private static function validateJSONItem($json, $libraryID, Zotero_Item $item = null, $isChild, $requestParams, $partialUpdate = false)
{
$isNew = !$item || !$item->version;
if (!is_object($json)) {
throw new Exception("Invalid item object (found " . gettype($json) . " '" . $json . "')", Z_ERROR_INVALID_INPUT);
}
if (isset($json->items) && is_array($json->items)) {
throw new Exception("An 'items' array is not valid for single-item updates", Z_ERROR_INVALID_INPUT);
}
$apiVersion = $requestParams['v'];
if ($partialUpdate) {
$requiredProps = [];
} else {
if (isset($json->itemType) && $json->itemType == "attachment") {
$requiredProps = array('linkMode', 'tags');
} else {
if (isset($json->itemType) && $json->itemType == "attachment") {
$requiredProps = array('tags');
} else {
if ($isNew) {
$requiredProps = array('itemType');
} else {
if ($apiVersion < 2) {
$requiredProps = array('itemType', 'tags');
} else {
$requiredProps = array('itemType', 'tags', 'relations');
if (!$isChild) {
$requiredProps[] = 'collections';
}
}
}
}
}
}
foreach ($requiredProps as $prop) {
if (!isset($json->{$prop})) {
throw new Exception("'{$prop}' property not provided", Z_ERROR_INVALID_INPUT);
}
}
// For partial updates where item type isn't provided, use the existing item type
if (!isset($json->itemType) && $partialUpdate) {
$itemType = Zotero_ItemTypes::getName($item->itemTypeID);
} else {
$itemType = $json->itemType;
}
foreach ($json as $key => $val) {
switch ($key) {
// Handled by Zotero_API::checkJSONObjectVersion()
case 'key':
case 'version':
if ($apiVersion < 3) {
throw new Exception("Invalid property '{$key}'", Z_ERROR_INVALID_INPUT);
}
break;
case 'itemKey':
case 'itemVersion':
if ($apiVersion != 2) {
throw new Exception("Invalid property '{$key}'", Z_ERROR_INVALID_INPUT);
}
break;
case 'parentItem':
if ($apiVersion < 2) {
throw new Exception("Invalid property '{$key}'", Z_ERROR_INVALID_INPUT);
}
if (!Zotero_ID::isValidKey($val) && $val !== false) {
throw new Exception("'{$key}' must be a valid item key", Z_ERROR_INVALID_INPUT);
}
break;
case 'itemType':
if (!is_string($val)) {
throw new Exception("'itemType' must be a string", Z_ERROR_INVALID_INPUT);
}
if ($isChild || !empty($json->parentItem)) {
switch ($val) {
case 'note':
case 'attachment':
break;
default:
throw new Exception("Child item must be note or attachment", Z_ERROR_INVALID_INPUT);
}
} else {
if ($val == 'attachment' && (!$item || !$item->getSource())) {
if ($json->linkMode == 'linked_url' || $json->linkMode == 'imported_url' && (empty($json->contentType) || $json->contentType != 'application/pdf')) {
throw new Exception("Only file attachments and PDFs can be top-level items", Z_ERROR_INVALID_INPUT);
}
}
}
if (!Zotero_ItemTypes::getID($val)) {
throw new Exception("'{$val}' is not a valid itemType", Z_ERROR_INVALID_INPUT);
}
break;
case 'tags':
if (!is_array($val)) {
throw new Exception("'{$key}' property must be an array", Z_ERROR_INVALID_INPUT);
}
foreach ($val as $tag) {
$empty = true;
if (is_string($tag)) {
if ($tag === "") {
throw new Exception("Tag cannot be empty", Z_ERROR_INVALID_INPUT);
}
continue;
}
if (!is_object($tag)) {
throw new Exception("Tag must be an object", Z_ERROR_INVALID_INPUT);
}
foreach ($tag as $k => $v) {
switch ($k) {
case 'tag':
if (!is_scalar($v)) {
throw new Exception("Invalid tag name", Z_ERROR_INVALID_INPUT);
}
if ($v === "") {
throw new Exception("Tag cannot be empty", Z_ERROR_INVALID_INPUT);
}
break;
case 'type':
if (!is_numeric($v)) {
throw new Exception("Invalid tag type '{$v}'", Z_ERROR_INVALID_INPUT);
}
break;
default:
throw new Exception("Invalid tag property '{$k}'", Z_ERROR_INVALID_INPUT);
}
$empty = false;
}
if ($empty) {
throw new Exception("Tag object is empty", Z_ERROR_INVALID_INPUT);
}
}
break;
case 'collections':
if (!is_array($val)) {
throw new Exception("'{$key}' property must be an array", Z_ERROR_INVALID_INPUT);
}
if ($isChild && $val) {
throw new Exception("Child items cannot be assigned to collections", Z_ERROR_INVALID_INPUT);
}
foreach ($val as $k) {
if (!Zotero_ID::isValidKey($k)) {
throw new Exception("'{$k}' is not a valid collection key", Z_ERROR_INVALID_INPUT);
}
}
break;
case 'relations':
if ($apiVersion < 2) {
throw new Exception("Invalid property '{$key}'", Z_ERROR_INVALID_INPUT);
}
if (!is_object($val) && !(is_array($val) && empty($val))) {
