/**
* Get the blog's media directory (and create it if necessary).
*
* If we're {@link is_admin_page() on an admin page}, it adds status messages.
* @todo These status messages should rather go to a "syslog" and not be displayed to a normal user
*
* @param boolean Create the directory, if it does not exist yet?
* @return string path string on success, false if the dir could not be created
*/
function get_media_dir($create = true)
{
global $media_path, $Messages, $Settings, $Debuglog;
if (!$Settings->get('fm_enable_roots_blog')) {
// User directories are disabled:
$Debuglog->add('Attempt to access blog media dir, but this feature is globally disabled', 'files');
return false;
}
switch ($this->media_location) {
case 'default':
$mediadir = get_canonical_path($media_path . 'blogs/' . $this->urlname . '/');
break;
case 'subdir':
$mediadir = get_canonical_path($media_path . $this->media_subdir);
break;
case 'custom':
$mediadir = get_canonical_path($this->media_fullpath);
break;
case 'none':
default:
$Debuglog->add('Attempt to access blog media dir, but this feature is disabled for this blog', 'files');
return false;
}
// TODO: use a File object here (to access perms, ..) when FileCache::get_by_path() is provided.
if ($create && !is_dir($mediadir)) {
// TODO: Link to some help page(s) with errors!
if (!is_writable(dirname($mediadir))) {
// add error
if (is_admin_page()) {
$Messages->add(sprintf(T_("The blog's media directory «%s» could not be created, because the parent directory is not writable or does not exist."), rel_path_to_base($mediadir)) . get_manual_link('media_file_permission_errors'), 'error');
}
return false;
} elseif (!@mkdir($mediadir)) {
// add error
if (is_admin_page()) {
$Messages->add(sprintf(T_("The blog's media directory «%s» could not be created."), rel_path_to_base($mediadir)) . get_manual_link('directory_creation_error'), 'error');
}
return false;
} else {
// chmod and add note:
$chmod = $Settings->get('fm_default_chmod_dir');
if (!empty($chmod)) {
@chmod($mediadir, octdec($chmod));
}
if (is_admin_page()) {
$Messages->add(sprintf(T_("The blog's media directory «%s» has been created with permissions %s."), rel_path_to_base($mediadir), substr(sprintf('%o', fileperms($mediadir)), -3)), 'success');
}
}
}
return $mediadir;
}
// Do not append Debuglog to response!
$debug = false;
// Do not append Debug JSlog to response!
$debug_jslog = false;
global $current_User;
param('upload', 'boolean', true);
param('root_and_path', 'string', true);
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('file');
$upload_path = false;
if (strpos($root_and_path, '::')) {
list($root, $path) = explode('::', $root_and_path, 2);
$FileRootCache =& get_FileRootCache();
$fm_FileRoot = $FileRootCache->get_by_ID($root);
$non_canonical_list_path = $fm_FileRoot->ads_path . $path;
$upload_path = get_canonical_path($non_canonical_list_path);
}
if ($upload_path === false) {
$message['text'] = '<span class="result_error">Bad request. Unknown upload location!</span>';
// NO TRANS!!
out_echo($message, $specialchars);
exit;
}
if ($upload && !$current_User->check_perm('files', 'add', false, $fm_FileRoot)) {
$message['text'] = '<span class="result_error">' . T_('You don\'t have permission to upload on this file root.') . '</span>';
out_echo($message, $specialchars);
exit;
}
if ($upload) {
// Create the object and assign property
if (isset($_GET['qqfile'])) {
$ads_list_path = get_canonical_path($non_canonical_list_path);
if (!is_dir($ads_list_path)) {
// This should never happen, but just in case the diretory does not exist:
$Messages->add(sprintf(T_('The directory «%s» does not exist.'), $path), 'error');
$path = '';
// fp> added
$ads_list_path = NULL;
} elseif (!preg_match('#^' . preg_quote($fm_FileRoot->ads_path, '#') . '#', $ads_list_path)) {
// cwd is OUTSIDE OF root!
$Messages->add(T_('You are not allowed to go outside your root directory!'), 'error');
$path = '';
// fp> added
$ads_list_path = $fm_FileRoot->ads_path;
} elseif ($ads_list_path != $non_canonical_list_path) {
// We have reduced the absolute path, we should also reduce the relative $path (used in urls params)
$path = get_canonical_path($path);
}
}
}
file_controller_build_tabs();
// If there were errors, display them and exit (especially in case there's no valid FileRoot ($fm_FileRoot)):
// TODO: dh> this prevents users from uploading if _any_ blog media directory is not writable.
