From 44f0dbfd85a5cea4bdbc4e1cbcf276079b12ad4f Mon Sep 17 00:00:00 2001
From: ron4mac <ron@rjconline.net>
Date: Sat, 22 Apr 2023 11:48:40 +0000
Subject: [PATCH] prevent HTML5 upload initialization failure caused by
 cloudflare rocket-loader

---
 CHANGELOG.txt                       |  3 ++-
 include/cpg16x.files.xml            | 16 +++++++--------
 include/init.inc.php                |  4 ++--
 plugins/upload_h5a/js/upload.js     | 10 ++++++++--
 plugins/upload_h5a/js/upload.min.js | 30 ++++++++++++++---------------
 5 files changed, 35 insertions(+), 28 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 35503bc1..fa03e098 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -7,7 +7,7 @@
  * @license    GNU General Public License version 3 or later; see LICENSE
  *
  * CHANGELOG.txt
- * @since  1.6.24
+ * @since  1.6.25
  */
 Changelog
 =========
@@ -20,6 +20,7 @@ Changelog
 [S] = Security fix (issues that are related to security)
 *********************************************
 
+2023-04-21 [M] Prevent HTML5 upload initialization failure caused by cloudflare rocket-loader {ron4mac}
 2023-04-13 [B] Correction for HTML5 upload admin notification {ron4mac}
 2023-04-10 [B] Correct SMF2.1 bridge; correct install with PHP 8.1+ when using GD2 {ron4mac}
 2023-03-22 [M] Reduce possibility of race condition at completion of uploads {ron4mac}
diff --git a/include/cpg16x.files.xml b/include/cpg16x.files.xml
index 2ed8bcf5..91ccb500 100644
--- a/include/cpg16x.files.xml
+++ b/include/cpg16x.files.xml
@@ -2,10 +2,10 @@
 <file_data>
 	<element>
 		<fullpath>CHANGELOG.txt</fullpath>
-		<version>1.6.24</version>
+		<version>1.6.25</version>
 		<status>optional</status>
 		<permission>read</permission>
-		<hash>1f08f51e740702be15d9dfb94b8bb7fe</hash>
+		<hash>866687453c865c9c2fae4e4144b129f7</hash>
 	</element>
 	<element>
 		<fullpath>LICENSE.txt</fullpath>
@@ -5371,10 +5371,10 @@
 	</element>
 	<element>
 		<fullpath>include/init.inc.php</fullpath>
-		<version>1.6.24</version>
+		<version>1.6.25</version>
 		<status>mandatory</status>
 		<permission>read</permission>
-		<hash>37baae5e922e11dac70dd78b0344b7db</hash>
+		<hash>3cb6e66a5a4d5b33078d58fb7c46b48c</hash>
 	</element>
 	<element>
 		<fullpath>include/inspekt.php</fullpath>
@@ -7700,17 +7700,17 @@
 	</element>
 	<element>
 		<fullpath>plugins/upload_h5a/js/upload.js</fullpath>
-		<version>1.6.23</version>
+		<version>1.6.25</version>
 		<status>mandatory</status>
 		<permission>read</permission>
-		<hash>9bd6b843e45bb892dc83b48163cba600</hash>
+		<hash>b479e0514ed9c0cda3ac15303bbd1c6f</hash>
 	</element>
 	<element>
 		<fullpath>plugins/upload_h5a/js/upload.min.js</fullpath>
-		<version>1.6.23</version>
+		<version>1.6.25</version>
 		<status>mandatory</status>
 		<permission>read</permission>
-		<hash>c4faed5a82d11667b3f4f565e8a528ab</hash>
+		<hash>a80143714b0483b96a15fd75385cbe0a</hash>
 	</element>
 	<element>
 		<fullpath>plugins/upload_sgl/</fullpath>
diff --git a/include/init.inc.php b/include/init.inc.php
index 6609cd72..0af794dc 100644
--- a/include/init.inc.php
+++ b/include/init.inc.php
@@ -8,10 +8,10 @@
  * @license    GNU General Public License version 3 or later; see LICENSE
