public function init($extra)
{
require_once '../model/Error.inc.php';
if ($this->profile) {
Zotero_DB::profileStart($this->profileShard);
}
$this->startTime = microtime(true);
// Inflate gzipped data
if (!empty($_SERVER['HTTP_CONTENT_ENCODING']) && $_SERVER['HTTP_CONTENT_ENCODING'] == 'gzip') {
$gzdata = file_get_contents('php://input');
// Firefox 12 and above include the standard gzip header,
// which needs to be stripped
if (substr($gzdata, 0, 3) == chr(31) . chr(139) . chr(8)) {
// 1F 8B 08
$gzdata = substr($gzdata, 10);
}
$data = gzinflate($gzdata);
parse_str($data, $_POST);
foreach ($_POST as $key => $val) {
$_REQUEST[$key] = $val;
}
}
$this->responseXML = Zotero_Sync::getResponseXML();
//if (!Z_CONFIG::$SYNC_ENABLED && $_SERVER["REMOTE_ADDR"] != '') {
if (!Z_CONFIG::$SYNC_ENABLED) {
$this->error(503, 'SERVER_ERROR', Z_CONFIG::$MAINTENANCE_MESSAGE);
}
if (empty($_REQUEST['version'])) {
if ($this->action == 'index') {
echo "Nothing to see here.";
exit;
}
$this->error(400, 'NO_API_VERSION', "API version not specified");
}
$upgradeMessage = "Due to improvements made to sync functionality, you must upgrade to Zotero 3.0 or later from zotero.org to sync your Zotero library.";
if (isset($_SERVER['HTTP_X_ZOTERO_VERSION'])) {
require_once '../model/ToolkitVersionComparator.inc.php';
// Avoid infinite loop due to client bug
if ($_SERVER['HTTP_X_ZOTERO_VERSION'] == "2.0b6") {
die("Please upgrade to the latest version of Zotero from zotero.org.");
} else {
if (ToolkitVersionComparator::compare($_SERVER['HTTP_X_ZOTERO_VERSION'], "3.0") < 0) {
$this->error(400, 'UPGRADE_REQUIRED', $upgradeMessage);
} else {
if (isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/17") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/18") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/19") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/20") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/21") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/22") !== false) && ToolkitVersionComparator::compare($_SERVER['HTTP_X_ZOTERO_VERSION'], "3.0.9") < 0) {
$this->error(400, 'UPGRADE_REQUIRED', "Your version of Zotero is not compatible with Firefox 17 or later. Please upgrade to the latest version of Zotero from zotero.org.");
}
}
}
}
if (!in_array($_REQUEST['version'], $this->validAPIVersions)) {
if ($_REQUEST['version'] < 9) {
$this->error(400, 'UPGRADE_REQUIRED', $upgradeMessage);
}
$this->error(400, 'INVALID_API_VERSION', "Invalid request API version '{$_REQUEST['version']}'");
}
$this->apiVersion = (int) $_REQUEST['version'];
$this->responseXML['version'] = $this->apiVersion;
}
public function __construct($action, $settings, $extra)
{
require_once '../model/Error.inc.php';
if ($this->profile) {
Zotero_DB::profileStart($this->profileShard);
}
$this->startTime = microtime(true);
// Inflate gzipped data
if (!empty($_SERVER['HTTP_CONTENT_ENCODING']) && $_SERVER['HTTP_CONTENT_ENCODING'] == 'gzip') {
$gzdata = file_get_contents('php://input');
// Firefox 12 and above include the standard gzip header,
// which needs to be stripped
if (substr($gzdata, 0, 3) == chr(31) . chr(139) . chr(8)) {
// 1F 8B 08
$gzdata = substr($gzdata, 10);
}
$data = gzinflate($gzdata);
parse_str($data, $_POST);
foreach ($_POST as $key => $val) {
$_REQUEST[$key] = $val;
}
}
$this->responseXML = Zotero_Sync::getResponseXML();
//if (!Z_CONFIG::$SYNC_ENABLED && $_SERVER["REMOTE_ADDR"] != '') {
if (!Z_CONFIG::$SYNC_ENABLED) {
$this->error(503, 'SERVER_ERROR', Z_CONFIG::$MAINTENANCE_MESSAGE);
}
if (empty($_REQUEST['version'])) {
if ($action == 'index') {
echo "Nothing to see here.";
exit;
}
$this->error(400, 'NO_API_VERSION', "API version not specified");
}
$upgradeMessage = "Due to improvements made to sync functionality, you must upgrade to Zotero 2.0 or later (via Firefox's Tools menu -> Add-ons -> Extensions -> Find Updates or from zotero.org) to sync your Zotero library.";
if (isset($_SERVER['HTTP_X_ZOTERO_VERSION'])) {
require_once '../model/ToolkitVersionComparator.inc.php';
if ($_SERVER['HTTP_X_ZOTERO_VERSION'] == "2.0b6") {
die("Please upgrade to Zotero 2.0 via Tools -> Add-ons -> Extensions -> Find Updates or from zotero.org.");
} else {
if (preg_match("/2.0b[0-9].SVN/", $_SERVER['HTTP_X_ZOTERO_VERSION'])) {
// Can't use version for SVN builds
} else {
if (ToolkitVersionComparator::compare($_SERVER['HTTP_X_ZOTERO_VERSION'], "2.0rc.r5716") < 0) {
$this->error(400, 'UPGRADE_REQUIRED', $upgradeMessage);
}
}
}
}
if (!in_array($_REQUEST['version'], $this->validAPIVersions)) {
if ($_REQUEST['version'] < 8) {
$this->error(400, 'UPGRADE_REQUIRED', $upgradeMessage);
}
$this->error(400, 'INVALID_API_VERSION', "Invalid request API version '{$_REQUEST['version']}'");
}
$this->apiVersion = (int) $_REQUEST['version'];
$this->responseXML['version'] = $this->apiVersion;
}
public function init($extra)
{
$this->startTime = microtime(true);
if (!Z_CONFIG::$API_ENABLED) {
$this->e503(Z_CONFIG::$MAINTENANCE_MESSAGE);
}
set_exception_handler(array($this, 'handleException'));
// TODO: Throw error on some notices but allow DB/Memcached/etc. failures?