// See http://forums.b2evolution.net/viewtopic.php?p=49001#49001
// Exit only if new error messages were added in this file
if ($Messages->count('error') > $initial_error_count) {
$AdminUI->set_path('files', 'upload', $tab3);
// Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
$AdminUI->disp_html_head();
// Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions)
$AdminUI->disp_body_top();
$AdminUI->disp_payload_begin();
/**
* Get the blog's media directory (and create it if necessary).
*
* If we're {@link is_admin_page() on an admin page}, it adds status messages.
* @todo These status messages should rather go to a "syslog" and not be displayed to a normal user
* @todo dh> refactor this into e.g. create_media_dir() and use it for Blog::get_media_dir, too.
*
* @param boolean Create the directory, if it does not exist yet?
* @return string path string on success, false if the dir could not be created
*/
function get_media_dir($create = true)
{
global $media_path, $current_User, $Messages, $Settings, $Debuglog;
if (!$Settings->get('fm_enable_roots_blog')) {
// User directories are disabled:
$Debuglog->add('Attempt to access blog media dir, but this feature is globally disabled', 'files');
return false;
}
switch ($this->media_location) {
case 'default':
$mediadir = get_canonical_path($media_path . 'blogs/' . $this->urlname . '/');
break;
case 'subdir':
$mediadir = get_canonical_path($media_path . $this->media_subdir);
break;
case 'custom':
$mediadir = get_canonical_path($this->media_fullpath);
break;
case 'none':
default:
$Debuglog->add('Attempt to access blog media dir, but this feature is disabled for this blog', 'files');
return false;
}
// TODO: use a File object here (to access perms, ..), using FileCache::get_by_root_and_path().
if ($create && !is_dir($mediadir)) {
// Display absolute path to blog admin and relative path to everyone else
$msg_mediadir_path = $current_User->check_perm('blog_admin', 'edit', false, $this->ID) ? $mediadir : rel_path_to_base($mediadir);
// TODO: Link to some help page(s) with errors!
if (!is_writable(dirname($mediadir))) {
// add error
if (is_admin_page()) {
$Messages->add(sprintf(T_("The blog's media directory «%s» could not be created, because the parent directory is not writable or does not exist."), $msg_mediadir_path) . get_manual_link('media_file_permission_errors'), 'error');
}
return false;
} elseif (!evo_mkdir($mediadir)) {
// add error
if (is_admin_page()) {
$Messages->add(sprintf(T_("The blog's media directory «%s» could not be created."), $msg_mediadir_path) . get_manual_link('directory_creation_error'), 'error');
}
return false;
} else {
// add note:
if (is_admin_page()) {
$Messages->add(sprintf(T_("The blog's media directory «%s» has been created with permissions %s."), $msg_mediadir_path, substr(sprintf('%o', fileperms($mediadir)), -3)), 'success');
}
}
}
return $mediadir;
}
/**
* Get the path to the media directory. If it does not exist, it will be created.
*
* If we're {@link is_admin_page() on an admin page}, it adds status messages.
* @todo These status messages should rather go to a "syslog" and not be displayed to a normal user
* @todo dh> refactor this into e.g. create_media_dir() and use it for Blog::get_media_dir, too.
*
* @param boolean Create the directory, if it does not exist yet?