  *
  * include/init.inc.php
- * @since  1.6.24
+ * @since  1.6.25
  */
 
-define('COPPERMINE_VERSION', '1.6.24');
+define('COPPERMINE_VERSION', '1.6.25');
 define('COPPERMINE_VERSION_STATUS', 'stable');
 // Define path to jQuery for this version of Coppermine
 define('CPG_JQUERY_VERSION', 'js/jquery-1.12.4.js');
diff --git a/plugins/upload_h5a/js/upload.js b/plugins/upload_h5a/js/upload.js
index 84063324..ada7cabc 100644
--- a/plugins/upload_h5a/js/upload.js
+++ b/plugins/upload_h5a/js/upload.js
@@ -7,7 +7,7 @@
  * @license    GNU General Public License version 3 or later; see LICENSE
  *
  * plugins/upload_h5a/js/upload.js
- * @since  1.6.24
+ * @since  1.6.25
  */
 "use strict";
 var redirURL = '',
@@ -475,7 +475,13 @@ function H5up_done(okcount, errcnt) {
 
 	w.H5uQctrl = _qCtrl;
 
-	$ae(w, "DOMContentLoaded", function(){_setup()});
+	//$ae(w, "DOMContentLoaded", function(){_setup()});
+	// get around cloudfare highjack of DOMContentLoaded
+	$ae(document, 'readystatechange', (e) => {
+		if (e.target.readyState === 'interactive') {
+			_setup();
+		} 
+	});
 
 })(window,'uniload.php',['autorient','flistitl','title','caption','keywords','user1','user2','user3','user4']);
 
diff --git a/plugins/upload_h5a/js/upload.min.js b/plugins/upload_h5a/js/upload.min.js
index 20278581..164ecbba 100644
--- a/plugins/upload_h5a/js/upload.min.js
+++ b/plugins/upload_h5a/js/upload.min.js
@@ -3,19 +3,19 @@
  @license    GNU General Public License version 3 or later; see LICENSE
 
  plugins/upload_h5a/js/upload.min.js
- @since  1.6.24
+ @since  1.6.25
 */
-'use strict';var redirURL="",h5u_albSel=null;function $id(d){return document.getElementById(d)}function $ae(d,h,k){d.addEventListener(h,k,!1)}
-function H5up_done(d,h){var k=".php?album="+h5u_albSel.value;redirURL=0<js_vars.user_id||1==js_vars.guest_edit?js_vars.site_url+"/editpics"+k+"&newer_than="+js_vars.timestamp:js_vars.site_url+"/thumbnails"+k;d&&(d=new FormData,d.append("album",h5u_albSel.value),fetch("notifyupload.php",{method:"POST",body:d}).then(l=>l.text()).then(l=>{console.log("Success:",l);"1"==js_vars.autoedit&&0===h&&(window.location=redirURL)}).catch(l=>{console.error("Error:",l)}));$id("gotoedit").style.display="table-row"}
-(function(d,h,k){function l(b){h5u_albSel.value||(b.stopPropagation(),b.preventDefault(),alert(js_vars.h5uM.selAlb))}function C(b){b.stopPropagation();b.preventDefault();b.target.className="dragover"==b.type?"hover":""}function K(b){var a,c;L=u.offsetWidth;C(b);if(h5u_albSel.value){D&&(D=E=F=0);b=b.target.files||b.dataTransfer.files;for(a=0;c=b[a];a++)E+=c.size,g.push(c),v.innerHTML=g.length,w(!1,"fsel");g.length>x&&(p.style.display="inline-block")}else alert(js_vars.h5uM.selAlb)}function M(){q||
-(D=1,typeof("function"==H5up_done)&&H5up_done(G,H),H=G=0)}function w(b,a){b&&("ufo"==a&&G++,--r||g.length||M());!q&&g.length&&(!x||r<x)&&(b=g.shift(),new P(b),r++,v.innerHTML=g.length);0>=g.length&&(p.style.display="none",t.style.display="none")}function Q(b,a){var c=this;c.show=function(e){c.pb.style.backgroundPosition=Math.floor(c.pb.offsetWidth*e)+"px 0";1===e&&(c.pb.innerHTML=c.fObj.fileName,c.pb.className="indeterm")};c.msg=function(e,y){c.pb.innerHTML+="<br />"+e;y&&(c.pb.className="failure",
