public static function getDownloadDetails($item) { // TODO: get attachment link mode value from somewhere if (!$item->isAttachment() || !$item->isImportedAttachment()) { return false; } $sql = "SELECT storageFileID FROM storageFileItems WHERE itemID=?"; $storageFileID = Zotero_DB::valueQuery($sql, $item->id, Zotero_Shards::getByLibraryID($item->libraryID)); if (!$storageFileID) { return false; } $url = Zotero_API::getItemURI($item) . "/file"; $info = self::getFileInfoByID($storageFileID); if ($info['zip']) { return array('url' => $url . "/view"); } else { return array('url' => $url, 'filename' => $info['filename'], 'size' => $info['size']); } }
public function collections() { // Check for general library access if (!$this->permissions->canAccess($this->objectLibraryID)) { $this->e403(); } if ($this->isWriteMethod()) { // Check for library write access if (!$this->permissions->canWrite($this->objectLibraryID)) { $this->e403("Write access denied"); } // Make sure library hasn't been modified if (!$this->singleObject) { $libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion(); } Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID); } $collectionIDs = array(); $collectionKeys = array(); $results = array(); // Single collection if ($this->singleObject) { $this->allowMethods(['HEAD', 'GET', 'PUT', 'PATCH', 'DELETE']); if (!Zotero_ID::isValidKey($this->objectKey)) { $this->e404(); } $collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->objectKey); if ($this->isWriteMethod()) { $collection = $this->handleObjectWrite('collection', $collection ? $collection : null); $this->queryParams['content'] = ['json']; } if (!$collection) { $this->e404("Collection not found"); } $this->libraryVersion = $collection->version; if ($this->method == 'HEAD') { $this->end(); } switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_Collections::convertCollectionToAtom($collection, $this->queryParams); break; case 'json': $json = $collection->toResponseJSON($this->queryParams, $this->permissions); echo Zotero_Utilities::formatJSON($json); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } else { $this->allowMethods(['HEAD', 'GET', 'POST', 'DELETE']); $this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID); if ($this->scopeObject) { $this->allowMethods(array('GET')); switch ($this->scopeObject) { case 'collections': $collection = Zotero_Collections::getByLibraryAndKey($this->objectLibraryID, $this->scopeObjectKey); if (!$collection) { $this->e404("Collection not found"); } $title = "Child Collections of ‘{$collection->name}'’"; $collectionIDs = $collection->getChildCollections(); break; default: throw new Exception("Invalid collections scope object '{$this->scopeObject}'"); } } else { // Top-level items if ($this->subset == 'top') { $this->allowMethods(array('GET')); $title = "Top-Level Collections"; $results = Zotero_Collections::search($this->objectLibraryID, true, $this->queryParams); } else { // Create a collection if ($this->method == 'POST') { $this->queryParams['format'] = 'writereport'; $obj = $this->jsonDecode($this->body); $results = Zotero_Collections::updateMultipleFromJSON($obj, $this->queryParams, $this->objectLibraryID, $this->userID, $this->permissions, $libraryTimestampChecked ? 0 : 1, null); if ($cacheKey = $this->getWriteTokenCacheKey()) { Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime); } if ($this->apiVersion < 2) { $uri = Zotero_API::getCollectionsURI($this->objectLibraryID); $keys = array_merge(get_object_vars($results['success']), get_object_vars($results['unchanged'])); $queryString = "collectionKey=" . urlencode(implode(",", $keys)) . "&format=atom&content=json&order=collectionKeyList&sort=asc"; if ($this->apiKey) { $queryString .= "&key=" . $this->apiKey; } $uri .= "?" . $queryString; $this->queryParams = Zotero_API::parseQueryParams($queryString, $this->action, true, $this->apiVersion); $title = "Collections"; $results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams); } } else { if ($this->method == 'DELETE') { Zotero_DB::beginTransaction(); foreach ($this->queryParams['collectionKey'] as $collectionKey) { Zotero_Collections::delete($this->objectLibraryID, $collectionKey); } Zotero_DB::commit(); $this->e204(); } else { $title = "Collections"; $results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams); } } } } if ($collectionIDs) { $this->queryParams['collectionIDs'] = $collectionIDs; $results = Zotero_Collections::search($this->objectLibraryID, false, $this->queryParams); } $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title])); break; case 'json': case 'keys': case 'versions': case 'writereport': Zotero_API::multiResponse($options); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } $this->end(); }
public function itemToAtom($itemID) { if (!is_int($itemID)) { throw new Exception("itemID must be an integer (was " . gettype($itemID) . ")"); } if (!$this->loaded) { $this->load(); } //$groupUserData = $this->getUserData($itemID); $item = Zotero_Items::get($this->libraryID, $itemID); if (!$item) { throw new Exception("Item {$itemID} doesn't exist"); } $xml = new SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?>' . '<entry xmlns="' . Zotero_Atom::$nsAtom . '" ' . 'xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '" ' . 'xmlns:xfer="' . Zotero_Atom::$nsZoteroTransfer . '"/>'); $title = $item->getDisplayTitle(true); $title = $title ? $title : '[Untitled]'; // Strip HTML from note titles if ($item->isNote()) { // Clean and strip HTML, giving us an HTML-encoded plaintext string $title = strip_tags(Zotero_Notes::sanitize($title)); // Unencode plaintext string $title = html_entity_decode($title); } $xml->title = $title; $author = $xml->addChild('author'); $author->name = Zotero_Libraries::getName($item->libraryID); $author->uri = Zotero_URI::getLibraryURI($item->libraryID); $xml->id = Zotero_URI::getItemURI($item); $xml->published = Zotero_Date::sqlToISO8601($item->dateAdded); $xml->updated = Zotero_Date::sqlToISO8601($item->dateModified); $link = $xml->addChild("link"); $link['rel'] = "self"; $link['type'] = "application/atom+xml"; $link['href'] = Zotero_API::getItemURI($item); $link = $xml->addChild('link'); $link['rel'] = 'alternate'; $link['type'] = 'text/html'; $link['href'] = Zotero_URI::getItemURI($item, true); $xml->content['type'] = 'application/xml'; $itemXML = new SimpleXMLElement('<item xmlns="' . Zotero_Atom::$nsZoteroTransfer . '"/>'); // This method of adding the element seems to be necessary to get the // namespace prefix to show up $fNode = dom_import_simplexml($xml->content); $subNode = dom_import_simplexml($itemXML); $importedNode = $fNode->ownerDocument->importNode($subNode, true); $fNode->appendChild($importedNode); $xml->content->item['id'] = $itemID; return $xml; }
public static function createAtomFeed($title, $url, $entries, $totalResults = null, $queryParams = null, $apiVersion = null, $permissions = null, $fixedValues = array()) { if ($queryParams) { $nonDefaultParams = Zotero_API::getNonDefaultQueryParams($queryParams); // Convert 'content' array to sorted comma-separated string if (isset($nonDefaultParams['content'])) { $nonDefaultParams['content'] = implode(',', $nonDefaultParams['content']); } } else { $nonDefaultParams = array(); } $feed = '<feed xmlns="' . Zotero_Atom::$nsAtom . '" ' . 'xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"'; if ($queryParams && $queryParams['content'][0] == 'full') { $feed .= ' xmlns:zxfer="' . Zotero_Atom::$nsZoteroTransfer . '"'; } $feed .= '/>'; $xml = new SimpleXMLElement($feed); $xml->title = $title; $path = parse_url($url, PHP_URL_PATH); // Generate canonical URI $zoteroURI = Zotero_URI::getBaseURI() . substr($path, 1); if ($nonDefaultParams) { $zoteroURI .= "?" . http_build_query($nonDefaultParams); } $atomURI = Zotero_Atom::getBaseURI() . substr($path, 1); // // Generate URIs for 'self', 'first', 'next' and 'last' links // // 'self' $atomSelfURI = $atomURI; if ($nonDefaultParams) { $atomSelfURI .= "?" . http_build_query($nonDefaultParams); } // 'first' $atomFirstURI = $atomURI; if ($nonDefaultParams) { $p = $nonDefaultParams; unset($p['start']); if ($first = http_build_query($p)) { $atomFirstURI .= "?" . $first; } } // 'last' if (!$queryParams['start'] && $queryParams['limit'] >= $totalResults) { $atomLastURI = $atomSelfURI; } else { // 'start' past results if ($queryParams['start'] >= $totalResults) { $lastStart = $totalResults - $queryParams['limit']; } else { $lastStart = $totalResults - $totalResults % $queryParams['limit']; if ($lastStart == $totalResults) { $lastStart = $totalResults - $queryParams['limit']; } } $p = $nonDefaultParams; if ($lastStart > 0) { $p['start'] = $lastStart; } else { unset($p['start']); } $atomLastURI = $atomURI; if ($last = http_build_query($p)) { $atomLastURI .= "?" . $last; } // 'next' $nextStart = $queryParams['start'] + $queryParams['limit']; if ($nextStart < $totalResults) { $p = $nonDefaultParams; $p['start'] = $nextStart; $atomNextURI = $atomURI . "?" . http_build_query($p); } } $xml->id = $zoteroURI; $link = $xml->addChild("link"); $link['rel'] = "self"; $link['type'] = "application/atom+xml"; $link['href'] = $atomSelfURI; $link = $xml->addChild("link"); $link['rel'] = "first"; $link['type'] = "application/atom+xml"; $link['href'] = $atomFirstURI; if (isset($atomNextURI)) { $link = $xml->addChild("link"); $link['rel'] = "next"; $link['type'] = "application/atom+xml"; $link['href'] = $atomNextURI; } $link = $xml->addChild("link"); $link['rel'] = "last"; $link['type'] = "application/atom+xml"; $link['href'] = $atomLastURI; // Generate alternate URI $alternateURI = Zotero_URI::getBaseURI() . substr($path, 1); if ($nonDefaultParams) { $p = $nonDefaultParams; if (isset($p['content'])) { unset($p['content']); } if ($p) { $alternateURI .