//set_error_handler(array($this, 'handleError'), E_ALL | E_USER_ERROR | E_RECOVERABLE_ERROR);
set_error_handler(array($this, 'handleError'), E_USER_ERROR | E_RECOVERABLE_ERROR);
require_once '../model/Error.inc.php';
// On testing sites, include notifications in headers
if (Z_CONFIG::$TESTING_SITE) {
Zotero_NotifierObserver::addMessageReceiver(function ($topic, $msg) {
$header = "Zotero-Debug-Notifications";
if (!empty($this->headers[$header])) {
$notifications = json_decode(base64_decode($this->headers[$header]));
} else {
$notifications = [];
}
$notifications[] = $msg;
$this->headers[$header] = base64_encode(json_encode($notifications));
});
}
register_shutdown_function(array($this, 'checkDBTransactionState'));
register_shutdown_function(array($this, 'logTotalRequestTime'));
register_shutdown_function(array($this, 'checkForFatalError'));
register_shutdown_function(array($this, 'addHeaders'));
$this->method = $_SERVER['REQUEST_METHOD'];
if (!in_array($this->method, array('HEAD', 'OPTIONS', 'GET', 'PUT', 'POST', 'DELETE', 'PATCH'))) {
$this->e501();
}
StatsD::increment("api.request.method." . strtolower($this->method), 0.25);
// There doesn't seem to be a way for PHP to start processing the request
// before the entire body is sent, so an Expect: 100 Continue will,
// depending on the client, either fail or cause a delay while the client
// waits for the 100 response. To make this explicit, we return an error.
if (!empty($_SERVER['HTTP_EXPECT'])) {
header("HTTP/1.1 417 Expectation Failed");
die("Expect header is not supported");
}
// CORS
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: HEAD, GET, POST, PUT, PATCH, DELETE");
header("Access-Control-Allow-Headers: Content-Type, If-Match, If-None-Match, If-Modified-Since-Version, If-Unmodified-Since-Version, Zotero-API-Version, Zotero-Write-Token");
header("Access-Control-Expose-Headers: Backoff, ETag, Last-Modified-Version, Link, Retry-After, Total-Results, Zotero-API-Version");
}
if ($this->method == 'OPTIONS') {
$this->end();
}
if (in_array($this->method, array('POST', 'PUT', 'PATCH'))) {
$this->ifUnmodifiedSince = isset($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) ? strtotime($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) : false;
$this->body = file_get_contents("php://input");
if ($this->body == "" && !in_array($this->action, array('clear', 'laststoragesync', 'removestoragefiles', 'itemContent'))) {
$this->e400("{$this->method} data not provided");
}
}
if ($this->profile) {
Zotero_DB::profileStart();
}
// If HTTP Basic Auth credentials provided, authenticate
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if ($username == Z_CONFIG::$API_SUPER_USERNAME && $password == Z_CONFIG::$API_SUPER_PASSWORD) {
$this->userID = 0;
$this->permissions = new Zotero_Permissions();
$this->permissions->setSuper();
} else {
if (!empty($extra['allowHTTP']) || !empty($extra['auth'])) {
$userID = Zotero_Users::authenticate('password', array('username' => $username, 'password' => $password));
if (!$userID) {
$this->e401('Invalid login');
}
$this->httpAuth = true;
$this->userID = $userID;
$this->grantUserPermissions($userID);
}
}
}
if (!isset($this->userID)) {
$key = false;
// Allow Zotero-API-Key header
if (!empty($_SERVER['HTTP_ZOTERO_API_KEY'])) {
$key = $_SERVER['HTTP_ZOTERO_API_KEY'];
}
// Allow ?key=<apikey>
if (isset($_GET['key'])) {
if (!$key) {
$key = $_GET['key'];
} else {
if ($_GET['key'] !== $key) {
$this->e400("Zotero-API-Key header and 'key' parameter differ");
}
}
}
// If neither of the above passed, allow "Authorization: Bearer <apikey>"
//
// Apache/mod_php doesn't seem to make Authorization available for auth schemes
// other than Basic/Digest, so use an Apache-specific method to get the header
if (!$key && function_exists('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers['Authorization'])) {
// Look for "Authorization: Bearer" from OAuth 2.0, and ignore everything else
if (preg_match('/^bearer/i', $headers['Authorization'], $matches)) {
if (preg_match('/^bearer +([a-z0-9]+)$/i', $headers['Authorization'], $matches)) {
$key = $matches[1];
} else {
$this->e400("Invalid Authorization header format");
}
}
}
}
if ($key) {
$keyObj = Zotero_Keys::authenticate($key);
if (!$keyObj) {
$this->e403('Invalid key');
}
$this->apiKey = $key;
$this->userID = $keyObj->userID;
$this->permissions = $keyObj->getPermissions();
// Check Zotero-Write-Token if it exists to make sure
// this isn't a duplicate request
if ($this->isWriteMethod()) {
if ($cacheKey = $this->getWriteTokenCacheKey()) {
if (Z_Core::$MC->get($cacheKey)) {
$this->e412("Write token already used");
}
}
}
} else {
if (!empty($_GET['session']) && ($this->userID = Zotero_Users::getUserIDFromSessionID($_GET['session']))) {
// Users who haven't synced may not exist in our DB
if (!Zotero_Users::exists($this->userID)) {
Zotero_Users::add($this->userID);
}
$this->grantUserPermissions($this->userID);
$this->cookieAuth = true;
} else {
if (!empty($_GET['auth']) || !empty($extra['auth'])) {
$this->e401();
}
// Explicit auth request or not a GET request
//
// /users/<id>/keys is an exception, since the key is embedded in the URL
if ($this->method != "GET" && $this->action != 'keys') {