* @return mixed the path as string on success, false if the dir could not be created
*/
function get_media_dir($create = true)
{
global $media_path, $Messages, $Settings, $Debuglog;
if (!$Settings->get('fm_enable_roots_user')) {
// User directories are disabled:
$Debuglog->add('Attempt to access user media dir, but this feature is disabled', 'files');
return false;
}
$userdir = get_canonical_path($media_path . $this->get_media_subpath());
if ($create && !is_dir($userdir)) {
if (!is_writable(dirname($userdir))) {
// add error
if (is_admin_page()) {
$Messages->add(sprintf(T_("The user's media directory «%s» could not be created, because the parent directory is not writable or does not exist."), rel_path_to_base($userdir)) . get_manual_link('directory_creation_error'), 'error');
}
return false;
} elseif (!evo_mkdir($userdir)) {
// add error
if (is_admin_page()) {
$Messages->add(sprintf(T_("The user's media directory «%s» could not be created."), rel_path_to_base($userdir)) . get_manual_link('directory_creation_error'), 'error');
}
return false;
} else {
// add note:
if (is_admin_page()) {
$Messages->add(sprintf(T_("The user's directory «%s» has been created with permissions %s."), rel_path_to_base($userdir), substr(sprintf('%o', fileperms($userdir)), -3)), 'success');
}
}
}
return $userdir;
}
/**
* Create links between users and image files from the users profile_pictures folder
*/
function create_profile_picture_links()
{
global $DB;
load_class('files/model/_filelist.class.php', 'Filelist');
load_class('files/model/_fileroot.class.php', 'FileRoot');
$path = 'profile_pictures';
$FileRootCache =& get_FileRootCache();
$UserCache =& get_UserCache();
// SQL query to get all users and limit by page below
$users_SQL = new SQL();
$users_SQL->SELECT('*');
$users_SQL->FROM('T_users');
$users_SQL->ORDER_BY('user_ID');
$page = 0;
$page_size = 100;
while (count($UserCache->cache) > 0 || $page == 0) {
// Load users by 100 at one time to avoid errors about memory exhausting
$users_SQL->LIMIT($page * $page_size . ', ' . $page_size);
$UserCache->clear();
$UserCache->load_by_sql($users_SQL);
while (($iterator_User =& $UserCache->get_next()) != NULL) {
// Iterate through UserCache)
$FileRootCache->clear();
$user_FileRoot =& $FileRootCache->get_by_type_and_ID('user', $iterator_User->ID);
if (!$user_FileRoot) {
// User FileRoot doesn't exist
continue;
}
$ads_list_path = get_canonical_path($user_FileRoot->ads_path . $path);
// Previously uploaded avatars
if (!is_dir($ads_list_path)) {
// profile_picture folder doesn't exists in the user root dir
continue;
}
$user_avatar_Filelist = new Filelist($user_FileRoot, $ads_list_path);
$user_avatar_Filelist->load();
if ($user_avatar_Filelist->count() > 0) {
// profile_pictures folder is not empty
$info_content = '';
$LinkOwner = new LinkUser($iterator_User);
while ($lFile =& $user_avatar_Filelist->get_next()) {
// Loop through all Files:
$fileName = $lFile->get_name();
if (process_filename($fileName)) {
// The file has invalid file name, don't create in the database
// TODO: asimo> we should collect each invalid file name here, and send an email to the admin
continue;
}
$lFile->load_meta(true);
if ($lFile->is_image()) {
$lFile->link_to_Object($LinkOwner);
}
}
}
}
// Increase page number to get next portion of users
$page++;
}
// Clear cache data
$UserCache->clear();
$FileRootCache->clear();
}
function test_get_canonical_path()
{
$this->assertIdentical(get_canonical_path(''), '');
$this->assertIdentical(get_canonical_path('/hello/world'), '/hello/world/');
$this->assertIdentical(get_canonical_path('hello/world'), 'hello/world/');
$this->assertIdentical(get_canonical_path('/hello/world/'), '/hello/world/');
$this->assertIdentical(get_canonical_path('/hello/../world'), '/world/');
$this->assertIdentical(get_canonical_path('hello/../world/'), 'world/');
$this->assertIdentical(get_canonical_path('/hello/../world/../'), '/');
$this->assertIdentical(get_canonical_path('/hello/world/../../'), '/');
$this->assertIdentical(get_canonical_path('/../'), NULL);
$this->assertIdentical(get_canonical_path('/../../'), NULL);
// Even number of ..
$this->assertIdentical(get_canonical_path('C:\\hello\\world\\..\\..\\'), 'C:/');
$this->assertIdentical(get_canonical_path('C:\\hello\\world\\..\\..\\..\\'), NULL);
$this->assertIdentical(get_canonical_path('C:\\hello\\world\\..\\..\\..\\..\\'), NULL);
$this->assertIdentical(get_canonical_path('C:\\../..\\'), NULL);
$this->assertIdentical(get_canonical_path('/./././././'), '/');
$this->assertIdentical(get_canonical_path('/.//////.././//./.'), NULL);
$this->assertIdentical(get_canonical_path('/.//////foo/.././//./.'), '/');
$this->assertIdentical(get_canonical_path('/.//////../foo/.///./.'), NULL);
$this->assertIdentical(get_canonical_path('C:\\Folder\\.evocache\\..\\'), 'C:/Folder/');
$this->assertIdentical(get_canonical_path('.evocache'), '.evocache/');
$this->assertIdentical(get_canonical_path('.evocache/../'), '');
}
