2014-02-19 20:04:20 +00:00
|
|
|
<?php
|
2011-05-25 05:40:52 +00:00
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/** @file
|
|
|
|
|
*
|
|
|
|
|
* @brief File/attach API with the potential for revision control.
|
2013-02-02 09:58:11 +00:00
|
|
|
*
|
|
|
|
|
* TODO: a filesystem storage abstraction which maintains security (and 'data' contains a system filename
|
|
|
|
|
* which is inaccessible from the web). This could get around PHP storage limits and store videos and larger
|
|
|
|
|
* items, using fread or OS methods or native code to read/write or chunk it through.
|
|
|
|
|
* Also an 'append' option to the storage function might be a useful addition.
|
|
|
|
|
*/
|
|
|
|
|
|
2013-02-01 07:56:46 +00:00
|
|
|
require_once('include/permissions.php');
|
2013-03-01 02:20:42 +00:00
|
|
|
require_once('include/security.php');
|
2011-08-04 02:18:58 +00:00
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Guess the mimetype from file ending.
|
|
|
|
|
*
|
|
|
|
|
* This function takes a file name and guess the mimetype from the
|
|
|
|
|
* filename extension.
|
|
|
|
|
*
|
|
|
|
|
* @param $filename a string filename
|
|
|
|
|
* @return string The mimetype according to a file ending.
|
|
|
|
|
*/
|
2011-08-04 02:18:58 +00:00
|
|
|
function z_mime_content_type($filename) {
|
2011-05-25 05:40:52 +00:00
|
|
|
|
|
|
|
|
$mime_types = array(
|
|
|
|
|
|
2014-10-13 22:08:55 +00:00
|
|
|
'txt' => 'text/plain',
|
|
|
|
|
'htm' => 'text/html',
|
|
|
|
|
'html' => 'text/html',
|
|
|
|
|
'php' => 'text/html',
|
|
|
|
|
'css' => 'text/css',
|
|
|
|
|
'js' => 'application/javascript',
|
|
|
|
|
'json' => 'application/json',
|
|
|
|
|
'xml' => 'application/xml',
|
|
|
|
|
'swf' => 'application/x-shockwave-flash',
|
|
|
|
|
'flv' => 'video/x-flv',
|
|
|
|
|
'epub' => 'application/epub+zip',
|
|
|
|
|
|
|
|
|
|
// images
|
|
|
|
|
'png' => 'image/png',
|
|
|
|
|
'jpe' => 'image/jpeg',
|
|
|
|
|
'jpeg' => 'image/jpeg',
|
|
|
|
|
'jpg' => 'image/jpeg',
|
|
|
|
|
'gif' => 'image/gif',
|
|
|
|
|
'bmp' => 'image/bmp',
|
|
|
|
|
'ico' => 'image/vnd.microsoft.icon',
|
|
|
|
|
'tiff' => 'image/tiff',
|
|
|
|
|
'tif' => 'image/tiff',
|
|
|
|
|
'svg' => 'image/svg+xml',
|
|
|
|
|
'svgz' => 'image/svg+xml',
|
|
|
|
|
|
|
|
|
|
// archives
|
|
|
|
|
'zip' => 'application/zip',
|
|
|
|
|
'rar' => 'application/x-rar-compressed',
|
|
|
|
|
'exe' => 'application/x-msdownload',
|
|
|
|
|
'msi' => 'application/x-msdownload',
|
|
|
|
|
'cab' => 'application/vnd.ms-cab-compressed',
|
|
|
|
|
|
|
|
|
|
// audio/video
|
|
|
|
|
'mp3' => 'audio/mpeg',
|
|
|
|
|
'wav' => 'audio/wav',
|
|
|
|
|
'qt' => 'video/quicktime',
|
|
|
|
|
'mov' => 'video/quicktime',
|
|
|
|
|
'ogg' => 'application/ogg',
|
2015-01-22 11:12:42 +00:00
|
|
|
'opus' => 'audio/ogg',
|
|
|
|
|
'webm' => 'video/webm',
|
2015-02-12 04:38:06 +00:00
|
|
|
// 'webm' => 'audio/webm',
|
2015-01-22 11:12:42 +00:00
|
|
|
'mp4' => 'video/mp4',
|
2015-02-12 04:38:06 +00:00
|
|
|
// 'mp4' => 'audio/mp4',
|
2014-10-13 22:08:55 +00:00
|
|
|
|
|
|
|
|
// adobe
|
|
|
|
|
'pdf' => 'application/pdf',
|
|
|
|
|
'psd' => 'image/vnd.adobe.photoshop',
|
|
|
|
|
'ai' => 'application/postscript',
|
|
|
|
|
'eps' => 'application/postscript',
|
|
|
|
|
'ps' => 'application/postscript',
|
|
|
|
|
|
|
|
|
|
// ms office
|
|
|
|
|
'doc' => 'application/msword',
|
|
|
|
|
'rtf' => 'application/rtf',
|
|
|
|
|
'xls' => 'application/vnd.ms-excel',
|
|
|
|
|
'ppt' => 'application/vnd.ms-powerpoint',
|
|
|
|
|
|
|
|
|
|
// open office
|
|
|
|
|