-H++)};c.remove=function(){c.pb._ufo=null;I.removeChild(c.pb);c.fObj=null};c.pb=I.appendChild(document.createElement("p"));a&&(c.pb.className=a);c.pb.appendChild(document.createTextNode(b.fileName));c.pb.innerHTML+='<img src="'+js_vars.H5uPath+'css/redX.png" class="abortX" onclick="this.parentNode._ufo.abort(true);" />';c.pb._ufo=b;c.fObj=b;return this}function z(b){!u||0>b||(F+=b,u.style.backgroundPosition=Math.floor(L*F/E)+"px 0")}function R(){var b={},a;for(a in k){var c=k[a];var e=$id(c);if(e)switch(e.type){case "checkbox":b[c]=
-e.checked?1:0;break;default:b[c]=e.value}}b.album=h5u_albSel.value;return b}function m(b,a){for(var c in a)b.append(c,a[c])}function P(b){var a=this;a.upFile=b;a.fileName=b.fileName||b.name;a.size=b.size;a.upState="";a.doChnk=a.upFile.size>js_vars.maxchunksize;a.chnkSize=Math.round(js_vars.maxchunksize/2)-3072;a.relPath=b.webkitRelativePath||a.fileName;a.uniqueId=a.size+"-"+a.relPath.replace(/[^0-9a-zA-Z_-]/img,"");a.actSize=0;a.startByte=0;a.lastsz=0;a.numChnks=Math.max(Math.floor(a.size/a.chnkSize),
-1);a.chnkNum=0;a.fData=null;a.upForm=R();a.xhr=new XMLHttpRequest;var c=a.upFile.slice?"slice":a.upFile.mozSlice?"mozSlice":a.upFile.webkitSlice?"webkitSlice":"slice",e=function(f){a.xhr&&(a.xhr.upload.onprogress=null,a.xhr.onabort=null,a.xhr.onerror=null,a.xhr.onload=null,a.xhr=null);a.fData=null;f&&a.pBar&&(a.pBar.remove(),a.pBar=null);w(!0,"ufo")},y=function(){a.fData=new FormData;m(a.fData,js_vars.fup_payload)},N=function(){y();switch(a.upState){case "":m(a.fData,a.upForm);a.fData.append("Filedata",
-a.upFile);a.upState="upld";break;case "upld":e(!0);return}a.xhr.open("POST",h);a.xhr.send(a.fData)},J=function(){y();switch(a.upState){case "":m(a.fData,{chunkact:"pref",file:a.fileName,size:a.size,album:h5u_albSel.value});a.upState="chnk";break;case "chnk":m(a.fData,{chunkact:"chnk",identifier:a.uniqueId,filename:a.fileName,totalChunks:a.numChnks});if(a.chnkNum==a.numChnks){e(!0);return}a.startByte=a.chnkNum*a.chnkSize;a.endByte=Math.min(a.size,(a.chnkNum+1)*a.chnkSize);a.size-a.endByte<a.chnkSize&&
-(a.endByte=a.size);a.actSize=a.endByte-a.startByte;a.fData.append("chunkNumber",++a.chnkNum);a.chnkNum==a.numChnks&&m(a.fData,a.upForm);a.fData.append("Filedata",a.upFile[c](a.startByte,a.endByte));a.lastsz=0;break;case "abrt":a.xhr.timeout=1E4;m(a.fData,{chunkact:"abrt",identifier:a.uniqueId,filename:a.fileName});a.upState="nil";break;case "nil":e();return}a.xhr.open("POST",h);a.xhr.send(a.fData)},A={prog:function(f){if(f.lengthComputable){var n=Math.round(f.loaded/f.total*a.actSize);"chnk"==a.upState&&
-a.chnkNum?(a.pBar.show((a.startByte+n)/a.size),z(n-a.lastsz),a.lastsz=n):"upld"==a.upState&&(a.pBar.show(f.loaded/f.total),n=Math.round(f.loaded/f.total*a.size),z(n-a.lastsz),a.lastsz=n)}},chng:function(f){4>this.readyState||(200!==this.status?(z(a.size-a.startByte-a.lastsz),a.lastsz=a.size,0===this.status?(a.pBar.msg("-- "+js_vars.h5uM.aborted,!0),a.doChnk?(a.upState="abrt",J()):e()):(a.pBar.msg(this.responseText||this.response||this.statusText||this.status,!0),e())):200===this.status&&(this.responseText.length?