= "?" . http_build_query($p); } } $link = $xml->addChild("link"); $link['rel'] = "alternate"; $link['type'] = "text/html"; $link['href'] = $alternateURI; $xml->addChild("zapi:totalResults", is_numeric($totalResults) ? $totalResults : sizeOf($entries), self::$nsZoteroAPI); $xml->addChild("zapi:apiVersion", $apiVersion, self::$nsZoteroAPI); $latestUpdated = ''; // Get bib data using parallel requests $sharedData = array(); if ($entries && $entries[0] instanceof Zotero_Item) { if (in_array('citation', $queryParams['content'])) { $sharedData["citation"] = Zotero_Cite::multiGetFromCiteServer("citation", $entries, $queryParams['style']); } if (in_array('bib', $queryParams['content'])) { $sharedData["bib"] = Zotero_Cite::multiGetFromCiteServer("bib", $entries, $queryParams['style']); } } $xmlEntries = array(); foreach ($entries as $entry) { if ($entry->dateModified > $latestUpdated) { $latestUpdated = $entry->dateModified; } if ($entry instanceof SimpleXMLElement) { $xmlEntries[] = $entry; } else { if ($entry instanceof Zotero_Collection) { $entry = Zotero_Collections::convertCollectionToAtom($entry, $queryParams['content'], $apiVersion); $xmlEntries[] = $entry; } else { if ($entry instanceof Zotero_Creator) { $entry = Zotero_Creators::convertCreatorToAtom($entry, $queryParams['content'], $apiVersion); $xmlEntries[] = $entry; } else { if ($entry instanceof Zotero_Item) { $entry = Zotero_Items::convertItemToAtom($entry, $queryParams, $apiVersion, $permissions, $sharedData); $xmlEntries[] = $entry; } else { if ($entry instanceof Zotero_Search) { $entry = Zotero_Searches::convertSearchToAtom($entry, $queryParams['content'], $apiVersion); $xmlEntries[] = $entry; } else { if ($entry instanceof Zotero_Tag) { $xmlEntries[] = $entry->toAtom($queryParams['content'], $apiVersion, isset($fixedValues[$entry->id]) ? $fixedValues[$entry->id] : null); } else { if ($entry instanceof Zotero_Group) { $entry = $entry->toAtom($queryParams['content'], $apiVersion); $xmlEntries[] = $entry; } } } } } } } } if ($latestUpdated) { $xml->updated = Zotero_Date::sqlToISO8601($latestUpdated); } else { $xml->updated = str_replace("+00:00", "Z", date('c')); } // Import object XML nodes into document $doc = dom_import_simplexml($xml); foreach ($xmlEntries as $xmlEntry) { $subNode = dom_import_simplexml($xmlEntry); $importedNode = $doc->ownerDocument->importNode($subNode, true); $doc->appendChild($importedNode); } return $xml; }
public static function updateFromJSON(Zotero_Item $item, $json, Zotero_Item $parentItem = null, $requestParams, $userID, $requireVersion = 0, $partialUpdate = false) { $json = Zotero_API::extractEditableJSON($json); $exists = Zotero_API::processJSONObjectKey($item, $json, $requestParams); // computerProgram used 'version' instead of 'versionNumber' before v3 if ($requestParams['v'] < 3 && isset($json->version)) { $json->versionNumber = $json->version; unset($json->version); } Zotero_API::checkJSONObjectVersion($item, $json, $requestParams, $requireVersion); self::validateJSONItem($json, $item->libraryID, $exists ? $item : null, $parentItem || ($exists ? !!$item->getSourceKey() : false), $requestParams, $partialUpdate && $exists); $changed = false; $twoStage = false; if (!Zotero_DB::transactionInProgress()) { Zotero_DB::beginTransaction(); $transactionStarted = true; } else { $transactionStarted = false; } // Set itemType first if (isset($json->itemType)) { $item->setField("itemTypeID", Zotero_ItemTypes::getID($json->itemType)); } $changedDateModified = false; foreach ($json as $key => $val) { switch ($key) { case 'key': case 'version': case 'itemKey': case 'itemVersion': case 'itemType': case 'deleted': continue; case 'parentItem': $item->setSourceKey($val); break; case 'creators': if (!$val && !$item->numCreators()) { continue 2; } $orderIndex = -1; foreach ($val as $newCreatorData) { // JSON uses 'name' and 'firstName'/'lastName', // so switch to just 'firstName'/'lastName' if (isset($newCreatorData->name)) { $newCreatorData->firstName = ''; $newCreatorData->lastName = $newCreatorData->name; unset($newCreatorData->name); $newCreatorData->fieldMode = 1; } else { $newCreatorData->fieldMode = 0; } // Skip empty creators if (Zotero_Utilities::unicodeTrim($newCreatorData->firstName) === "" && Zotero_Utilities::unicodeTrim($newCreatorData->lastName) === "") { break; } $orderIndex++; $newCreatorTypeID = Zotero_CreatorTypes::getID($newCreatorData->creatorType); // Same creator in this position $existingCreator = $item->getCreator($orderIndex); if ($existingCreator && $existingCreator['ref']->equals($newCreatorData)) { // Just change the creatorTypeID if ($existingCreator['creatorTypeID'] != $newCreatorTypeID) { $item->setCreator($orderIndex, $existingCreator['ref'], $newCreatorTypeID); } continue; } // Same creator in a different position, so use that $existingCreators = $item->getCreators(); for ($i = 0, $len = sizeOf($existingCreators); $i < $len; $i++) { if ($existingCreators[$i]['ref']->equals($newCreatorData)) { $item->setCreator($orderIndex, $existingCreators[$i]['ref'], $newCreatorTypeID); continue; } } // Make a fake creator to use for the data lookup $newCreator = new Zotero_Creator(); $newCreator->libraryID = $item->libraryID; foreach ($newCreatorData as $key => $val) { if ($key == 'creatorType') { continue; } $newCreator->{$key} = $val; } // Look for an equivalent creator in this library $candidates = Zotero_Creators::getCreatorsWithData($item->libraryID, $newCreator, true); if ($candidates) { $c = Zotero_Creators::get($item->libraryID, $candidates[0]); $item->setCreator($orderIndex, $c, $newCreatorTypeID); continue; } // None found, so make a new one $creatorID = $newCreator->save(); $newCreator = Zotero_Creators::get($item->libraryID, $creatorID); $item->setCreator($orderIndex, $newCreator, $newCreatorTypeID); } // Remove all existing creators above the current index if ($exists && ($indexes = array_keys($item->getCreators()))) { $i = max($indexes); while ($i > $orderIndex) { $item->removeCreator($i); $i--; } } break; case 'tags': $item->setTags($val); break; case 'collections': $item->setCollections($val); break; case 'relations': $item->setRelations($val); break; case 'attachments': case 'notes': if (!$val) { continue; } $twoStage = true; break; case 'note': $item->setNote($val); break; // Attachment properties // Attachment properties case 'linkMode': $item->attachmentLinkMode = Zotero_Attachments::linkModeNameToNumber($val, true); break; case 'contentType': case 'charset': case 'filename': $k = "attachment" . ucwords($key); $item->{$k} = $val; break; case 'md5': $item->attachmentStorageHash = $val; break; case 'mtime': $item->attachmentStorageModTime = $val; break; case 'dateModified': $changedDateModified = $item->setField($key, $val); break; default: $item->setField($key, $val); break; } } if ($parentItem) { $item->setSource($parentItem->id); } else { if ($requestParams['v'] >= 2 && !$partialUpdate && $item->getSourceKey() && !isset($json->parentItem)) { $item->setSourceKey(false); } } $item->deleted = !empty($json->deleted); // If item has changed, update it with the current timestamp if ($item->hasChanged() && !$changedDateModified) { $item->dateModified = Zotero_DB::getTransactionTimestamp(); } $changed = $item->save($userID) || $changed; // Additional steps that have to be performed on a saved object if ($twoStage) { foreach ($json as $key => $val) { switch ($key) { case 'attachments': if (!$val) { continue; } foreach ($val as $attachmentJSON) { $childItem = new Zotero_Item(); $childItem->libraryID = $item->libraryID; self::updateFromJSON($childItem, $attachmentJSON, $item, $requestParams, $userID); } break; case 'notes': if (!$val) { continue; } $noteItemTypeID = Zotero_ItemTypes::getID("note"); foreach ($val as $note) { $childItem = new Zotero_Item(); $childItem->libraryID = $item->libraryID; $childItem->itemTypeID = $noteItemTypeID; $childItem->setSource($item->id); $childItem->setNote($note->note); $childItem->save(); } break; } } } if ($transactionStarted) { Zotero_DB::commit(); } return $changed; }
/** * Download file from S3, extract it if necessary, and return a temporary URL * pointing to the main file */ public static function getTemporaryURL(Zotero_Item $item, $localOnly = false) { $extURLPrefix = Z_CONFIG::$ATTACHMENT_SERVER_URL; if ($extURLPrefix[strlen($extURLPrefix) - 1] != "/") { $extURLPrefix .= "/"; } $info = Zotero_Storage::getLocalFileItemInfo($item); $storageFileID = $info['storageFileID']; $filename = $info['filename']; $mtime = $info['mtime']; $zip = $info['zip']; $realFilename = preg_replace("/^storage:/", "", $item->attachmentPath); $realFilename = self::decodeRelativeDescriptorString($realFilename); $realEncodedFilename = rawurlencode($realFilename); $docroot = Z_CONFIG::$ATTACHMENT_SERVER_DOCROOT; // Check memcached to see if file is already extracted $key = "attachmentServerString_" . $storageFileID . "_" . $mtime; if ($randomStr = Z_Core::$MC->get($key)) { Z_Core::debug("Got attachment path '{$randomStr}/{$realEncodedFilename}' from memcached"); return $extURLPrefix . "{$randomStr}/{$realEncodedFilename}"; } $localAddr = gethostbyname(gethostname()); // See if this is an attachment host $index = false; $skipHost = false; for ($i = 0, $len = sizeOf(Z_CONFIG::$ATTACHMENT_SERVER_HOSTS); $i < $len; $i++) { $hostAddr = gethostbyname(Z_CONFIG::$ATTACHMENT_SERVER_HOSTS[$i]); if ($hostAddr != $localAddr) { continue; } // Make a HEAD request on the local static port to make sure // this host is actually functional $url = "http://" . Z_CONFIG::$ATTACHMENT_SERVER_HOSTS[$i] . ":" . Z_CONFIG::$ATTACHMENT_SERVER_STATIC_PORT . "/"; Z_Core::debug("Making HEAD request to {$url}"); $ch = curl_init($url); curl_setopt($ch, CURLOPT_NOBODY, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Expect:")); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 2); curl_setopt($ch, CURLOPT_HEADER, 0); // do not return HTTP headers curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($code != 200) { $skipHost = Z_CONFIG::$ATTACHMENT_SERVER_HOSTS[$i]; if ($code == 0) { Z_Core::logError("Error connecting to local attachments server"); } else { Z_Core::logError("Local attachments server returned {$code}"); } break; } $index = $i + 1; break; } // If not, make an internal root request to trigger the extraction on // one of them and retrieve the temporary URL if ($index === false) { // Prevent redirect madness if target server doesn't think it's an // attachment server if ($localOnly) { throw new Exception("Internal attachments request hit a non-attachment server"); } $prefix = 'http://' . Z_CONFIG::$API_SUPER_USERNAME . ":" . Z_CONFIG::$API_SUPER_PASSWORD . "@"; $path = Zotero_API::getItemURI($item) . "/file/view?int=1"; $path = preg_replace('/^[^:]+:\\/\\/[^\\/]+/', '', $path); $context = stream_context_create(array('http' => array('follow_location' => 0))); $url = false; $hosts = Z_CONFIG::$ATTACHMENT_SERVER_HOSTS; // Try in random order shuffle($hosts); foreach ($hosts as $host) { // Don't try the local host again if we know it's not working if ($host == $skipHost) { continue; } $intURL = $prefix . $host . ":" . Z_CONFIG::$ATTACHMENT_SERVER_DYNAMIC_PORT . $path; Z_Core::debug("Making GET request to {$host}"); if (file_get_contents($intURL, false, $context) !