'odt' => 'application/vnd.oasis.opendocument.text',
|
|
|
|
|
'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
|
2015-01-22 11:12:42 +00:00
|
|
|
'odp' => 'application/vnd.oasis.opendocument.presentation',
|
|
|
|
|
'odg' => 'application/vnd.oasis.opendocument.graphics',
|
|
|
|
|
'odc' => 'application/vnd.oasis.opendocument.chart',
|
|
|
|
|
'odf' => 'application/vnd.oasis.opendocument.formula',
|
|
|
|
|
'odi' => 'application/vnd.oasis.opendocument.image',
|
|
|
|
|
'odm' => 'application/vnd.oasis.opendocument.text-master',
|
|
|
|
|
'odb' => 'application/vnd.oasis.opendocument.base',
|
|
|
|
|
'odb' => 'application/vnd.oasis.opendocument.database',
|
|
|
|
|
'ott' => 'application/vnd.oasis.opendocument.text-template',
|
|
|
|
|
'ots' => 'application/vnd.oasis.opendocument.spreadsheet-template',
|
|
|
|
|
'otp' => 'application/vnd.oasis.opendocument.presentation-template',
|
|
|
|
|
'otg' => 'application/vnd.oasis.opendocument.graphics-template',
|
|
|
|
|
'otc' => 'application/vnd.oasis.opendocument.chart-template',
|
|
|
|
|
'otf' => 'application/vnd.oasis.opendocument.formula-template',
|
|
|
|
|
'oti' => 'application/vnd.oasis.opendocument.image-template',
|
|
|
|
|
'oth' => 'application/vnd.oasis.opendocument.text-web'
|
2011-05-25 05:40:52 +00:00
|
|
|
);
|
|
|
|
|
|
2014-10-13 22:08:55 +00:00
|
|
|
$dot = strpos($filename, '.');
|
|
|
|
|
if ($dot !== false) {
|
|
|
|
|
$ext = strtolower(substr($filename, $dot + 1));
|
2011-05-25 05:40:52 +00:00
|
|
|
if (array_key_exists($ext, $mime_types)) {
|
|
|
|
|
return $mime_types[$ext];
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-01-03 22:18:06 +00:00
|
|
|
|
|
|
|
|
return 'application/octet-stream';
|
2011-08-04 02:18:58 +00:00
|
|
|
}
|
2011-05-25 05:40:52 +00:00
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Count files/attachments.
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param $channel_id
|
|
|
|
|
* @param $observer
|
|
|
|
|
* @param $hash (optional)
|
|
|
|
|
* @param $filename (optional)
|
|
|
|
|
* @param $filetype (optional)
|
|
|
|
|
* @return array
|
|
|
|
|
* $ret['success'] boolean
|
|
|
|
|
* $ret['results'] amount of found results, or false
|
|
|
|
|
* $ret['message'] string with error messages if any
|
|
|
|
|
*/
|
2013-01-31 01:27:32 +00:00
|
|
|
function attach_count_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '') {
|
|
|
|
|
|
|
|
|
|
$ret = array('success' => false);
|
|
|
|
|
|
|
|
|
|
if(! perm_is_allowed($channel_id,$observer, 'read_storage')) {
|
|
|
|
|
$ret['message'] = t('Permission denied.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
require_once('include/security.php');
|
|
|
|
|
$sql_extra = permissions_sql($channel_id);
|
|
|
|
|
|
|
|
|
|
if($hash)
|
|
|
|
|
$sql_extra .= protect_sprintf(" and hash = '" . dbesc($hash) . "' ");
|
|
|
|
|
|
|
|
|
|
if($filename)
|
|
|
|
|
$sql_extra .= protect_sprintf(" and filename like '@" . dbesc($filename) . "@' ");
|
|
|
|
|
|
|
|
|
|
if($filetype)
|
|
|
|
|
$sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' ");
|
|
|
|
|
|
2013-02-01 00:13:44 +00:00
|
|
|
$r = q("select id from attach where uid = %d $sql_extra",
|
2013-01-31 01:27:32 +00:00
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$ret['success'] = ((is_array($r)) ? true : false);
|
|
|
|
|
$ret['results'] = ((is_array($r)) ? count($r) : false);
|
|
|
|
|
|
2014-10-13 22:08:55 +00:00
|
|
|
return $ret;
|
2013-01-31 01:27:32 +00:00
|
|
|
}
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Returns a list of files/attachments.