throw new Exception("'{$key}' property must be an object", Z_ERROR_INVALID_INPUT);
}
foreach ($val as $predicate => $object) {
switch ($predicate) {
case 'owl:sameAs':
case 'dc:replaces':
case 'dc:relation':
break;
default:
throw new Exception("Unsupported predicate '{$predicate}'", Z_ERROR_INVALID_INPUT);
}
$arr = is_string($object) ? [$object] : $object;
foreach ($arr as $uri) {
if (!preg_match('/^http:\\/\\/zotero.org\\/(users|groups)\\/[0-9]+\\/(publications\\/)?items\\/[A-Z0-9]{8}$/', $uri)) {
throw new Exception("'{$key}' values currently must be Zotero item URIs", Z_ERROR_INVALID_INPUT);
}
}
}
break;
case 'creators':
if (!is_array($val)) {
throw new Exception("'{$key}' property must be an array", Z_ERROR_INVALID_INPUT);
}
foreach ($val as $creator) {
$empty = true;
if (!isset($creator->creatorType)) {
throw new Exception("creator object must contain 'creatorType'", Z_ERROR_INVALID_INPUT);
}
if ((!isset($creator->name) || trim($creator->name) == "") && (!isset($creator->firstName) || trim($creator->firstName) == "") && (!isset($creator->lastName) || trim($creator->lastName) == "")) {
// On item creation, ignore single nameless creator,
// because that's in the item template that the API returns
if (sizeOf($val) == 1 && $isNew) {
continue;
} else {
throw new Exception("creator object must contain 'firstName'/'lastName' or 'name'", Z_ERROR_INVALID_INPUT);
}
}
foreach ($creator as $k => $v) {
switch ($k) {
case 'creatorType':
$creatorTypeID = Zotero_CreatorTypes::getID($v);
if (!$creatorTypeID) {
throw new Exception("'{$v}' is not a valid creator type", Z_ERROR_INVALID_INPUT);
}
$itemTypeID = Zotero_ItemTypes::getID($itemType);
if (!Zotero_CreatorTypes::isValidForItemType($creatorTypeID, $itemTypeID)) {
// Allow 'author' in all item types, but reject other invalid creator types
if ($creatorTypeID != Zotero_CreatorTypes::getID('author')) {
throw new Exception("'{$v}' is not a valid creator type for item type '{$itemType}'", Z_ERROR_INVALID_INPUT);
}
}
break;
case 'firstName':
if (!isset($creator->lastName)) {
throw new Exception("'lastName' creator field must be set if 'firstName' is set", Z_ERROR_INVALID_INPUT);
}
if (isset($creator->name)) {
throw new Exception("'firstName' and 'name' creator fields are mutually exclusive", Z_ERROR_INVALID_INPUT);
}
break;
case 'lastName':
if (!isset($creator->firstName)) {
throw new Exception("'firstName' creator field must be set if 'lastName' is set", Z_ERROR_INVALID_INPUT);
}
if (isset($creator->name)) {
throw new Exception("'lastName' and 'name' creator fields are mutually exclusive", Z_ERROR_INVALID_INPUT);
}
break;
case 'name':
if (isset($creator->firstName)) {
throw new Exception("'firstName' and 'name' creator fields are mutually exclusive", Z_ERROR_INVALID_INPUT);
}
if (isset($creator->lastName)) {
throw new Exception("'lastName' and 'name' creator fields are mutually exclusive", Z_ERROR_INVALID_INPUT);
}
break;
default:
throw new Exception("Invalid creator property '{$k}'", Z_ERROR_INVALID_INPUT);
}
$empty = false;
}
if ($empty) {
throw new Exception("Creator object is empty", Z_ERROR_INVALID_INPUT);
}
}
break;
case 'note':
switch ($itemType) {
case 'note':
case 'attachment':
break;
default:
throw new Exception("'note' property is valid only for note and attachment items", Z_ERROR_INVALID_INPUT);
}
break;
case 'attachments':
case 'notes':
if ($apiVersion > 1) {
throw new Exception("'{$key}' property is no longer supported", Z_ERROR_INVALID_INPUT);
}
if (!$isNew) {
throw new Exception("'{$key}' property is valid only for new items", Z_ERROR_INVALID_INPUT);
}
if (!is_array($val)) {
throw new Exception("'{$key}' property must be an array", Z_ERROR_INVALID_INPUT);
}
foreach ($val as $child) {
// Check child item type ('attachment' or 'note')
$t = substr($key, 0, -1);
if (isset($child->itemType) && $child->itemType != $t) {
throw new Exception("Child {$t} must be of itemType '{$t}'", Z_ERROR_INVALID_INPUT);
}
if ($key == 'note') {
if (!isset($child->note)) {
throw new Exception("'note' property not provided for child note", Z_ERROR_INVALID_INPUT);
}
}
}
break;
case 'deleted':
break;
// Attachment properties
// Attachment properties
case 'linkMode':
try {
$linkMode = Zotero_Attachments::linkModeNameToNumber($val, true);
} catch (Exception $e) {
