/**
* @brief Creates a new file in the directory.
*
* Data will either be supplied as a stream resource, or in certain cases
* as a string. Keep in mind that you may have to support either.
*
* After successful creation of the file, you may choose to return the ETag
* of the new file here.
*
* @throw \Sabre\DAV\Exception\Forbidden
* @param string $name Name of the file
* @param resource|string $data Initial payload
* @return null|string ETag
*/
public function createFile($name, $data = null)
{
logger('create file in directory ' . $name, LOGGER_DEBUG);
if (!$this->auth->owner_id) {
logger('permission denied ' . $name);
throw new DAV\Exception\Forbidden('Permission denied.');
}
if (!perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) {
logger('permission denied ' . $name);
throw new DAV\Exception\Forbidden('Permission denied.');
}
$mimetype = z_mime_content_type($name);
$c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1", intval($this->auth->owner_id));
if (!$c) {
logger('no channel');
throw new DAV\Exception\Forbidden('Permission denied.');
}
$filesize = 0;
$hash = random_string();
$f = 'store/' . $this->auth->owner_nick . '/' . ($this->os_path ? $this->os_path . '/' : '') . $hash;
$direct = null;
if ($this->folder_hash) {
$r = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1", dbesc($this->folder_hash), intval($c[0]['channel_id']));
if ($r) {
$direct = $r[0];
}
}
if ($direct && ($direct['allow_cid'] || $direct['allow_gid'] || $direct['deny_cid'] || $direct['deny_gid'])) {
$allow_cid = $direct['allow_cid'];
$allow_gid = $direct['allow_gid'];
$deny_cid = $direct['deny_cid'];
$deny_gid = $direct['deny_gid'];
} else {
$allow_cid = $c[0]['channel_allow_cid'];
$allow_gid = $c[0]['channel_allow_gid'];
$deny_cid = $c[0]['channel_deny_cid'];
$deny_gid = $c[0]['channel_deny_gid'];
}
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, content, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), dbesc($this->auth->observer), dbesc($name), dbesc($this->folder_hash), intval(1), dbesc($mimetype), intval($filesize), intval(0), intval($is_photo), dbesc($f), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), dbesc($deny_gid));
// returns the number of bytes that were written to the file, or FALSE on failure
$size = file_put_contents($f, $data);
// delete attach entry if file_put_contents() failed
if ($size === false) {
logger('file_put_contents() failed to ' . $f);
attach_delete($c[0]['channel_id'], $hash);
return;
}
// returns now
$edited = datetime_convert();
$is_photo = 0;
$x = @getimagesize($f);
logger('getimagesize: ' . print_r($x, true), LOGGER_DATA);
if ($x && ($x[2] === IMAGETYPE_GIF || $x[2] === IMAGETYPE_JPEG || $x[2] === IMAGETYPE_PNG)) {
$is_photo = 1;
}
// updates entry with filesize and timestamp
$d = q("UPDATE attach SET filesize = '%s', is_photo = %d, edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), intval($is_photo), dbesc($edited), dbesc($hash), intval($c[0]['channel_id']));
// update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($this->folder_hash), intval($c[0]['channel_id']));
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $size > $maxfilesize) {
attach_delete($c[0]['channel_id'], $hash);
return;
}
// check against service class quota
$limit = engr_units_to_bytes(service_class_fetch($c[0]['channel_id'], 'attach_upload_limit'));
if ($limit !== false) {
$x = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d ", intval($c[0]['channel_account_id']));
if ($x && $x[0]['total'] + $size > $limit) {
logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . userReadableSize($limit));
attach_delete($c[0]['channel_id'], $hash);
return;
}
}
if ($is_photo) {
$album = '';
if ($this->folder_hash) {
$f1 = q("select filename from attach WHERE hash = '%s' AND uid = %d", dbesc($this->folder_hash), intval($c[0]['channel_id']));
if ($f1) {
$album = $f1[0]['filename'];
}
}
require_once 'include/photos.php';
$args = array('resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x, 'directory' => $direct);
$p = photo_upload($c[0], \App::get_observer(), $args);
}
$sync = attach_export_data($c[0], $hash);
if ($sync) {
build_sync_packet($c[0]['channel_id'], array('file' => array($sync)));
}
}
/**
* A lot going on in this function, and some of it is old cruft and some is new cruft
* and the entire thing probably needs to be refactored. It started out just storing
* files, before we had DAV. It was made extensible to do extra stuff like edit an
* existing file or optionally store a separate revision using $options to choose between different
* storage models. Along the way we moved from
* DB data storage to file system storage.