-a.pBar.msg(this.responseText,!0):a.doChnk?J():N()))},fail:function(f){a.pBar.msg(a.xhr.responseText,!0)}};a.abort=function(f){a.xhr?(f=a.xhr.readyState,4>f&&0!==f?a.xhr.abort():A.abrt()):(a.pBar.remove(),a.pBar=null)};a.pBar=new Q(a,a.doChnk?"chunked":"");var B="",O=b.name.split(".");1==O.length||"object"==typeof js_vars.allowed_file_types&&0>js_vars.allowed_file_types.indexOf(O.pop().toLowerCase())?B='<img src="'+js_vars.H5uPath+'css/info.png" class="infog" onclick="showAllowedExts();" /> '+js_vars.h5uM.type_err:
-b.size>js_vars.maxfilesize&&(B=js_vars.h5uM.size_err);if(B)a.pBar.msg(B,!0),z(b.size),a.xhr=null,w(!0,"errM");else return a.xhr.onreadystatechange=A.chng,a.xhr.upload.onerror=A.fail,a.xhr.upload.onprogress=A.prog,a.doChnk?J():N(),this}var u,L,I,v,g=[],x=js_vars.concurrent,q=!1,r=0,E=0,F=0,D=0,G=0,H=0,p,t;d.H5uQctrl={stop:function(){q=!0;p.style.display="none";t.style.display="inline-block"},go:function(){q=!1;p.style.display="inline-block";for(t.style.display="none";g.length&&r<x;)w(!1,"go")},cancel:function(){g.length=
-0;q=!1;t.style.display="none";v.innerHTML=0;r||M()}};$ae(d,"DOMContentLoaded",function(){var b=$id("upload_field"),a=$id("dropArea");d.File&&d.FileList?(v=$id("qcount"),p=$id("qstop"),t=$id("qgocan"),b&&($ae(b,"click",l),$ae(b,"change",K)),b=new XMLHttpRequest,b.upload&&($ae(a,"dragover",C),$ae(a,"dragleave",C),$ae(a,"drop",K),a.style.display="block",u=$id("totprogress"),I=$id("fprogress")),h5u_albSel=document.getElementsByName("h5u_album")[0]):($id("h5upldrow").style.display="none",$id("navailrow").style.display=
-"table-row")})})(window,"uniload.php","autorient flistitl title caption keywords user1 user2 user3 user4".split(" "));function showAllowedExts(){alert(js_vars.h5uM.extallow+js_vars.allowed_file_types.join(", "))}function shide_titlrow(d){var h=$id("titlrow");d.checked?h.style.display="none":h.style.display="table-row"};
\ No newline at end of file
+'use strict';var redirURL="",h5u_albSel=null;function $id(f){return document.getElementById(f)}function $ae(f,h,k){f.addEventListener(h,k,!1)}
+function H5up_done(f,h){var k=".php?album="+h5u_albSel.value;redirURL=0<js_vars.user_id||1==js_vars.guest_edit?js_vars.site_url+"/editpics"+k+"&newer_than="+js_vars.timestamp:js_vars.site_url+"/thumbnails"+k;f&&(f=new FormData,f.append("album",h5u_albSel.value),fetch("notifyupload.php",{method:"POST",body:f}).then(l=>l.text()).then(l=>{console.log("Success:",l);"1"==js_vars.autoedit&&0===h&&(window.location=redirURL)}).catch(l=>{console.error("Error:",l)}));$id("gotoedit").style.display="table-row"}
+(function(f,h,k){function l(b){h5u_albSel.value||(b.stopPropagation(),b.preventDefault(),alert(js_vars.h5uM.selAlb))}function C(b){b.stopPropagation();b.preventDefault();b.target.className="dragover"==b.type?"hover":""}function K(b){var a,c;L=u.offsetWidth;C(b);if(h5u_albSel.value){D&&(D=E=F=0);b=b.target.files||b.dataTransfer.files;for(a=0;c=b[a];a++)E+=c.size,g.push(c),v.innerHTML=g.length,w(!1,"fsel");g.length>x&&(p.style.display="inline-block")}else alert(js_vars.h5uM.selAlb)}function M(){q||
