function photos_post(&$a) { logger('mod-photos: photos_post: begin', LOGGER_DEBUG); logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA); logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA); $ph = photo_factory(''); $phototypes = $ph->supportedTypes(); $can_post = false; $page_owner_uid = $a->data['channel']['channel_id']; if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) { $can_post = true; } if (!$can_post) { notice(t('Permission denied.') . EOL); if (is_ajax()) { killme(); } return; } $s = abook_self($page_owner_uid); if (!$s) { notice(t('Page owner information could not be retrieved.') . EOL); logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid); if (is_ajax()) { killme(); } return; } $owner_record = $s[0]; $acl = new AccessList($a->data['channel']); if (argc() > 3 && argv(2) === 'album') { $album = hex2bin(argv(3)); if ($album === t('Profile Photos')) { // not allowed goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } if (!photos_album_exists($page_owner_uid, $album)) { notice(t('Album not found.') . EOL); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } /* * RENAME photo album */ $newalbum = notags(trim($_REQUEST['albumname'])); if ($newalbum != $album) { // @fixme - syncronise with DAV or disallow completely goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); // $x = photos_album_rename($page_owner_uid,$album,$newalbum); // if($x) { // $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']); // goaway($a->get_baseurl() . '/' . $newurl); // } } /* * DELETE photo album and all its photos */ if ($_REQUEST['dropalbum'] == t('Delete Album')) { $res = array(); // get the list of photos we are about to delete if (remote_channel() && !local_channel()) { $str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel()); } elseif (local_channel()) { $str = photos_album_get_db_idstr(local_channel(), $album); } else { $str = null; } if (!$str) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } $r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid)); if ($r) { foreach ($r as $i) { attach_delete($page_owner_uid, $i['resource_id'], 1); // This is now being done in attach_delete() // drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */); // proc_run('php','include/notifier.php','drop',$i['id']); } } // remove the associated photos in case they weren't attached to an item q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid)); // @FIXME do the same for the linked attach } goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']); } if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) { // same as above but remove single photo $ob_hash = get_observer_hash(); if (!$ob_hash) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc($a->argv[2])); if ($r) { /* this happens in attach_delete q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'", intval($page_owner_uid), dbesc($r[0]['resource_id']) ); */ attach_delete($page_owner_uid, $r[0]['resource_id'], 1); /* this happens in attach_delete $i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1", dbesc($r[0]['resource_id']), intval($page_owner_uid) ); if(count($i)) { drop_item($i[0]['id'],true,DROPITEM_PHASE1); $url = $a->get_baseurl(); } */ } goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']); } if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) { $desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : ''; $rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : ''; $item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0; $albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : ''; $is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0; $acl->set_from_array($_POST); $perm = $acl->get(); $resource_id = $a->argv[2]; if (!strlen($albname)) { $albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y'); } if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) { logger('rotate'); $r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid)); if (count($r)) { $d = $r[0]['os_storage'] ? @file_get_contents($r[0]['data']) : dbunescbin($r[0]['data']); $ph = photo_factory($d, $r[0]['type']); if ($ph->is_valid()) { $rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90; $ph->rotate($rotate_deg); $width = $ph->getWidth(); $height = $ph->getHeight(); if (intval($r[0]['os_storage'])) { @file_put_contents($r[0]['data'], $ph->imageString()); $data = $r[0]['data']; $fsize = @filesize($r[0]['data']); q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid)); } else { $data = $ph->imageString(); $fsize = strlen($data); } $x = q("update photo set data = '%s', `size` = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); if ($width > 1024 || $height > 1024) { $ph->scaleImage(1024); } $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); if ($width > 640 || $height > 640) { $ph->scaleImage(640); } $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); if ($width > 320 || $height > 320) { $ph->scaleImage(320); } $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); } } } $p = q("SELECT type, is_nsfw, description, resource_id, scale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY scale DESC", dbesc($resource_id), intval($page_owner_uid)); if ($p) { $ext = $phototypes[$p[0]['type']]; $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid)); } $item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false; $old_is_nsfw = $p[0]['is_nsfw']; if ($old_is_nsfw != $is_nsfw) { $r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid)); } /* Don't make the item visible if the only change was the album name */ $visibility = 0; if ($p[0]['description'] !