== false) { foreach ($http_response_header as $header) { if (preg_match('/^Location:\\s*(.+)$/', $header, $matches)) { if (strpos($matches[1], $extURLPrefix) !== 0) { throw new Exception("Redirect location '" . $matches[1] . "'" . " does not begin with {$extURLPrefix}"); } return $matches[1]; } } } } return false; } // If this is an attachment host, do the download/extraction inline // and generate a random number with an embedded host id. // // The reverse proxy routes incoming file requests to the proper hosts // using the embedded id. // // A cron job deletes old attachment directories $randomStr = rand(1000000, 2147483647); // Seventh number is the host id $randomStr = substr($randomStr, 0, 6) . $index . substr($randomStr, 6); // Download file $dir = $docroot . $randomStr . "/"; $downloadDir = $zip ? $dir . "ztmp/" : $dir; Z_Core::debug("Downloading attachment to {$dir}"); if (!mkdir($downloadDir, 0777, true)) { throw new Exception("Unable to create directory '{$downloadDir}'"); } if ($zip) { $response = Zotero_Storage::downloadFile($info, $downloadDir); } else { $response = Zotero_Storage::downloadFile($info, $downloadDir, $realFilename); } if ($response) { if ($zip) { $success = self::extractZip($downloadDir . $info['filename'], $dir); unlink($downloadDir . $info['filename']); rmdir($downloadDir); // Make sure charset is just a string with no spaces or newlines if (preg_match('/^[^\\s]+/', trim($item->attachmentCharset), $matches)) { $charset = $matches[0]; } else { $charset = 'Off'; } file_put_contents($dir . ".htaccess", "AddDefaultCharset " . $charset); } else { $success = true; if (preg_match('/^[^\\s]+/', trim($item->attachmentContentType), $matches)) { $contentType = $matches[0]; $charset = trim($item->attachmentCharset); if (substr($charset, 0, 5) == 'text/' && preg_match('/^[^\\s]+/', $charset, $matches)) { $contentType .= '; ' . $matches[0]; } file_put_contents($dir . ".htaccess", "ForceType " . $contentType); } } } if (!$response || !$success) { return false; } Z_Core::$MC->set($key, $randomStr, self::$cacheTime); return $extURLPrefix . "{$randomStr}/" . $realEncodedFilename; }
public function keys() { $userID = $this->objectUserID; $key = $this->objectName; $this->allowMethods(['GET', 'POST', 'PUT', 'DELETE']); if ($this->method == 'GET') { // Single key if ($key) { $keyObj = Zotero_Keys::getByKey($key); if (!$keyObj) { $this->e404("Key not found"); } // /users/<userID>/keys/<keyID> (deprecated) if ($userID) { // If we have a userID, make sure it matches if ($keyObj->userID != $userID) { $this->e404("Key not found"); } } else { if ($this->apiVersion < 3) { $this->e404(); } } if ($this->apiVersion >= 3) { $json = $keyObj->toJSON(); // If not super-user, don't include name or recent IP addresses if (!$this->permissions->isSuper()) { unset($json['dateAdded']); unset($json['lastUsed']); unset($json['name']); unset($json['recentIPs']); } header('application/json'); echo Zotero_Utilities::formatJSON($json); } else { $this->responseXML = $keyObj->toXML(); // If not super-user, don't include name or recent IP addresses if (!$this->permissions->isSuper()) { unset($this->responseXML['dateAdded']); unset($this->responseXML['lastUsed']); unset($this->responseXML->name); unset($this->responseXML->recentIPs); } } } else { if (!$this->permissions->isSuper()) { $this->e403(); } $keyObjs = Zotero_Keys::getUserKeys($userID); if ($keyObjs) { if ($this->apiVersion >= 3) { $json = []; foreach ($keyObjs as $keyObj) { $json[] = $keyObj->toJSON(); } echo Zotero_Utilities::formatJSON($json); } else { $xml = new SimpleXMLElement('<keys/>'); $domXML = dom_import_simplexml($xml); foreach ($keyObjs as $keyObj) { $keyXML = $keyObj->toXML(); $domKeyXML = dom_import_simplexml($keyXML); $node = $domXML->ownerDocument->importNode($domKeyXML, true); $domXML->appendChild($node); } $this->responseXML = $xml; } } } } else { if ($this->method == 'DELETE') { if (!$key) { $this->e400("DELETE requests must end with a key"); } Zotero_DB::beginTransaction(); $keyObj = Zotero_Keys::getByKey($key); if (!$keyObj) { $this->e404("Key '{$key}' does not exist"); } $keyObj->erase(); Zotero_DB::commit(); header("HTTP/1.1 204 No Content"); exit; } else { // Require super-user for modifications if (!$this->permissions->isSuper()) { $this->e403(); } if ($this->method == 'POST') { if ($key) { $this->e400("POST requests cannot end with a key (did you mean PUT?)"); } if ($this->apiVersion >= 3) { $json = json_decode($this->body, true); if (!$json) { $this->e400("{$this->method} data is not valid JSON"); } if (!empty($json['key'])) { $this->e400("POST requests cannot contain a key in '" . $this->body . "'"); } $fields = $this->getFieldsFromJSON($json); } else { try { $keyXML = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } if (!empty($key['key'])) { $this->e400("POST requests cannot contain a key in '" . $this->body . "'"); } $fields = $this->getFieldsFromKeyXML($keyXML); } Zotero_DB::beginTransaction(); try { $keyObj = new Zotero_Key(); $keyObj->userID = $userID; foreach ($fields as $field => $val) { if ($field == 'access') { foreach ($val as $access) { $this->setKeyPermissions($keyObj, $access); } } else { $keyObj->{$field} = $val; } } $keyObj->save(); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_KEY_NAME_TOO_LONG) { $this->e400($e->getMessage()); } $this->handleException($e); } if ($this->apiVersion >= 3) { header('application/json'); echo Zotero_Utilities::formatJSON($keyObj->toJSON()); } else { $this->responseXML = $keyObj->toXML(); } Zotero_DB::commit(); $url = Zotero_API::getKeyURI($keyObj); $this->responseCode = 201; header("Location: " . $url, false, 201); } else { if ($this->method == 'PUT') { if (!$key) { $this->e400("PUT requests must end with a key (did you mean POST?)"); } if ($this->apiVersion >= 3) { $json = json_decode($this->body, true); if (!$json) { $this->e400("{$this->method} data is not valid JSON"); } $fields = $this->getFieldsFromJSON($json); } else { try { $keyXML = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } $fields = $this->getFieldsFromKeyXML($keyXML); } // Key attribute is optional, but, if it's there, make sure it matches if (isset($fields['key']) && $fields['key'] != $key) { $this->e400("Key '{$fields['key']}' does not match key '{$key}' from URI"); } Zotero_DB::beginTransaction(); try { $keyObj = Zotero_Keys::getByKey($key); if (!$keyObj) { $this->e404("Key '{$key}' does not exist"); } foreach ($fields as $field => $val) { if ($field == 'access') { foreach ($val as $access) { $this->setKeyPermissions($keyObj, $access); } } else { $keyObj->{$field} = $val; } } $keyObj->save(); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_KEY_NAME_TOO_LONG) { $this->e400($e->getMessage()); } $this->handleException($e); } if ($this->apiVersion >= 3) { echo Zotero_Utilities::formatJSON($keyObj->toJSON()); } else { $this->responseXML = $keyObj->toXML(); } Zotero_DB::commit(); } } } } if ($this->apiVersion >= 3) { $this->end(); } else { header('Content-Type: application/xml'); $xmlstr = $this->responseXML->asXML(); $doc = new DOMDocument('1.0'); $doc->loadXML($xmlstr); $doc->formatOutput = true; echo $doc->saveXML(); exit; } }
private function generateMultiResponse($results, $title = '') { $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title])); break; case 'bib': if ($this->method == 'HEAD') { break; } if (isset($results['results'])) { echo Zotero_Cite::getBibliographyFromCitationServer($results['results'], $this->queryParams); } break; case 'csljson': case 'json': case 'keys': case 'versions': case 'writereport': Zotero_API::multiResponse($options); break; default: if ($this->method == 'HEAD') { break; } $export = Zotero_Translate::doExport($results['results'], $this->queryParams['format']); $this->queryParams['format'] = null; header("Content-Type: " . $export['mimeType']); echo $export['body']; } }
