumb/'.$embed['file'].'s.gif'))
+					if($embed['thumb_w']!=0&&$embed['thumb_h']!=0) {
-						$embed['nonstandard_file'] = KU_WEBPATH . '/' .$this->board['name'].'/thumb/'.$embed['file'].'s.gif';
+						if(file_exists(KU_BOARDSDIR.$this->board['name'].'/thumb/'.$embed['file'].'s.jpg'))
+							$embed['nonstandard_file'] = KU_WEBPATH . '/' .$this->board['name'].'/thumb/'.$embed['file'].'s.jpg';
+						elseif(file_exists(KU_BOARDSDIR.$this->board['name'].'/thumb/'.$embed['file'].'s.png'))
+							$embed['nonstandard_file'] = KU_WEBPATH . '/' .$this->board['name'].'/thumb/'.$embed['file'].'s.png';
+						elseif(file_exists(KU_BOARDSDIR.$this->board['name'].'/thumb/'.$embed['file'].'s.gif'))
+							$embed['nonstandard_file'] = KU_WEBPATH . '/' .$this->board['name'].'/thumb/'.$embed['file'].'s.gif';
+						else {
+							$embed['generic_icon'] = 1;
+							$embed['thumb_w'] = $filetype_info[$embed['file_type']][1];
+							$embed['thumb_h'] = $filetype_info[$embed['file_type']][2];
+						}
+					}
 					else {
-						$embed['generic_icon'] = true;
+						$embed['generic_icon'] = 1;
 						$embed['thumb_w'] = $filetype_info[$embed['file_type']][1];
 						$embed['thumb_h'] = $filetype_info[$embed['file_type']][2];
 					}
 				}
-				else {
-					$embed['generic_icon'] = true;
-					$embed['thumb_w'] = $filetype_info[$embed['file_type']][1];
-					$embed['thumb_h'] = $filetype_info[$embed['file_type']][2];
-				}
 			}
 		}
 	

inc/classes/manage.class.php

@@ -3210,12 +3210,28 @@ class Manage {
 					<div class="desc">'. _gettext('What filetypes users are allowed to upload.') .'</div><br />';
 					$filetypes = $tc_db->GetAll("SELECT HIGH_PRIORITY `id`, `filetype` FROM `" . KU_DBPREFIX . "filetypes` ORDER BY `filetype` ASC");
 					foreach ($filetypes as $filetype) {
-						$tpl_page .= '<label for="filetype_'. $filetype['id'] . '">'. strtoupper($filetype['filetype']) . '</label><input type="checkbox" name="filetype_'. $filetype['id'] . '"';
+						$is_any = $filetype['filetype']=="*";
+						$ftype_name = $is_any ? "<b>"._gettext('Any file type')."</b>" : strtoupper($filetype['filetype']);
+						$tpl_page .= '<label for="filetype_'. $filetype['id'] . '">'. $ftype_name . '</label><input type="checkbox" name="filetype_'. $filetype['id'] . '"';
 						$filetype_isenabled = $tc_db->GetOne("SELECT HIGH_PRIORITY COUNT(*) FROM `" . KU_DBPREFIX . "board_filetypes` WHERE `boardid` = '" . $lineboard['id'] . "' AND `typeid` = '" . $filetype['id'] . "' LIMIT 1");
 						if ($filetype_isenabled > 0) {
 							$tpl_page .= ' checked';
 						}
 						$tpl_page .= ' /><br />';
+						if ($is_any) {
+							$tpl_page .= "<script>
+								document.querySelector('input[name=filetype_".$filetype['id']."]').onchange = function() { 
+									document.querySelectorAll('input[name^=filetype]').forEach(i => {
+										if (i != this) {
+											if (this.checked) 
+												i.setAttribute('disabled', true)
+											else
+												i.removeAttribute('disabled')
+										}
+									})
+								}
+							</script>";
+						}
 					}
 