|
|
|
|
|
*
|
|
|
|
|
* @param $channel_id
|
|
|
|
|
* @param $observer
|
|
|
|
|
* @param $hash (optional)
|
|
|
|
|
* @param $filename (optional)
|
|
|
|
|
* @param $filetype (optional)
|
|
|
|
|
* @param $orderby
|
|
|
|
|
* @param $start
|
|
|
|
|
* @param $entries
|
|
|
|
|
* @return array
|
|
|
|
|
* $ret['success'] boolean
|
|
|
|
|
* $ret['results'] array with results, or false
|
|
|
|
|
* $ret['message'] string with error messages if any
|
|
|
|
|
*/
|
2013-01-31 01:27:32 +00:00
|
|
|
function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '', $orderby = 'created desc', $start = 0, $entries = 0) {
|
|
|
|
|
|
|
|
|
|
$ret = array('success' => false);
|
|
|
|
|
|
|
|
|
|
if(! perm_is_allowed($channel_id,$observer, 'read_storage')) {
|
|
|
|
|
$ret['message'] = t('Permission denied.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
require_once('include/security.php');
|
|
|
|
|
$sql_extra = permissions_sql($channel_id);
|
|
|
|
|
|
|
|
|
|
if($hash)
|
|
|
|
|
$sql_extra .= protect_sprintf(" and hash = '" . dbesc($hash) . "' ");
|
|
|
|
|
|
|
|
|
|
if($filename)
|
|
|
|
|
$sql_extra .= protect_sprintf(" and filename like '@" . dbesc($filename) . "@' ");
|
|
|
|
|
|
|
|
|
|
if($filetype)
|
|
|
|
|
$sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' ");
|
|
|
|
|
|
|
|
|
|
if($entries)
|
|
|
|
|
$limit = " limit " . intval($start) . ", " . intval(entries) . " ";
|
|
|
|
|
|
|
|
|
|
// Retrieve all columns except 'data'
|
|
|
|
|
|
2013-02-05 23:34:30 +00:00
|
|
|
$r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d $sql_extra $orderby $limit",
|
2013-01-31 01:27:32 +00:00
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$ret['success'] = ((is_array($r)) ? true : false);
|
|
|
|
|
$ret['results'] = ((is_array($r)) ? $r : false);
|
|
|
|
|
|
2014-10-13 22:08:55 +00:00
|
|
|
return $ret;
|
2013-01-31 01:27:32 +00:00
|
|
|
}
|
2013-02-01 00:13:44 +00:00
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Find an attachment by hash and revision.
|
|
|
|
|
*
|
|
|
|
|
* Returns the entire attach structure including data.
|
|
|
|
|
*
|
|
|
|
|
* This could exhaust memory so most useful only when immediately sending the data.