$this->e403('An API key is required for write requests.');
}
// Anonymous request
$this->permissions = new Zotero_Permissions();
$this->permissions->setAnonymous();
}
}
}
$this->uri = Z_CONFIG::$API_BASE_URI . substr($_SERVER["REQUEST_URI"], 1);
// Get object user
if (isset($this->objectUserID)) {
if (!$this->objectUserID) {
$this->e400("Invalid user ID", Z_ERROR_INVALID_INPUT);
}
try {
$this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID);
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) {
try {
Zotero_Users::addFromWWW($this->objectUserID);
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) {
$this->e404("User {$this->objectUserID} not found");
}
throw $e;
}
$this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID);
} else {
throw $e;
}
}
// Make sure user isn't banned
if (!Zotero_Users::isValidUser($this->objectUserID)) {
$this->e404();
}
} else {
if (isset($this->objectGroupID)) {
if (!$this->objectGroupID) {
$this->e400("Invalid group ID", Z_ERROR_INVALID_INPUT);
}
// Make sure group exists
$group = Zotero_Groups::get($this->objectGroupID);
if (!$group) {
$this->e404();
}
// Don't show groups owned by banned users
if (!Zotero_Users::isValidUser($group->ownerUserID)) {
$this->e404();
}
$this->objectLibraryID = Zotero_Groups::getLibraryIDFromGroupID($this->objectGroupID);
}
}
$apiVersion = !empty($_SERVER['HTTP_ZOTERO_API_VERSION']) ? (int) $_SERVER['HTTP_ZOTERO_API_VERSION'] : false;
// Serve v1 to ZotPad 1.x, at Mikko's request
if (!$apiVersion && !empty($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'ZotPad 1') === 0) {
$apiVersion = 1;
}
// For publications URLs (e.g., /users/:userID/publications/items), swap in
// objectLibraryID of user's publications library
if (!empty($extra['publications'])) {
// Query parameters not yet parsed, so check version parameter
if ($apiVersion && $apiVersion < 3 || !empty($_REQUEST['v']) && $_REQUEST['v'] < 3 || !empty($_REQUEST['version']) && $_REQUEST['version'] == 1) {
$this->e404();
}
$userLibraryID = $this->objectLibraryID;
$this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID, 'publications');
// If one doesn't exist, for write requests create a library if the key
// has write permission to the user library. For read requests, just
// return a 404.
if (!$this->objectLibraryID) {
if ($this->isWriteMethod()) {
if (!$this->permissions->canAccess($userLibraryID) || !$this->permissions->canWrite($userLibraryID)) {
$this->e403();
}
$this->objectLibraryID = Zotero_Publications::add($this->objectUserID);
} else {
$this->objectLibraryID = 0;
}
}
}
// Return 409 if target library is locked
switch ($this->method) {
case 'POST':
case 'PUT':
case 'DELETE':
switch ($this->action) {
// Library lock doesn't matter for some admin requests
case 'keys':
case 'storageadmin':
break;
default:
if ($this->objectLibraryID && Zotero_Libraries::isLocked($this->objectLibraryID)) {
$this->e409("Target library is locked");
}
break;
}
}
$this->scopeObject = !empty($extra['scopeObject']) ? $extra['scopeObject'] : $this->scopeObject;
$this->subset = !empty($extra['subset']) ? $extra['subset'] : $this->subset;
$this->fileMode = !empty($extra['file']) ? !empty($_GET['info']) ? 'info' : 'download' : false;
$this->fileView = !empty($extra['view']);
$this->singleObject = $this->objectKey && !$this->subset;
$this->checkLibraryIfModifiedSinceVersion($this->action);
// If Accept header includes application/atom+xml, send Atom, as long as there's no 'format'
$atomAccepted = false;
if (!empty($_SERVER['HTTP_ACCEPT'])) {
$accept = preg_split('/\\s*,\\s*/', $_SERVER['HTTP_ACCEPT']);
$atomAccepted = in_array('application/atom+xml', $accept);
}
$this->queryParams = Zotero_API::parseQueryParams($_SERVER['QUERY_STRING'], $this->action, $this->singleObject, $apiVersion, $atomAccepted);
// Sorting by Item Type or Added By currently require writing to shard tables, so don't
// send those to the read replicas
if ($this->queryParams['sort'] == 'itemType' || $this->queryParams['sort'] == 'addedBy') {
Zotero_DB::readOnly(false);
}
$this->apiVersion = $version = $this->queryParams['v'];
header("Zotero-API-Version: " . $version);
StatsD::increment("api.request.version.v" . $version, 0.25);
}
public function __construct($action, $settings, $extra)
{
if (!Z_CONFIG::$API_ENABLED) {
$this->e503(Z_CONFIG::$MAINTENANCE_MESSAGE);
}
set_exception_handler(array($this, 'handleException'));
set_error_handler(array($this, 'handleError'), E_USER_ERROR);
require_once '../model/Error.inc.php';
$this->startTime = microtime(true);
$this->method = $_SERVER['REQUEST_METHOD'];
/*if (isset($_SERVER['REMOTE_ADDR'])
&& in_array($_SERVER['REMOTE_ADDR'], array(''))) {
header("HTTP/1.1 429 Rate Limited");
die("Too many requests");
}*/
if (!in_array($this->method, array('HEAD', 'GET', 'PUT', 'POST', 'DELETE', 'PATCH'))) {
header("HTTP/1.1 501 Not Implemented");
die("Method is not implemented");
}
// There doesn't seem to be a way for PHP to start processing the request
// before the entire body is sent, so an Expect: 100 Continue will,
// depending on the client, either fail or cause a delay while the client
// waits for the 100 response. To make this explicit, we return an error.