* Then DAV came along and used different upload methods depending on whether the
* file was stored as a DAV directory object or updated as a file object. One of these
* is essentially an update and the other is basically an upload, but doesn't use the traditional PHP
* upload workflow.
* Then came hubzilla and we tried to merge photo functionality with the file storage. Most of
* that integration occurs within this function.
* This required overlap with the old photo_upload stuff and photo albums were
* completely different concepts from directories which needed to be reconciled somehow.
* The old revision stuff is kind of orphaned currently. There's new revision stuff for photos
* which attaches (2) etc. onto the name, but doesn't integrate with the attach table revisioning.
* That's where it sits currently. I repeat it needs to be refactored, and this note is here
* for future explorers and those who may be doing that work to understand where it came
* from and got to be the monstrosity of tangled unrelated code that it currently is.
*/
function attach_store($channel, $observer_hash, $options = '', $arr = null)
{
require_once 'include/photos.php';
call_hooks('photo_upload_begin', $arr);
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$sql_options = '';
$source = $arr ? $arr['source'] : '';
$album = $arr ? $arr['album'] : '';
$newalbum = $arr ? $arr['newalbum'] : '';
$hash = $arr && $arr['hash'] ? $arr['hash'] : null;
$upload_path = $arr && $arr['directory'] ? $arr['directory'] : '';
$visible = $arr && $arr['visible'] ? $arr['visible'] : '';
$observer = array();
if ($observer_hash) {
$x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($observer_hash));
if ($x) {
$observer = $x[0];
}
}
logger('arr: ' . print_r($arr, true));
if (!perm_is_allowed($channel_id, $observer_hash, 'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
$str_group_allow = perms2str($arr['group_allow']);
$str_contact_allow = perms2str($arr['contact_allow']);
$str_group_deny = perms2str($arr['group_deny']);
$str_contact_deny = perms2str($arr['contact_deny']);
// The 'update' option sets db values without uploading a new attachment
// 'replace' replaces the existing uploaded data
// 'revision' creates a new revision with new upload data
// Default is to upload a new file
// revise or update must provide $arr['hash'] of the thing to revise/update
// By default remove $src when finished
$remove_when_processed = true;
if ($options === 'import') {
$src = $arr['src'];
$filename = $arr['filename'];
$filesize = @filesize($src);
$hash = $arr['resource_id'];
if (array_key_exists('hash', $arr)) {
$hash = $arr['hash'];
}
if (array_key_exists('type', $arr)) {
$type = $arr['type'];
}
if ($arr['preserve_original']) {
$remove_when_processed = false;
}
// if importing a directory, just do it now and go home - we're done.
