From 600345ee57d382ca0b575f9c0b99b3af7d4a2a6d Mon Sep 17 00:00:00 2001
From: Diego Najar <dignajar@gmail.com>
Date: Wed, 29 May 2019 19:28:11 +0200
Subject: [PATCH] Bug fix for PHP 5.6 when upload images

---
 bl-kernel/admin/themes/booty/html/media.php |  2 +-
 bl-kernel/ajax/logo-upload.php              |  4 ++--
 bl-kernel/ajax/profile-picture-upload.php   | 18 +++++++++---------
 bl-kernel/ajax/upload-images.php            |  2 +-
 bl-kernel/boot/variables.php                | 13 +++++++------
 bl-kernel/functions.php                     |  2 +-
 bl-kernel/tags.class.php                    |  2 +-
 bl-plugins/disqus/plugin.php                |  2 +-
 8 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/bl-kernel/admin/themes/booty/html/media.php b/bl-kernel/admin/themes/booty/html/media.php
index 665902bf..25c3897c 100644
--- a/bl-kernel/admin/themes/booty/html/media.php
+++ b/bl-kernel/admin/themes/booty/html/media.php
@@ -178,7 +178,7 @@ function uploadImages() {
 		// Check file type/extension
 		const validImageTypes = ['image/gif', 'image/jpeg', 'image/png', 'image/svg+xml'];
 		if (!validImageTypes.includes(images[i].type)) {
-			showMediaAlert("<?php echo $L->g('File type is not supported. Allowed types:').' '.implode(', ',ALLOWED_IMG_EXTENSION) ?>");
+			showMediaAlert("<?php echo $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']) ?>");
 			return false;
 		}
 
diff --git a/bl-kernel/ajax/logo-upload.php b/bl-kernel/ajax/logo-upload.php
index 7853d1c4..33c87a0a 100644
--- a/bl-kernel/ajax/logo-upload.php
+++ b/bl-kernel/ajax/logo-upload.php
@@ -17,8 +17,8 @@ if (!isset($_FILES['inputFile'])) {
 // File extension
 $fileExtension = Filesystem::extension($_FILES['inputFile']['name']);
 $fileExtension = Text::lowercase($fileExtension);
-if (!in_array($fileExtension, ALLOWED_IMG_EXTENSION) ) {
-	$message = 'File type is not supported. Allowed types: '.implode(', ',ALLOWED_IMG_EXTENSION);
+if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
+	$message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
 	Log::set($message, LOG_TYPE_ERROR);
 	ajaxResponse(1, $message);
 }
diff --git a/bl-kernel/ajax/profile-picture-upload.php b/bl-kernel/ajax/profile-picture-upload.php
index c0e4fcdb..806a4199 100644
--- a/bl-kernel/ajax/profile-picture-upload.php
+++ b/bl-kernel/ajax/profile-picture-upload.php
@@ -15,21 +15,15 @@ if (!isset($_FILES['profilePictureInputFile'])) {
 	ajaxResponse(1, 'Error trying to upload the profile picture.');
 }
 
-// File extension
+// Check file extension
 $fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']);
 $fileExtension = Text::lowercase($fileExtension);
-if (!in_array($fileExtension, ALLOWED_IMG_EXTENSION) ) {
-	$message = 'File type is not supported. Allowed types: '.implode(', ',ALLOWED_IMG_EXTENSION);
+if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
+	$message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
 	Log::set($message, LOG_TYPE_ERROR);
 	ajaxResponse(1, $message);
 }
 
-// Tmp filename
-$tmpFilename = $username.'.'.$fileExtension;
-
-// Final filename
-$filename = $username.'.png';
-
 // Check path traversal
 if (Text::stringContains($username, DS, false)) {
 	$message = 'Path traversal detected.';
@@ -37,6 +31,9 @@ if (Text::stringContains($username, DS, false)) {
 	ajaxResponse(1, $message);
 }
 
+// Tmp filename
+$tmpFilename = $username.'.'.$fileExtension;
+
 // Move from temporary directory to uploads folder
 rename($_FILES['profilePictureInputFile']['tmp_name'], PATH_TMP.$tmpFilename);
 