public static function createAtomFeed($action, $title, $url, $entries, $totalResults = null, $queryParams = [], Zotero_Permissions $permissions = null, $fixedValues = array()) { if ($queryParams) { $nonDefaultParams = Zotero_API::getNonDefaultParams($action, $queryParams); } else { $nonDefaultParams = []; } $feed = '<?xml version="1.0" encoding="UTF-8"?>' . '<feed xmlns="' . Zotero_Atom::$nsAtom . '" ' . 'xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"/>'; $xml = new SimpleXMLElement($feed); $xml->title = $title; $path = parse_url($url, PHP_URL_PATH); // Generate canonical URI $zoteroURI = Zotero_URI::getBaseURI() . substr($path, 1) . Zotero_API::buildQueryString($queryParams['v'], $action, $nonDefaultParams, ['v']); $baseURI = Zotero_API::getBaseURI() . substr($path, 1); // API version isn't included in URLs (as with the API key) // // It could alternatively be made a private parameter so that it didn't appear // in the Link header either, but for now it's still there. $excludeParams = ['v']; $links = Zotero_API::buildLinks($action, $path, $totalResults, $queryParams, $nonDefaultParams, $excludeParams); $xml->id = $zoteroURI; $link = $xml->addChild("link"); $link['rel'] = "self"; $link['type'] = "application/atom+xml"; $link['href'] = $links['self']; $link = $xml->addChild("link"); $link['rel'] = "first"; $link['type'] = "application/atom+xml"; $link['href'] = $links['first']; if (isset($links['next'])) { $link = $xml->addChild("link"); $link['rel'] = "next"; $link['type'] = "application/atom+xml"; $link['href'] = $links['next']; } $link = $xml->addChild("link"); $link['rel'] = "last"; $link['type'] = "application/atom+xml"; $link['href'] = $links['last']; // Generate alternate URI $link = $xml->addChild("link"); $link['rel'] = "alternate"; $link['type'] = "text/html"; $link['href'] = $links['alternate']; if ($queryParams['v'] < 3) { $xml->addChild("zapi:totalResults", is_numeric($totalResults) ? $totalResults : sizeOf($entries), self::$nsZoteroAPI); } if ($queryParams['v'] < 2) { $xml->addChild("zapi:apiVersion", 1, self::$nsZoteroAPI); } $latestUpdated = ''; // Check memcached for bib data $sharedData = array(); if ($entries && $entries[0] instanceof Zotero_Item) { if (in_array('citation', $queryParams['content'])) { $sharedData["citation"] = Zotero_Cite::multiGetFromMemcached("citation", $entries, $queryParams); } if (in_array('bib', $queryParams['content'])) { $sharedData["bib"] = Zotero_Cite::multiGetFromMemcached("bib", $entries, $queryParams); } } $xmlEntries = array(); foreach ($entries as $entry) { if ($entry->dateModified > $latestUpdated) { $latestUpdated = $entry->dateModified; } if ($entry instanceof SimpleXMLElement) { $xmlEntries[] = $entry; } else { if ($entry instanceof Zotero_Collection) { $entry = Zotero_Collections::convertCollectionToAtom($entry, $queryParams); $xmlEntries[] = $entry; } else { if ($entry instanceof Zotero_Item) { $entry = Zotero_Items::convertItemToAtom($entry, $queryParams, $permissions, $sharedData); $xmlEntries[] = $entry; } else { if ($entry instanceof Zotero_Search) { $entry = $entry->toAtom($queryParams); $xmlEntries[] = $entry; } else { if ($entry instanceof Zotero_Tag) { $xmlEntries[] = $entry->toAtom($queryParams, isset($fixedValues[$entry->id]) ? $fixedValues[$entry->id] : null); } else { if ($entry instanceof Zotero_Group) { $entry = $entry->toAtom($queryParams); $xmlEntries[] = $entry; } } } } } } } if ($latestUpdated) { $xml->updated = Zotero_Date::sqlToISO8601($latestUpdated); } else { $xml->updated = str_replace("+00:00", "Z", date('c')); } // Import object XML nodes into document $doc = dom_import_simplexml($xml); foreach ($xmlEntries as $xmlEntry) { $subNode = dom_import_simplexml($xmlEntry); $importedNode = $doc->ownerDocument->importNode($subNode, true); $doc->appendChild($importedNode); } return $xml; }
/** * Parse query string into parameters, validating and filling in defaults */ public static function parseQueryParams($queryString, $action, $singleObject) { // Handle multiple identical parameters in the CGI-standard way instead of // PHP's foo[]=bar way $getParams = Zotero_URL::proper_parse_str($queryString); $queryParams = array(); foreach (self::getDefaultQueryParams() as $key => $val) { // Don't overwrite field if already derived from another field if (!empty($queryParams[$key])) { continue; } if ($key == 'limit') { $val = self::getDefaultLimit(isset($getParams['format']) ? $getParams['format'] : ""); } // Fill defaults $queryParams[$key] = $val; // If no parameter passed, used default if (!isset($getParams[$key])) { continue; } // Some formats need special parameter handling if (isset($getParams['format'])) { if ($getParams['format'] == 'bib') { switch ($key) { // Invalid parameters case 'order': case 'sort': case 'start': case 'limit': throw new Exception("'{$key}' is not valid for format=bib", Z_ERROR_INVALID_INPUT); } } else { if ($getParams['format'] == 'keys') { switch ($key) { // Invalid parameters case 'start': throw new Exception("'{$key}' is not valid for format=bib", Z_ERROR_INVALID_INPUT); } } } } switch ($key) { case 'format': $format = $getParams[$key]; $isExportFormat = in_array($format, Zotero_Translate::$exportFormats); // All actions other than items must be Atom if ($action != 'items') { if ($format != 'atom') { throw new Exception("Invalid 'format' value '{$format}'", Z_ERROR_INVALID_INPUT); } } else { if ($isExportFormat || $format == 'csljson') { if ($singleObject || !empty($getParams['itemKey'])) { break; } $limitMax = self::getLimitMax($format); if (empty($getParams['limit'])) { throw new Exception("'limit' is required for format={$format}", Z_ERROR_INVALID_INPUT); } else { if ($getParams['limit'] > $limitMax) { throw new Exception("'limit' cannot be greater than {$limitMax} for format={$format}", Z_ERROR_INVALID_INPUT); } } } else { switch ($format) { case 'atom': case 'bib': break; default: if ($format == 'keys' && !$singleObject) { break; } throw new Exception("Invalid 'format' value '{$format}' for request", Z_ERROR_INVALID_INPUT); } } } break; case 'start': $queryParams[$key] = (int) $getParams[$key]; continue 2; case 'limit': // Maximum limit depends on 'format' $limitMax = self::getLimitMax(isset($getParams['format']) ? $getParams['format'] : ""); // If there's a maximum, enforce it if ($limitMax && (int) $getParams[$key] > $limitMax) { $getParams[$key] = $limitMax; } else { if ((int) $getParams[$key] == 0) { continue 2; } } $queryParams[$key] = (int) $getParams[$key]; continue 2; case 'content': if (isset($getParams['format']) && $getParams['format'] != 'atom') { throw new Exception("'content' is valid only for format=atom", Z_ERROR_INVALID_INPUT); } $getParams[$key] = array_values(array_unique(explode(',', $getParams[$key]))); sort($getParams[$key]); foreach ($getParams[$key] as $value) { switch ($value) { case 'none': case 'full': if (sizeOf($getParams[$key]) > 1) { throw new Exception("content={$value} is not valid in " . "multi-format responses", Z_ERROR_INVALID_INPUT); } break; case 'html': case 'citation': case 'bib': case 'json': case 'csljson': break; default: if (in_array($value, Zotero_Translate::$exportFormats)) { break; } throw new Exception("Invalid 'content' value '{$value}'", Z_ERROR_INVALID_INPUT); } } break; case 'order': // Whether to sort empty values first $queryParams['emptyFirst'] = Zotero_API::getSortEmptyFirst($getParams[$key]); switch ($getParams[$key]) { // Valid fields to sort by // // Allow all fields available in client case 'title': case 'creator': case 'itemType': case 'date': case 'publisher': case 'publicationTitle': case 'journalAbbreviation': case 'language': case 'accessDate': case 'libraryCatalog': case 'callNumber': case 'rights': case 'dateAdded': case 'dateModified': //case 'numChildren': //case 'numChildren': case 'addedBy': case 'numItems': case 'serverDateModified': // numItems is valid only for tags requests switch ($getParams[$key]) { case 'numItems': if ($action != 'tags') { throw new Exception("Invalid 'order' value '" . $getParams[$key] . "'", Z_ERROR_INVALID_INPUT); } break; } if (!isset($getParams['sort'])) { $queryParams['sort'] = self::getDefaultSort($getParams[$key]); } else { if (!in_array($getParams['sort'], array('asc', 'desc'))) { throw new Exception("Invalid 'sort' value '" . $getParams['sort'] . "'", Z_ERROR_INVALID_INPUT); } else { $queryParams['sort'] = $getParams['sort']; } } break; default: throw new Exception("Invalid 'order' value '" . $getParams[$key] . "'", Z_ERROR_INVALID_INPUT); } break; case 'sort': if (!in_array($getParams['sort'], array('asc', 'desc'))) { throw new Exception("Invalid 'sort' value '" . $getParams[$key] . "'", Z_ERROR_INVALID_INPUT); } break; } $queryParams[$key] = $getParams[$key]; } return $queryParams; }
public function groups() { $groupID = $this->objectGroupID; // // Add a group // if ($this->method == 'POST') { if (!$this->permissions->isSuper()) { $this->e403(); } if ($groupID) { $this->e400("POST requests cannot end with a groupID (did you mean PUT?)"); } try { $group = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } if ((int) $group['id']) { $this->e400("POST requests cannot contain a groupID in '" . $this->body . "'"); } $fields = $this->getFieldsFromGroupXML($group); Zotero_DB::beginTransaction(); try { $group = new Zotero_Group(); foreach ($fields as $field => $val) { $group->{$field} = $val; } $group->save(); } catch (Exception $e) { if (strpos($e->getMessage(), "Invalid") === 0) { $this->e400($e->getMessage() . " in " . $this->body . "'"); } switch ($e->getCode()) { case Z_ERROR_GROUP_NAME_UNAVAILABLE: $this->e400($e->getMessage()); default: $this->handleException($e); } } $this->queryParams['content'] = array('full'); $this->responseXML = $group->toAtom($this->queryParams); Zotero_DB::commit(); $url = Zotero_API::getGroupURI($group); $this->responseCode = 201; header("Location: " . $url, false, 201); $this->end(); } // // Update a group // if ($this->method == 'PUT') { if (!$this->permissions->isSuper()) { $this->e403(); } if (!$groupID) { $this->e400("PUT requests must end with a groupID (did you mean POST?)"); } try { $group = @new SimpleXMLElement($this->body); } catch (Exception $e) { $this->e400("{$this->method} data is not valid XML"); } $fields = $this->getFieldsFromGroupXML($group); // Group id is optional, but, if it's there, make sure it matches $id = (string) $group['id']; if ($id && $id != $groupID) { $this->e400("Group ID {$id} does not match group ID {$groupID} from URI"); } Zotero_DB::beginTransaction(); try { $group = Zotero_Groups::get($groupID); if (!