throw new Exception("'{$val}' is not a valid linkMode", Z_ERROR_INVALID_INPUT);
}
// Don't allow changing of linkMode
if (!$isNew && $linkMode != $item->attachmentLinkMode) {
throw new Exception("Cannot change attachment linkMode", Z_ERROR_INVALID_INPUT);
}
break;
case 'contentType':
case 'charset':
case 'filename':
case 'md5':
case 'mtime':
if ($itemType != 'attachment') {
throw new Exception("'{$key}' is valid only for attachment items", Z_ERROR_INVALID_INPUT);
}
switch ($key) {
case 'filename':
case 'md5':
case 'mtime':
$lm = isset($json->linkMode) ? $json->linkMode : Zotero_Attachments::linkModeNumberToName($item->attachmentLinkMode);
if (strpos(strtolower($lm), 'imported_') !== 0) {
throw new Exception("'{$key}' is valid only for imported attachment items", Z_ERROR_INVALID_INPUT);
}
break;
}
switch ($key) {
case 'contentType':
case 'charset':
case 'filename':
$propName = 'attachment' . ucwords($key);
break;
case 'md5':
$propName = 'attachmentStorageHash';
break;
case 'mtime':
$propName = 'attachmentStorageModTime';
break;
}
if (Zotero_Libraries::getType($libraryID) == 'group') {
if ($item && $item->{$propName} !== $val || !$item && $val !== null && $val !== "") {
throw new Exception("Cannot change '{$key}' directly in group library", Z_ERROR_INVALID_INPUT);
}
} else {
if ($key == 'md5') {
if ($val && !preg_match("/^[a-f0-9]{32}\$/", $val)) {
throw new Exception("'{$val}' is not a valid MD5 hash", Z_ERROR_INVALID_INPUT);
}
}
}
break;
case 'accessDate':
if ($apiVersion >= 3 && $val !== '' && $val != 'CURRENT_TIMESTAMP' && !Zotero_Date::isSQLDate($val) && !Zotero_Date::isSQLDateTime($val) && !Zotero_Date::isISO8601($val)) {
throw new Exception("'{$key}' must be in ISO 8601 or UTC 'YYYY-MM-DD[ hh-mm-dd]' format or 'CURRENT_TIMESTAMP' ({$val})", Z_ERROR_INVALID_INPUT);
}
break;
case 'dateAdded':
if (!Zotero_Date::isSQLDateTime($val) && !Zotero_Date::isISO8601($val)) {
throw new Exception("'{$key}' must be in ISO 8601 or UTC 'YYYY-MM-DD hh-mm-dd' format", Z_ERROR_INVALID_INPUT);
}
if (!$isNew) {
// Convert ISO date to SQL date for equality comparison
if (Zotero_Date::isISO8601($val)) {
$val = Zotero_Date::iso8601ToSQL($val);
}
if ($val != $item->{$key}) {
throw new Exception("'{$key}' cannot be modified for existing items", Z_ERROR_INVALID_INPUT);
}
}
break;
case 'dateModified':
if (!Zotero_Date::isSQLDateTime($val) && !Zotero_Date::isISO8601($val)) {
throw new Exception("'{$key}' must be in ISO 8601 or UTC 'YYYY-MM-DD hh-mm-dd' format ({$val})", Z_ERROR_INVALID_INPUT);
}
break;
default:
if (!Zotero_ItemFields::getID($key)) {
throw new Exception("Invalid property '{$key}'", Z_ERROR_INVALID_INPUT);
}
if (is_array($val)) {
throw new Exception("Unexpected array for property '{$key}'", Z_ERROR_INVALID_INPUT);
}
break;
}
}
// Publications libraries have additional restrictions
if (Zotero_Libraries::getType($libraryID) == 'publications') {
Zotero_Publications::validateJSONItem($json);
}
}
private function loadItemData()
{
Z_Core::debug("Loading item data for item {$this->id}");
// TODO: remove?
if ($this->loaded['itemData']) {
trigger_error("Item data for item {$this->id} already loaded", E_USER_ERROR);
}
if (!$this->id) {
trigger_error('Item ID not set before attempting to load data', E_USER_ERROR);
}
if (!is_numeric($this->id)) {
trigger_error("Invalid itemID '{$this->id}'", E_USER_ERROR);
}
$cacheKey = $this->getCacheKey("itemData");
$fields = Z_Core::$MC->get($cacheKey);
if ($fields === false) {
$sql = "SELECT fieldID, value FROM itemData WHERE itemID=?";
$stmt = Zotero_DB::getStatement($sql, true, Zotero_Shards::getByLibraryID($this->libraryID));
$fields = Zotero_DB::queryFromStatement($stmt, $this->id);
Z_Core::$MC->set($cacheKey, $fields ? $fields : array());
}
$itemTypeFields = Zotero_ItemFields::getItemTypeFields($this->itemTypeID);
if ($fields) {
foreach ($fields as $field) {
$this->setField($field['fieldID'], $field['value'], true, true);
}
}
// Mark nonexistent fields as loaded
if ($itemTypeFields) {
foreach ($itemTypeFields as $fieldID) {
if (is_null($this->itemData[$fieldID])) {
$this->itemData[$fieldID] = false;
}
}
}
$this->loaded['itemData'] = true;
}
protected function loadItemData($reload = false) {
if ($this->loaded['itemData'] && !$reload) return;
Z_Core::debug("Loading item data for item $this->id");
// TODO: remove?