== $desc || strlen($rawtags)) { $visibility = 1; } if (!$item_id) { $item_id = photos_create_item($a->data['channel'], get_observer_hash(), $p[0], $visibility); } if ($item_id) { $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid)); if ($r) { $old_tag = $r[0]['tag']; $old_inform = $r[0]['inform']; } } // make sure the linked item has the same permissions as the photo regardless of any other changes $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id)); // make sure the attach has the same permissions as the photo regardless of any other changes $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid)); if (strlen($rawtags)) { $str_tags = ''; $inform = ''; // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention $x = substr($rawtags, 0, 1); if ($x !== '@' && $x !== '#') { $rawtags = '@' . $rawtags; } require_once 'include/text.php'; $profile_uid = $a->profile['profile_uid']; $results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid); $success = $results['success']; $post_tags = array(); foreach ($results as $result) { $success = $result['success']; if ($success['replaced']) { $post_tags[] = array('uid' => $profile_uid, 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']); } } $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid)); if ($r) { $r = fetch_post_tags($r, true); $datarray = $r[0]; if ($post_tags) { if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) { $datarray['term'] = $post_tags; } else { $datarray['term'] = array_merge($datarray['term'], $post_tags); } } item_store_update($datarray, $execflag); } } goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } /** * default post action - upload a photo */ $channel = $a->data['channel']; $observer = $a->data['observer']; $_REQUEST['source'] = 'photos'; require_once 'include/attach.php'; if (!local_channel()) { $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } $r = attach_store($a->channel, get_observer_hash(), '', $_REQUEST); if (!$r['success']) { notice($r['message'] . EOL); } if ($_REQUEST['newalbum']) { goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum'])); } else { goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y'))); } }
/** * @brief Delete a file/directory from a channel. * * If the provided resource hash is from a directory it will delete everything * recursively under this directory. * * @param int $channel_id * The id of the channel * @param string $resource * The hash to delete * @return void */ function attach_delete($channel_id, $resource, $is_photo = 0) { $c = q("SELECT channel_address FROM channel WHERE channel_id = %d LIMIT 1", intval($channel_id)); $channel_address = $c ? $c[0]['channel_address'] : 'notfound'; $photo_sql = $is_photo ? " and is_photo = 1 " : ''; $r = q("SELECT hash, flags, is_dir, is_photo, folder FROM attach WHERE hash = '%s' AND uid = %d {$photo_sql} limit 1", dbesc($resource), intval($channel_id)); if (!$r) { return; } $cloudpath = get_parent_cloudpath($channel_id, $channel_address, $resource); $object = get_file_activity_object($channel_id, $resource, $cloudpath); // If resource is a directory delete everything in the directory recursive if (intval($r[0]['is_dir'])) { $x = q("SELECT hash, os_storage, is_dir, flags FROM attach WHERE folder = '%s' AND uid = %d", dbesc($resource), intval($channel_id)); if ($x) { foreach ($x as $xx) { attach_delete($channel_id, $xx['hash']); } } } // delete a file from filesystem if (intval($r[0]['os_storage'])) { $y = q("SELECT data FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($resource), intval($channel_id)); if ($y) { $f = 'store/' . $channel_address . '/' . $y[0]['data']; if (is_dir($y[0]['data'])) { @rmdir($y[0]['data']); } elseif (file_exists($f)) { unlink($f); } } } // delete from database $z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d", dbesc($resource), intval($channel_id)); if ($r[0]['is_photo']) { $x = q("select id, item_hidden from item where resource_id = '%s' and resource_type = 'photo' and uid = %d", dbesc($resource), intval($channel_id)); if ($x) { drop_item($x[0]['id'], false, $x[0]['item_hidden'] ? DROPITEM_NORMAL : DROPITEM_PHASE1, true); q("DELETE FROM photo WHERE uid = %d AND resource_id = '%s'", intval($channel_id), dbesc($resource)); } } // update the parent folder's lastmodified timestamp $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc(datetime_convert()), dbesc($r[0]['folder']), intval($channel_id)); file_activity($channel_id, $object, $object['allow_cid'], $object['allow_gid'], $object['deny_cid'], $object['deny_gid'], 'update', $notify = 0); }