$group) { $this->e404("Group {$groupID} does not exist"); } foreach ($fields as $field => $val) { $group->{$field} = $val; } if ($this->ifUnmodifiedSince && strtotime($group->dateModified) > $this->ifUnmodifiedSince) { $this->e412(); } $group->save(); } catch (Exception $e) { if (strpos($e->getMessage(), "Invalid") === 0) { $this->e400($e->getMessage() . " in " . $this->body . "'"); } else { if ($e->getCode() == Z_ERROR_GROUP_DESCRIPTION_TOO_LONG) { $this->e400($e->getMessage()); } } $this->handleException($e); } $this->queryParams['content'] = array('full'); $this->responseXML = $group->toAtom($this->queryParams); Zotero_DB::commit(); $this->end(); } // // Delete a group // if ($this->method == 'DELETE') { if (!$this->permissions->isSuper()) { $this->e403(); } if (!$groupID) { $this->e400("DELETE requests must end with a groupID"); } Zotero_DB::beginTransaction(); $group = Zotero_Groups::get($groupID); if (!$group) { $this->e404("Group {$groupID} does not exist"); } $group->erase(); Zotero_DB::commit(); header("HTTP/1.1 204 No Content"); exit; } // // View one or more groups // // Single group if ($groupID) { $group = Zotero_Groups::get($groupID); if (!$this->permissions->canAccess($this->objectLibraryID)) { $this->e403(); } if (!$group) { $this->e404("Group not found"); } if ($this->apiVersion >= 3) { $this->libraryVersion = $group->version; } else { header("ETag: " . $group->etag); } if ($this->method == 'HEAD') { $this->end(); } switch ($this->queryParams['format']) { case 'atom': $this->responseXML = $group->toAtom($this->queryParams); break; case 'json': $json = $group->toResponseJSON($this->queryParams); echo Zotero_Utilities::formatJSON($json); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } else { if ($this->objectUserID) { $title = Zotero_Users::getUsername($this->objectUserID) . "’s Groups"; } else { // For now, only root can do unrestricted group searches if (!$this->permissions->isSuper()) { $this->e403(); } $title = "Groups"; } try { $results = Zotero_Groups::getAllAdvanced($this->objectUserID, $this->queryParams, $this->permissions); } catch (Exception $e) { switch ($e->getCode()) { case Z_ERROR_INVALID_GROUP_TYPE: $this->e400($e->getMessage()); } throw $e; } $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $title])); break; case 'json': Zotero_API::multiResponse($options); break; case 'etags': case 'versions': $prop = substr($this->queryParams['format'], 0, -1); // remove 's' $newResults = []; foreach ($results['results'] as $group) { $newResults[$group->id] = $group->{$prop}; } $options['results']['results'] = $newResults; Zotero_API::multiResponse($options, 'versions'); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } $this->end(); }
/** * @param Zotero_Setting $setting The setting object to update; * this should be either an existing * setting or a new setting * with a library and name assigned. * @param object $json Setting data to write * @param boolean [$requireVersion=0] See Zotero_API::checkJSONObjectVersion() * @return boolean True if the setting was changed, false otherwise */ public static function updateFromJSON(Zotero_Setting $setting, $json, $requestParams, $userID, $requireVersion = 0) { self::validateJSONObject($setting->name, $json, $requestParams); Zotero_API::checkJSONObjectVersion($setting, $json, $requestParams, $requireVersion); $changed = false; if (!Zotero_DB::transactionInProgress()) { Zotero_DB::beginTransaction(); $transactionStarted = true; } else { $transactionStarted = false; } $setting->value = $json->value; $changed = $setting->save() || $changed; if ($transactionStarted) { Zotero_DB::commit(); } return $changed; }
/** * @param Zotero_Searches $search The search object to update; * this should be either an existing * search or a new search * with a library assigned. * @param object $json Search data to write * @param boolean $requireVersion See Zotero_API::checkJSONObjectVersion() * @return bool True if the search was changed, false otherwise */ public static function updateFromJSON(Zotero_Search $search, $json, $requestParams, $userID, $requireVersion = 0, $partialUpdate = false) { $json = Zotero_API::extractEditableJSON($json); $exists = Zotero_API::processJSONObjectKey($search, $json, $requestParams); Zotero_API::checkJSONObjectVersion($search, $json, $requestParams, $requireVersion); self::validateJSONSearch($json, $requestParams, $partialUpdate && $exists); if (isset($json->name)) { $search->name = $json->name; } if (isset($json->conditions)) { $conditions = []; foreach ($json->conditions as $condition) { $newCondition = get_object_vars($condition); // Parse 'mode' (e.g., '/regexp') out of condition name if (preg_match('/(.+)\\/(.+)/', $newCondition['condition'], $matches)) { $newCondition['condition'] = $matches[1]; $newCondition['mode'] = $matches[2]; } else { $newCondition['mode'] = ""; } $conditions[] = $newCondition; } $search->updateConditions($conditions); } return !!$search->save(); }
public function toResponseJSON($requestParams = []) { $t = microtime(true); // Child collections and items can't be cached (easily) $numCollections = $this->numCollections(); $numItems = $this->numItems(); if (!$requestParams['uncached']) { $cacheKey = $this->getCacheKey($requestParams); $cached = Z_Core::$MC->get($cacheKey); if ($cached) { Z_Core::debug("Using cached JSON for {$this->libraryKey}"); $cached['meta']->numCollections = $numCollections; $cached['meta']->numItems = $numItems; StatsD::timing("api.collections.toResponseJSON.cached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.collections.toResponseJSON.hit"); return $cached; } } $json = ['key' => $this->key, 'version' => $this->version, 'library' => Zotero_Libraries::toJSON($this->libraryID)]; // 'links' $json['links'] = ['self' => ['href' => Zotero_API::getCollectionURI($this), 'type' => 'application/json'], 'alternate' => ['href' => Zotero_URI::getCollectionURI($this, true), 'type' => 'text/html']]; $parentID = $this->getParentID(); if ($parentID) { $parentCol = Zotero_Collections::get($this->libraryID, $parentID); $json['links']['up'] = ['href' => Zotero_API::getCollectionURI($parentCol), 'type' => "application/atom+xml"]; } // 'meta' $json['meta'] = new stdClass(); $json['meta']->numCollections = $numCollections; $json['meta']->numItems = $numItems; // 'include' $include = $requestParams['include']; foreach ($include as $type) { if ($type == 'data') { $json[$type] = $this->toJSON($requestParams); } } if (!$requestParams['uncached']) { Z_Core::$MC->set($cacheKey, $json); StatsD::timing("api.collections.toResponseJSON.uncached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.collections.toResponseJSON.miss"); } return $json; }
/** * Converts a Zotero_Tag object to a SimpleXMLElement Atom object * * @return SimpleXMLElement Tag data as SimpleXML element */ public function toAtom($queryParams, $fixedValues = null) { if (!empty($queryParams['content'])) { $content = $queryParams['content']; } else { $content = array('none'); } // TEMP: multi-format support $content = $content[0]; $xml = new SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?>' . '<entry xmlns="' . Zotero_Atom::$nsAtom . '" xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"/>'); $xml->title = $this->name; $author = $xml->addChild('author'); $author->name = Zotero_Libraries::getName($this->libraryID); $author->uri = Zotero_URI::getLibraryURI($this->libraryID, true); $xml->id = Zotero_URI::getTagURI($this); $xml->published = Zotero_Date::sqlToISO8601($this->dateAdded); $xml->updated = Zotero_Date::sqlToISO8601($this->dateModified); $link = $xml->addChild("link"); $link['rel'] = "self"; $link['type'] = "application/atom+xml"; $link['href'] = Zotero_API::getTagURI($this); $link = $xml->addChild('link'); $link['rel'] = 'alternate'; $link['type'] = 'text/html'; $link['href'] = Zotero_URI::getTagURI($this, true); // Count user's linked items if (isset($fixedValues['numItems'])) { $numItems = $fixedValues['numItems']; } else { $numItems = sizeOf($this->getLinkedItems(true)); } $xml->addChild('zapi:numItems', $numItems, Zotero_Atom::$nsZoteroAPI); if ($content == 'html') { $xml->content['type'] = 'xhtml'; $contentXML = new SimpleXMLElement("<div/>"); $contentXML->addAttribute("xmlns", Zotero_Atom::$nsXHTML); $fNode = dom_import_simplexml($xml->content); $subNode = dom_import_simplexml($contentXML); $importedNode = $fNode->ownerDocument->importNode($subNode, true); $fNode->appendChild($importedNode); } else { if ($content == 'json') { $xml->content['type'] = 'application/json'; $xml->content = Zotero_Utilities::formatJSON($this->toJSON()); } } return $xml; }
/** * Generate a SimpleXMLElement Atom object for the search * * @param array $queryParams * @return SimpleXMLElement */ public function toAtom($queryParams) { if (!$this->loaded) { $this->load(); } // TEMP: multi-format support if (!empty($queryParams['content'])) { $content = $queryParams['content']; } else { $content = array('none'); } $content = $content[0]; $xml = new SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?>' . '<entry xmlns="' . Zotero_Atom::$nsAtom . '" xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"/>'); $xml->title = $this->name ? $this->name : '[Untitled]'; $author = $xml->addChild('author'); // TODO: group item creator $author->name = Zotero_Libraries::getName($this->libraryID); $author->uri = Zotero_URI::getLibraryURI($this->libraryID, true); $xml->id = Zotero_URI::getSearchURI($this); $xml->published = Zotero_Date::sqlToISO8601($this->dateAdded); $xml->updated = Zotero_Date::sqlToISO8601($this->dateModified); $link = $xml->addChild("link"); $link['rel'] = "self"; $link['type'] = "application/atom+xml"; $link['href'] = Zotero_API::getSearchURI($this); $xml->addChild('zapi:key', $this->key, Zotero_Atom::$nsZoteroAPI); $xml->addChild('zapi:version', $this->version, Zotero_Atom::$nsZoteroAPI); if ($content == 'json') { $xml->content['type'] = 'application/json'; $xml->content = Zotero_Utilities::formatJSON($this->toJSON($queryParams)); } return $xml; }