if (!$this->id) {
trigger_error('Item ID not set before attempting to load data', E_USER_ERROR);
}
if (!is_numeric($this->id)) {
trigger_error("Invalid itemID '$this->id'", E_USER_ERROR);
}
if ($this->cacheEnabled) {
$cacheVersion = 1;
$cacheKey = $this->getCacheKey("itemData",
$cacheVersion
. isset(Z_CONFIG::$CACHE_VERSION_ITEM_DATA)
? "_" . Z_CONFIG::$CACHE_VERSION_ITEM_DATA
: ""
);
$fields = Z_Core::$MC->get($cacheKey);
}
else {
$fields = false;
}
if ($fields === false) {
$sql = "SELECT fieldID, value FROM itemData WHERE itemID=?";
$stmt = Zotero_DB::getStatement($sql, true, Zotero_Shards::getByLibraryID($this->libraryID));
$fields = Zotero_DB::queryFromStatement($stmt, $this->id);
if ($this->cacheEnabled) {
Z_Core::$MC->set($cacheKey, $fields ? $fields : array());
}
}
$itemTypeFields = Zotero_ItemFields::getItemTypeFields($this->itemTypeID);
if ($fields) {
foreach ($fields as $field) {
$this->setField($field['fieldID'], $field['value'], true, true);
}
}
// Mark nonexistent fields as loaded
if ($itemTypeFields) {
foreach($itemTypeFields as $fieldID) {
if (is_null($this->itemData[$fieldID])) {
$this->itemData[$fieldID] = false;
}
}
}
$this->loaded['itemData'] = true;
}
public function newItem()
{
if (empty($_GET['itemType'])) {
$this->e400("'itemType' not provided");
}
$itemType = $_GET['itemType'];
if ($itemType == 'attachment') {
if (empty($_GET['linkMode'])) {
$this->e400("linkMode required for itemType=attachment");
}
$linkModeName = $_GET['linkMode'];
try {
$linkMode = Zotero_Attachments::linkModeNameToNumber(strtoupper($linkModeName));
} catch (Exception $e) {
$this->e400("Invalid linkMode '{$linkModeName}'");
}
}
$itemTypeID = Zotero_ItemTypes::getID($itemType);
if (!$itemTypeID) {
$this->e400("Invalid item type '{$itemType}'");
}
// TODO: check If-Modified-Since and return 304 if not changed
$cacheKey = "newItemJSON_" . $itemTypeID;
if ($itemType == 'attachment') {
$cacheKey .= "_" . $linkMode;
}
$ttl = 60;
if ($this->queryParams['pprint']) {
$cacheKey .= "_pprint";
}
$json = Z_Core::$MC->get($cacheKey);
if ($json) {
header("Content-Type: application/json");
echo $json;
exit;
}
// Generate template
$json = array('itemType' => $itemType);
if ($itemType == 'attachment') {
$json['linkMode'] = $linkModeName;
}
$fieldIDs = Zotero_ItemFields::getItemTypeFields($itemTypeID);
$first = true;
foreach ($fieldIDs as $fieldID) {
$fieldName = Zotero_ItemFields::getName($fieldID);
if ($itemType == 'attachment' && $fieldName == 'url' && !preg_match('/_url$/', $linkModeName)) {
continue;
}
$json[$fieldName] = "";
if ($first && $itemType != 'note' && $itemType != 'attachment') {
$creatorTypeID = Zotero_CreatorTypes::getPrimaryIDForType($itemTypeID);
$creatorTypeName = Zotero_CreatorTypes::getName($creatorTypeID);
$json['creators'] = array(array('creatorType' => $creatorTypeName, 'firstName' => '', 'lastName' => ''));
$first = false;
}
}
if ($itemType == 'note' || $itemType == 'attachment') {
$json['note'] = '';
}
$json['tags'] = array();
if ($itemType != 'note' && $itemType != 'attachment') {
$json['attachments'] = array();
$json['notes'] = array();
}
if ($itemType == 'attachment') {
$json['contentType'] = '';
$json['charset'] = '';
if (preg_match('/^imported_/', $linkModeName)) {
$json['filename'] = '';
$json['md5'] = null;
$json['mtime'] = null;
//$json['zip'] = false;
}
}
header("Content-Type: application/json");
if ($this->queryParams['pprint']) {
$json = Zotero_Utilities::json_encode_pretty($json);
Z_Core::$MC->set($cacheKey, $json, $ttl);
} else {
$json = json_encode($json);
Z_Core::$MC->set($cacheKey, $json, $ttl);
}
echo $json;
exit;
}
public static function checkUploadForErrors($syncProcessID)
{
Zotero_DB::beginTransaction();
if (Z_Core::probability(30)) {
$sql = "UPDATE syncUploadQueue SET started=NULL, errorCheck=0 WHERE started IS NOT NULL AND errorCheck=1 AND\n\t\t\t\t\t\tstarted < (NOW() - INTERVAL 15 MINUTE) AND finished IS NULL";
Zotero_DB::query($sql);
}
// Get a queued process that hasn't been error-checked and is large enough to warrant it