if (array_key_exists('is_dir', $arr) && intval($arr['is_dir'])) {
$x = attach_mkdir($channel, $observer_hash, $arr);
if ($x['message']) {
logger('import_directory: ' . $x['message']);
}
return;
}
} elseif ($options !== 'update') {
$f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
call_hooks('photo_upload_file', $f);
call_hooks('attach_upload_file', $f);
if (x($f, 'src') && x($f, 'filesize')) {
$src = $f['src'];
$filename = $f['filename'];
$filesize = $f['filesize'];
$type = $f['type'];
} else {
if (!x($_FILES, 'userfile')) {
$ret['message'] = t('No source file.');
return $ret;
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
}
}
$existing_size = 0;
if ($options === 'replace') {
$x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($arr['id']), intval($channel_id));
if (!$x) {
$ret['message'] = t('Cannot locate file to replace');
return $ret;
}
$existing_id = $x[0]['id'];
$existing_size = intval($x[0]['filesize']);
$hash = $x[0]['hash'];
}
if ($options === 'revise' || $options === 'update') {
$sql_options = " order by revision desc ";
if ($options === 'update' && $arr && array_key_exists('revision', $arr)) {
$sql_options = " and revision = " . intval($arr['revision']) . " ";
}
$x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d {$sql_options} limit 1", dbesc($arr['hash']), intval($channel_id));
if (!$x) {
$ret['message'] = t('Cannot locate file to revise/update');
return $ret;
}
$hash = $x[0]['hash'];
}
$def_extension = '';
$is_photo = 0;
$gis = @getimagesize($src);
logger('getimagesize: ' . print_r($gis, true), LOGGER_DATA);
if ($gis && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG)) {
$is_photo = 1;
if ($gis[2] === IMAGETYPE_GIF) {
$def_extension = '.gif';
}
if ($gis[2] === IMAGETYPE_JPEG) {
$def_extension = '.jpg';
}
if ($gis[2] === IMAGETYPE_PNG) {
$def_extension = '.png';
}
}
$pathname = '';
if ($is_photo) {
if ($newalbum) {
$pathname = filepath_macro($newalbum);
} elseif (array_key_exists('folder', $arr)) {
$x = q("select filename from attach where hash = '%s' and uid = %d limit 1", dbesc($arr['folder']), intval($channel['channel_id']));
if ($x) {
$pathname = $x[0]['filename'];
}
} else {
$pathname = filepath_macro($album);
}
} else {
$pathname = filepath_macro($upload_path);
}
$darr = array('pathname' => $pathname);
// if we need to create a directory, use the channel default permissions.
$darr['allow_cid'] = $channel['allow_cid'];
$darr['allow_gid'] = $channel['allow_gid'];
$darr['deny_cid'] = $channel['deny_cid'];
$darr['deny_gid'] = $channel['deny_gid'];
$direct = null;
if ($pathname) {
$x = attach_mkdirp($channel, $observer_hash, $darr);
$folder_hash = $x['success'] ? $x['data']['hash'] : '';
$direct = $x['success'] ? $x['data'] : null;
if (!$str_contact_allow && !$str_group_allow && !$str_contact_deny && !$str_group_deny) {
$str_contact_allow = $x['data']['allow_cid'];
$str_group_allow = $x['data']['allow_gid'];
$str_contact_deny = $x['data']['deny_cid'];
$str_group_deny = $x['data']['deny_gid'];
}
} else {
$folder_hash = $arr && array_key_exists('folder', $arr) ? $arr['folder'] : '';
}
if (!$options || $options === 'import') {
// A freshly uploaded file. Check for duplicate and resolve with the channel's overwrite settings.