public static function getAllAdvanced($libraryID, $params) { $results = array('objects' => array(), 'total' => 0); $sql = "SELECT SQL_CALC_FOUND_ROWS tagID FROM tags "; if (!empty($params['order']) && $params['order'] == 'numItems') { $sql .= " LEFT JOIN itemTags USING (tagID)"; } $sql .= "WHERE libraryID=? "; $sqlParams = array($libraryID); if (!empty($params['q'])) { if (!is_array($params['q'])) { $params['q'] = array($params['q']); } foreach ($params['q'] as $q) { $sql .= "AND name LIKE ? "; $sqlParams[] = "%{$q}%"; } } $tagTypeSets = Zotero_API::getSearchParamValues($params, 'tagType'); if ($tagTypeSets) { $positives = array(); $negatives = array(); foreach ($tagTypeSets as $set) { if ($set['negation']) { $negatives = array_merge($negatives, $set['values']); } else { $positives = array_merge($positives, $set['values']); } } if ($positives) { $sql .= "AND type IN (" . implode(',', array_fill(0, sizeOf($positives), '?')) . ") "; $sqlParams = array_merge($sqlParams, $positives); } if ($negatives) { $sql .= "AND type NOT IN (" . implode(',', array_fill(0, sizeOf($negatives), '?')) . ") "; $sqlParams = array_merge($sqlParams, $negatives); } } if (!empty($params['order'])) { $order = $params['order']; if ($order == 'title') { // Force a case-insensitive sort $sql .= "ORDER BY name COLLATE utf8_unicode_ci "; } else { if ($order == 'numItems') { $sql .= "GROUP BY tags.tagID ORDER BY COUNT(tags.tagID)"; } else { $sql .= "ORDER BY {$order} "; } } if (!empty($params['sort'])) { $sql .= " " . $params['sort'] . " "; } } if (!empty($params['limit'])) { $sql .= "LIMIT ?, ?"; $sqlParams[] = $params['start'] ? $params['start'] : 0; $sqlParams[] = $params['limit']; } $shardID = Zotero_Shards::getByLibraryID($libraryID); $ids = Zotero_DB::columnQuery($sql, $sqlParams, $shardID); if ($ids) { $results['total'] = Zotero_DB::valueQuery("SELECT FOUND_ROWS()", false, $shardID); $tags = array(); foreach ($ids as $id) { $tags[] = Zotero_Tags::get($libraryID, $id); } $results['objects'] = $tags; } return $results; }
protected function end() { if ($this->profile) { Zotero_DB::profileEnd($this->objectLibraryID, true); } switch ($this->responseCode) { case 200: // Output a Content-Type header for the given format // // Note that this overrides any Content-Type set elsewhere. To force a content // type elsewhere, clear $this->queryParams['format'] when calling header() // manually. // // TODO: Check headers_list so that clearing the format parameter manually isn't // necessary? Performance? if (isset($this->queryParams['format'])) { Zotero_API::outputContentType($this->queryParams['format']); } break; case 301: case 302: case 303: // Handled in $this->redirect() break; case 401: header('WWW-Authenticate: Basic realm="Zotero API"'); header('HTTP/1.1 401 Unauthorized'); break; // PHP completes these automatically // PHP completes these automatically case 201: case 204: case 300: case 304: case 400: case 403: case 404: case 405: case 409: case 412: case 413: case 422: case 500: case 501: case 503: header("HTTP/1.1 " . $this->responseCode); break; case 428: header("HTTP/1.1 428 Precondition Required"); break; case 429: header("HTTP/1.1 429 Too Many Requests"); break; default: throw new Exception("Unsupported response code " . $this->responseCode); } if (isset($this->libraryVersion)) { if ($this->apiVersion >= 2) { header("Last-Modified-Version: " . $this->libraryVersion); } // Send notification if library has changed if ($this->isWriteMethod()) { if ($this->libraryVersion > Zotero_Libraries::getOriginalVersion($this->objectLibraryID)) { Zotero_Notifier::trigger('modify', 'library', $this->objectLibraryID); } } } if ($this->responseXML instanceof SimpleXMLElement) { if (!$this->responseCode) { $updated = (string) $this->responseXML->updated; if ($updated) { $updated = strtotime($updated); $ifModifiedSince = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : false; $ifModifiedSince = strtotime($ifModifiedSince); if ($ifModifiedSince >= $updated) { header('HTTP/1.1 304 Not Modified'); exit; } $lastModified = substr(date('r', $updated), 0, -5) . "GMT"; header("Last-Modified: {$lastModified}"); } } $xmlstr = $this->responseXML->asXML(); // TEMP: Strip control characters $xmlstr = Zotero_Utilities::cleanString($xmlstr, true); $doc = new DOMDocument('1.0'); $doc->loadXML($xmlstr); $doc->formatOutput = true; echo $doc->saveXML(); } $this->logRequestTime(); self::addHeaders(); echo ob_get_clean(); exit; }
/** * @param Zotero_Collection $collection The collection object to update; * this should be either an existing * collection or a new collection * with a library assigned. * @param object $json Collection data to write * @param boolean [$requireVersion=0] See Zotero_API::checkJSONObjectVersion() * @return boolean True if the collection was changed, false otherwise */ public static function updateFromJSON(Zotero_Collection $collection, $json, $requestParams, $userID, $requireVersion = 0, $partialUpdate = false) { $json = Zotero_API::extractEditableJSON($json); $exists = Zotero_API::processJSONObjectKey($collection, $json, $requestParams); Zotero_API::checkJSONObjectVersion($collection, $json, $requestParams, $requireVersion); self::validateJSONCollection($json, $requestParams, $partialUpdate && $exists); $changed = false; if (!Zotero_DB::transactionInProgress()) { Zotero_DB::beginTransaction(); $transactionStarted = true; } else { $transactionStarted = false; } if (isset($json->name)) { $collection->name = $json->name; } if ($requestParams['v'] >= 2 && isset($json->parentCollection)) { $collection->parentKey = $json->parentCollection; } else { if ($requestParams['v'] < 2 && isset($json->parent)) { $collection->parentKey = $json->parent; } else { if (!$partialUpdate) { $collection->parent = false; } } } $changed = $collection->save() || $changed; if ($requestParams['v'] >= 2) { if (isset($json->relations)) { $changed = $collection->setRelations($json->relations, $userID) || $changed; } else { if (!$partialUpdate) { $changed = $collection->setRelations(new stdClass(), $userID) || $changed; } } } if ($transactionStarted) { Zotero_DB::commit(); } return $changed; }
public function toResponseJSON($requestParams=[], Zotero_Permissions $permissions, $sharedData=null) { $t = microtime(true); if (!$this->loaded['primaryData']) { $this->loadPrimaryData(); } if (!$this->loaded['itemData']) { $this->loadItemData(); } // Uncached stuff or parts of the cache key $version = $this->version; $parent = $this->getSource(); $isRegularItem = !$parent && $this->isRegularItem(); $downloadDetails = $permissions->canAccess($this->libraryID, 'files') ? Zotero_Storage::getDownloadDetails($this) : false; if ($isRegularItem) { $numChildren = $permissions->canAccess($this->libraryID, 'notes') ? $this->numChildren() : $this->numAttachments(); } $libraryType = Zotero_Libraries::getType($this->libraryID); // Any query parameters that have an effect on the output // need to be added here $allowedParams = [ 'include', 'style', 'css', 'linkwrap' ]; $cachedParams = Z_Array::filterKeys($requestParams, $allowedParams); $cacheVersion = 1; $cacheKey = "jsonEntry_" . $this->libraryID . "/" . $this->id . "_" . md5( $version . json_encode($cachedParams) . ($downloadDetails ? 'hasFile' : '') // For groups, include the group WWW URL, which can change . ($libraryType == 'group' ? Zotero_URI::getItemURI($this, true) : '') ) . "_" . $requestParams['v'] // For code-based changes . "_" . $cacheVersion // For data-based changes . (isset(Z_CONFIG::$CACHE_VERSION_RESPONSE_JSON_ITEM) ? "_" . Z_CONFIG::$CACHE_VERSION_RESPONSE_JSON_ITEM : "") // If there's bib content, include the bib cache version . ((in_array('bib', $requestParams['include']) && isset(Z_CONFIG::$CACHE_VERSION_BIB)) ? "_" . Z_CONFIG::$CACHE_VERSION_BIB : ""); $cached = Z_Core::$MC->get($cacheKey); if (false && $cached) { // Make sure numChildren reflects the current permissions if ($isRegularItem) { $json = json_decode($cached); $json['numChildren'] = $numChildren; $cached = json_encode($json); } //StatsD::timing("api.items.itemToResponseJSON.cached", (microtime(true) - $t) * 1000); //StatsD::increment("memcached.items.itemToResponseJSON.hit"); // Skip the cache every 10 times for now, to ensure cache sanity if (!Z_Core::probability(10)) { return $cached; } } $json = [ 'key' => $this->key, 'version' => $version, 'library' => Zotero_Libraries::toJSON($this->libraryID) ]; $json['links'] = [ 'self' => [ 'href' => Zotero_API::getItemURI($this), 'type' => 'application/json' ], 'alternate' => [ 'href' => Zotero_URI::getItemURI($this, true), 'type' => 'text/html' ] ]; if ($parent) { $parentItem = Zotero_Items::get($this->libraryID, $parent); $json['links']['up'] = [ 'href' => Zotero_API::getItemURI($parentItem), 'type' => 'application/json' ]; } // If appropriate permissions and the file is stored in ZFS, get file request link if ($downloadDetails) { $details = $downloadDetails; $type = $this->attachmentMIMEType; if ($type) { $json['links']['enclosure'] = [ 'type' => $type ]; } $json['links']['enclosure']['href'] = $details['url']; if (!empty($details['filename'])) { $json['links']['enclosure']['title'] = $details['filename']; } if (isset($details['size'])) { $json['links']['enclosure']['length'] = $details['size']; } } // 'meta' $json['meta'] = new stdClass; if (Zotero_Libraries::getType($this->libraryID) == 'group') { $createdByUserID = $this->createdByUserID; $lastModifiedByUserID = $this->lastModifiedByUserID; if ($createdByUserID) { $json['meta']->createdByUser = Zotero_Users::toJSON($createdByUserID); } if ($lastModifiedByUserID && $lastModifiedByUserID != $createdByUserID) { $json['meta']->lastModifiedByUser = Zotero_Users::toJSON($lastModifiedByUserID); } } if ($isRegularItem) { $val = $this->getCreatorSummary(); if ($val !