+(D=1,typeof("function"==H5up_done)&&H5up_done(G,H),H=G=0)}function w(b,a){b&&("ufo"==a&&G++,--r||g.length||M());!q&&g.length&&(!x||r<x)&&(b=g.shift(),new P(b),r++,v.innerHTML=g.length);0>=g.length&&(p.style.display="none",t.style.display="none")}function Q(b,a){var c=this;c.show=function(d){c.pb.style.backgroundPosition=Math.floor(c.pb.offsetWidth*d)+"px 0";1===d&&(c.pb.innerHTML=c.fObj.fileName,c.pb.className="indeterm")};c.msg=function(d,y){c.pb.innerHTML+="<br />"+d;y&&(c.pb.className="failure",
+H++)};c.remove=function(){c.pb._ufo=null;I.removeChild(c.pb);c.fObj=null};c.pb=I.appendChild(document.createElement("p"));a&&(c.pb.className=a);c.pb.appendChild(document.createTextNode(b.fileName));c.pb.innerHTML+='<img src="'+js_vars.H5uPath+'css/redX.png" class="abortX" onclick="this.parentNode._ufo.abort(true);" />';c.pb._ufo=b;c.fObj=b;return this}function z(b){!u||0>b||(F+=b,u.style.backgroundPosition=Math.floor(L*F/E)+"px 0")}function R(){var b={},a;for(a in k){var c=k[a];var d=$id(c);if(d)switch(d.type){case "checkbox":b[c]=
+d.checked?1:0;break;default:b[c]=d.value}}b.album=h5u_albSel.value;return b}function m(b,a){for(var c in a)b.append(c,a[c])}function P(b){var a=this;a.upFile=b;a.fileName=b.fileName||b.name;a.size=b.size;a.upState="";a.doChnk=a.upFile.size>js_vars.maxchunksize;a.chnkSize=Math.round(js_vars.maxchunksize/2)-3072;a.relPath=b.webkitRelativePath||a.fileName;a.uniqueId=a.size+"-"+a.relPath.replace(/[^0-9a-zA-Z_-]/img,"");a.actSize=0;a.startByte=0;a.lastsz=0;a.numChnks=Math.max(Math.floor(a.size/a.chnkSize),
+1);a.chnkNum=0;a.fData=null;a.upForm=R();a.xhr=new XMLHttpRequest;var c=a.upFile.slice?"slice":a.upFile.mozSlice?"mozSlice":a.upFile.webkitSlice?"webkitSlice":"slice",d=function(e){a.xhr&&(a.xhr.upload.onprogress=null,a.xhr.onabort=null,a.xhr.onerror=null,a.xhr.onload=null,a.xhr=null);a.fData=null;e&&a.pBar&&(a.pBar.remove(),a.pBar=null);w(!0,"ufo")},y=function(){a.fData=new FormData;m(a.fData,js_vars.fup_payload)},N=function(){y();switch(a.upState){case "":m(a.fData,a.upForm);a.fData.append("Filedata",
+a.upFile);a.upState="upld";break;case "upld":d(!0);return}a.xhr.open("POST",h);a.xhr.send(a.fData)},J=function(){y();switch(a.upState){case "":m(a.fData,{chunkact:"pref",file:a.fileName,size:a.size,album:h5u_albSel.value});a.upState="chnk";break;case "chnk":m(a.fData,{chunkact:"chnk",identifier:a.uniqueId,filename:a.fileName,totalChunks:a.numChnks});if(a.chnkNum==a.numChnks){d(!0);return}a.startByte=a.chnkNum*a.chnkSize;a.endByte=Math.min(a.size,(a.chnkNum+1)*a.chnkSize);a.size-a.endByte<a.chnkSize&&