$sql = "SELECT * FROM syncUploadQueue WHERE started IS NULL AND errorCheck=0\n\t\t\t\tAND dataLength>=" . self::$minErrorCheckSize . " ORDER BY added LIMIT 1 FOR UPDATE";
$row = Zotero_DB::rowQuery($sql);
// No pending processes
if (!$row) {
Zotero_DB::commit();
return 0;
}
$sql = "UPDATE syncUploadQueue SET started=NOW(), errorCheck=1 WHERE syncUploadQueueID=?";
Zotero_DB::query($sql, array($row['syncUploadQueueID']));
// We track error processes as upload processes that just get reset back to
// started=NULL on completion (but with errorCheck=2)
self::addUploadProcess($row['userID'], null, $row['syncUploadQueueID'], $syncProcessID);
Zotero_DB::commit();
try {
$doc = new DOMDocument();
$doc->loadXML($row['xmldata'], LIBXML_COMPACT | LIBXML_PARSEHUGE);
// Get long tags
$value = Zotero_Tags::getLongDataValueFromXML($doc);
if ($value) {
throw new Exception("Tag '" . $value . "' too long", Z_ERROR_TAG_TOO_LONG);
}
// Get long collection names
$value = Zotero_Collections::getLongDataValueFromXML($doc);
if ($value) {
throw new Exception("Collection '" . $value . "' too long", Z_ERROR_COLLECTION_TOO_LONG);
}
// Get long creator names
$node = Zotero_Creators::getLongDataValueFromXML($doc);
// returns DOMNode rather than value
if ($node) {
$name = mb_substr($node->nodeValue, 0, 50);
throw new Exception("=The name ‘{$name}…’ is too long to sync.\n\n" . "Search for the item with this name and shorten it. " . "Note that the item may be in the trash or in a group library.\n\n" . "If you receive this message repeatedly for items saved from a " . "particular site, you can report this issue in the Zotero Forums.", Z_ERROR_CREATOR_TOO_LONG);
}
// Get long item data fields
$node = Zotero_Items::getLongDataValueFromXML($doc);
// returns DOMNode rather than value
if ($node) {
$libraryID = $node->parentNode->getAttribute('libraryID');
$key = $node->parentNode->getAttribute('key');
if ($libraryID) {
$key = $libraryID . "/" . $key;
}
$fieldName = $node->getAttribute('name');
$fieldName = Zotero_ItemFields::getLocalizedString(null, $fieldName);
if ($fieldName) {
$start = "{$fieldName} field";
} else {
$start = "Field";
}
throw new Exception("={$start} value '" . mb_substr($node->nodeValue, 0, 75) . "...' too long for item '{$key}'", Z_ERROR_FIELD_TOO_LONG);
}
} catch (Exception $e) {
//Z_Core::logError($e);
Zotero_DB::beginTransaction();
$sql = "UPDATE syncUploadQueue SET syncProcessID=NULL, finished=?,\n\t\t\t\t\t\terrorCode=?, errorMessage=? WHERE syncUploadQueueID=?";
Zotero_DB::query($sql, array(Zotero_DB::getTransactionTimestamp(), $e->getCode(), serialize($e), $row['syncUploadQueueID']));
$sql = "DELETE FROM syncUploadQueueLocks WHERE syncUploadQueueID=?";
Zotero_DB::query($sql, $row['syncUploadQueueID']);
self::removeUploadProcess($syncProcessID);
Zotero_DB::commit();
return -2;
}
Zotero_DB::beginTransaction();
$sql = "UPDATE syncUploadQueue SET syncProcessID=NULL, started=NULL, errorCheck=2 WHERE syncUploadQueueID=?";
Zotero_DB::query($sql, $row['syncUploadQueueID']);
self::removeUploadProcess($syncProcessID);
Zotero_DB::commit();
return 1;
}
public static function checkUploadForErrors($syncProcessID)
{
Zotero_DB::beginTransaction();
if (Z_Core::probability(30)) {
$sql = "UPDATE syncUploadQueue SET started=NULL, errorCheck=0 WHERE started IS NOT NULL AND errorCheck=1 AND\n\t\t\t\t\t\tstarted < (NOW() - INTERVAL 15 MINUTE) AND finished IS NULL";
Zotero_DB::query($sql);
}
// Get a queued process that hasn't been error-checked and is large enough to warrant it
$sql = "SELECT * FROM syncUploadQueue WHERE started IS NULL AND errorCheck=0\n\t\t\t\tAND dataLength>=" . self::$minErrorCheckSize . " ORDER BY added LIMIT 1 FOR UPDATE";
$row = Zotero_DB::rowQuery($sql);
// No pending processes
if (!$row) {
Zotero_DB::commit();
return 0;
}
$sql = "UPDATE syncUploadQueue SET started=NOW(), errorCheck=1 WHERE syncUploadQueueID=?";
Zotero_DB::query($sql, array($row['syncUploadQueueID']));
// We track error processes as upload processes that just get reset back to
// started=NULL on completion (but with errorCheck=2)
self::addUploadProcess($row['userID'], null, $row['syncUploadQueueID'], $syncProcessID);