$r = q("select filename, id, hash, filesize from attach where filename = '%s' and folder = '%s' ", dbesc($filename), dbesc($folder_hash));
if ($r) {
$overwrite = get_pconfig($channel_id, 'system', 'overwrite_dup_files');
if ($overwrite) {
$options = 'replace';
$existing_id = $x[0]['id'];
$existing_size = intval($x[0]['filesize']);
$hash = $x[0]['hash'];
} else {
if (strpos($filename, '.') !== false) {
$basename = substr($filename, 0, strrpos($filename, '.'));
$ext = substr($filename, strrpos($filename, '.'));
} else {
$basename = $filename;
$ext = $def_extension;
}
$r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' ", dbesc($basename . $ext), dbesc($basename . '(%)' . $ext), dbesc($folder_hash));
if ($r) {
$x = 1;
do {
$found = false;
foreach ($r as $rr) {
if ($rr['filename'] === $basename . '(' . $x . ')' . $ext) {
$found = true;
break;
}
}
if ($found) {
$x++;
}
} while ($found);
$filename = $basename . '(' . $x . ')' . $ext;
} else {
$filename = $basename . $ext;
}
}
}
}
if (!$hash) {
$hash = random_string();
}
// Check storage limits
if ($options !== 'update') {
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $filesize > $maxfilesize) {
$ret['message'] = sprintf(t('File exceeds size limit of %d'), $maxfilesize);
if ($remove_when_processed) {
@unlink($src);
}
call_hooks('photo_upload_end', $ret);
return $ret;
}
$limit = service_class_fetch($channel_id, 'attach_upload_limit');
if ($limit !== false) {
$r = q("select sum(filesize) as total from attach where aid = %d ", intval($channel['channel_account_id']));
if ($r && $r[0]['total'] + $filesize > $limit - $existing_size) {
$ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1\$.0f Mbytes attachment storage."), $limit / 1024000);
if ($remove_when_processed) {
@unlink($src);
}
call_hooks('photo_upload_end', $ret);
return $ret;
}
}
$mimetype = isset($type) && $type ? $type : z_mime_content_type($filename);
}
$os_basepath = 'store/' . $channel['channel_address'] . '/';
$os_relpath = '';
if ($folder_hash) {
$curr = find_folder_hash_by_attach_hash($channel_id, $folder_hash, true);
if ($curr) {
$os_relpath .= $curr . '/';
}
$os_relpath .= $folder_hash . '/';
}
$os_relpath .= $hash;
if ($src) {
@file_put_contents($os_basepath . $os_relpath, @file_get_contents($src));
}
if (array_key_exists('created', $arr)) {
$created = $arr['created'];
} else {
$created = datetime_convert();
}
if (array_key_exists('edited', $arr)) {
$edited = $arr['edited'];
} else {
$edited = $created;
}
if ($options === 'replace') {
$r = q("update attach set filename = '%s', filetype = '%s', folder = '%s', filesize = %d, os_storage = %d, is_photo = %d, data = '%s', edited = '%s' where id = %d and uid = %d", dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), intval($existing_id), intval($channel_id));
} elseif ($options === 'revise') {
$r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), dbesc($observer_hash), dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval($x[0]['revision'] + 1), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), dbesc($x[0]['allow_gid']), dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid']));
} elseif ($options === 'update') {
$r = q("update attach set filename = '%s', filetype = '%s', folder = '%s', edited = '%s', os_storage = %d, is_photo = %d, \n\t\t\tallow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d", dbesc(array_key_exists('filename', $arr) ? $arr['filename'] : $x[0]['filename']), dbesc(array_key_exists('filetype', $arr) ? $arr['filetype'] : $x[0]['filetype']), dbesc($folder_hash ? $folder_hash : $x[0]['folder']), dbesc($created), dbesc(array_key_exists('os_storage', $arr) ? $arr['os_storage'] : $x[0]['os_storage']), dbesc(array_key_exists('is_photo', $arr) ? $arr['is_photo'] : $x[0]['is_photo']), dbesc(array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $x[0]['allow_cid']), dbesc(array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $x[0]['allow_gid']), dbesc(array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $x[0]['deny_cid']), dbesc(array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $x[0]['deny_gid']), intval($x[0]['id']), intval($x[0]['uid']));
} else {
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval(0), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $str_contact_allow), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $str_group_allow), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $str_contact_deny), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $str_group_deny));
}
if ($is_photo) {
