/** * Create a merged list of all allowed photo and movie extensions. */ static function get_extensions() { $extensions = legal_file::get_photo_extensions(); if (movie::find_ffmpeg()) { $extensions = array_merge($extensions, legal_file::get_movie_extensions()); } return $extensions; }
public function add_photo($id) { $album = ORM::factory("item", $id); access::required("view", $album); access::required("add", $album); access::verify_csrf(); // The Flash uploader not call /start directly, so simulate it here for now. if (!batch::in_progress()) { batch::start(); } $form = $this->_get_add_form($album); // Uploadify adds its own field to the form, so validate that separately. $file_validation = new Validation($_FILES); $file_validation->add_rules("Filedata", "upload::valid", "upload::required", "upload::type[" . implode(",", legal_file::get_extensions()) . "]"); if ($form->validate() && $file_validation->validate()) { $temp_filename = upload::save("Filedata"); Event::add("system.shutdown", create_function("", "unlink(\"{$temp_filename}\");")); try { $item = ORM::factory("item"); $item->name = substr(basename($temp_filename), 10); // Skip unique identifier Kohana adds $item->title = item::convert_filename_to_title($item->name); $item->parent_id = $album->id; $item->set_data_file($temp_filename); // Remove double extensions from the filename - they'll be disallowed in the model but if // we don't do it here then it'll result in a failed upload. $item->name = legal_file::smash_extensions($item->name); $path_info = @pathinfo($temp_filename); if (array_key_exists("extension", $path_info) && in_array(strtolower($path_info["extension"]), legal_file::get_movie_extensions())) { $item->type = "movie"; $item->save(); log::success("content", t("Added a movie"), html::anchor("movies/{$item->id}", t("view movie"))); } else { $item->type = "photo"; $item->save(); log::success("content", t("Added a photo"), html::anchor("photos/{$item->id}", t("view photo"))); } module::event("add_photos_form_completed", $item, $form); } catch (Exception $e) { // The Flash uploader has no good way of reporting complex errors, so just keep it simple. Kohana_Log::add("error", $e->getMessage() . "\n" . $e->getTraceAsString()); // Ugh. I hate to use instanceof, But this beats catching the exception separately since // we mostly want to treat it the same way as all other exceptions if ($e instanceof ORM_Validation_Exception) { Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1)); } header("HTTP/1.1 500 Internal Server Error"); print "ERROR: " . $e->getMessage(); return; } print "FILEID: {$item->id}"; } else { header("HTTP/1.1 400 Bad Request"); print "ERROR: " . t("Invalid upload"); } }
/** * Validate the item name. It can't conflict with other names, can't contain slashes or * trailing periods. */ public function valid_name(Validation $v, $field) { if (strpos($this->name, "/") !== false) { $v->add_error("name", "no_slashes"); return; } if (rtrim($this->name, ".") !== $this->name) { $v->add_error("name", "no_trailing_period"); return; } // Do not accept files with double extensions, they can cause problems on some // versions of Apache. if (!$this->is_album() && substr_count($this->name, ".") > 1) { $v->add_error("name", "illegal_data_file_extension"); } if ($this->is_movie() || $this->is_photo()) { $ext = pathinfo($this->name, PATHINFO_EXTENSION); if (!$this->loaded() && !$ext) { // New items must have an extension $v->add_error("name", "illegal_data_file_extension"); return; } if ($this->is_photo()) { if (!in_array(strtolower($ext), legal_file::get_photo_extensions())) { $v->add_error("name", "illegal_data_file_extension"); } } if ($this->is_movie()) { if (!in_array(strtolower($ext), legal_file::get_movie_extensions())) { $v->add_error("name", "illegal_data_file_extension"); } } } if (db::build()->from("items")->where("parent_id", "=", $this->parent_id)->where("name", "=", $this->name)->merge_where($this->id ? array(array("id", "<>", $this->id)) : null)->count_records()) { $v->add_error("name", "conflict"); return; } if ($this->parent_id == 1 && Kohana::auto_load("{$this->slug}_Controller")) { $v->add_error("slug", "reserved"); return; } }