function filestorage_content(&$a) { if (argc() > 1) { $which = argv(1); } else { notice(t('Requested profile is not available.') . EOL); $a->error = 404; return; } $r = q("select * from channel where channel_address = '%s'", dbesc($which)); if ($r) { $channel = $r[0]; $owner = intval($r[0]['channel_id']); } $observer = $a->get_observer(); $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['view_storage']) { notice(t('Permission denied.') . EOL); return; } // Since we have ACL'd files in the wild, but don't have ACL here yet, we // need to return for anyone other than the owner, despite the perms check for now. $is_owner = local_channel() && $owner == local_channel() ? true : false; if (!$is_owner) { info(t('Permission Denied.') . EOL); return; } if (argc() > 3 && argv(3) === 'delete') { if (!$perms['write_storage']) { notice(t('Permission denied.') . EOL); return; } $file = intval(argv(2)); $r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1", dbesc($file), intval($owner)); if (!$r) { notice(t('File not found.') . EOL); goaway(z_root() . '/cloud/' . $which); } $f = $r[0]; $channel = $a->get_channel(); $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); attach_delete($owner, $f['hash']); goaway($parentpath); } if (argc() > 3 && argv(3) === 'edit') { require_once 'include/acl_selectors.php'; if (!$perms['write_storage']) { notice(t('Permission denied.') . EOL); return; } $file = intval(argv(2)); $r = q("select id, uid, folder, filename, revision, flags, hash, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and uid = %d limit 1", intval($file), intval($owner)); $f = $r[0]; $channel = $a->get_channel(); $cloudpath = get_cloudpath($f) . ($f['flags'] & ATTACH_FLAG_DIR ? '?f=&davguest=1' : ''); $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); $aclselect_e = populate_acl($f, false); $is_a_dir = $f['flags'] & ATTACH_FLAG_DIR ? true : false; $lockstate = $f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid'] ? 'lock' : 'unlock'; // Encode path that is used for link so it's a valid URL // Keep slashes as slashes, otherwise mod_rewrite doesn't work correctly $encoded_path = str_replace('%2F', '/', rawurlencode($cloudpath)); $o = replace_macros(get_markup_template('attach_edit.tpl'), array('$header' => t('Edit file permissions'), '$file' => $f, '$cloudpath' => z_root() . '/' . $encoded_path, '$parentpath' => $parentpath, '$uid' => $channel['channel_id'], '$channelnick' => $channel['channel_address'], '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$lockstate' => $lockstate, '$permset' => t('Set/edit permissions'), '$recurse' => array('recurse', t('Include all files and sub folders'), 0, '', array(t('No'), t('Yes'))), '$backlink' => t('Return to file list'), '$isadir' => $is_a_dir, '$cpdesc' => t('Copy/paste this code to attach file to a post'), '$cpldesc' => t('Copy/paste this URL to link file from a web page'), '$submit' => t('Submit'), '$attach_btn_title' => t('Share this file'), '$link_btn_title' => t('Show URL to this file'), '$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes'))))); echo $o; killme(); } goaway(z_root() . '/cloud/' . $which); }
/** * @brief delete directory */ public function delete() { logger('delete file ' . basename($this->red_path), LOGGER_DEBUG); if (!$this->auth->owner_id || !perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) { throw new DAV\Exception\Forbidden('Permission denied.'); } if ($this->auth->owner_id !== $this->auth->channel_id) { if ($this->auth->observer !== $this->data['creator'] || intval($this->data['is_dir'])) { throw new DAV\Exception\Forbidden('Permission denied.'); } } attach_delete($this->auth->owner_id, $this->folder_hash); $ch = channelx_by_n($this->auth->owner_id); if ($ch) { $sync = attach_export_data($ch, $this->folder_hash, true); if ($sync) { build_sync_packet($ch['channel_id'], array('file' => array($sync))); } } }
function plugin_attach_action() { global $vars, $_attach_messages; // Backward compatible if (isset($vars['openfile'])) { $vars['file'] = $vars['openfile']; $vars['pcmd'] = 'open'; } if (isset($vars['delfile'])) { $vars['file'] = $vars['delfile']; $vars['pcmd'] = 'delete'; } $pcmd = isset($vars['pcmd']) ? $vars['pcmd'] : ''; $refer = isset($vars['refer']) ? $vars['refer'] : ''; $pass = isset($vars['pass']) ? $vars['pass'] : NULL; $page = isset($vars['page']) ? $vars['page'] : ''; if ($refer != '' && is_pagename($refer)) { if (in_array($pcmd, array('info', 'open', 'list'))) { check_readable($refer); } else { check_editable($refer); } } // Dispatch if (isset($_FILES['attach_file'])) { // Upload return attach_upload($_FILES['attach_file'], $refer, $pass); } else { switch ($pcmd) { case 'delete': /*FALLTHROUGH*/ /*FALLTHROUGH*/ case 'freeze': case 'unfreeze': if (PKWK_READONLY) { die_message('PKWK_READONLY prohibits editing'); } } switch ($pcmd) { case 'info': return attach_info(); case 'delete': return attach_delete(); case 'open': return attach_open(); case 'list': return attach_list(); case 'freeze': return attach_freeze(TRUE); case 'unfreeze': return attach_freeze(FALSE); case 'rename': return attach_rename(); case 'upload': return attach_showform(); } if ($page == '' || !is_page($page)) { return attach_list(); } else { return attach_showform(); } } }