if (!empty($_SERVER['HTTP_EXPECT'])) {
header("HTTP/1.1 417 Expectation Failed");
die("Expect header is not supported");
}
if (in_array($this->method, array('POST', 'PUT', 'PATCH'))) {
$this->ifUnmodifiedSince = isset($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) ? strtotime($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) : false;
$this->body = file_get_contents("php://input");
}
if ($this->profile) {
Zotero_DB::profileStart($this->profileShard);
}
// If HTTP Basic Auth credentials provided, authenticate
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if ($username == Z_CONFIG::$API_SUPER_USERNAME && $password == Z_CONFIG::$API_SUPER_PASSWORD) {
$this->userID = 0;
$this->permissions = new Zotero_Permissions();
$this->permissions->setSuper();
} else {
if (!empty($extra['allowHTTP'])) {
$userID = Zotero_Users::authenticate('password', array('username' => $username, 'password' => $password));
if (!$userID) {
$this->e401('Invalid login');
}
$this->httpAuth = true;
$this->userID = $userID;
$this->grantUserPermissions($userID);
} else {
$this->e401('Invalid login');
}
}
} else {
if (isset($_GET['key'])) {
$keyObj = Zotero_Keys::authenticate($_GET['key']);
if (!$keyObj) {
$this->e403('Invalid key');
}
$this->apiKey = $_GET['key'];
$this->userID = $keyObj->userID;
$this->permissions = $keyObj->getPermissions();
// Check X-Zotero-Write-Token if it exists to make sure
if ($this->method == 'POST' || $this->method == 'PUT') {
if ($cacheKey = $this->getWriteTokenCacheKey()) {
if (Z_Core::$MC->get($cacheKey)) {
$this->e412("Write token already used");
}
}
}
} else {
if (!empty($_COOKIE) && !empty($_GET['session']) && ($this->userID = Zotero_Users::getUserIDFromSession($_COOKIE, $_GET['session']))) {
$this->grantUserPermissions($this->userID);
$this->cookieAuth = true;
} else {
if (!empty($_GET['auth'])) {
$this->e401();
}
// Always challenge a 'me' request
if (!empty($extra['userID']) && $extra['userID'] == 'me') {
$this->e403('You must specify a key when making a /me request.');
}
// Explicit auth request or not a GET request
if ($this->method != "GET") {
$this->e403('You must specify a key to access the Zotero API.');
}
// Anonymous request
$this->permissions = new Zotero_Permissions();
$this->permissions->setAnonymous();
}
}
}
// Get the API version
if (empty($_REQUEST['version'])) {
$this->apiVersion = $this->defaultAPIVersion;
} else {
if (!in_array($_REQUEST['version'], $this->validAPIVersions)) {
$this->e400("Invalid request API version '{$_REQUEST['version']}'");
}
$this->apiVersion = (int) $_REQUEST['version'];
}
$this->uri = Z_CONFIG::$API_BASE_URI . substr($_SERVER["REQUEST_URI"], 1);
// Get object user
if (!empty($extra['userID'])) {
// Possibly temporary shortcut for viewing one's own data via HTTP Auth
if ($extra['userID'] == 'me') {
$objectUserID = $this->userID;
} else {
$objectUserID = (int) $extra['userID'];
if (!$objectUserID) {
$this->e400("Invalid user ID", Z_ERROR_INVALID_INPUT);
}
}
$this->objectUserID = $objectUserID;
try {
$this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($objectUserID);
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) {
try {
Zotero_Users::addFromWWW($objectUserID);
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) {
$this->e404();
}
throw $e;
}
$this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($objectUserID);
} else {
throw $e;
}
}
// Make sure user isn't banned
if (!Zotero_Users::isValidUser($objectUserID)) {
$this->e404();
}
} else {
if (!empty($extra['groupID'])) {
$objectGroupID = (int) $extra['groupID'];
if (!$objectGroupID) {
$this->e400("Invalid group ID", Z_ERROR_INVALID_INPUT);
}
// Make sure group exists
$group = Zotero_Groups::get($objectGroupID);
if (!$group) {
$this->e404();
}
// Don't show groups owned by banned users
if (!Zotero_Users::isValidUser($group->ownerUserID)) {
$this->e404();
}
$this->objectGroupID = $objectGroupID;
$this->objectLibraryID = Zotero_Groups::getLibraryIDFromGroupID($objectGroupID);
}
}
// Return 409 if target library is locked
switch ($this->method) {
case 'POST':
case 'PUT':
case 'DELETE':
switch ($action) {
// Library lock doesn't matter for some admin requests
case 'storageadmin':
break;
default:
if ($this->objectLibraryID && Zotero_Libraries::isLocked($this->objectLibraryID)) {
$this->e409("Target library is locked");
}
break;
}
}
$this->scopeObject = !empty($extra['scopeObject']) ? $extra['scopeObject'] : null;
$this->scopeObjectID = !empty($extra['scopeObjectID']) ? (int) $extra['scopeObjectID'] : null;
if (!empty($extra['scopeObjectKey'])) {
// Handle incoming requests using ids instead of keys
// - Keys might be all numeric, so only do this if length != 8
if (preg_match('/^[0-9]+$/', $extra['scopeObjectKey']) && strlen($extra['scopeObjectKey']) != 8) {
$this->scopeObjectID = (int) $extra['scopeObjectKey'];
} else {
if (preg_match('/[A-Z0-9]{8}/', $extra['scopeObjectKey'])) {
$this->scopeObjectKey = $extra['scopeObjectKey'];