/** * Validate the item name. It can return the following error messages: * - no_slashes: contains slashes * - no_backslashes: contains backslashes * - no_trailing_period: has a trailing period * - illegal_data_file_extension (non-albums only): has double, no, or illegal extension * - conflict: has conflicting name */ public function valid_name(Validation $v, $field) { if (strpos($this->name, "/") !== false) { $v->add_error("name", "no_slashes"); return; } if (strpos($this->name, "\\") !== false) { $v->add_error("name", "no_backslashes"); return; } if (rtrim($this->name, ".") !== $this->name) { $v->add_error("name", "no_trailing_period"); return; } if ($this->is_movie() || $this->is_photo()) { if (substr_count($this->name, ".") > 1) { // Do not accept files with double extensions, as they can // cause problems on some versions of Apache. $v->add_error("name", "illegal_data_file_extension"); } $ext = pathinfo($this->name, PATHINFO_EXTENSION); if (!$this->loaded() && !$ext) { // New items must have an extension $v->add_error("name", "illegal_data_file_extension"); return; } if ($this->is_photo() && !legal_file::get_photo_extensions($ext) || $this->is_movie() && !legal_file::get_movie_extensions($ext)) { $v->add_error("name", "illegal_data_file_extension"); } } if ($this->is_album()) { if (db::build()->from("items")->where("parent_id", "=", $this->parent_id)->where("name", "=", $this->name)->merge_where($this->id ? array(array("id", "<>", $this->id)) : null)->count_records()) { $v->add_error("name", "conflict"); return; } } else { if (preg_match("/^(.*)(\\.[^\\.\\/]*?)\$/", $this->name, $matches)) { $base_name = $matches[1]; } else { $base_name = $this->name; } $base_name_escaped = Database::escape_for_like($base_name); if (db::build()->from("items")->where("parent_id", "=", $this->parent_id)->where("name", "LIKE", "{$base_name_escaped}.%")->merge_where($this->id ? array(array("id", "<>", $this->id)) : null)->count_records()) { $v->add_error("name", "conflict"); return; } } }
/** * Create a merged list of all allowed photo and movie extensions. * * @param string $extension (opt.) - return true if allowed; if not given, return complete array */ static function get_extensions($extension = null) { $extensions = legal_file::get_photo_extensions(); if (movie::allow_uploads()) { $extensions = array_merge($extensions, legal_file::get_movie_extensions()); } if ($extension) { // return true if in array, false if not return in_array(strtolower($extension), $extensions); } else { // return complete array return $extensions; } }
public function __call($function, $args) { // Force zlib compression off. Image and movie files are already compressed and // recompressing them is CPU intensive. if (ini_get("zlib.output_compression")) { ini_set("zlib.output_compression", "Off"); } // request_uri: gallery3/var/albums/foo/bar.jpg?m=1234 $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); // get rid of query parameters // request_uri: gallery3/var/albums/foo/bar.jpg $request_uri = preg_replace("/\\?.*/", "", $request_uri); // var_uri: gallery3/var/ $var_uri = url::file("var/"); // Make sure that the request is for a file inside var $offset = strpos(rawurldecode($request_uri), $var_uri); if ($offset !== 0) { throw new Kohana_404_Exception(); } // file_uri: albums/foo/bar.jpg $file_uri = substr($request_uri, strlen($var_uri)); // type: albums // path: foo/bar.jpg list($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { throw new Kohana_404_Exception(); } // If the last element is .album.jpg, pop that off since it's not a real item $path = preg_replace("|/.album.jpg\$|", "", $path); $item = item::find_by_path($path); if (!