|
|
|
|
|
*
|
|
|
|
|
* @param $hash
|
|
|
|
|
* @param $rev
|
|
|
|
|
*/
|
|
|
|
|
function attach_by_hash($hash, $rev = 0) {
|
2013-02-01 00:13:44 +00:00
|
|
|
|
|
|
|
|
$ret = array('success' => false);
|
|
|
|
|
|
|
|
|
|
// Check for existence, which will also provide us the owner uid
|
|
|
|
|
|
|
|
|
|
$sql_extra = '';
|
|
|
|
|
if($rev == (-1))
|
|
|
|
|
$sql_extra = " order by revision desc ";
|
|
|
|
|
elseif($rev)
|
|
|
|
|
$sql_extra = " and revision = " . intval($rev) . " ";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$r = q("SELECT uid FROM attach WHERE hash = '%s' $sql_extra LIMIT 1",
|
|
|
|
|
dbesc($hash)
|
|
|
|
|
);
|
|
|
|
|
if(! $r) {
|
|
|
|
|
$ret['message'] = t('Item was not found.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
if(! perm_is_allowed($r[0]['uid'], get_observer_hash(), 'view_storage')) {
|
2013-02-01 00:13:44 +00:00
|
|
|
$ret['message'] = t('Permission denied.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sql_extra = permissions_sql($r[0]['uid']);
|
|
|
|
|
|
|
|
|
|
// Now we'll see if we can access the attachment
|
2014-01-07 02:13:02 +00:00
|
|
|
|
2013-02-01 00:13:44 +00:00
|
|
|
$r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1",
|
|
|
|
|
dbesc($hash),
|
|
|
|
|
intval($r[0]['uid'])
|
|
|
|
|
);
|
2014-01-07 02:13:02 +00:00
|
|
|
|
2013-02-01 00:13:44 +00:00
|
|
|
if(! $r) {
|
2014-02-19 20:04:20 +00:00
|
|
|
$ret['message'] = t('Permission denied.');
|
2013-02-01 00:13:44 +00:00
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ret['success'] = true;
|
|
|
|
|
$ret['data'] = $r[0];
|
|
|
|
|
|
2014-10-13 22:08:55 +00:00
|
|
|
return $ret;
|
2013-02-01 00:13:44 +00:00
|
|
|
}
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Find an attachment by hash and revision.
|
|
|
|
|
*
|
|
|
|
|
* Returns the entire attach structure excluding data.
|
|
|
|
|
*
|
|
|
|
|
* @see attach_by_hash()
|
|
|
|
|
* @param $hash
|
|
|
|
|
* @param $ref
|
|
|
|
|
*/
|
|
|
|
|
function attach_by_hash_nodata($hash, $rev = 0) {
|
2013-02-01 00:13:44 +00:00
|
|
|
|
|
|
|
|
$ret = array('success' => false);
|
|
|
|
|
|
|
|
|
|
// Check for existence, which will also provide us the owner uid
|
|
|
|
|
|
|
|
|
|
$sql_extra = '';
|
|
|
|
|
if($rev == (-1))
|
|
|
|
|
$sql_extra = " order by revision desc ";
|
|
|
|
|
elseif($rev)
|
|
|
|
|
$sql_extra = " and revision = " . intval($rev) . " ";
|
|
|
|
|
|
|
|
|
|
$r = q("SELECT uid FROM attach WHERE hash = '%s' $sql_extra LIMIT 1",
|
|
|
|
|
dbesc($hash)
|
|
|
|
|
);
|
|
|
|
|
if(! $r) {
|
|
|
|
|
$ret['message'] = t('Item was not found.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(! perm_is_allowed($r[0]['uid'],get_observer_hash(),'view_storage')) {
|
|
|
|
|
$ret['message'] = t('Permission denied.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sql_extra = permissions_sql($r[0]['uid']);
|
|
|
|
|
|
|
|
|
|
// Now we'll see if we can access the attachment
|
|
|
|
|
|
2014-01-10 03:20:10 +00:00
|
|
|
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_extra limit 1",
|
2013-02-01 00:13:44 +00:00
|
|
|
intval($r[0]['uid']),
|
|
|
|
|
dbesc($hash)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if(! $r) {
|
2014-02-19 20:04:20 +00:00
|
|
|
$ret['message'] = t('Permission denied.');
|
2013-02-01 00:13:44 +00:00
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ret['success'] = true;
|
|
|
|
|
$ret['data'] = $r[0];
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
|
|
|
|
* @brief
|
|
|
|
|
*
|
|
|
|
|
* @param $channel channel array of owner
|
|
|
|
|
* @param $observer_hash hash of current observer
|
|
|
|
|
* @param $options (optional)
|
|
|
|
|
* @param $arr (optional)
|
|
|
|
|
*/
|
|
|
|
|
function attach_store($channel, $observer_hash, $options = '', $arr = null) {
|
2013-02-01 00:13:44 +00:00
|
|
|
|
|
|
|
|
$ret = array('success' => false);
|
|
|
|
|
$channel_id = $channel['channel_id'];
|
|
|
|
|
$sql_options = '';
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