function sync_files($channel, $files) { require_once 'include/attach.php'; if ($channel && $files) { foreach ($files as $f) { if (!$f) { continue; } $fetch_url = $f['fetch_url']; $oldbase = dirname($fetch_url); $original_channel = $f['original_channel']; if (!($fetch_url && $original_channel)) { continue; } if ($f['attach']) { $attachment_stored = false; foreach ($f['attach'] as $att) { convert_oldfields($att, 'data', 'content'); if ($att['deleted']) { attach_delete($channel, $att['hash']); continue; } $attach_exists = false; $x = attach_by_hash($att['hash']); logger('sync_files duplicate check: attach_exists=' . $attach_exists, LOGGER_DEBUG); logger('sync_files duplicate check: att=' . print_r($att, true), LOGGER_DEBUG); logger('sync_files duplicate check: attach_by_hash() returned ' . print_r($x, true), LOGGER_DEBUG); if ($x['success']) { $attach_exists = true; $attach_id = $x[0]['id']; } $newfname = 'store/' . $channel['channel_address'] . '/' . get_attach_binname($att['content']); unset($att['id']); $att['aid'] = $channel['channel_account_id']; $att['uid'] = $channel['channel_id']; // check for duplicate folder names with the same parent. // If we have a duplicate that doesn't match this hash value // change the name so that the contents won't be "covered over" // by the existing directory. Use the same logic we use for // duplicate files. if (strpos($att['filename'], '.') !== false) { $basename = substr($att['filename'], 0, strrpos($att['filename'], '.')); $ext = substr($att['filename'], strrpos($att['filename'], '.')); } else { $basename = $att['filename']; $ext = ''; } $r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' and hash != '%s' ", dbesc($basename . $ext), dbesc($basename . '(%)' . $ext), dbesc($att['folder']), dbesc($att['hash'])); if ($r) { $x = 1; do { $found = false; foreach ($r as $rr) { if ($rr['filename'] === $basename . '(' . $x . ')' . $ext) { $found = true; break; } } if ($found) { $x++; } } while ($found); $att['filename'] = $basename . '(' . $x . ')' . $ext; } else { $att['filename'] = $basename . $ext; } // end duplicate detection // @fixme - update attachment structures if they are modified rather than created $att['content'] = $newfname; // Note: we use $att['hash'] below after it has been escaped to // fetch the file contents. // If the hash ever contains any escapable chars this could cause // problems. Currently it does not. dbesc_array($att); if ($attach_exists) { logger('sync_files attach exists: ' . print_r($att, true), LOGGER_DEBUG); $str = ''; foreach ($att as $k => $v) { if ($str) { $str .= ","; } $str .= " `" . $k . "` = '" . $v . "' "; } $r = dbq("update `attach` set " . $str . " where id = " . intval($attach_id)); } else { logger('sync_files attach does not exists: ' . print_r($att, true), LOGGER_DEBUG); $r = dbq("INSERT INTO attach (`" . implode("`, `", array_keys($att)) . "`) VALUES ('" . implode("', '", array_values($att)) . "')"); } // is this a directory? if ($att['filetype'] === 'multipart/mixed' && $att['is_dir']) { os_mkdir($newfname, STORAGE_DEFAULT_PERMISSIONS, true); $attachment_stored = true; continue; } else { // it's a file // for the sync version of this algorithm (as opposed to 'offline import') // we will fetch the actual file from the source server so it can be // streamed directly to disk and avoid consuming PHP memory if it's a huge // audio/video file or something. $time = datetime_convert(); $parr = array('hash' => $channel['channel_hash'], 'time' => $time, 'resource' => $att['hash'], 'revision' => 0, 'signature' => base64url_encode(rsa_sign($channel['channel_hash'] . '.' . $time, $channel['channel_prvkey']))); $store_path = $newfname; $fp = fopen($newfname, 'w'); if (!$fp) { logger('failed to open storage file.', LOGGER_NORMAL, LOG_ERR); continue; } $redirects = 0; $x = z_post_url($fetch_url, $parr, $redirects, array('filep' => $fp)); fclose($fp); if ($x['success']) { $attachment_stored = true; } continue; } } } if (!$attachment_stored) { // @TODO should we queue this and retry or delete everything or what? logger('attachment store failed', LOGGER_NORMAL, LOG_ERR); } if ($f['photo']) { foreach ($f['photo'] as $p) { unset($p['id']); $p['aid'] = $channel['channel_account_id']; $p['uid'] = $channel['channel_id']; convert_oldfields($p, 'data', 'content'); convert_oldfields($p, 'scale', 'imgscale'); convert_oldfields($p, 'size', 'filesize'); convert_oldfields($p, 'type', 'mimetype'); // if this is a profile photo, undo the profile photo bit // for any other photo which previously held it. if ($p['photo_usage'] == PHOTO_PROFILE) { $e = q("update photo set photo_usage = %d where photo_usage = %d\n\t\t\t\t\t\t\tand resource_id != '%s' and uid = %d ", intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), dbesc($p['resource_id']), intval($channel['channel_id'])); } // same for cover photos if ($p['photo_usage'] == PHOTO_COVER) { $e = q("update photo set photo_usage = %d where photo_usage = %d\n\t\t\t\t\t\t\tand resource_id != '%s' and uid = %d ", intval(PHOTO_NORMAL), intval(PHOTO_COVER), dbesc($p['resource_id']), intval($channel['channel_id'])); } if ($p['imgscale'] === 0 && $p['os_storage']) { $p['content'] = $store_path; } else { $p['content'] = base64_decode($p['content']); } $exists = q("select * from photo where resource_id = '%s' and imgscale = %d and uid = %d limit 1", dbesc($p['resource_id']), intval($p['imgscale']), intval($channel['channel_id'])); dbesc_array($p); if ($exists) { $str = ''; foreach ($p as $k => $v) { if ($str) { $str .= ","; } $str .= " `" . $k . "` = '" . $v . "' "; } $r = dbq("update `photo` set " . $str . " where id = " . intval($exists[0]['id'])); } else { $r = dbq("INSERT INTO photo (`" . implode("`, `", array_keys($p)) . "`) VALUES ('" . implode("', '", array_values($p)) . "')"); } } } if ($f['item']) { sync_items($channel, $f['item'], ['channel_address' => $original_channel, 'url' => $oldbase]); } } } }