$item->loaded()) { // We didn't turn it up. If we're looking for a .jpg then it's it's possible that we're // requesting the thumbnail for a movie. In that case, the movie file would // have been converted to a .jpg. So try some alternate types: if (preg_match('/.jpg$/', $path)) { foreach (legal_file::get_movie_extensions() as $ext) { $movie_path = preg_replace('/.jpg$/', ".{$ext}", $path); $item = item::find_by_path($movie_path); if ($item->loaded()) { break; } } } } if (!$item->loaded()) { throw new Kohana_404_Exception(); } // Make sure we have access to the item if (!access::can("view", $item)) { throw new Kohana_404_Exception(); } // Make sure we have view_full access to the original if ($type == "albums" && !access::can("view_full", $item)) { throw new Kohana_404_Exception(); } // Don't try to load a directory if ($type == "albums" && $item->is_album()) { throw new Kohana_404_Exception(); } if ($type == "albums") { $file = $item->file_path(); } else { if ($type == "resizes") { $file = $item->resize_path(); } else { $file = $item->thumb_path(); } } if (!file_exists($file)) { throw new Kohana_404_Exception(); } header("Content-Length: " . filesize($file)); header("Pragma:"); // Check that the content hasn't expired or it wasn't changed since cached expires::check(2592000, $item->updated); // We don't need to save the session for this request Session::instance()->abort_save(); expires::set(2592000, $item->updated); // 30 days // Dump out the image. If the item is a movie, then its thumbnail will be a JPG. if ($item->is_movie() && $type != "albums") { header("Content-Type: image/jpeg"); } else { header("Content-Type: {$item->mime_type}"); } // Don't use Kohana::close_buffers(false) here because that only closes all the buffers // that Kohana started. We want to close *all* buffers at this point because otherwise we're // going to buffer up whatever file we're proxying (and it may be very large). This may // affect embedding or systems with PHP's output_buffering enabled. while (ob_get_level()) { Kohana_Log::add("error", "" . print_r(ob_get_level(), 1)); if (!@ob_end_clean()) { // ob_end_clean() can return false if the buffer can't be removed for some reason // (zlib output compression buffers sometimes cause problems). break; } } readfile($file); }
static function cron() { $owner_id = 2; $debug = !empty($_SERVER['argv']) && isset($_SERVER['argv'][1]) && $_SERVER['argv'][1] == "debug"; // Login as Admin $debug and print "Starting user session\n"; $session = Session::instance(); $session->delete("user"); auth::login(IdentityProvider::instance()->admin_user()); // check if some folders are still unprocessed from previous run $entry = ORM::factory("folder_sync_entry")->where("is_directory", "=", 1)->where("checked", "=", 0)->order_by("id", "ASC")->find(); if (!$entry->loaded()) { $debug and print "Adding default folders\n"; $paths = unserialize(module::get_var("folder_sync", "authorized_paths")); foreach (array_keys($paths) as $path) { if (folder_sync::is_valid_path($path)) { $path = rtrim($path, "/"); $debug and print " * {$path}\n"; $entry = ORM::factory("folder_sync_entry")->where("is_directory", "=", 1)->where("path", "=", $path)->find(); if ($entry && $entry->loaded()) { $entry->checked = 0; $entry->save(); } else { $entry = ORM::factory("folder_sync_entry"); $entry->path = $path; $entry->is_directory = 1; $entry->parent_id = null; $entry->item_id = module::get_var("folder_sync", "destination_album_id", 1); $entry->md5 = ''; $entry->save(); } } } } // Scan and add files $debug and print "Starting the loop\n"; $done = false; $limit = 500; while (!$done && $limit > 0) { $debug and print "Loop started: Limit = {$limit}\n"; $entry = ORM::factory("folder_sync_entry")->where("is_directory", "=", 1)->where("checked", "=", 0)->order_by("id", "ASC")->find(); if ($entry->loaded()) { // get the parrent $parent = ORM::factory("item", $entry->item_id); if (!$parent->loaded()) { $debug and print "Deleting entry #{$entry->id} pointing to missing item #{$entry->item_id}\n"; //$entry->delete(); //continue; } $debug and print "Scanning folder: {$entry->path}\n"; $child_paths = glob(preg_quote($entry->path) . "/*"); if (!