 					/* Allowed embeds */

inc/classes/upload.class.php

@@ -83,7 +83,8 @@ class Upload {
 		  			$file_type = '.jpg';
 		  		}
 		  		$filetype_withoutdot = substr($file_type, 1);
-		  		if (in_array($filetype_withoutdot, $board_class->board['filetypes_allowed'])) {
+		  		$generic_filetype_allowed = $board_class->board['any_filetype'] && !$this->isBannedFiletype($filetype_withoutdot);
+		  		if ($generic_filetype_allowed || in_array($filetype_withoutdot, $board_class->board['filetypes_allowed'])) {
 		  			$file_md5 = md5_file($_FILES['imagefile']['tmp_name'][$i]);
 		  			if (in_array($file_md5, $file_hashes)) {
 		  				$this->exitWithUploadErrorPage(_gettext('Duplicate file entry detected.'),
@@ -304,9 +305,10 @@ class Upload {
 					AND " . KU_DBPREFIX . "filetypes.id = " . KU_DBPREFIX . "board_filetypes.typeid
 					AND " . KU_DBPREFIX . "boards.name = '" . $board_class->board['name'] . "'
 					AND " . KU_DBPREFIX . "filetypes.filetype = '" . $attachment['filetype_withoutdot'] . "';");
-				if ($filetype_forcethumb != '') {
+				$generic_filetype_allowed = $board_class->board['any_filetype'] && !$this->isBannedFiletype($attachment['filetype_withoutdot']);
-					if ($filetype_forcethumb == 0) {
+				if ($generic_filetype_allowed || $filetype_forcethumb != '') {
-
+					// Make thumbnails for images and videos
+					if ($filetype_forcethumb != '' && $filetype_forcethumb == 0) {
 						/* If this board has a load balance url and password configured for it, attempt to use it */
 						if ($board_class->board['loadbalanceurl'] != '' && $board_class->board['loadbalancepassword'] != '') {
 							require_once KU_ROOTDIR . 'inc/classes/loadbalancer.class.php';
@@ -325,8 +327,8 @@ class Upload {
 							} else {
 								$this->exitWithUploadErrorPage(_gettext('File was not properly thumbnailed').': ' . $response, $atype, $i, $filename);
 							}
-						/* Otherwise, use this script alone */
+						} 
-						} else {
+						else { /* Otherwise, use this script alone */
 							$attachment['file_location'] = KU_BOARDSDIR . $board_class->board['name'] . '/src/' . $attachment['file_name'] . $attachment['file_type'];
 
 							if($attachment['is_video']) {
@@ -375,12 +377,15 @@ class Upload {
 									$imageDim_thumb = getimagesize($attachment['file_thumb_location']);
 									$attachment['imgWidth_thumb'] = $imageDim_thumb[0];
 									$attachment['imgHeight_thumb'] = $imageDim_thumb[1];
-								} else {
+								} 
+								else {
 									$this->exitWithUploadErrorPage(_gettext('File was not fully uploaded. Please go back and try again.'), $atype, $i, $filename);
 								}
 							}
 						}
-					} else {
+					}
+					// Assign a generic thumbnail to file
+					else {
 						/* Fetch the mime requirement for this special filetype */
 						$filetype_required_mime = $tc_db->GetOne("SELECT `mime`
 							FROM `" . KU_DBPREFIX . "filetypes`
@@ -405,7 +410,8 @@ class Upload {
 
 							$attachment['file_is_special'] = true;
 						/* Otherwise, use this script alone */
-						} else {
+						} 
+						else {
 							$attachment['file_location'] = KU_BOARDSDIR . $board_class->board['name'] . '/src/' . $attachment['file_name'] . $attachment['file_type'];
 
 							if (file_exists($attachment['file_location'])) {
@@ -486,7 +492,8 @@ class Upload {
 							$attachment['file_is_special'] = true;
 						}
 					}
-				} else {
+				} 
+				else {
 					$this->exitWithUploadErrorPage(_gettext('Sorry, that filetype is not allowed on this board.'), $atype, $i, $filename);
 				}
 			}
@@ -580,6 +587,10 @@ class Upload {
 		} unset($i);
 	}
 
+	function isBannedFiletype($type) {
+		return in_array($type, explode(':', I0_BANNED_FILETYPES));
+	}
+
 	function ffProbe($filepath) {
     if(KU_FFMPEGPATH) putenv('PATH=' . KU_FFMPEGPATH . PATH_SEPARATOR . getenv('PATH'));
 		exec("ffprobe -v error -show_entries format=duration:stream=width,height -of default=noprint_wrappers=1:nokey=1 ".$filepath." 2>&1", $finfo, $x);

inc/func/custom.php

@@ -65,6 +65,15 @@ function rainbow ($string)
   return base64_encode ($image_data);
 }
 
+function color_from_extension($ext) {
+  $chars = array_reverse(str_split($ext));
+  $s = '';
+  foreach ($chars as $char) {
+    $s .= ord($char);
+  }
+  return $s % 360;
+}
+
 function is_from_sosach($filename) {
   return preg_match('/^[0-9]{14}$/m', $filename);
 }

inc/func/fetching.php

@@ -93,9 +93,9 @@ function getfiletypeinfo($filetype) {
 		foreach($results AS $line) {
 			$return = array($line['image'],$line['image_w'],$line['image_h']);
 		}
-	} else {
+	} 
-		/* No info was found, return the generic icon */
+	else { /* No info was found, return the generic icon */
-		$return = array('generic.png',48,48);
+		$return = array('*',0,0);
 	}
 
 	if (KU_APC) {

inc/lang/ru/LC_MESSAGES/kusaba.po

@@ -1091,7 +1091,7 @@ msgid "Sorry, because of your numerous failed logins, you have been locked out f
 msgstr "Слишком много попыток захода. Обожди 20 минут. И попробуй снова."
 