+(a.endByte=a.size);a.actSize=a.endByte-a.startByte;a.fData.append("chunkNumber",++a.chnkNum);a.chnkNum==a.numChnks&&m(a.fData,a.upForm);a.fData.append("Filedata",a.upFile[c](a.startByte,a.endByte));a.lastsz=0;break;case "abrt":a.xhr.timeout=1E4;m(a.fData,{chunkact:"abrt",identifier:a.uniqueId,filename:a.fileName});a.upState="nil";break;case "nil":d();return}a.xhr.open("POST",h);a.xhr.send(a.fData)},A={prog:function(e){if(e.lengthComputable){var n=Math.round(e.loaded/e.total*a.actSize);"chnk"==a.upState&&
+a.chnkNum?(a.pBar.show((a.startByte+n)/a.size),z(n-a.lastsz),a.lastsz=n):"upld"==a.upState&&(a.pBar.show(e.loaded/e.total),n=Math.round(e.loaded/e.total*a.size),z(n-a.lastsz),a.lastsz=n)}},chng:function(e){4>this.readyState||(200!==this.status?(z(a.size-a.startByte-a.lastsz),a.lastsz=a.size,0===this.status?(a.pBar.msg("-- "+js_vars.h5uM.aborted,!0),a.doChnk?(a.upState="abrt",J()):d()):(a.pBar.msg(this.responseText||this.response||this.statusText||this.status,!0),d())):200===this.status&&(this.responseText.length?
+a.pBar.msg(this.responseText,!0):a.doChnk?J():N()))},fail:function(e){a.pBar.msg(a.xhr.responseText,!0)}};a.abort=function(e){a.xhr?(e=a.xhr.readyState,4>e&&0!==e?a.xhr.abort():A.abrt()):(a.pBar.remove(),a.pBar=null)};a.pBar=new Q(a,a.doChnk?"chunked":"");var B="",O=b.name.split(".");1==O.length||"object"==typeof js_vars.allowed_file_types&&0>js_vars.allowed_file_types.indexOf(O.pop().toLowerCase())?B='<img src="'+js_vars.H5uPath+'css/info.png" class="infog" onclick="showAllowedExts();" /> '+js_vars.h5uM.type_err:
+b.size>js_vars.maxfilesize&&(B=js_vars.h5uM.size_err);if(B)a.pBar.msg(B,!0),z(b.size),a.xhr=null,w(!0,"errM");else return a.xhr.onreadystatechange=A.chng,a.xhr.upload.onerror=A.fail,a.xhr.upload.onprogress=A.prog,a.doChnk?J():N(),this}var u,L,I,v,g=[],x=js_vars.concurrent,q=!1,r=0,E=0,F=0,D=0,G=0,H=0,p,t;f.H5uQctrl={stop:function(){q=!0;p.style.display="none";t.style.display="inline-block"},go:function(){q=!1;p.style.display="inline-block";for(t.style.display="none";g.length&&r<x;)w(!1,"go")},cancel:function(){g.length=
+0;q=!1;t.style.display="none";v.innerHTML=0;r||M()}};$ae(document,"readystatechange",b=>{if("interactive"===b.target.readyState){var a=$id("upload_field");b=$id("dropArea");f.File&&f.FileList?(v=$id("qcount"),p=$id("qstop"),t=$id("qgocan"),a&&($ae(a,"click",l),$ae(a,"change",K)),a=new XMLHttpRequest,a.upload&&($ae(b,"dragover",C),$ae(b,"dragleave",C),$ae(b,"drop",K),b.style.display="block",u=$id("totprogress"),I=$id("fprogress")),h5u_albSel=document.getElementsByName("h5u_album")[0]):($id("h5upldrow").style.display=
+"none",$id("navailrow").style.display="table-row")}})})(window,"uniload.php","autorient flistitl title caption keywords user1 user2 user3 user4".split(" "));function showAllowedExts(){alert(js_vars.h5uM.extallow+js_vars.allowed_file_types.join(", "))}function shide_titlrow(f){var h=$id("titlrow");f.checked?h.style.display="none":h.style.display="table-row"};
\ No newline at end of file