$child_paths) { $child_paths = glob("{$entry->path}/*"); } foreach ($child_paths as $child_path) { $name = basename($child_path); $title = item::convert_filename_to_title($name); $debug and print "Found {$child_path}..."; if (is_dir($child_path)) { $debug and print "folder\n"; $entry_exists = ORM::factory("folder_sync_entry")->where("is_directory", "=", 1)->where("path", "=", $child_path)->find(); if ($entry_exists && $entry_exists->loaded()) { $debug and print "Folder is already imported, marked to re-sync.\n"; $entry_exists->checked = 0; $entry_exists->save(); } else { $debug and print "Adding new folder.\n"; $album = ORM::factory("item"); $album->type = "album"; $album->parent_id = $parent->id; $album->name = $name; $album->title = $title; $album->owner_id = $owner_id; $album->sort_order = $parent->sort_order; $album->sort_column = $parent->sort_column; $album->save(); $child_entry = ORM::factory("folder_sync_entry"); $child_entry->path = $child_path; $child_entry->parent_id = $entry->id; $child_entry->item_id = $album->id; $child_entry->is_directory = 1; $child_entry->md5 = ""; $child_entry->save(); } } else { $debug and print "file\n"; $ext = strtolower(pathinfo($child_path, PATHINFO_EXTENSION)); if (!in_array($ext, legal_file::get_extensions()) || !filesize($child_path)) { // Not importable, skip it. $debug and print "File is incompatible. Skipping.\n"; continue; } // check if file was already imported $entry_exists = ORM::factory("folder_sync_entry")->where("is_directory", "=", 0)->where("path", "=", $child_path)->find(); if ($entry_exists && $entry_exists->loaded()) { $debug and print "Image is already imported..."; if (empty($entry_exists->added) || empty($entry_exists->md5) || $entry_exists->added != filemtime($child_path) || $entry_exists->md5 != md5_file($child_path)) { $item = ORM::factory("item", $entry_exists->item_id); if ($item->loaded()) { $item->set_data_file($child_path); $debug and print "updating.\n"; try { $item->save(); } catch (ORM_Validation_Exception $e) { print "Error saving the image (ID = {$item->id}) with the new data file.\n"; exit; } } else { $debug and print "deleting.\n"; $entry_exists->delete(); } } else { $debug and print "skipping.\n"; } // since it's an update, don't count too much towards the limit $limit -= 0.25; } else { if (in_array($ext, legal_file::get_photo_extensions())) { $debug and print "Adding new photo.\n"; $item = ORM::factory("item"); $item->type = "photo"; $item->parent_id = $parent->id; $item->set_data_file($child_path); $item->name = $name; $item->title = $title; $item->owner_id = $owner_id; $item->save(); } else { if (in_array($ext, legal_file::get_movie_extensions())) { $debug and print "Adding new video.\n"; $item = ORM::factory("item"); $item->type = "movie"; $item->parent_id = $parent->id; $item->set_data_file($child_path); $item->name = $name; $item->title = $title; $item->owner_id = $owner_id; $item->save(); } } $entry_exists = ORM::factory("folder_sync_entry"); $entry_exists->path = $child_path; $entry_exists->parent_id = $entry->id; // null if the parent was a staging dir $entry_exists->is_directory = 0; $entry_exists->md5 = md5_file($child_path); $entry_exists->added = filemtime($child_path); $entry_exists->item_id = $item->id; $entry_exists->save(); $limit--; } } // Did we hit the limit? if ($limit <= 0) { $debug and print "Reached the limit. Exiting.\n"; exit; } } // We've processed this entry unless we reached a limit. if ($limit > 0) { $entry->checked = 1; $entry->save(); } } else { $done = true; $debug and print "All folders are processed. Exiting.\n"; } } // process deletes if (module::get_var("folder_sync", "process_deletes", false)) { $entries = ORM::factory("folder_sync_entry")->order_by("id", "ASC")->find_all(); foreach ($entries as $entry) { if (!file_exists($entry->path) && $entry->item_id > 1) { $item = ORM::factory("item", $entry->item_id); if ($item->loaded()) { $item->delete(); } } } } exit; }