if(! perm_is_allowed($channel_id,get_observer_hash(), 'write_storage')) {
|
2013-02-01 00:13:44 +00:00
|
|
|
$ret['message'] = t('Permission denied.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The 'update' option sets db values without uploading a new attachment
|
|
|
|
|
// 'replace' replaces the existing uploaded data
|
|
|
|
|
// 'revision' creates a new revision with new upload data
|
|
|
|
|
// Default is to upload a new file
|
|
|
|
|
|
|
|
|
|
// revise or update must provide $arr['hash'] of the thing to revise/update
|
|
|
|
|
|
|
|
|
|
if($options !== 'update') {
|
|
|
|
|
if(! x($_FILES,'userfile')) {
|
|
|
|
|
$ret['message'] = t('No source file.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$src = $_FILES['userfile']['tmp_name'];
|
|
|
|
|
$filename = basename($_FILES['userfile']['name']);
|
|
|
|
|
$filesize = intval($_FILES['userfile']['size']);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$existing_size = 0;
|
|
|
|
|
|
|
|
|
|
if($options === 'replace') {
|
|
|
|
|
$x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1",
|
|
|
|
|
intval($replace),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
if(! $x) {
|
|
|
|
|
$ret['message'] = t('Cannot locate file to replace');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
$existing_id = $x[0]['id'];
|
|
|
|
|
$existing_size = intval($x[0]['filesize']);
|
|
|
|
|
$hash = $x[0]['hash'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if($options === 'revise' || $options === 'update') {
|
|
|
|
|
$sql_options = " order by revision desc ";
|
|
|
|
|
if($options === 'update' && $arr && array_key_exists('revision',$arr))
|
|
|
|
|
$sql_options = " and revision = " . intval($arr['revision']) . " ";
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
$x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d $sql_options limit 1",
|
2013-02-01 00:13:44 +00:00
|
|
|
dbesc($arr['hash']),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
if(! $x) {
|
|
|
|
|
$ret['message'] = t('Cannot locate file to revise/update');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
$hash = $x[0]['hash'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check storage limits
|
|
|
|
|
if($options !== 'update') {
|
|
|
|
|
$maxfilesize = get_config('system','maxfilesize');
|
|
|
|
|
|
|
|
|
|
if(($maxfilesize) && ($filesize > $maxfilesize)) {
|
|
|
|
|
$ret['message'] = sprintf( t('File exceeds size limit of %d'), $maxfilesize);
|
|
|
|
|
@unlink($src);
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
$limit = service_class_fetch($channel_id, 'attach_upload_limit');
|
2014-01-11 20:58:00 +00:00
|
|
|
|
2013-02-01 00:13:44 +00:00
|
|
|
if($limit !== false) {
|
2014-01-07 22:10:28 +00:00
|
|
|
$r = q("select sum(filesize) as total from attach where aid = %d ",
|
|
|
|
|
intval($channel['channel_account_id'])
|
2013-02-01 00:13:44 +00:00
|
|
|
);
|
|
|
|
|
if(($r) && (($r[0]['total'] + $filesize) > ($limit - $existing_size))) {
|
2014-02-19 20:04:20 +00:00
|
|
|
$ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1$.0f Mbytes attachment storage."), $limit / 1024000);
|
2013-02-01 00:13:44 +00:00
|
|
|
@unlink($src);
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$mimetype = z_mime_content_type($filename);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(! isset($hash))
|
|
|
|
|
$hash = random_string();
|
2014-10-13 22:08:55 +00:00
|
|
|
|
2013-02-01 00:13:44 +00:00
|
|
|
$created = datetime_convert();
|
|
|
|
|
|
|
|
|
|
if($options === 'replace') {
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
$r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d",
|
2013-02-01 00:13:44 +00:00
|
|
|
dbesc($filename),
|
|
|
|
|
dbesc($mimetype),
|
|
|
|
|
intval($filesize),
|
2014-11-18 19:43:00 +00:00
|
|
|
dbescbin(@file_get_contents($src)),
|
2013-02-01 00:13:44 +00:00
|
|
|
dbesc($created),
|
|
|
|
|
intval($existing_id),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