}
}
}
$this->scopeObjectName = !empty($extra['scopeObjectName']) ? urldecode($extra['scopeObjectName']) : null;
// Can be either id or key
if (!empty($extra['key'])) {
if (!empty($_GET['key']) && strlen($_GET['key']) == 8) {
$this->objectKey = $extra['key'];
} else {
if (!empty($_GET['iskey'])) {
$this->objectKey = $extra['key'];
} else {
if (preg_match('/^[0-9]+$/', $extra['key'])) {
$this->objectID = (int) $extra['key'];
} else {
if (preg_match('/^[A-Z0-9]{8}$/', $extra['key'])) {
$this->objectKey = $extra['key'];
} else {
if ($extra['key'] != 'top') {
Z_Core::logError("=============");
Z_Core::logError("Invalid key");
Z_Core::logError($extra['key']);
}
}
}
}
}
}
if (!empty($extra['id'])) {
$this->objectID = (int) $extra['id'];
}
$this->objectName = !empty($extra['name']) ? urldecode($extra['name']) : null;
$this->subset = !empty($extra['subset']) ? $extra['subset'] : null;
$this->fileMode = !empty($extra['file']) ? !empty($_GET['info']) ? 'info' : 'download' : false;
$this->fileView = !empty($extra['view']);
$singleObject = ($this->objectID || $this->objectKey) && !$this->subset;
$this->queryParams = Zotero_API::parseQueryParams($_SERVER['QUERY_STRING'], $action, $singleObject);
}
private static function processUploadInternal($userID, SimpleXMLElement $xml, $syncQueueID = null, $syncProcessID = null)
{
$userLibraryID = Zotero_Users::getLibraryIDFromUserID($userID);
$affectedLibraries = self::parseAffectedLibraries($xml->asXML());
// Relations-only uploads don't have affected libraries
if (!$affectedLibraries) {
$affectedLibraries = array(Zotero_Users::getLibraryIDFromUserID($userID));
}
$processID = self::addUploadProcess($userID, $affectedLibraries, $syncQueueID, $syncProcessID);
set_time_limit(5400);
$profile = false;
if ($profile) {
$shardID = Zotero_Shards::getByUserID($userID);
Zotero_DB::profileStart($shardID);
}
try {
Zotero_DB::beginTransaction();
// Mark libraries as updated
foreach ($affectedLibraries as $libraryID) {
Zotero_Libraries::updateVersion($libraryID);
}
$timestamp = Zotero_Libraries::updateTimestamps($affectedLibraries);
Zotero_DB::registerTransactionTimestamp($timestamp);
// Make sure no other upload sessions use this same timestamp
// for any of these libraries, since we return >= 1 as the next
// last sync time
if (!Zotero_Libraries::setTimestampLock($affectedLibraries, $timestamp)) {
throw new Exception("Library timestamp already used", Z_ERROR_LIBRARY_TIMESTAMP_ALREADY_USED);
}
$modifiedItems = array();
// Add/update creators
if ($xml->creators) {
// DOM
$keys = array();
$xmlElements = dom_import_simplexml($xml->creators);
$xmlElements = $xmlElements->getElementsByTagName('creator');
Zotero_DB::query("SET foreign_key_checks = 0");
try {
$addedLibraryIDs = array();
$addedCreatorDataHashes = array();
foreach ($xmlElements as $xmlElement) {
$key = $xmlElement->getAttribute('key');
if (isset($keys[$key])) {
throw new Exception("Creator {$key} already processed");
}
$keys[$key] = true;
$creatorObj = Zotero_Creators::convertXMLToCreator($xmlElement);
if (Zotero_Utilities::unicodeTrim($creatorObj->firstName) === '' && Zotero_Utilities::unicodeTrim($creatorObj->lastName) === '') {
continue;
}
$addedLibraryIDs[] = $creatorObj->libraryID;
$changed = $creatorObj->save($userID);
// If the creator changed, we need to update all linked items
if ($changed) {
$modifiedItems = array_merge($modifiedItems, $creatorObj->getLinkedItems());
}
}
} catch (Exception $e) {
Zotero_DB::query("SET foreign_key_checks = 1");
throw $e;
}
Zotero_DB::query("SET foreign_key_checks = 1");
unset($keys);
unset($xml->creators);
//
// Manual foreign key checks
//
// libraryID
foreach (array_unique($addedLibraryIDs) as $addedLibraryID) {
$shardID = Zotero_Shards::getByLibraryID($addedLibraryID);
$sql = "SELECT COUNT(*) FROM shardLibraries WHERE libraryID=?";
if (!Zotero_DB::valueQuery($sql, $addedLibraryID, $shardID)) {
throw new Exception("libraryID inserted into `creators` not found in `shardLibraries` ({$addedLibraryID}, {$shardID})");
}
}
}
// Add/update items
$savedItems = array();
if ($xml->items) {
$childItems = array();
// DOM
$xmlElements = dom_import_simplexml($xml->items);
$xmlElements = $xmlElements->getElementsByTagName('item');
foreach ($xmlElements as $xmlElement) {
$libraryID = (int) $xmlElement->getAttribute('libraryID');
$key = $xmlElement->getAttribute('key');
if (isset($savedItems[$libraryID . "/" . $key])) {
throw new Exception("Item {$libraryID}/{$key} already processed");
}
$itemObj = Zotero_Items::convertXMLToItem($xmlElement);
if (!$itemObj->getSourceKey()) {
try {
$modified = $itemObj->save($userID);
if ($modified) {
$savedItems[$libraryID . "/" . $key] = true;
}
} catch (Exception $e) {
if (strpos($e->getMessage(), 'libraryIDs_do_not_match') !== false) {
throw new Exception($e->getMessage() . " ({$key})");
}
throw $e;
}
} else {
$childItems[] = $itemObj;
}
}
unset($xml->items);