/** * This is the task code that adds photos and albums. It first examines all the target files * and creates a set of Server_Add_Entry_Models, then runs through the list of models and adds * them one at a time. */ static function add($task) { $mode = $task->get("mode", "init"); $start = microtime(true); switch ($mode) { case "init": $task->set("mode", "build-file-list"); $task->set("dirs_scanned", 0); $task->percent_complete = 0; $task->status = t("Starting up"); batch::start(); break; case "build-file-list": // 0% to 10% // We can't fit an arbitrary number of paths in a task, so store them in a separate table. // Don't use an iterator here because we can't get enough control over it when we're dealing // with a deep hierarchy and we don't want to go over our time quota. $paths = unserialize(module::get_var("server_add", "authorized_paths")); $dirs_scanned = $task->get("dirs_scanned"); while (microtime(true) - $start < 0.5) { // Process every directory that doesn't yet have a parent id, these are the // paths that we're importing. $entry = ORM::factory("server_add_entry")->where("task_id", "=", $task->id)->where("is_directory", "=", 1)->where("checked", "=", 0)->order_by("id", "ASC")->find(); if ($entry->loaded()) { $child_paths = glob(preg_quote($entry->path) . "/*"); if (!$child_paths) { $child_paths = glob("{$entry->path}/*"); } foreach ($child_paths as $child_path) { if (!is_dir($child_path)) { $ext = strtolower(pathinfo($child_path, PATHINFO_EXTENSION)); if (!legal_file::get_extensions($ext) || !filesize($child_path)) { // Not importable, skip it. continue; } } $child_entry = ORM::factory("server_add_entry"); $child_entry->task_id = $task->id; $child_entry->path = $child_path; $child_entry->parent_id = $entry->id; // null if the parent was a staging dir $child_entry->is_directory = is_dir($child_path); $child_entry->save(); } // We've processed this entry, mark it as done. $entry->checked = 1; $entry->save(); $dirs_scanned++; } } // We have no idea how long this can take because we have no idea how deep the tree // hierarchy rabbit hole goes. Leave ourselves room here for 100 iterations and don't go // over 10% in percent_complete. $task->set("dirs_scanned", $dirs_scanned); $task->percent_complete = min($task->percent_complete + 0.1, 10); $task->status = t2("Scanned one directory", "Scanned %count directories", $dirs_scanned); if (!$entry->loaded()) { $task->set("mode", "add-files"); $task->set("total_files", ORM::factory("server_add_entry")->where("task_id", "=", $task->id)->count_all()); $task->percent_complete = 10; } break; case "add-files": // 10% to 100% $completed_files = $task->get("completed_files", 0); $total_files = $task->get("total_files"); // Ordering by id ensures that we add them in the order that we created the entries, which // will create albums first. Ignore entries which already have an Item_Model attached, // they're done. $entries = ORM::factory("server_add_entry")->where("task_id", "=", $task->id)->where("item_id", "IS", null)->order_by("id", "ASC")->limit(10)->find_all(); if ($entries->count() == 0) { // Out of entries, we're done. $task->set("mode", "done"); } $owner_id = identity::active_user()->id; foreach ($entries as $entry) { if (microtime(true) - $start > 0.5) { break; } // Look up the parent item for this entry. By now it should exist, but if none was // specified, then this belongs as a child of the current item. $parent_entry = ORM::factory("server_add_entry", $entry->parent_id); if (!