elseif($options === 'revise') {
|
2014-01-10 03:20:10 +00:00
|
|
|
$r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
|
|
|
|
|
VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
|
2013-02-01 00:13:44 +00:00
|
|
|
intval($x[0]['aid']),
|
|
|
|
|
intval($channel_id),
|
|
|
|
|
dbesc($x[0]['hash']),
|
2014-01-10 03:20:10 +00:00
|
|
|
dbesc(get_observer_hash()),
|
2013-02-01 00:13:44 +00:00
|
|
|
dbesc($filename),
|
|
|
|
|
dbesc($mimetype),
|
|
|
|
|
intval($filesize),
|
|
|
|
|
intval($x[0]['revision'] + 1),
|
2014-11-18 19:43:00 +00:00
|
|
|
dbescbin(@file_get_contents($src)),
|
2013-02-01 00:13:44 +00:00
|
|
|
dbesc($created),
|
|
|
|
|
dbesc($created),
|
|
|
|
|
dbesc($x[0]['allow_cid']),
|
|
|
|
|
dbesc($x[0]['allow_gid']),
|
|
|
|
|
dbesc($x[0]['deny_cid']),
|
|
|
|
|
dbesc($x[0]['deny_gid'])
|
|
|
|
|
);
|
2014-10-13 22:08:55 +00:00
|
|
|
}
|
2013-02-01 00:13:44 +00:00
|
|
|
elseif($options === 'update') {
|
|
|
|
|
$r = q("update attach set filename = '%s', filetype = '%s', edited = '%s',
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d",
|
2013-02-01 00:13:44 +00:00
|
|
|
dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']),
|
|
|
|
|
dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']),
|
|
|
|
|
dbesc($created),
|
|
|
|
|
dbesc((array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : $x[0]['allow_cid']),
|
|
|
|
|
dbesc((array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : $x[0]['allow_gid']),
|
|
|
|
|
dbesc((array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : $x[0]['deny_cid']),
|
|
|
|
|
dbesc((array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : $x[0]['deny_gid']),
|
|
|
|
|
intval($x[0]['id']),
|
|
|
|
|
intval($x[0]['uid'])
|
|
|
|
|
);
|
2014-10-13 22:08:55 +00:00
|
|
|
}
|
2013-02-01 00:13:44 +00:00
|
|
|
else {
|
2014-01-10 03:20:10 +00:00
|
|
|
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )
|
|
|
|
|
VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
|
2013-02-01 00:13:44 +00:00
|
|
|
intval($channel['channel_account_id']),
|
|
|
|
|
intval($channel_id),
|
|
|
|
|
dbesc($hash),
|
2014-01-10 03:20:10 +00:00
|
|
|
dbesc(get_observer_hash()),
|
2013-02-01 00:13:44 +00:00
|
|
|
dbesc($filename),
|
|
|
|
|
dbesc($mimetype),
|
|
|
|
|
intval($filesize),
|
|
|
|
|
intval(0),
|
2014-11-18 19:43:00 +00:00
|
|
|
dbescbin(@file_get_contents($src)),
|
2013-02-01 00:13:44 +00:00
|
|
|
dbesc($created),
|
|
|
|
|
dbesc($created),
|
2013-02-01 07:56:46 +00:00
|
|
|
dbesc(($arr && array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : '<' . $channel['channel_hash'] . '>'),
|
|
|
|
|
dbesc(($arr && array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : ''),
|
|
|
|
|
dbesc(($arr && array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : ''),
|
|
|
|
|
dbesc(($arr && array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : '')
|
2013-02-01 00:13:44 +00:00
|
|
|
);
|
2014-10-13 22:08:55 +00:00
|
|
|
}
|
2013-02-01 00:13:44 +00:00
|
|
|
|
|
|
|
|
if($options !== 'update')
|
|
|
|
|
@unlink($src);
|
|
|
|
|
|
|
|
|
|
if(! $r) {
|
|
|
|
|
$ret['message'] = t('File upload failed. Possible system limit or action terminated.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Caution: This re-uses $sql_options set further above
|
|
|
|
|
|
2014-01-10 03:20:10 +00:00
|
|
|
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_options limit 1",
|
2013-02-01 00:13:44 +00:00
|
|
|
intval($channel_id),
|
|
|
|
|
dbesc($hash)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if(! $r) {
|
|
|
|
|
$ret['message'] = t('Stored file could not be verified. Upload failed.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ret['success'] = true;
|
|
|
|
|
$ret['data'] = $r[0];
|
2014-10-13 22:08:55 +00:00
|
|
|
|
2013-02-01 00:13:44 +00:00
|
|
|
return $ret;
|
2013-03-01 02:20:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Read a virtual directory and return contents, checking permissions of all parent components.