== '') { $json['meta']->creatorSummary = $val; } $val = $this->getField('date', true, true, true); if ($val !== '') { $sqlDate = Zotero_Date::multipartToSQL($val); if (substr($sqlDate, 0, 4) !== '0000') { $json['meta']->parsedDate = Zotero_Date::sqlToISO8601($sqlDate); } } $json['meta']->numChildren = $numChildren; } // 'include' $include = $requestParams['include']; foreach ($include as $type) { if ($type == 'html') { $json[$type] = trim($this->toHTML()); } else if ($type == 'citation') { if (isset($sharedData[$type][$this->libraryID . "/" . $this->key])) { $html = $sharedData[$type][$this->libraryID . "/" . $this->key]; } else { if ($sharedData !== null) { //error_log("Citation not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getCitationFromCiteServer($this, $requestParams); } $json[$type] = $html; } else if ($type == 'bib') { if (isset($sharedData[$type][$this->libraryID . "/" . $this->key])) { $html = $sharedData[$type][$this->libraryID . "/" . $this->key]; } else { if ($sharedData !== null) { //error_log("Bibliography not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getBibliographyFromCitationServer([$this], $requestParams); // Strip prolog $html = preg_replace('/^<\?xml.+\n/', "", $html); $html = trim($html); } $json[$type] = $html; } else if ($type == 'data') { $json[$type] = $this->toJSON(true, $requestParams, true); } else if ($type == 'csljson') { $json[$type] = $this->toCSLItem(); } else if (in_array($type, Zotero_Translate::$exportFormats)) { $export = Zotero_Translate::doExport([$this], $type); $json[$type] = $export['body']; unset($export); } } // TEMP if ($cached) { $uncached = Zotero_Utilities::formatJSON($json); if ($cached != $uncached) { error_log("Cached JSON item entry does not match"); error_log(" Cached: " . $cached); error_log("Uncached: " . $uncached); //Z_Core::$MC->set($cacheKey, $uncached, 3600); // 1 hour for now } } else { /*Z_Core::$MC->set($cacheKey, $xmlstr, 3600); // 1 hour for now StatsD::timing("api.items.itemToAtom.uncached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.items.itemToAtom.miss");*/ } return $json; }
public static function search($libraryID, $onlyTopLevel = false, $params = array(), $includeTrashed = false, $asKeys = false) { $rnd = "_" . uniqid($libraryID . "_"); if ($asKeys) { $results = array('keys' => array(), 'total' => 0); } else { $results = array('items' => array(), 'total' => 0); } $shardID = Zotero_Shards::getByLibraryID($libraryID); $itemIDs = array(); $keys = array(); $deleteTempTable = array(); // Pass a list of itemIDs, for when the initial search is done via SQL if (!empty($params['itemIDs'])) { $itemIDs = $params['itemIDs']; } if (!empty($params['itemKey'])) { $keys = explode(',', $params['itemKey']); } $titleSort = !empty($params['order']) && $params['order'] == 'title'; $sql = "SELECT SQL_CALC_FOUND_ROWS DISTINCT " . ($asKeys ? "I.key" : "I.itemID") . " FROM items I "; $sqlParams = array($libraryID); if (!empty($params['q']) || $titleSort) { $titleFieldIDs = array_merge(array(Zotero_ItemFields::getID('title')), Zotero_ItemFields::getTypeFieldsFromBase('title')); $sql .= "LEFT JOIN itemData IDT ON (IDT.itemID=I.itemID AND IDT.fieldID IN (" . implode(',', $titleFieldIDs) . ")) "; } if (!empty($params['q'])) { $sql .= "LEFT JOIN itemCreators IC ON (IC.itemID=I.itemID)\n\t\t\t\t\tLEFT JOIN creators C ON (C.creatorID=IC.creatorID) "; } if ($onlyTopLevel || !empty($params['q']) || $titleSort) { $sql .= "LEFT JOIN itemNotes INo ON (INo.itemID=I.itemID) "; } if ($onlyTopLevel) { $sql .= "LEFT JOIN itemAttachments IA ON (IA.itemID=I.itemID) "; } if (!$includeTrashed) { $sql .= "LEFT JOIN deletedItems DI ON (DI.itemID=I.itemID) "; } if (!empty($params['order'])) { switch ($params['order']) { case 'title': case 'creator': $sql .= "LEFT JOIN itemSortFields ISF ON (ISF.itemID=I.itemID) "; break; case 'date': $dateFieldIDs = array_merge(array(Zotero_ItemFields::getID('date')), Zotero_ItemFields::getTypeFieldsFromBase('date')); $sql .= "LEFT JOIN itemData IDD ON (IDD.itemID=I.itemID AND IDD.fieldID IN (" . implode(',', $dateFieldIDs) . ")) "; break; case 'itemType': // Create temporary table to store item type names // // We use IF NOT EXISTS just to make sure there are // no problems with restoration from the binary log $sql2 = "CREATE TEMPORARY TABLE IF NOT EXISTS tmpItemTypeNames{$rnd}\n\t\t\t\t\t\t\t(itemTypeID SMALLINT UNSIGNED NOT NULL,\n\t\t\t\t\t\t\titemTypeName VARCHAR(255) NOT NULL,\n\t\t\t\t\t\t\tPRIMARY KEY (itemTypeID),\n\t\t\t\t\t\t\tINDEX (itemTypeName))"; Zotero_DB::query($sql2, false, $shardID); $deleteTempTable['tmpItemTypeNames'] = true; $types = Zotero_ItemTypes::getAll('en-US'); foreach ($types as $type) { $sql2 = "INSERT INTO tmpItemTypeNames{$rnd} VALUES (?, ?)"; Zotero_DB::query($sql2, array($type['id'], $type['localized']), $shardID); } // Join temp table to query $sql .= "JOIN tmpItemTypeNames{$rnd} TITN ON (TITN.itemTypeID=I.itemTypeID) "; break; case 'addedBy': $isGroup = Zotero_Libraries::getType($libraryID) == 'group'; if ($isGroup) { // Create temporary table to store usernames // // We use IF NOT EXISTS just to make sure there are // no problems with restoration from the binary log $sql2 = "CREATE TEMPORARY TABLE IF NOT EXISTS tmpCreatedByUsers{$rnd}\n\t\t\t\t\t\t\t\t(userID INT UNSIGNED NOT NULL,\n\t\t\t\t\t\t\t\tusername VARCHAR(255) NOT NULL,\n\t\t\t\t\t\t\t\tPRIMARY KEY (userID),\n\t\t\t\t\t\t\t\tINDEX (username))"; Zotero_DB::query($sql2, false, $shardID); $deleteTempTable['tmpCreatedByUsers'] = true; $sql2 = "SELECT DISTINCT createdByUserID FROM items\n\t\t\t\t\t\t\t\tJOIN groupItems USING (itemID) WHERE\n\t\t\t\t\t\t\t\tcreatedByUserID IS NOT NULL AND "; if ($itemIDs) { $sql2 .= "itemID IN (" . implode(', ', array_fill(0, sizeOf($itemIDs), '?')) . ") "; $createdByUserIDs = Zotero_DB::columnQuery($sql2, $itemIDs, $shardID); } else { $sql2 .= "libraryID=?"; $createdByUserIDs = Zotero_DB::columnQuery($sql2, $libraryID, $shardID); } // Populate temp table with usernames if ($createdByUserIDs) { $toAdd = array(); foreach ($createdByUserIDs as $createdByUserID) { $toAdd[] = array($createdByUserID, Zotero_Users::getUsername($createdByUserID)); } $sql2 = "INSERT IGNORE INTO tmpCreatedByUsers{$rnd} VALUES "; Zotero_DB::bulkInsert($sql2, $toAdd, 50, false, $shardID); // Join temp table to query $sql .= "JOIN groupItems GI ON (GI.itemID=I.itemID)\n\t\t\t\t\t\t\t\t\tJOIN tmpCreatedByUsers{$rnd} TCBU ON (TCBU.userID=GI.createdByUserID) "; } } break; } } $sql .= "WHERE I.libraryID=? "; if ($onlyTopLevel) { $sql .= "AND INo.sourceItemID IS NULL AND IA.sourceItemID IS NULL "; } if (!$includeTrashed) { $sql .= "AND DI.itemID IS NULL "; } // Search on title and creators if (!empty($params['q'])) { $sql .= "AND ("; $sql .= "IDT.value LIKE ? "; $sqlParams[] = '%' . $params['q'] . '%'; $sql .= "OR title LIKE ? "; $sqlParams[] = '%' . $params['q'] . '%'; $sql .= "OR TRIM(CONCAT(firstName, ' ', lastName)) LIKE ?"; $sqlParams[] = '%' . $params['q'] . '%'; $sql .= ") "; } // Search on itemType if (!empty($params['itemType'])) { $itemTypes = Zotero_API::getSearchParamValues($params, 'itemType'); if ($itemTypes) { if (sizeOf($itemTypes) > 1) { throw new Exception("Cannot specify 'itemType' more than once", Z_ERROR_INVALID_INPUT); } $itemTypes = $itemTypes[0]; $itemTypeIDs = array(); foreach ($itemTypes['values'] as $itemType) { $itemTypeID = Zotero_ItemTypes::getID($itemType); if (!$itemTypeID) { throw new Exception("Invalid itemType '{$itemType}'", Z_ERROR_INVALID_INPUT); } $itemTypeIDs[] = $itemTypeID; } $sql .= "AND I.itemTypeID " . ($itemTypes['negation'] ? "NOT " : "") . "IN (" . implode(',', array_fill(0, sizeOf($itemTypeIDs), '?')) . ") "; $sqlParams = array_merge($sqlParams, $itemTypeIDs); } } // Tags // // ?tag=foo // ?tag=foo bar // phrase // ?tag=-foo // negation // ?tag=\-foo // literal hyphen (only for first character) // ?tag=foo&tag=bar // AND // ?tag=foo&tagType=0 // ?tag=foo bar || bar&tagType=0 $tagSets = Zotero_API::getSearchParamValues($params, 'tag'); if ($tagSets) { $sql2 = "SELECT itemID FROM items WHERE 1 "; $sqlParams2 = array(); if ($tagSets) { foreach ($tagSets as $set) { $positives = array(); $negatives = array(); $tagIDs = array(); foreach ($set['values'] as $tag) { $ids = Zotero_Tags::getIDs($libraryID, $tag); if (!$ids) { $ids = array(0); } $tagIDs = array_merge($tagIDs, $ids); } $tagIDs = array_unique($tagIDs); if ($set['negation']) { $negatives = array_merge($negatives, $tagIDs); } else { $positives = array_merge($positives, $tagIDs); } if ($positives) { $sql2 .= "AND itemID IN (SELECT itemID FROM items JOIN itemTags USING (itemID)\n\t\t\t\t\t\t\t\tWHERE tagID IN (" . implode(',', array_fill(0, sizeOf($positives), '?')) . ")) "; $sqlParams2 = array_merge($sqlParams2, $positives); } if ($negatives) { $sql2 .= "AND itemID NOT IN (SELECT itemID FROM items JOIN itemTags USING (itemID)\n\t\t\t\t\t\t\t\tWHERE tagID IN (" . implode(',', array_fill(0, sizeOf($negatives), '?')) . ")) "; $sqlParams2 = array_merge($sqlParams2, $negatives); } } } $tagItems = Zotero_DB::columnQuery($sql2, $sqlParams2, $shardID); // No matches if (!$tagItems) { return $results; } // Combine with passed keys if ($itemIDs) { $itemIDs = array_intersect($itemIDs, $tagItems); // None of the tag matches match the passed keys if (!$itemIDs) { return $results; } } else { $itemIDs = $tagItems; } } if ($itemIDs) { $sql .= "AND I.itemID IN (" . implode(', ', array_fill(0, sizeOf($itemIDs), '?')) . ") "; $sqlParams = array_merge($sqlParams, $itemIDs); } if ($keys) { $sql .= "AND `key` IN (" . implode(', ', array_fill(0, sizeOf($keys), '?')) . ") "; $sqlParams = array_merge($sqlParams, $keys); } $sql .