/** * @brief Delete the file. * * This method checks the permissions and then calls attach_delete() function * to actually remove the file. * * @throw \Sabre\DAV\Exception\Forbidden */ public function delete() { logger('delete file ' . basename($this->name), LOGGER_DEBUG); if (!$this->auth->owner_id || !perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) { throw new DAV\Exception\Forbidden('Permission denied.'); } if ($this->auth->owner_id !== $this->auth->channel_id) { if ($this->auth->observer !== $this->data['creator'] || intval($this->data['is_dir'])) { throw new DAV\Exception\Forbidden('Permission denied.'); } } attach_delete($this->auth->owner_id, $this->data['hash']); }
function post() { logger('mod-photos: photos_post: begin', LOGGER_DEBUG); logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA); logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA); $ph = photo_factory(''); $phototypes = $ph->supportedTypes(); $can_post = false; $page_owner_uid = \App::$data['channel']['channel_id']; if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) { $can_post = true; } if (!$can_post) { notice(t('Permission denied.') . EOL); if (is_ajax()) { killme(); } return; } $s = abook_self($page_owner_uid); if (!$s) { notice(t('Page owner information could not be retrieved.') . EOL); logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid); if (is_ajax()) { killme(); } return; } $owner_record = $s[0]; $acl = new \Zotlabs\Access\AccessList(\App::$data['channel']); if (argc() > 3 && argv(2) === 'album') { $album = hex2bin(argv(3)); if ($album === t('Profile Photos')) { // not allowed goaway(z_root() . '/' . $_SESSION['photo_return']); } if (!photos_album_exists($page_owner_uid, $album)) { notice(t('Album not found.') . EOL); goaway(z_root() . '/' . $_SESSION['photo_return']); } /* * DELETE photo album and all its photos */ if ($_REQUEST['dropalbum'] == t('Delete Album')) { // This is dangerous because we combined file storage and photos into one interface // This function will remove all photos from any directory with the same name since // we have not passed the path value. // The correct solution would be to use a full pathname from your storage root for 'album' // We also need to prevent/block removing the storage root folder. $folder_hash = ''; $r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'", intval($page_owner_uid), dbesc($album)); if (!$r) { notice(t('Album not found.') . EOL); return; } if (count($r) > 1) { notice(t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL); return; } else { $folder_hash = $r[0]['hash']; } $res = array(); // get the list of photos we are about to delete if (remote_channel() && !local_channel()) { $str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel()); } elseif (local_channel()) { $str = photos_album_get_db_idstr(local_channel(), $album); } else { $str = null; } if (!$str) { goaway(z_root() . '/' . $_SESSION['photo_return']); } $r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid)); if ($r) { foreach ($r as $i) { attach_delete($page_owner_uid, $i['resource_id'], 1); } } // remove the associated photos in case they weren't attached to an item q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid)); // @FIXME do the same for the linked attach if ($folder_hash) { attach_delete($page_owner_uid, $folder_hash, 1); $sync = attach_export_data(\App::$data['channel'], $folder_hash, true); if ($sync) { build_sync_packet($page_owner_uid, array('file' => array($sync))); } } } goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); } if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) { // same as above but remove single photo $ob_hash = get_observer_hash(); if (!$ob_hash) { goaway(z_root() . '/' . $_SESSION['photo_return']); } $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc(\App::$argv[2])); if ($r) { attach_delete($page_owner_uid, $r[0]['resource_id'], 1); $sync = attach_export_data(\App::$data['channel'], $r[0]['resource_id'], true); if ($sync) { build_sync_packet($page_owner_uid, array('file' => array($sync))); } } goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']); } if (argc() > 2 && array_key_exists('move_to_album', $_POST)) { $m = q("select folder from attach where hash = '%s' and uid = %d limit 1", dbesc(argv(2)), intval($page_owner_uid)); if ($m && $m[0]['folder'] != $_POST['move_to_album']) { attach_move($page_owner_uid, argv(2), $_POST['move_to_album']); if (!