$args = array('source' => $source, 'visible' => $visible, 'resource_id' => $hash, 'album' => basename($pathname), 'os_path' => $os_basepath . $os_relpath, 'filename' => $filename, 'getimagesize' => $gis, 'directory' => $direct);
if ($arr['contact_allow']) {
$args['contact_allow'] = $arr['contact_allow'];
}
if ($arr['group_allow']) {
$args['group_allow'] = $arr['group_allow'];
}
if ($arr['contact_deny']) {
$args['contact_deny'] = $arr['contact_deny'];
}
if ($arr['group_deny']) {
$args['group_deny'] = $arr['group_deny'];
}
if (array_key_exists('allow_cid', $arr)) {
$args['allow_cid'] = $arr['allow_cid'];
}
if (array_key_exists('allow_gid', $arr)) {
$args['allow_gid'] = $arr['allow_gid'];
}
if (array_key_exists('deny_cid', $arr)) {
$args['deny_cid'] = $arr['deny_cid'];
}
if (array_key_exists('deny_gid', $arr)) {
$args['deny_gid'] = $arr['deny_gid'];
}
$args['created'] = $created;
$args['edited'] = $edited;
if ($arr['item']) {
$args['item'] = $arr['item'];
}
$p = photo_upload($channel, $observer, $args);
if ($p['success']) {
$ret['body'] = $p['body'];
}
}
if ($options !== 'update' && $remove_when_processed) {
@unlink($src);
}
if (!$r) {
$ret['message'] = t('File upload failed. Possible system limit or action terminated.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
// Caution: This re-uses $sql_options set further above
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' {$sql_options} limit 1", intval($channel_id), dbesc($hash));
if (!$r) {
$ret['message'] = t('Stored file could not be verified. Upload failed.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
$ret['success'] = true;
$ret['data'] = $r[0];
if (!$is_photo) {
// This would've been called already with a success result in photos_upload() if it was a photo.
call_hooks('photo_upload_end', $ret);
}
return $ret;
}
function wall_attach_post(&$a)
{
if ($a->argc > 1) {
$nick = $a->argv[1];
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1", dbesc($nick));
if (!count($r)) {
return;
}
} else {
return;
}
$can_post = false;
$visitor = 0;
$page_owner_uid = $r[0]['uid'];
$page_owner_nick = $r[0]['nickname'];
$community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $page_owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($page_owner_uid));
if (count($r)) {
$can_post = true;
$visitor = remote_user();
}
}
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
killme();
}
if (!x($_FILES, 'userfile')) {
killme();
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $filesize > $maxfilesize) {
notice(sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
@unlink($src);
return;
}
$filedata = @file_get_contents($src);
$mimetype = z_mime_content_type($filename);
if ((!strlen($mimetype) || $mimetype === 'application/octet-stream') && function_exists('mime_content_type')) {
$mimetype = mime_content_type($filename);
}
$hash = random_string();
$created = datetime_convert();
$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )\n\t\tVALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($page_owner_uid), dbesc($hash), dbesc($filename), dbesc($mimetype), intval($filesize), dbesc($filedata), dbesc($created), dbesc($created), dbesc('<' . $page_owner_uid . '>'), dbesc(''), dbesc(''), dbesc(''));
@unlink($src);
if (!$r) {
echo t('File upload failed.') . EOL;
killme();
}
$r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1", intval($page_owner_uid), dbesc($created), dbesc($hash));
if (!count($r)) {
echo t('File upload failed.') . EOL;
killme();
}
echo '<br /><br />[attachment]' . $r[0]['id'] . '[/attachment]' . '<br />';
killme();
// NOTREACHED
}
function wall_attach_post(&$a)
{
if ($a->argc > 1) {
$nick = $a->argv[1];
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick));
if (!count($r)) {
return;
}
} else {
return;
}
$can_post = false;
$visitor = 0;
$page_owner_uid = $r[0]['uid'];
$page_owner_cid = $r[0]['id'];
$page_owner_nick = $r[0]['nickname'];
$community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $page_owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$cid = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
break;
}
}
}
if ($cid) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
if (count($r)) {
$can_post = true;
$visitor = $cid;
}
}
}
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
killme();
}
if (!x($_FILES, 'userfile')) {
killme();
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$maxfilesize = get_config('system', 'maxfilesize');
/* Found html code written in text field of form,
* when trying to upload a file with filesize
* greater than upload_max_filesize. Cause is unknown.