 msgid "Sorry, that filetype is not allowed on this board."
-msgstr "Типа файла не разрешен к отправке на эту доску."
+msgstr "Тип файла не разрешен к отправке на эту доску."
 
 msgid "Sorry, this board is locked and can not be posted in."
 msgstr "Эта доска закрыта, в неё нельзя отправлять сообщения."
@@ -2201,4 +2201,10 @@ msgid "Encrypted ID"
 msgstr "Зашифрованный ID"
 
 msgid "Ban duration for posting this file"
-msgstr "Время бана за постинг этого файла"
+msgstr "Время бана за постинг этого файла"
+
+msgid "All"
+msgstr "Все"
+
+msgid " except "
+msgstr ", кроме "

lib/javascript/es6/src/kusaba.new.js

@@ -1465,7 +1465,12 @@ const richFileInput = {
     fx.ext = (ns.length) > 1 ? ns.pop().toLowerCase() : ""
     if (fx.ext == 'jpeg') 
       fx.ext = 'jpg'
-    if (!_.contains(form.dataset.allowedFiletypes.split(','), fx.ext)) {
+
+    if (
+      form.dataset.allowedAllFiletypes != '*'
+      &&
+      !_.contains(form.dataset.allowedFiletypes.split(','), fx.ext)
+    ) {
       pups.err(`${file.name}: ${_l.unsupportedFileType}.`)
       return 0
     }
@@ -1491,7 +1496,7 @@ const richFileInput = {
     form.querySelector('.fe-sort-wrapper').insertAdjacentHTML('beforeEnd', `
       <div class="file-entry${fromClipboard ? ' fe-name-hidden' : ''}" data-index="${index}" title="${file.name}">
         <div class="fe-thumb">
-          ${extra.img ? `<img src=${extra.img}>` :  `<div class="fe-noimg">${extra.ext}</div>`}
+          ${extra.img ? `<img src=${extra.img}>` :  makeGenericFileIcon(extra.ext)}
         </div>
         <input type="text" value="${extra.fname}" class="fe-fn" ${fromClipboard ? ' disabled' : ''}>
         <button class="clear-filename fe-pop-button icon-wraping-button" title="${_l.hideName}"><svg class="icon b-icon">
@@ -1670,6 +1675,11 @@ const richFileInput = {
   }
 }
 
+function makeGenericFileIcon(ext) {
+  let color = ext.toLowerCase().split('').map(char=>char.charCodeAt(0)).reverse().join('') % 360
+  return `<div class="generic-file-icon" style="background-color: hsl(${color}, 66%, 50%)"><div class="gfi-extension">${ext}</div></div>`
+}
+
 function handleCtrlEnter(ev) {
   ev.preventDefault()
   let area = document.activeElement
@@ -5517,15 +5527,15 @@ var catalog = {
         }*/
         //  small thumbnail for embeds and generic files
         else {
-          var smallSrc = (_.includes(this.fileTypes.iconsAvailable, embed.file_type))
+          let isGeneric = !_.includes(this.fileTypes.iconsAvailable, embed.file_type)
-          ? '/inc/filetypes/'+embed.file_type+'.png'
+          , thumb = isGeneric
-          : '/inc/filetypes/generic'+(_.includes(this.fileTypes.embed, embed.file_type) ? '-embed' : '')+'.png';
+            ? makeGenericFileIcon(embed.file_type)
-          var expandable = _.includes(this.fileTypes.embed, embed.file_type) || _.includes(this.fileTypes.audio, embed.file_type);
+            : `<img src="${(_.includes(this.fileTypes.embed, embed.file_type)
+              ? `/inc/filetypes/generic-embed.png`
+              : `/inc/filetypes/${embed.file_type}.png`)}">`
+          // , expandable = _.includes(this.fileTypes.embed, embed.file_type) || _.includes(this.fileTypes.audio, embed.file_type)
           thread.smallThumb =
-          '<a href="'+thread.url+'" class="smallThumb">\
+          `<a target="_blank" href="${thread.url}" class="smallThumb">${thumb}</a>`
-            <img src="'+smallSrc+'">' +
-            /*+ ''+(expandable ? playerBtn : '') +*/
-          '</a>';
           //  for audios
           if(_.includes(this.fileTypes.audio, embed.file_type)) {
             thread.bigThumb =
@@ -5543,7 +5553,8 @@ var catalog = {
           thread.bigThumb =
           '<audio src="src/'+thread.file+'.'+thread.file_type+'" controls></audio>';
         }*/
-        thread.bigThumb = '<a target="_blank" href="'+thread.url+'" class="bigThumb">'+thread.bigThumb+'</a>';
+        if (thread.bigThumb)
+          thread.bigThumb = '<a target="_blank" href="'+thread.url+'" class="bigThumb">'+thread.bigThumb+'</a>';
       }
       /*if(!embed || embed === 'removed')
         thread.bigThumb = '<a target="_blank" href="'+thread.url+'" class="bigThumb">'+thread.bigThumb+'</a>';*/