$parent_entry->loaded()) { $parent = ORM::factory("item", $task->get("item_id")); } else { $parent = ORM::factory("item", $parent_entry->item_id); } $name = basename($entry->path); $title = item::convert_filename_to_title($name); if ($entry->is_directory) { $album = ORM::factory("item"); $album->type = "album"; $album->parent_id = $parent->id; $album->name = $name; $album->title = $title; $album->owner_id = $owner_id; $album->sort_order = $parent->sort_order; $album->sort_column = $parent->sort_column; $album->save(); $entry->item_id = $album->id; } else { try { $extension = strtolower(pathinfo($name, PATHINFO_EXTENSION)); if (legal_file::get_photo_extensions($extension)) { $photo = ORM::factory("item"); $photo->type = "photo"; $photo->parent_id = $parent->id; $photo->set_data_file($entry->path); $photo->name = $name; $photo->title = $title; $photo->owner_id = $owner_id; $photo->save(); $entry->item_id = $photo->id; } else { if (legal_file::get_movie_extensions($extension)) { $movie = ORM::factory("item"); $movie->type = "movie"; $movie->parent_id = $parent->id; $movie->set_data_file($entry->path); $movie->name = $name; $movie->title = $title; $movie->owner_id = $owner_id; $movie->save(); $entry->item_id = $movie->id; } else { // This should never happen, because we don't add stuff to the list that we can't // process. But just in, case.. set this to a non-null value so that we skip this // entry. $entry->item_id = 0; $task->log("Skipping unknown file type: {$entry->path}"); } } } catch (Exception $e) { // This can happen if a photo file is invalid, like a BMP masquerading as a .jpg $entry->item_id = 0; $task->log("Skipping invalid file: {$entry->path}"); } } $completed_files++; $entry->save(); } $task->set("completed_files", $completed_files); $task->status = t("Adding photos / albums (%completed of %total)", array("completed" => $completed_files, "total" => $total_files)); $task->percent_complete = $total_files ? 10 + 100 * ($completed_files / $total_files) : 100; break; case "done": batch::stop(); $task->done = true; $task->state = "success"; $task->percent_complete = 100; ORM::factory("server_add_entry")->where("task_id", "=", $task->id)->delete_all(); message::info(t2("Successfully added one photo / album", "Successfully added %count photos / albums", $task->get("completed_files"))); } }
/** * Add photo or movie from upload. Once we have a valid file, this generates an item model * from it. It returns the item model on success, and throws an exception and adds log entries * on failure. * @TODO: consider moving this to a common controller which is extended by various uploaders. * * @param int parent album id * @param string temp file path (analogous to $_FILES[...]["tmp_name"]) * @param string filename (analogous to $_FILES[...]["name"]) * @return object new item model */ private function _add_item($album_id, $tmp_name, $name) { $extension = pathinfo($name, PATHINFO_EXTENSION); try { $item = ORM::factory("item"); $item->name = $name; $item->title = item::convert_filename_to_title($name); $item->parent_id = $album_id; $item->set_data_file($tmp_name); if (!$extension) { throw new Exception(t("Uploaded file has no extension")); } else { if (legal_file::get_photo_extensions($extension)) { $item->type = "photo"; $item->save(); log::success("content", t("Added a photo"), html::anchor("photos/{$item->id}", t("view photo"))); } else { if (movie::allow_uploads() && legal_file::get_movie_extensions($extension)) { $item->type = "movie"; $item->save(); log::success("content", t("Added a movie"), html::anchor("movies/{$item->id}", t("view movie"))); } else { throw new Exception(t("Uploaded file has illegal extension")); } } } } catch (Exception $e) { // Log errors then re-throw exception. Kohana_Log::add("error", $e->getMessage() . "\n" . $e->getTraceAsString()); // If we have a validation error, add an additional log entry. if ($e instanceof ORM_Validation_Exception) { Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1)); } throw $e; } return $item; }
public function get_movie_extensions_test() { $this->assert_equal(true, legal_file::get_movie_extensions("flv")); // regular $this->assert_equal(true, legal_file::get_movie_extensions("FLV")); // all caps $this->assert_equal(true, legal_file::get_movie_extensions("Mp4")); // some caps $this->assert_equal(false, legal_file::get_movie_extensions("php")); // invalid $this->assert_equal(false, legal_file::get_movie_extensions("php.jpg")); // invalid w/ . // No extension returns full array $this->assert_equal(5, count(legal_file::get_movie_extensions())); }