($_POST['desc'] && $_POST['newtag'])) { goaway(z_root() . '/' . $_SESSION['photo_return']); } } } if (argc() > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false)) { $desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : ''; $rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : ''; $item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0; $is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0; $acl->set_from_array($_POST); $perm = $acl->get(); $resource_id = argv(2); if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) { logger('rotate'); $r = q("select * from photo where `resource_id` = '%s' and uid = %d and imgscale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid)); if (count($r)) { $d = $r[0]['os_storage'] ? @file_get_contents($r[0]['content']) : dbunescbin($r[0]['content']); $ph = photo_factory($d, $r[0]['mimetype']); if ($ph->is_valid()) { $rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90; $ph->rotate($rotate_deg); $width = $ph->getWidth(); $height = $ph->getHeight(); if (intval($r[0]['os_storage'])) { @file_put_contents($r[0]['content'], $ph->imageString()); $data = $r[0]['content']; $fsize = @filesize($r[0]['content']); q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid)); } else { $data = $ph->imageString(); $fsize = strlen($data); } $x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); if ($width > 1024 || $height > 1024) { $ph->scaleImage(1024); } $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); if ($width > 640 || $height > 640) { $ph->scaleImage(640); } $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); if ($width > 320 || $height > 320) { $ph->scaleImage(320); } $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); } } } $p = q("SELECT mimetype, is_nsfw, description, resource_id, imgscale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY imgscale DESC", dbesc($resource_id), intval($page_owner_uid)); if ($p) { $ext = $phototypes[$p[0]['mimetype']]; $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid)); } $item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false; $old_is_nsfw = $p[0]['is_nsfw']; if ($old_is_nsfw != $is_nsfw) { $r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid)); } /* Don't make the item visible if the only change was the album name */ $visibility = 0; if ($p[0]['description'] !== $desc || strlen($rawtags)) { $visibility = 1; } if (!$item_id) { $item_id = photos_create_item(\App::$data['channel'], get_observer_hash(), $p[0], $visibility); } if ($item_id) { $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid)); if ($r) { $old_tag = $r[0]['tag']; $old_inform = $r[0]['inform']; } } // make sure the linked item has the same permissions as the photo regardless of any other changes $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id)); // make sure the attach has the same permissions as the photo regardless of any other changes $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid)); if (strlen($rawtags)) { $str_tags = ''; $inform = ''; // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention $x = substr($rawtags, 0, 1); if ($x !== '@' && $x !== '#') { $rawtags = '@' . $rawtags; } require_once 'include/text.php'; $profile_uid = \App::$profile['profile_uid']; $results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid); $success = $results['success']; $post_tags = array(); foreach ($results as $result) { $success = $result['success']; if ($success['replaced']) { $post_tags[] = array('uid' => $profile_uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']); } } $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid)); if ($r) { $r = fetch_post_tags($r, true); $datarray = $r[0]; if ($post_tags) { if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) { $datarray['term'] = $post_tags; } else { $datarray['term'] = array_merge($datarray['term'], $post_tags); } } item_store_update($datarray, $execflag); } } $sync = attach_export_data(\App::$data['channel'], $resource_id); if ($sync) { build_sync_packet($page_owner_uid, array('file' => array($sync))); } goaway(z_root() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } /** * default post action - upload a photo */ $channel = \App::$data['channel']; $observer = \App::$data['observer']; $_REQUEST['source'] = 'photos'; require_once 'include/attach.php'; if (!local_channel()) { $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } $r = attach_store($channel, get_observer_hash(), '', $_REQUEST); if (!$r['success']) { notice($r['message'] . EOL); } if ($_REQUEST['newalbum']) { goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum'])); } else { goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y'))); } }
function plugin_attach_action() { global $vars, $_attach_messages, $_string; // Backward compatible if (isset($vars['openfile'])) { $vars['file'] = $vars['openfile']; $vars['pcmd'] = 'open'; } if (isset($vars['delfile'])) { $vars['file'] = $vars['delfile']; $vars['pcmd'] = 'delete'; } $pcmd = isset($vars['pcmd']) ? $vars['pcmd'] : NULL; $refer = isset($vars['refer']) ? $vars['refer'] : NULL; $pass = isset($vars['pass']) ? $vars['pass'] : NULL; $page = isset($vars['page']) ? $vars['page'] : $refer; if (!empty($page)) { $wiki = Factory::Wiki($page); if ($wiki->isValied()) { // メソッドによってパーミッションを分ける if (in_array($pcmd, array('info', 'open', 'list'))) { // 読み込み許可 $wiki->checkReadable(); } else { // 書き込み許可があるか $wiki->checkEditable(); } } } if (in_array($pcmd, array('delete', 'freeze', 'unfreeze'))) { if (Auth::check_role('readonly')) { Utility::dieMessage($_string['error_prohibit']); } } switch ($pcmd) { case 'info': return attach_info(); case 'delete': return attach_delete(); case 'open': return attach_open(); case 'list': return attach_list($page); case 'freeze': return attach_freeze(TRUE); case 'unfreeze': return attach_freeze(FALSE); case 'rename': return attach_rename(); default: case 'upload': return attach_showform(); case 'form': return array('msg' => str_replace('$1', $refer, $_attach_messages['msg_upload']), 'body' => attach_form($refer)); case 'post': return attach_upload($page, $pass); case 'progress': return PluginRenderer::getUploadProgress(); } return empty($page) || !$wiki->isValied() ? attach_list() : attach_showform(); }