Zotero_DB::commit();
try {
$doc = new DOMDocument();
$doc->loadXML($row['xmldata']);
// Get long tags
$value = Zotero_Tags::getLongDataValueFromXML($doc);
if ($value) {
throw new Exception("Tag '" . $value . "' too long", Z_ERROR_TAG_TOO_LONG);
}
// Get long collection names
$value = Zotero_Collections::getLongDataValueFromXML($doc);
if ($value) {
throw new Exception("Collection '" . $value . "' too long", Z_ERROR_COLLECTION_TOO_LONG);
}
// Get long creator names
$node = Zotero_Creators::getLongDataValueFromXML($doc);
// returns DOMNode rather than value
if ($node) {
if ($node->nodeName == 'firstName') {
throw new Exception("=First name '" . mb_substr($node->nodeValue, 0, 50) . "…' too long");
}
if ($node->nodeName == 'lastName') {
throw new Exception("=Last name '" . mb_substr($node->nodeValue, 0, 50) . "…' too long");
}
if ($node->nodeName == 'name') {
throw new Exception("=Name '" . mb_substr($node->nodeValue, 0, 50) . "…' too long");
}
}
$node = Zotero_Items::getLongDataValueFromXML($doc);
// returns DOMNode rather than value
if ($node) {
$fieldName = $node->getAttribute('name');
$fieldName = Zotero_ItemFields::getLocalizedString(null, $fieldName);
if ($fieldName) {
$start = "'{$fieldName}' field";
} else {
$start = "Field";
}
throw new Exception("={$start} value '" . mb_substr($node->nodeValue, 0, 50) . "...' too long");
}
} catch (Exception $e) {
//Z_Core::logError($e);
Zotero_DB::beginTransaction();
$sql = "UPDATE syncUploadQueue SET syncProcessID=NULL, finished=?,\n\t\t\t\t\t\terrorCode=?, errorMessage=? WHERE syncUploadQueueID=?";
Zotero_DB::query($sql, array(Zotero_DB::getTransactionTimestamp(), $e->getCode(), serialize($e), $row['syncUploadQueueID']));
$sql = "DELETE FROM syncUploadQueueLocks WHERE syncUploadQueueID=?";
Zotero_DB::query($sql, $row['syncUploadQueueID']);
self::removeUploadProcess($syncProcessID);
Zotero_DB::commit();
return -2;
}
Zotero_DB::beginTransaction();
$sql = "UPDATE syncUploadQueue SET syncProcessID=NULL, started=NULL, errorCheck=2 WHERE syncUploadQueueID=?";
Zotero_DB::query($sql, $row['syncUploadQueueID']);
self::removeUploadProcess($syncProcessID);
Zotero_DB::commit();
return 1;
}
private static function validateJSONItem($json, $libraryID, $item = null, $isChild = false)
{
$isNew = !$item;
if (!is_object($json)) {
throw new Exception("Invalid item object (found " . gettype($json) . " '" . $json . "')", Z_ERROR_INVALID_INPUT);
}
if (isset($json->items) && is_array($json->items)) {
throw new Exception("An 'items' array is not valid for item updates", Z_ERROR_INVALID_INPUT);
}
if (isset($json->itemType) && $json->itemType == "attachment") {
$requiredProps = array('linkMode', 'tags');
} else {
if (isset($json->itemType) && $json->itemType == "attachment") {
$requiredProps = array('tags');
} else {
if ($isNew) {
$requiredProps = array('itemType');
} else {
$requiredProps = array('itemType', 'creators', 'tags');
}
}
}
foreach ($requiredProps as $prop) {
if (!isset($json->{$prop})) {
throw new Exception("'{$prop}' property not provided", Z_ERROR_INVALID_INPUT);
}
}
foreach ($json as $key => $val) {
switch ($key) {
case 'itemType':
if (!is_string($val)) {
throw new Exception("'itemType' must be a string", Z_ERROR_INVALID_INPUT);
}
if ($isChild) {
switch ($val) {
case 'note':
case 'attachment':
break;
default:
throw new Exception("Child item must be note or attachment", Z_ERROR_INVALID_INPUT);
}
} else {
if ($val == 'attachment' && (!$item || !$item->getSource())) {
if ($json->linkMode == 'linked_url' || $json->linkMode == 'imported_url' && (empty($json->contentType) || $json->contentType != 'application/pdf')) {
throw new Exception("Only file attachments and PDFs can be top-level items", Z_ERROR_INVALID_INPUT);
}
}
}
if (!Zotero_ItemTypes::getID($val)) {
throw new Exception("'{$val}' is not a valid itemType", Z_ERROR_INVALID_INPUT);
}
break;
case 'tags':
if (!is_array($val)) {
throw new Exception("'tags' property must be an array", Z_ERROR_INVALID_INPUT);
}
foreach ($val as $tag) {
$empty = true;
foreach ($tag as $k => $v) {