|
|
|
|
|
* @function z_readdir
|
|
|
|
|
* @param integer $channel_id
|
2014-02-19 20:04:20 +00:00
|
|
|
* @param string $observer_hash hash of current observer
|
2013-03-01 02:20:42 +00:00
|
|
|
* @param string $pathname
|
|
|
|
|
* @param string $parent_hash (optional)
|
|
|
|
|
*
|
|
|
|
|
* @returns array $ret
|
|
|
|
|
* $ret['success'] = boolean true or false
|
|
|
|
|
* $ret['message'] = error message if success is false
|
|
|
|
|
* $ret['data'] = array of attach DB entries without data component
|
|
|
|
|
*/
|
2014-02-19 20:04:20 +00:00
|
|
|
function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') {
|
2013-03-01 02:20:42 +00:00
|
|
|
$ret = array('success' => false);
|
2014-10-13 22:08:55 +00:00
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
if(! perm_is_allowed($r[0]['uid'], get_observer_hash(), 'view_storage')) {
|
2013-03-01 02:20:42 +00:00
|
|
|
$ret['message'] = t('Permission denied.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
if(strpos($pathname, '/')) {
|
|
|
|
|
$paths = explode('/', $pathname);
|
2013-03-01 02:20:42 +00:00
|
|
|
if(count($paths) > 1) {
|
|
|
|
|
$curpath = array_shift($paths);
|
|
|
|
|
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
$r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id) . " limit 1",
|
2013-03-01 02:20:42 +00:00
|
|
|
intval($channel_id),
|
|
|
|
|
dbesc($curpath),
|
|
|
|
|
intval(ATTACH_FLAG_DIR)
|
|
|
|
|
);
|
|
|
|
|
if(! $r) {
|
|
|
|
|
$ret['message'] = t('Path not available.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
return z_readdir($channel_id, $observer_hash, implode('/', $paths), $r[0]['hash']);
|
2013-03-01 02:20:42 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
$paths = array($pathname);
|
|
|
|
|
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id),
|
2013-03-01 02:20:42 +00:00
|
|
|
intval($channel_id),
|
|
|
|
|
dbesc($parent_hash),
|
|
|
|
|
dbesc($paths[0]),
|
|
|
|
|
intval(ATTACH_FLAG_DIR)
|
|
|
|
|
);
|
|
|
|
|
if(! $r) {
|
|
|
|
|
$ret['message'] = t('Path not available.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
$ret['success'] = true;
|
|
|
|
|
$ret['data'] = $r;
|
2014-10-13 22:08:55 +00:00
|
|
|
|
2013-03-01 02:20:42 +00:00
|
|
|
return $ret;
|
2013-11-04 04:55:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @function attach_mkdir($channel,$observer_hash,$arr);
|
2014-06-29 14:00:21 +00:00
|
|
|
*
|
2014-02-19 20:04:20 +00:00
|
|
|
* @brief Create directory.
|
2014-06-29 14:00:21 +00:00
|
|
|
*
|
2014-06-29 23:08:29 +00:00
|
|
|
* @param array $channel channel array of owner
|
|
|
|
|
* @param string $observer_hash hash of current observer
|
|
|
|
|
* @param array $arr parameter array to fulfil request
|
2013-11-04 04:55:58 +00:00
|
|
|
* Required:
|
|
|
|
|
* $arr['filename']
|
|
|
|
|
* $arr['folder'] // hash of parent directory, empty string for root directory
|
|
|
|
|
* Optional:
|
|
|
|
|
* $arr['hash'] // precumputed hash for this node
|
|
|
|
|
* $arr['allow_cid']
|
|
|
|
|
* $arr['allow_gid']
|
|
|
|
|
* $arr['deny_cid']
|
|
|
|
|
* $arr['deny_gid']
|
|
|
|
|
*/
|
2014-11-24 02:22:19 +00:00
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
function attach_mkdir($channel, $observer_hash, $arr = null) {
|
2013-11-04 04:55:58 +00:00
|
|
|
|
|
|
|
|
$ret = array('success' => false);
|
|
|
|
|
$channel_id = $channel['channel_id'];
|
|
|
|
|
$sql_options = '';
|
|
|
|
|
|
2013-11-05 03:08:34 +00:00
|
|
|
$basepath = 'store/' . $channel['channel_address'];
|
2014-01-06 00:00:05 +00:00
|
|
|
|
|
|
|
|
logger('attach_mkdir: basepath: ' . $basepath);
|
|
|
|
|
|
2013-11-05 03:08:34 +00:00
|
|
|
if(! is_dir($basepath))
|
2014-07-16 08:07:00 +00:00
|
|
|
os_mkdir($basepath,STORAGE_DEFAULT_PERMISSIONS, true);
|
2013-11-05 03:08:34 +00:00
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
if(! perm_is_allowed($channel_id, $observer_hash, 'write_storage')) {
|
2013-11-04 04:55:58 +00:00
|
|
|
$ret['message'] = t('Permission denied.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-05 03:08:34 +00:00
|
|
|
if(! $arr['filename']) {
|
|
|
|
|
$ret['message'] = t('Empty pathname');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
2013-11-04 04:55:58 +00:00
|
|
|
|
|
|
|
|
$arr['hash'] = (($arr['hash']) ? $arr['hash'] : random_string());
|
2013-11-05 03:08:34 +00:00
|
|
|
|
|
|
|
|
// Check for duplicate name.