while ($childItem = array_shift($childItems)) {
$libraryID = $childItem->libraryID;
$key = $childItem->key;
if (isset($savedItems[$libraryID . "/" . $key])) {
throw new Exception("Item {$libraryID}/{$key} already processed");
}
$modified = $childItem->save($userID);
if ($modified) {
$savedItems[$libraryID . "/" . $key] = true;
}
}
}
// Add/update collections
if ($xml->collections) {
$collections = array();
$collectionSets = array();
// DOM
// Build an array of unsaved collection objects and the keys of child items
$keys = array();
$xmlElements = dom_import_simplexml($xml->collections);
$xmlElements = $xmlElements->getElementsByTagName('collection');
foreach ($xmlElements as $xmlElement) {
$key = $xmlElement->getAttribute('key');
if (isset($keys[$key])) {
throw new Exception("Collection {$key} already processed");
}
$keys[$key] = true;
$collectionObj = Zotero_Collections::convertXMLToCollection($xmlElement);
$xmlItems = $xmlElement->getElementsByTagName('items')->item(0);
// Fix an error if there's leading or trailing whitespace,
// which was possible in 2.0.3
if ($xmlItems) {
$xmlItems = trim($xmlItems->nodeValue);
}
$arr = array('obj' => $collectionObj, 'items' => $xmlItems ? explode(' ', $xmlItems) : array());
$collections[] = $collectionObj;
$collectionSets[] = $arr;
}
unset($keys);
unset($xml->collections);
self::saveCollections($collections, $userID);
unset($collections);
// Set child items
foreach ($collectionSets as $collection) {
// Child items
if (isset($collection['items'])) {
$ids = array();
foreach ($collection['items'] as $key) {
$item = Zotero_Items::getByLibraryAndKey($collection['obj']->libraryID, $key);
if (!$item) {
throw new Exception("Child item '{$key}' of collection {$collection['obj']->id} not found", Z_ERROR_ITEM_NOT_FOUND);
}
$ids[] = $item->id;
}
$collection['obj']->setItems($ids);
}
}
unset($collectionSets);
}
// Add/update saved searches
if ($xml->searches) {
$searches = array();
$keys = array();
foreach ($xml->searches->search as $xmlElement) {
$key = (string) $xmlElement['key'];
if (isset($keys[$key])) {
throw new Exception("Search {$key} already processed");
}
$keys[$key] = true;
$searchObj = Zotero_Searches::convertXMLToSearch($xmlElement);
$searchObj->save($userID);
}
unset($xml->searches);
}
// Add/update tags
if ($xml->tags) {
$keys = array();
// DOM
$xmlElements = dom_import_simplexml($xml->tags);
$xmlElements = $xmlElements->getElementsByTagName('tag');
foreach ($xmlElements as $xmlElement) {
// TEMP
$tagItems = $xmlElement->getElementsByTagName('items');
if ($tagItems->length && $tagItems->item(0)->nodeValue == "") {
error_log("Skipping tag with no linked items");
continue;
}
$libraryID = (int) $xmlElement->getAttribute('libraryID');
$key = $xmlElement->getAttribute('key');
$lk = $libraryID . "/" . $key;
if (isset($keys[$lk])) {
throw new Exception("Tag {$lk} already processed");
}
$keys[$lk] = true;
$itemKeysToUpdate = array();
$tagObj = Zotero_Tags::convertXMLToTag($xmlElement, $itemKeysToUpdate);
// We need to update removed items, added items, and,
// if the tag itself has changed, existing items
$modifiedItems = array_merge($modifiedItems, array_map(function ($key) use($libraryID) {
return $libraryID . "/" . $key;
}, $itemKeysToUpdate));
$tagObj->save($userID, true);
}
unset($keys);
unset($xml->tags);
}
// Add/update relations
if ($xml->relations) {
// DOM
$xmlElements = dom_import_simplexml($xml->relations);
$xmlElements = $xmlElements->getElementsByTagName('relation');
foreach ($xmlElements as $xmlElement) {
$relationObj = Zotero_Relations::convertXMLToRelation($xmlElement, $userLibraryID);
if ($relationObj->exists()) {
continue;
}
$relationObj->save($userID);
}
unset($keys);
unset($xml->relations);
}
// Add/update settings
if ($xml->settings) {
// DOM
$xmlElements = dom_import_simplexml($xml->settings);
$xmlElements = $xmlElements->getElementsByTagName('setting');
foreach ($xmlElements as $xmlElement) {
$settingObj = Zotero_Settings::convertXMLToSetting($xmlElement);
$settingObj->save($userID);
}
unset($xml->settings);
}
if ($xml->fulltexts) {
// DOM
$xmlElements = dom_import_simplexml($xml->fulltexts);
$xmlElements = $xmlElements->getElementsByTagName('fulltext');
foreach ($xmlElements as $xmlElement) {
Zotero_FullText::indexFromXML($xmlElement, $userID);
}
unset($xml->fulltexts);
}
// TODO: loop
if ($xml->deleted) {
// Delete collections
if ($xml->deleted->collections) {
Zotero_Collections::deleteFromXML($xml->deleted->collections, $userID);
}
// Delete items
if ($xml->deleted->items) {
Zotero_Items::deleteFromXML($xml->deleted->items, $userID);
}
// Delete creators
if ($xml->deleted->creators) {
Zotero_Creators::deleteFromXML($xml->deleted->creators, $userID);
}
// Delete saved searches
if ($xml->deleted->searches) {
Zotero_Searches::deleteFromXML($xml->deleted->searches, $userID);
}
// Delete tags
if ($xml->deleted->tags) {
$xmlElements = dom_import_simplexml($xml->deleted->tags);