switch ($k) {
case 'tag':
if (!is_scalar($v)) {
throw new Exception("Invalid tag name", Z_ERROR_INVALID_INPUT);
}
if ($v === "") {
throw new Exception("Tag cannot be empty", Z_ERROR_INVALID_INPUT);
}
break;
case 'type':
if (!is_numeric($v)) {
throw new Exception("Invalid tag type '{$v}'", Z_ERROR_INVALID_INPUT);
}
break;
default:
throw new Exception("Invalid tag property '{$k}'", Z_ERROR_INVALID_INPUT);
}
$empty = false;
}
if ($empty) {
throw new Exception("Tag object is empty", Z_ERROR_INVALID_INPUT);
}
}
break;
case 'creators':
if (!is_array($val)) {
throw new Exception("'creators' property must be an array", Z_ERROR_INVALID_INPUT);
}
foreach ($val as $creator) {
$empty = true;
if (!isset($creator->creatorType)) {
throw new Exception("creator object must contain 'creatorType'", Z_ERROR_INVALID_INPUT);
}
if ((!isset($creator->name) || trim($creator->name) == "") && (!isset($creator->firstName) || trim($creator->firstName) == "") && (!isset($creator->lastName) || trim($creator->lastName) == "")) {
// On item creation, ignore single nameless creator,
// because that's in the item template that the API returns
if (sizeOf($val) == 1 && $isNew) {
continue;
} else {
throw new Exception("creator object must contain 'firstName'/'lastName' or 'name'", Z_ERROR_INVALID_INPUT);
}
}
foreach ($creator as $k => $v) {
switch ($k) {
case 'creatorType':
$creatorTypeID = Zotero_CreatorTypes::getID($v);
if (!$creatorTypeID) {
throw new Exception("'{$v}' is not a valid creator type", Z_ERROR_INVALID_INPUT);
}
$itemTypeID = Zotero_ItemTypes::getID($json->itemType);
if (!Zotero_CreatorTypes::isValidForItemType($creatorTypeID, $itemTypeID)) {
throw new Exception("'{$v}' is not a valid creator type for item type '" . $json->itemType . "'", Z_ERROR_INVALID_INPUT);
}
break;
case 'firstName':
if (!isset($creator->lastName)) {
throw new Exception("'lastName' creator field must be set if 'firstName' is set", Z_ERROR_INVALID_INPUT);
}
if (isset($creator->name)) {
throw new Exception("'firstName' and 'name' creator fields are mutually exclusive", Z_ERROR_INVALID_INPUT);
}
break;
case 'lastName':
if (!isset($creator->firstName)) {
throw new Exception("'firstName' creator field must be set if 'lastName' is set", Z_ERROR_INVALID_INPUT);
}
if (isset($creator->name)) {
throw new Exception("'lastName' and 'name' creator fields are mutually exclusive", Z_ERROR_INVALID_INPUT);
}
break;
case 'name':
if (isset($creator->firstName)) {
throw new Exception("'firstName' and 'name' creator fields are mutually exclusive", Z_ERROR_INVALID_INPUT);
}
if (isset($creator->lastName)) {
throw new Exception("'lastName' and 'name' creator fields are mutually exclusive", Z_ERROR_INVALID_INPUT);
}
break;
default:
throw new Exception("Invalid creator property '{$k}'", Z_ERROR_INVALID_INPUT);
}
$empty = false;
}
if ($empty) {
throw new Exception("Creator object is empty", Z_ERROR_INVALID_INPUT);
}
}
break;
case 'note':
switch ($json->itemType) {
case 'note':
case 'attachment':
break;
default:
throw new Exception("'note' property is valid only for note and attachment items", Z_ERROR_INVALID_INPUT);
}
break;
case 'attachments':
case 'notes':
if (!$isNew) {
throw new Exception("'{$key}' property is valid only for new items", Z_ERROR_INVALID_INPUT);
}
if (!is_array($val)) {
throw new Exception("'{$key}' property must be an array", Z_ERROR_INVALID_INPUT);
}
foreach ($val as $child) {
// Check child item type ('attachment' or 'note')
$t = substr($key, 0, -1);
if (isset($child->itemType) && $child->itemType != $t) {
throw new Exception("Child {$t} must be of itemType '{$t}'", Z_ERROR_INVALID_INPUT);
}
if ($key == 'note') {
if (!isset($child->note)) {
throw new Exception("'note' property not provided for child note", Z_ERROR_INVALID_INPUT);
}
}
}
break;
case 'deleted':
break;
// Attachment properties
// Attachment properties
case 'linkMode':
try {
$linkMode = Zotero_Attachments::linkModeNameToNumber($val, true);
} catch (Exception $e) {
throw new Exception("'{$val}' is not a valid linkMode", Z_ERROR_INVALID_INPUT);
}
// Don't allow changing of linkMode