* Then Filesize gets <= 0.
*/
if ($filesize <= 0) {
notice(t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL . t('Or - did you try to upload an empty file?') . EOL);
@unlink($src);
killme();
}
if ($maxfilesize && $filesize > $maxfilesize) {
notice(sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
@unlink($src);
return;
}
$r = q("select sum(octet_length(data)) as total from attach where uid = %d ", intval($page_owner_uid));
$limit = service_class_fetch($page_owner_uid, 'attach_upload_limit');
if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
echo upgrade_message(true) . EOL;
@unlink($src);
killme();
}
$filedata = @file_get_contents($src);
$mimetype = z_mime_content_type($filename);
$hash = random_string();
$created = datetime_convert();
$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )\n\t\tVALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($page_owner_uid), dbesc($hash), dbesc($filename), dbesc($mimetype), intval($filesize), dbesc($filedata), dbesc($created), dbesc($created), dbesc('<' . $page_owner_cid . '>'), dbesc(''), dbesc(''), dbesc(''));
@unlink($src);
if (!$r) {
echo t('File upload failed.') . EOL;
killme();
}
$r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1", intval($page_owner_uid), dbesc($created), dbesc($hash));
if (!count($r)) {
echo t('File upload failed.') . EOL;
killme();
}
$lf = "\n";
echo $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
killme();
// NOTREACHED
}
/**
* @brief
*
* @param $channel channel array of owner
* @param $observer_hash hash of current observer
* @param $options (optional)
* @param $arr (optional)
*/
function attach_store($channel, $observer_hash, $options = '', $arr = null)
{
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$sql_options = '';
if (!perm_is_allowed($channel_id, get_observer_hash(), 'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
// The 'update' option sets db values without uploading a new attachment
// 'replace' replaces the existing uploaded data
// 'revision' creates a new revision with new upload data
// Default is to upload a new file
// revise or update must provide $arr['hash'] of the thing to revise/update
if ($options !== 'update') {
if (!x($_FILES, 'userfile')) {
$ret['message'] = t('No source file.');
return $ret;
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
}
$existing_size = 0;
if ($options === 'replace') {
$x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($replace), intval($channel_id));
if (!$x) {
$ret['message'] = t('Cannot locate file to replace');
return $ret;
}
$existing_id = $x[0]['id'];
$existing_size = intval($x[0]['filesize']);
$hash = $x[0]['hash'];
}
if ($options === 'revise' || $options === 'update') {
$sql_options = " order by revision desc ";
if ($options === 'update' && $arr && array_key_exists('revision', $arr)) {
$sql_options = " and revision = " . intval($arr['revision']) . " ";
}
$x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d {$sql_options} limit 1", dbesc($arr['hash']), intval($channel_id));
if (!$x) {
$ret['message'] = t('Cannot locate file to revise/update');
return $ret;
}
$hash = $x[0]['hash'];
}
// Check storage limits
if ($options !== 'update') {
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $filesize > $maxfilesize) {
$ret['message'] = sprintf(t('File exceeds size limit of %d'), $maxfilesize);
@unlink($src);
return $ret;
}
$limit = service_class_fetch($channel_id, 'attach_upload_limit');
if ($limit !== false) {
$r = q("select sum(filesize) as total from attach where aid = %d ", intval($channel['channel_account_id']));
if ($r && $r[0]['total'] + $filesize > $limit - $existing_size) {
$ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1\$.0f Mbytes attachment storage."), $limit / 1024000);
@unlink($src);
return $ret;
}
}
$mimetype = z_mime_content_type($filename);
}
if (!isset($hash)) {
$hash = random_string();
}
$created = datetime_convert();
if ($options === 'replace') {
$r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d limit 1", dbesc($filename), dbesc($mimetype), intval($filesize), dbesc(@file_get_contents($src)), dbesc($created), intval($existing_id), intval($channel_id));
} elseif ($options === 'revise') {
$r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval($x[0]['revision'] + 1), dbesc(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), dbesc($x[0]['allow_gid']), dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid']));
} elseif ($options === 'update') {