$xmlElements = $xmlElements->getElementsByTagName('tag');
foreach ($xmlElements as $xmlElement) {
$libraryID = (int) $xmlElement->getAttribute('libraryID');
$key = $xmlElement->getAttribute('key');
$tagObj = Zotero_Tags::getByLibraryAndKey($libraryID, $key);
if (!$tagObj) {
continue;
}
// We need to update all items on the deleted tag
$modifiedItems = array_merge($modifiedItems, array_map(function ($key) use($libraryID) {
return $libraryID . "/" . $key;
}, $tagObj->getLinkedItems(true)));
}
Zotero_Tags::deleteFromXML($xml->deleted->tags, $userID);
}
// Delete relations
if ($xml->deleted->relations) {
Zotero_Relations::deleteFromXML($xml->deleted->relations, $userID);
}
// Delete relations
if ($xml->deleted->settings) {
Zotero_Settings::deleteFromXML($xml->deleted->settings, $userID);
}
}
$toUpdate = array();
foreach ($modifiedItems as $item) {
// libraryID/key string
if (is_string($item)) {
if (isset($savedItems[$item])) {
continue;
}
$savedItems[$item] = true;
list($libraryID, $key) = explode("/", $item);
$item = Zotero_Items::getByLibraryAndKey($libraryID, $key);
if (!$item) {
// Item was deleted
continue;
}
} else {
$lk = $item->libraryID . "/" . $item->key;
if (isset($savedItems[$lk])) {
continue;
}
$savedItems[$lk] = true;
}
$toUpdate[] = $item;
}
Zotero_Items::updateVersions($toUpdate, $userID);
unset($savedItems);
unset($modifiedItems);
try {
self::removeUploadProcess($processID);
} catch (Exception $e) {
if (strpos($e->getMessage(), 'MySQL server has gone away') !== false) {
// Reconnect
error_log("Reconnecting to MySQL master");
Zotero_DB::close();
self::removeUploadProcess($processID);
} else {
throw $e;
}
}
// Send notifications for changed libraries
foreach ($affectedLibraries as $libraryID) {
Zotero_Notifier::trigger('modify', 'library', $libraryID);
}
Zotero_DB::commit();
if ($profile) {
$shardID = Zotero_Shards::getByUserID($userID);
Zotero_DB::profileEnd($shardID);
}
// Return timestamp + 1, to keep the next /updated call
// (using >= timestamp) from returning this data
return $timestamp + 1;
} catch (Exception $e) {
Zotero_DB::rollback(true);
self::removeUploadProcess($processID);
throw $e;
}
}
private static function processUploadInternal($userID, SimpleXMLElement $xml, $syncQueueID = null, $syncProcessID = null)
{
$userLibraryID = Zotero_Users::getLibraryIDFromUserID($userID);
$affectedLibraries = self::parseAffectedLibraries($xml->asXML());
// Relations-only uploads don't have affected libraries
if (!$affectedLibraries) {
$affectedLibraries = array(Zotero_Users::getLibraryIDFromUserID($userID));
}
$processID = self::addUploadProcess($userID, $affectedLibraries, $syncQueueID, $syncProcessID);
set_time_limit(5400);
$profile = false;
if ($profile) {
$shardID = Zotero_Shards::getByUserID($userID);
Zotero_DB::profileStart($shardID);
}
try {
Z_Core::$MC->begin();
Zotero_DB::beginTransaction();
// Mark libraries as updated
$timestamp = Zotero_Libraries::updateTimestamps($affectedLibraries);
Zotero_DB::registerTransactionTimestamp($timestamp);
// Make sure no other upload sessions use this same timestamp
// for any of these libraries, since we return >= 1 as the next
// last sync time
if (!Zotero_Libraries::setTimestampLock($affectedLibraries, $timestamp)) {
throw new Exception("Library timestamp already used", Z_ERROR_LIBRARY_TIMESTAMP_ALREADY_USED);
}
// Add/update creators
if ($xml->creators) {
// DOM
$keys = array();
$xmlElements = dom_import_simplexml($xml->creators);
$xmlElements = $xmlElements->getElementsByTagName('creator');
Zotero_DB::query("SET foreign_key_checks = 0");
try {
$addedLibraryIDs = array();
$addedCreatorDataHashes = array();
foreach ($xmlElements as $xmlElement) {
$key = $xmlElement->getAttribute('key');
if (isset($keys[$key])) {
throw new Exception("Creator {$key} already processed");
}
$keys[$key] = true;
$creatorObj = Zotero_Creators::convertXMLToCreator($xmlElement);
$addedLibraryIDs[] = $creatorObj->libraryID;
$creatorObj->save();
}
} catch (Exception $e) {
Zotero_DB::query("SET foreign_key_checks = 1");
throw $e;
}
Zotero_DB::query("SET foreign_key_checks = 1");
unset($keys);
unset($xml->creators);
//
// Manual foreign key checks
//
// libraryID
foreach ($addedLibraryIDs as $addedLibraryID) {
$shardID = Zotero_Shards::getByLibraryID($addedLibraryID);
$sql = "SELECT COUNT(*) FROM shardLibraries WHERE libraryID=?";
if (!Zotero_DB::valueQuery($sql, $addedLibraryID, $shardID)) {
throw new Exception("libraryID inserted into `creators` not found in `shardLibraries` ({$addedLibraryID}, {$shardID})");
}
}
}
// Add/update items
if ($xml->items) {
$childItems = array();
$relatedItemsStore = array();
// DOM
$keys = array();
$xmlElements = dom_import_simplexml($xml->items);
$xmlElements = $xmlElements->getElementsByTagName('item');
foreach ($xmlElements as $xmlElement) {
$key = $xmlElement->getAttribute('key');
if (isset($keys[$key])) {
throw new Exception("Item {$key} already processed");
}
$keys[$key] = true;