if ($item && $linkMode != $item->attachmentLinkMode) {
throw new Exception("Cannot change attachment linkMode", Z_ERROR_INVALID_INPUT);
}
break;
case 'contentType':
case 'charset':
case 'filename':
case 'md5':
case 'mtime':
if ($json->itemType != 'attachment') {
throw new Exception("'{$key}' is valid only for attachment items", Z_ERROR_INVALID_INPUT);
}
switch ($key) {
case 'filename':
case 'md5':
case 'mtime':
if (strpos($json->linkMode, 'imported_') !== 0) {
throw new Exception("'{$key}' is valid only for imported attachment items", Z_ERROR_INVALID_INPUT);
}
break;
}
switch ($key) {
case 'contentType':
case 'charset':
case 'filename':
$propName = 'attachment' . ucwords($key);
break;
case 'md5':
$propName = 'attachmentStorageHash';
break;
case 'mtime':
$propName = 'attachmentStorageModTime';
break;
}
if (Zotero_Libraries::getType($libraryID) == 'group') {
if ($item && $item->{$propName} !== $val || !$item && $val !== null && $val !== "") {
throw new Exception("Cannot change '{$key}' directly in group library", Z_ERROR_INVALID_INPUT);
}
} else {
if ($key == 'md5') {
if ($val && !preg_match("/^[a-f0-9]{32}\$/", $val)) {
throw new Exception("'{$val}' is not a valid MD5 hash", Z_ERROR_INVALID_INPUT);
}
}
}
break;
default:
if (!Zotero_ItemFields::getID($key)) {
throw new Exception("Invalid property '{$key}'", Z_ERROR_INVALID_INPUT);
}
if (is_array($val)) {
throw new Exception("Unexpected array for property '{$key}'", Z_ERROR_INVALID_INPUT);
}
break;
}
}
}
public function newItem()
{
if (empty($_GET['itemType'])) {
$this->e400("'itemType' not provided");
}
$itemType = $_GET['itemType'];
if ($itemType == 'attachment') {
if (empty($_GET['linkMode'])) {
$this->e400("linkMode required for itemType=attachment");
}
$linkModeName = $_GET['linkMode'];
try {
$linkMode = Zotero_Attachments::linkModeNameToNumber(strtoupper($linkModeName));
} catch (Exception $e) {
$this->e400("Invalid linkMode '{$linkModeName}'");
}
}
$itemTypeID = Zotero_ItemTypes::getID($itemType);
if (!$itemTypeID) {
$this->e400("Invalid item type '{$itemType}'");
}
// TODO: check If-Modified-Since and return 304 if not changed
$cacheVersion = 1;
$cacheKey = "newItemJSON" . "_" . $this->apiVersion . "_" . $itemTypeID . "_" . $cacheVersion;
if ($itemType == 'attachment') {
$cacheKey .= "_" . $linkMode;
}
$cacheKey .= '_' . $this->apiVersion;
$ttl = 60;
$json = Z_Core::$MC->get($cacheKey);
if ($json) {
header("Content-Type: application/json");
echo $json;
exit;
}
// Generate template
$json = array('itemType' => $itemType);
if ($itemType == 'attachment') {
$json['linkMode'] = $linkModeName;
}
$fieldIDs = Zotero_ItemFields::getItemTypeFields($itemTypeID);
$first = true;
foreach ($fieldIDs as $fieldID) {
$fieldName = Zotero_ItemFields::getName($fieldID);
// Before v3, computerProgram's 'versionNumber' was just 'version'
if ($this->apiVersion < 3 && $fieldID == 81) {
$fieldName = 'version';
}
if ($itemType == 'attachment' && $fieldName == 'url' && !preg_match('/_url$/', $linkModeName)) {
continue;
}
$json[$fieldName] = "";
if ($first && $itemType != 'note' && $itemType != 'attachment') {
$creatorTypeID = Zotero_CreatorTypes::getPrimaryIDForType($itemTypeID);
$creatorTypeName = Zotero_CreatorTypes::getName($creatorTypeID);
$json['creators'] = array(array('creatorType' => $creatorTypeName, 'firstName' => '', 'lastName' => ''));
$first = false;
}
}
if ($itemType == 'note' || $itemType == 'attachment') {
$json['note'] = '';
}
$json['tags'] = array();
if ($this->apiVersion >= 2) {
$json['collections'] = array();
$json['relations'] = new stdClass();
}
if ($this->apiVersion == 1) {
if ($itemType != 'note' && $itemType != 'attachment') {
$json['attachments'] = array();
$json['notes'] = array();
}
}
if ($itemType == 'attachment') {
$json['contentType'] = '';
$json['charset'] = '';
if (preg_match('/^imported_/', $linkModeName)) {
$json['filename'] = '';
$json['md5'] = null;
$json['mtime'] = null;
//$json['zip'] = false;
}
}
header("Content-Type: application/json");
$json = Zotero_Utilities::formatJSON($json);
Z_Core::$MC->set($cacheKey, $json, $ttl);
echo $json;
exit;
}