= "ORDER BY "; if (!empty($params['order'])) { switch ($params['order']) { case 'dateAdded': case 'dateModified': case 'serverDateModified': $orderSQL = "I." . $params['order']; break; case 'itemType': $orderSQL = "TITN.itemTypeName"; break; case 'title': $orderSQL = "IFNULL(COALESCE(sortTitle, IDT.value, INo.title), '')"; break; case 'creator': $orderSQL = "ISF.creatorSummary"; break; // TODO: generic base field mapping-aware sorting // TODO: generic base field mapping-aware sorting case 'date': $orderSQL = "IDD.value"; break; case 'addedBy': if ($isGroup && $createdByUserIDs) { $orderSQL = "TCBU.username"; } else { $orderSQL = "1"; } break; default: $fieldID = Zotero_ItemFields::getID($params['order']); if (!$fieldID) { throw new Exception("Invalid order field '" . $params['order'] . "'"); } $orderSQL = "(SELECT value FROM itemData WHERE itemID=I.itemID AND fieldID=?)"; if (!$params['emptyFirst']) { $sqlParams[] = $fieldID; } $sqlParams[] = $fieldID; } if (!empty($params['sort'])) { $dir = $params['sort']; } else { $dir = "ASC"; } if (!$params['emptyFirst']) { $sql .= "IFNULL({$orderSQL}, '') = '' {$dir}, "; } $sql .= $orderSQL; $sql .= " {$dir}, "; } $sql .= "I.itemID " . (!empty($params['sort']) ? $params['sort'] : "ASC") . " "; if (!empty($params['limit'])) { $sql .= "LIMIT ?, ?"; $sqlParams[] = $params['start'] ? $params['start'] : 0; $sqlParams[] = $params['limit']; } $itemIDs = Zotero_DB::columnQuery($sql, $sqlParams, $shardID); $results['total'] = Zotero_DB::valueQuery("SELECT FOUND_ROWS()", false, $shardID); if ($itemIDs) { if ($asKeys) { $results['keys'] = $itemIDs; } else { $results['items'] = Zotero_Items::get($libraryID, $itemIDs); } } if (!empty($deleteTempTable['tmpCreatedByUsers'])) { $sql = "DROP TEMPORARY TABLE IF EXISTS tmpCreatedByUsers{$rnd}"; Zotero_DB::query($sql, false, $shardID); } if (!empty($deleteTempTable['tmpItemTypeNames'])) { $sql = "DROP TEMPORARY TABLE IF EXISTS tmpItemTypeNames{$rnd}"; Zotero_DB::query($sql, false, $shardID); } return $results; }
public static function search($libraryID, $params) { $results = array('results' => array(), 'total' => 0); // Default empty library if ($libraryID === 0) { return $results; } $shardID = Zotero_Shards::getByLibraryID($libraryID); $sql = "SELECT SQL_CALC_FOUND_ROWS DISTINCT tagID FROM tags " . "JOIN itemTags USING (tagID) WHERE libraryID=? "; $sqlParams = array($libraryID); // Pass a list of tagIDs, for when the initial search is done via SQL $tagIDs = !empty($params['tagIDs']) ? $params['tagIDs'] : array(); // Filter for specific tags with "?tag=foo || bar" $tagNames = !empty($params['tag']) ? explode(' || ', $params['tag']) : array(); if ($tagIDs) { $sql .= "AND tagID IN (" . implode(', ', array_fill(0, sizeOf($tagIDs), '?')) . ") "; $sqlParams = array_merge($sqlParams, $tagIDs); } if ($tagNames) { $sql .= "AND `name` IN (" . implode(', ', array_fill(0, sizeOf($tagNames), '?')) . ") "; $sqlParams = array_merge($sqlParams, $tagNames); } if (!empty($params['q'])) { if (!is_array($params['q'])) { $params['q'] = array($params['q']); } foreach ($params['q'] as $q) { $sql .= "AND name LIKE ? "; $sqlParams[] = "%{$q}%"; } } $tagTypeSets = Zotero_API::getSearchParamValues($params, 'tagType'); if ($tagTypeSets) { $positives = array(); $negatives = array(); foreach ($tagTypeSets as $set) { if ($set['negation']) { $negatives = array_merge($negatives, $set['values']); } else { $positives = array_merge($positives, $set['values']); } } if ($positives) { $sql .= "AND type IN (" . implode(',', array_fill(0, sizeOf($positives), '?')) . ") "; $sqlParams = array_merge($sqlParams, $positives); } if ($negatives) { $sql .= "AND type NOT IN (" . implode(',', array_fill(0, sizeOf($negatives), '?')) . ") "; $sqlParams = array_merge($sqlParams, $negatives); } } if (!empty($params['since'])) { $sql .= "AND version > ? "; $sqlParams[] = $params['since']; } if (!empty($params['sort'])) { $order = $params['sort']; if ($order == 'title') { // Force a case-insensitive sort $sql .= "ORDER BY name COLLATE utf8_unicode_ci "; } else { if ($order == 'numItems') { $sql .= "GROUP BY tags.tagID ORDER BY COUNT(tags.tagID)"; } else { $sql .= "ORDER BY {$order} "; } } if (!empty($params['direction'])) { $sql .= " " . $params['direction'] . " "; } } if (!empty($params['limit'])) { $sql .= "LIMIT ?, ?"; $sqlParams[] = $params['start'] ? $params['start'] : 0; $sqlParams[] = $params['limit']; } $ids = Zotero_DB::columnQuery($sql, $sqlParams, $shardID); $results['total'] = Zotero_DB::valueQuery("SELECT FOUND_ROWS()", false, $shardID); if ($ids) { $tags = array(); foreach ($ids as $id) { $tags[] = Zotero_Tags::get($libraryID, $id); } $results['results'] = $tags; } return $results; }
public function searches() { if ($this->apiVersion < 2) { $this->e404(); } // Check for general library access if (!$this->permissions->canAccess($this->objectLibraryID)) { $this->e403(); } if ($this->isWriteMethod()) { // Check for library write access if (!$this->permissions->canWrite($this->objectLibraryID)) { $this->e403("Write access denied"); } // Make sure library hasn't been modified if (!$this->singleObject) { $libraryTimestampChecked = $this->checkLibraryIfUnmodifiedSinceVersion(); } Zotero_Libraries::updateVersionAndTimestamp($this->objectLibraryID); } $results = array(); // Single search if ($this->singleObject) { $this->allowMethods(['HEAD', 'GET', 'PUT', 'PATCH', 'DELETE']); $search = Zotero_Searches::getByLibraryAndKey($this->objectLibraryID, $this->objectKey); if ($this->isWriteMethod()) { $search = $this->handleObjectWrite('search', $search ? $search : null); $this->e204(); } if (!$search) { $this->e404("Search not found"); } $this->libraryVersion = $search->version; if ($this->method == 'HEAD') { $this->end(); } // Display search switch ($this->queryParams['format']) { case 'atom': $this->responseXML = $search->toAtom($this->queryParams); break; case 'json': $json = $search->toResponseJSON($this->queryParams, $this->permissions); echo Zotero_Utilities::formatJSON($json); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } else { $this->allowMethods(['HEAD', 'GET', 'POST', 'DELETE']); $this->libraryVersion = Zotero_Libraries::getUpdatedVersion($this->objectLibraryID); // Create a search if ($this->method == 'POST') { $this->queryParams['format'] = 'writereport'; $obj = $this->jsonDecode($this->body); $results = Zotero_Searches::updateMultipleFromJSON($obj, $this->objectLibraryID, $this->queryParams, $this->userID, $libraryTimestampChecked ? 0 : 1, null); if ($cacheKey = $this->getWriteTokenCacheKey()) { Z_Core::$MC->set($cacheKey, true, $this->writeTokenCacheTime); } } else { if ($this->method == 'DELETE') { Zotero_DB::beginTransaction(); foreach ($this->queryParams['searchKey'] as $searchKey) { Zotero_Searches::delete($this->objectLibraryID, $searchKey); } Zotero_DB::commit(); $this->e204(); } else { $title = "Searches"; $results = Zotero_Searches::search($this->objectLibraryID, $this->queryParams); } } $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title])); break; case 'json': case 'keys': case 'versions': case 'writereport': Zotero_API::multiResponse($options); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } } $this->end(); }
public static function multiResponse($options, $overrideFormat = false) { $format = $overrideFormat ? $overrideFormat : $options['requestParams']['format']; if (empty($options['results'])) { $options['results'] = ['results' => [], 'total' => 0]; } if ($options['results'] && isset($options['results']['results'])) { $totalResults = $options['results']['total']; $options['results'] = $options['results']['results']; if ($options['requestParams']['v'] >= 3) { header("Total-Results: {$totalResults}"); } } switch ($format) { case 'atom': case 'csljson': case 'json': case 'keys': case 'versions': $link = Zotero_API::buildLinkHeader($options['action'], $options['uri'], $totalResults, $options['requestParams']); if ($link) { header($link); } break; } if (!empty($options['head'])) { return; } switch ($format) { case 'atom': $t = microtime(true); $response = Zotero_Atom::createAtomFeed($options['action'], $options['title'], $options['uri'], $options['results'], $totalResults, $options['requestParams'], $options['permissions'], isset($options['fixedValues']) ? $options['fixedValues'] : null); StatsD::timing("api." . $options['action'] . ".multiple.createAtomFeed." . implode("-", $options['requestParams']['content']), (microtime(true) - $t) * 1000); return $response; case 'csljson': $json = Zotero_Cite::getJSONFromItems($options['results'], true); echo Zotero_Utilities::formatJSON($json); break; case 'json': echo Zotero_API::createJSONResponse($options['results'], $options['requestParams'], $options['permissions']); break; case 'keys': echo implode("\n", $options['results']) . "\n"; break; case 'versions': if (!empty($options['results'])) { echo Zotero_Utilities::formatJSON($options['results']); } else { echo Zotero_Utilities::formatJSON(new stdClass()); } break; case 'writereport': echo Zotero_Utilities::formatJSON($options['results']); break; default: throw new Exception("Unexpected format '" . $options['requestParams']['format'] . "'"); } }
private function generateMultiResponse($results, $title, $fixedValues) { $options = ['action' => $this->action, 'uri' => $this->uri, 'results' => $results, 'requestParams' => $this->queryParams, 'permissions' => $this->permissions, 'head' => $this->method == 'HEAD']; switch ($this->queryParams['format']) { case 'atom': $this->responseXML = Zotero_API::multiResponse(array_merge($options, ['title' => $this->getFeedNamePrefix($this->objectLibraryID) . $title, 'fixedValues' => $fixedValues])); break; case 'json': Zotero_API::multiResponse($options); break; default: throw new Exception("Unexpected format '" . $this->queryParams['format'] . "'"); } }