$r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', \n\t\t\tallow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1", dbesc(array_key_exists('filename', $arr) ? $arr['filename'] : $x[0]['filename']), dbesc(array_key_exists('filetype', $arr) ? $arr['filetype'] : $x[0]['filetype']), dbesc($created), dbesc(array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $x[0]['allow_cid']), dbesc(array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $x[0]['allow_gid']), dbesc(array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $x[0]['deny_cid']), dbesc(array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $x[0]['deny_gid']), intval($x[0]['id']), intval($x[0]['uid']));
} else {
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval(0), dbesc(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : '<' . $channel['channel_hash'] . '>'), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : ''), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : ''), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : ''));
}
if ($options !== 'update') {
@unlink($src);
}
if (!$r) {
$ret['message'] = t('File upload failed. Possible system limit or action terminated.');
return $ret;
}
// Caution: This re-uses $sql_options set further above
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' {$sql_options} limit 1", intval($channel_id), dbesc($hash));
if (!$r) {
$ret['message'] = t('Stored file could not be verified. Upload failed.');
return $ret;
}
$ret['success'] = true;
$ret['data'] = $r[0];
return $ret;
}
/**
* @brief Creates a new file in the directory.
*
* Data will either be supplied as a stream resource, or in certain cases
* as a string. Keep in mind that you may have to support either.
*
* After successful creation of the file, you may choose to return the ETag
* of the new file here.
*
* @throw \Sabre\DAV\Exception\Forbidden
* @param string $name Name of the file
* @param resource|string $data Initial payload
* @return null|string ETag
*/
public function createFile($name, $data = null)
{
logger($name, LOGGER_DEBUG);
if (!$this->auth->owner_id) {
logger('permission denied ' . $name);
throw new DAV\Exception\Forbidden('Permission denied.');
}
if (!perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) {
logger('permission denied ' . $name);
throw new DAV\Exception\Forbidden('Permission denied.');
}
$mimetype = z_mime_content_type($name);
$c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED));
if (!$c) {
logger('no channel');
throw new DAV\Exception\Forbidden('Permission denied.');
}
$filesize = 0;
$hash = random_string();
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, flags, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), dbesc($this->auth->observer), dbesc($name), dbesc($this->folder_hash), dbesc(ATTACH_FLAG_OS), dbesc($mimetype), intval($filesize), intval(0), dbesc($this->os_path . '/' . $hash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($c[0]['channel_allow_cid']), dbesc($c[0]['channel_allow_gid']), dbesc($c[0]['channel_deny_cid']), dbesc($c[0]['channel_deny_gid']));
$f = 'store/' . $this->auth->owner_nick . '/' . ($this->os_path ? $this->os_path . '/' : '') . $hash;
// returns the number of bytes that were written to the file, or FALSE on failure
$size = file_put_contents($f, $data);
// delete attach entry if file_put_contents() failed
if ($size === false) {
logger('file_put_contents() failed to ' . $f);
attach_delete($c[0]['channel_id'], $hash);
return;
}
// returns now
$edited = datetime_convert();
// updates entry with filesize and timestamp
$d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($hash), intval($c[0]['channel_id']));
// update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($this->folder_hash), intval($c[0]['channel_id']));
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $size > $maxfilesize) {
attach_delete($c[0]['channel_id'], $hash);
return;
}
// check against service class quota
$limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit');
if ($limit !== false) {
$x = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d ", intval($c[0]['channel_account_id']));
if ($x && $x[0]['total'] + $size > $limit) {
logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit);
attach_delete($c[0]['channel_id'], $hash);
return;
}
}
}
public function testFileNameOneDot()
{
$multidots = "foo.ogg";
$this->assertEquals("audio/ogg", z_mime_content_type($multidots));
$this->assertNotEquals("application/octet-stream", z_mime_content_type($multidots));
}