/** * @brief Delete a file/directory. * * @param int $channel_id * @param string $resource a hash to delete */ function attach_delete($channel_id, $resource) { $c = q("SELECT channel_address FROM channel WHERE channel_id = %d LIMIT 1", intval($channel_id)); $channel_address = $c ? $c[0]['channel_address'] : 'notfound'; $r = q("SELECT hash, flags, folder FROM attach WHERE hash = '%s' AND uid = %d limit 1", dbesc($resource), intval($channel_id)); if (!$r) { return; } // If resource is a directory delete everything in the directory recursive if ($r[0]['flags'] & ATTACH_FLAG_DIR) { $x = q("select hash, flags from attach where folder = '%s' and uid = %d", dbesc($resource), intval($channel_id)); if ($x) { foreach ($x as $xx) { attach_delete($channel_id, $xx['hash']); } } } // delete a file from filesystem if ($r[0]['flags'] & ATTACH_FLAG_OS) { $y = q("SELECT data FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($resource), intval($channel_id)); if ($y) { $f = 'store/' . $channel_address . '/' . $y[0]['data']; if (is_dir($f)) { @rmdir($f); } elseif (file_exists($f)) { unlink($f); } } } // delete from database $z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($resource), intval($channel_id)); // update the parent folder's lastmodified timestamp $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc(datetime_convert()), dbesc($r[0]['folder']), intval($channel_id)); return; }
/** * @brief Creates a new file in the directory. * * Data will either be supplied as a stream resource, or in certain cases * as a string. Keep in mind that you may have to support either. * * After successful creation of the file, you may choose to return the ETag * of the new file here. * * @throw \Sabre\DAV\Exception\Forbidden * @param string $name Name of the file * @param resource|string $data Initial payload * @return null|string ETag */ public function createFile($name, $data = null) { logger($name, LOGGER_DEBUG); if (!$this->auth->owner_id) { logger('permission denied ' . $name); throw new DAV\Exception\Forbidden('Permission denied.'); } if (!perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) { logger('permission denied ' . $name); throw new DAV\Exception\Forbidden('Permission denied.'); } $mimetype = z_mime_content_type($name); $c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1", intval($this->auth->owner_id)); if (!$c) { logger('no channel'); throw new DAV\Exception\Forbidden('Permission denied.'); } $filesize = 0; $hash = random_string(); $f = 'store/' . $this->auth->owner_nick . '/' . ($this->os_path ? $this->os_path . '/' : '') . $hash; $direct = null; if ($this->folder_hash) { $r = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1", dbesc($this->folder_hash), intval($c[0]['channel_id'])); if ($r) { $direct = $r[0]; } } if ($direct && ($direct['allow_cid'] || $direct['allow_gid'] || $direct['deny_cid'] || $direct['deny_gid'])) { $allow_cid = $direct['allow_cid']; $allow_gid = $direct['allow_gid']; $deny_cid = $direct['deny_cid']; $deny_gid = $direct['deny_gid']; } else { $allow_cid = $c[0]['channel_allow_cid']; $allow_gid = $c[0]['channel_allow_gid']; $deny_cid = $c[0]['channel_deny_cid']; $deny_gid = $c[0]['channel_deny_gid']; } $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), dbesc($this->auth->observer), dbesc($name), dbesc($this->folder_hash), intval(1), dbesc($mimetype), intval($filesize), intval(0), intval($is_photo), dbesc($this->os_path . '/' . $hash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), dbesc($deny_gid)); // returns the number of bytes that were written to the file, or FALSE on failure $size = file_put_contents($f, $data); // delete attach entry if file_put_contents() failed if ($size === false) { logger('file_put_contents() failed to ' . $f); attach_delete($c[0]['channel_id'], $hash); return; } // returns now $edited = datetime_convert(); $is_photo = 0; $x = @getimagesize($f); logger('getimagesize: ' . print_r($x, true), LOGGER_DATA); if ($x && ($x[2] === IMAGETYPE_GIF || $x[2] === IMAGETYPE_JPEG || $x[2] === IMAGETYPE_PNG)) { $is_photo = 1; } // updates entry with filesize and timestamp $d = q("UPDATE attach SET filesize = '%s', is_photo = %d, edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), intval($is_photo), dbesc($edited), dbesc($hash), intval($c[0]['channel_id'])); // update the folder's lastmodified timestamp $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($this->folder_hash), intval($c[0]['channel_id'])); $maxfilesize = get_config('system', 'maxfilesize'); if ($maxfilesize && $size > $maxfilesize) { attach_delete($c[0]['channel_id'], $hash); return; } // check against service class quota $limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit'); if ($limit !== false) { $x = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d ", intval($c[0]['channel_account_id'])); if ($x && $x[0]['total'] + $size > $limit) { logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); attach_delete($c[0]['channel_id'], $hash); return; } } if ($is_photo) { $album = ''; if ($this->folder_hash) { $f1 = q("select filename from attach WHERE hash = '%s' AND uid = %d", dbesc($this->folder_hash), intval($c[0]['channel_id'])); if ($f1) { $album = $f1[0]['filename']; } } require_once 'include/photos.php'; $args = array('resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x, 'directory' => $direct); $p = photo_upload($c[0], get_app()->get_observer(), $args); } }