$missing = Zotero_Items::removeMissingRelatedItems($xmlElement);
$itemObj = Zotero_Items::convertXMLToItem($xmlElement);
if ($missing) {
$relatedItemsStore[$itemObj->libraryID . '_' . $itemObj->key] = $missing;
}
if (!$itemObj->getSourceKey()) {
try {
$itemObj->save($userID);
} catch (Exception $e) {
if (strpos($e->getMessage(), 'libraryIDs_do_not_match') !== false) {
throw new Exception($e->getMessage() . " (" . $itemObj->key . ")");
}
throw $e;
}
} else {
$childItems[] = $itemObj;
}
}
unset($keys);
unset($xml->items);
while ($childItem = array_shift($childItems)) {
$childItem->save($userID);
}
// Add back related items (which now exist)
foreach ($relatedItemsStore as $itemLibraryKey => $relset) {
$lk = explode('_', $itemLibraryKey);
$libraryID = $lk[0];
$key = $lk[1];
$item = Zotero_Items::getByLibraryAndKey($libraryID, $key);
foreach ($relset as $relKey) {
$relItem = Zotero_Items::getByLibraryAndKey($libraryID, $relKey);
$item->addRelatedItem($relItem->id);
}
$item->save();
}
unset($relatedItemsStore);
}
// Add/update collections
if ($xml->collections) {
$collections = array();
$collectionSets = array();
// DOM
// Build an array of unsaved collection objects and the keys of child items
$keys = array();
$xmlElements = dom_import_simplexml($xml->collections);
$xmlElements = $xmlElements->getElementsByTagName('collection');
foreach ($xmlElements as $xmlElement) {
$key = $xmlElement->getAttribute('key');
if (isset($keys[$key])) {
throw new Exception("Collection {$key} already processed");
}
$keys[$key] = true;
$collectionObj = Zotero_Collections::convertXMLToCollection($xmlElement);
$xmlItems = $xmlElement->getElementsByTagName('items')->item(0);
// Fix an error if there's leading or trailing whitespace,
// which was possible in 2.0.3
if ($xmlItems) {
$xmlItems = trim($xmlItems->nodeValue);
}
$arr = array('obj' => $collectionObj, 'items' => $xmlItems ? explode(' ', $xmlItems) : array());
$collections[] = $collectionObj;
$collectionSets[] = $arr;
}
unset($keys);
unset($xml->collections);
self::saveCollections($collections);
unset($collections);
// Set child items
foreach ($collectionSets as $collection) {
// Child items
if (isset($collection['items'])) {
$ids = array();
foreach ($collection['items'] as $key) {
$item = Zotero_Items::getByLibraryAndKey($collection['obj']->libraryID, $key);
if (!$item) {
throw new Exception("Child item '{$key}' of collection {$collection['obj']->id} not found", Z_ERROR_ITEM_NOT_FOUND);
}
$ids[] = $item->id;
}
$collection['obj']->setChildItems($ids);
}
}
unset($collectionSets);
}
// Add/update saved searches
if ($xml->searches) {
$searches = array();
$keys = array();
foreach ($xml->searches->search as $xmlElement) {
$key = (string) $xmlElement['key'];
if (isset($keys[$key])) {
throw new Exception("Search {$key} already processed");
}
$keys[$key] = true;
$searchObj = Zotero_Searches::convertXMLToSearch($xmlElement);
$searchObj->save();
}
unset($xml->searches);
}
// Add/update tags
if ($xml->tags) {
$keys = array();
// DOM
$xmlElements = dom_import_simplexml($xml->tags);
$xmlElements = $xmlElements->getElementsByTagName('tag');
foreach ($xmlElements as $xmlElement) {
$key = $xmlElement->getAttribute('key');
if (isset($keys[$key])) {
throw new Exception("Tag {$key} already processed");
}
$keys[$key] = true;
$tagObj = Zotero_Tags::convertXMLToTag($xmlElement);
$tagObj->save(true);
}
unset($keys);
unset($xml->tags);
}
// Add/update relations
if ($xml->relations) {
// DOM
$xmlElements = dom_import_simplexml($xml->relations);
$xmlElements = $xmlElements->getElementsByTagName('relation');
foreach ($xmlElements as $xmlElement) {
$relationObj = Zotero_Relations::convertXMLToRelation($xmlElement, $userLibraryID);
if ($relationObj->exists()) {
continue;
}
$relationObj->save();
}
unset($keys);
unset($xml->relations);
}
// TODO: loop
if ($xml->deleted) {
// Delete collections
if ($xml->deleted->collections) {
Zotero_Collections::deleteFromXML($xml->deleted->collections);
}
// Delete items
if ($xml->deleted->items) {
Zotero_Items::deleteFromXML($xml->deleted->items);
}
// Delete creators
if ($xml->deleted->creators) {
Zotero_Creators::deleteFromXML($xml->deleted->creators);
}
// Delete saved searches
if ($xml->deleted->searches) {
Zotero_Searches::deleteFromXML($xml->deleted->searches);
}
// Delete tags
if ($xml->deleted->tags) {
Zotero_Tags::deleteFromXML($xml->deleted->tags);
}
// Delete tags
if ($xml->deleted->relations) {
Zotero_Relations::deleteFromXML($xml->deleted->relations);
}
}
self::removeUploadProcess($processID);
Zotero_DB::commit();
Z_Core::$MC->commit();
if ($profile) {
$shardID = Zotero_Shards::getByUserID($userID);
Zotero_DB::profileEnd($shardID);
}
// Return timestamp + 1, to keep the next /updated call
// (using >= timestamp) from returning this data
return $timestamp + 1;
} catch (Exception $e) {
Z_Core::$MC->rollback();
Zotero_DB::rollback(true);
self::removeUploadProcess($processID);
throw $e;
}
}