@@ -48,6 +45,9 @@ $image->saveImage(PATH_UPLOADS_PROFILES.$filename, PROFILE_IMG_QUALITY, false, t
 // Remove the tmp file
 unlink(PATH_TMP.$tmpFilename);
 
+// Final filename
+$filename = $username.'.png';
+
 // Permissions
 chmod(PATH_UPLOADS_PROFILES.$filename, 0644);
 
diff --git a/bl-kernel/ajax/upload-images.php b/bl-kernel/ajax/upload-images.php
index 295c24e5..4c24ce1b 100644
--- a/bl-kernel/ajax/upload-images.php
+++ b/bl-kernel/ajax/upload-images.php
@@ -47,7 +47,7 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) {
 		$filename = Filesystem::filename($image);
 		array_push($images, $filename);
 	} else {
-		$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',ALLOWED_IMG_EXTENSION);
+		$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
 		Log::set($message, LOG_TYPE_ERROR);
 		ajaxResponse(1, $message);
 	}
diff --git a/bl-kernel/boot/variables.php b/bl-kernel/boot/variables.php
index c50276e6..ea2b0e49 100644
--- a/bl-kernel/boot/variables.php
+++ b/bl-kernel/boot/variables.php
@@ -92,12 +92,6 @@ define('SESSION_GC_MAXLIFETIME', 3600);
 // The value 0 means until the browser is closed
 define('SESSION_COOKIE_LIFE_TIME', 0);
 
-// Tags, type of pages included in the tag database
-define('DB_TAGS_TYPES', array('published','static','sticky'));
-
-// Allowed image extensions
-define('ALLOWED_IMG_EXTENSION', array('gif', 'png', 'jpg', 'jpeg', 'svg'));
-
 // Alert notification dissappear in X seconds
 define('ALERT_DISSAPEAR_IN', 3);
 
@@ -107,3 +101,10 @@ define('MEDIA_MANAGER_NUMBER_OF_FILES', 5);
 // Sort the image by date
 define('MEDIA_MANAGER_SORT_BY_DATE', true);
 
+// Constant arrays using define are not allowed in PHP 5.6 or earlier
+
+// Type of pages included in the tag database
+$GLOBALS['DB_TAGS_TYPES'] = array('published','static','sticky');
+
+// Allowed image extensions
+$GLOBALS['ALLOWED_IMG_EXTENSION'] = array('gif', 'png', 'jpg', 'jpeg', 'svg');
diff --git a/bl-kernel/functions.php b/bl-kernel/functions.php
index d6b955ca..d360c088 100644
--- a/bl-kernel/functions.php
+++ b/bl-kernel/functions.php
@@ -827,7 +827,7 @@ function transformImage($file, $imageDir, $thumbnailDir=false) {
 	// Check image extension
 	$fileExtension = Filesystem::extension($file);
 	$fileExtension = Text::lowercase($fileExtension);
-	if (!in_array($fileExtension, ALLOWED_IMG_EXTENSION) ) {
+	if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
 		return false;
 	}
 
diff --git a/bl-kernel/tags.class.php b/bl-kernel/tags.class.php
index cb5fc21a..50179b62 100644
--- a/bl-kernel/tags.class.php
+++ b/bl-kernel/tags.class.php
@@ -18,7 +18,7 @@ class Tags extends dbList {
 		$db = $pages->getDB($onlyKeys=false);
 		$tagsIndex = array();
 		foreach ($db as $pageKey=>$pageFields) {
-			if (in_array($pageFields['type'], DB_TAGS_TYPES)) {
+			if (in_array($pageFields['type'], $GLOBALS['DB_TAGS_TYPES'])) {
 				$tags = $pageFields['tags'];
 				foreach ($tags as $tagKey=>$tagName) {
 					if (isset($tagsIndex[$tagKey])) {
diff --git a/bl-plugins/disqus/plugin.php b/bl-plugins/disqus/plugin.php
index a718bec8..6fb4deab 100644
--- a/bl-plugins/disqus/plugin.php
+++ b/bl-plugins/disqus/plugin.php
@@ -58,7 +58,7 @@ class pluginDisqus extends Plugin {
 		global $url;
 		global $WHERE_AM_I;
 
-		// Do not shows
+		// Do not shows disqus on page not found
 		if ($url->notFound()) {
 			return false;
 		}