/** * @brief Creates a new file in the directory. * * Data will either be supplied as a stream resource, or in certain cases * as a string. Keep in mind that you may have to support either. * * After successful creation of the file, you may choose to return the ETag * of the new file here. * * @throw \Sabre\DAV\Exception\Forbidden * @param string $name Name of the file * @param resource|string $data Initial payload * @return null|string ETag */ public function createFile($name, $data = null) { logger($name, LOGGER_DEBUG); if (!$this->auth->owner_id) { logger('permission denied ' . $name); throw new DAV\Exception\Forbidden('Permission denied.'); } if (!perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) { logger('permission denied ' . $name); throw new DAV\Exception\Forbidden('Permission denied.'); } $mimetype = z_mime_content_type($name); $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED)); if (!$c) { logger('no channel'); throw new DAV\Exception\Forbidden('Permission denied.'); } $filesize = 0; $hash = random_string(); $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, flags, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), dbesc($this->auth->observer), dbesc($name), dbesc($this->folder_hash), dbesc(ATTACH_FLAG_OS), dbesc($mimetype), intval($filesize), intval(0), dbesc($this->os_path . '/' . $hash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($c[0]['channel_allow_cid']), dbesc($c[0]['channel_allow_gid']), dbesc($c[0]['channel_deny_cid']), dbesc($c[0]['channel_deny_gid'])); $f = 'store/' . $this->auth->owner_nick . '/' . ($this->os_path ? $this->os_path . '/' : '') . $hash; // returns the number of bytes that were written to the file, or FALSE on failure $size = file_put_contents($f, $data); // delete attach entry if file_put_contents() failed if ($size === false) { logger('file_put_contents() failed to ' . $f); attach_delete($c[0]['channel_id'], $hash); return; } // returns now $edited = datetime_convert(); // updates entry with filesize and timestamp $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($hash), intval($c[0]['channel_id'])); // update the folder's lastmodified timestamp $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($this->folder_hash), intval($c[0]['channel_id'])); $maxfilesize = get_config('system', 'maxfilesize'); if ($maxfilesize && $size > $maxfilesize) { attach_delete($c[0]['channel_id'], $hash); return; } // check against service class quota $limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit'); if ($limit !== false) { $x = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d ", intval($c[0]['channel_account_id'])); if ($x && $x[0]['total'] + $size > $limit) { logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); attach_delete($c[0]['channel_id'], $hash); return; } } }
/** * @brief Delete the file. * * This method checks the permissions and then calls attach_delete() function * to actually remove the file. * * @throw \Sabre\DAV\Exception\Forbidden */ public function delete() { logger('delete file ' . basename($this->name), LOGGER_DEBUG); if (!$this->auth->owner_id || !perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) { throw new DAV\Exception\Forbidden('Permission denied.'); } if ($this->auth->owner_id !== $this->auth->channel_id) { if ($this->auth->observer !== $this->data['creator'] || intval($this->data['is_dir'])) { throw new DAV\Exception\Forbidden('Permission denied.'); } } if (get_pconfig($this->auth->owner_id, 'system', 'os_delete_prohibit') && \App::$module == 'dav') { throw new DAV\Exception\Forbidden('Permission denied.'); } attach_delete($this->auth->owner_id, $this->data['hash']); $ch = channelx_by_n($this->auth->owner_id); if ($ch) { $sync = attach_export_data($ch, $this->data['hash'], true); if ($sync) { build_sync_packet($ch['channel_id'], array('file' => array($sync))); } } }
/** * @brief Delete the file. * * @throw DAV\Exception\Forbidden * @return void */ public function delete() { logger('RedFile::delete(): ' . basename($this->name), LOGGER_DEBUG); if (!$this->auth->owner_id || !perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) { throw new DAV\Exception\Forbidden('Permission denied.'); } if ($this->auth->owner_id !== $this->auth->channel_id) { if ($this->auth->observer !== $this->data['creator'] || $this->data['flags'] & ATTACH_FLAG_DIR) { throw new DAV\Exception\Forbidden('Permission denied.'); } } attach_delete($this->auth->owner_id, $this->data['hash']); }