|
|
|
|
|
// Check both the filename and the hash as we will be making use of both.
|
|
|
|
|
|
|
|
|
|
$r = q("select hash from attach where ( filename = '%s' or hash = '%s' ) and folder = '%s' and uid = %d limit 1",
|
|
|
|
|
dbesc($arr['filename']),
|
|
|
|
|
dbesc($arr['hash']),
|
|
|
|
|
dbesc($arr['folder']),
|
|
|
|
|
intval($channel['channel_id'])
|
|
|
|
|
);
|
|
|
|
|
if($r) {
|
|
|
|
|
$ret['message'] = t('duplicate filename or path');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if($arr['folder']) {
|
|
|
|
|
|
|
|
|
|
// Walk the directory tree from parent back to root to make sure the parent is valid and name is unique and we
|
|
|
|
|
// have permission to see this path. This implies the root directory itself is public since we won't have permissions
|
|
|
|
|
// set on the psuedo-directory. We can however set permissions for anything and everything contained within it.
|
|
|
|
|
|
|
|
|
|
$lpath = '';
|
|
|
|
|
$lfile = $arr['folder'];
|
2014-01-08 02:47:33 +00:00
|
|
|
$sql_options = permissions_sql($channel['channel_id']);
|
2013-11-05 03:08:34 +00:00
|
|
|
|
|
|
|
|
do {
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
$r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
|
2013-11-05 03:08:34 +00:00
|
|
|
$sql_options limit 1",
|
|
|
|
|
intval($channel['channel_id']),
|
|
|
|
|
dbesc($lfile),
|
|
|
|
|
intval(ATTACH_FLAG_DIR)
|
|
|
|
|
);
|
2014-01-08 02:47:33 +00:00
|
|
|
|
2013-11-05 03:08:34 +00:00
|
|
|
if(! $r) {
|
2014-01-08 02:47:33 +00:00
|
|
|
logger('attach_mkdir: hash ' . $lfile . ' not found in ' . $lpath);
|
2013-11-05 03:08:34 +00:00
|
|
|
$ret['message'] = t('Path not found.');
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
if($lfile)
|
|
|
|
|
$lpath = $r[0]['hash'] . '/' . $lpath;
|
|
|
|
|
$lfile = $r[0]['folder'];
|
|
|
|
|
} while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ;
|
|
|
|
|
$path = $basepath . '/' . $lpath;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
$path = $basepath . '/';
|
|
|
|
|
|
|
|
|
|
$path .= $arr['hash'];
|
|
|
|
|
|
2014-06-29 14:00:21 +00:00
|
|
|
$created = datetime_convert();
|
2013-11-04 04:55:58 +00:00
|
|
|
|
2014-01-10 03:20:10 +00:00
|
|
|
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
|
2014-01-10 08:47:40 +00:00
|
|
|
VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
|
2013-11-04 04:55:58 +00:00
|
|
|
intval($channel['channel_account_id']),
|
|
|
|
|
intval($channel_id),
|
|
|
|
|
dbesc($arr['hash']),
|
2014-01-10 03:20:10 +00:00
|
|
|
dbesc(get_observer_hash()),
|
2013-11-04 04:55:58 +00:00
|
|
|
dbesc($arr['filename']),
|
|
|
|
|
dbesc('multipart/mixed'),
|
|
|
|
|
intval(0),
|
|
|
|
|
intval(0),
|
|
|
|
|
dbesc($arr['folder']),
|
2014-01-08 02:47:33 +00:00
|
|
|
intval(ATTACH_FLAG_DIR|ATTACH_FLAG_OS),
|
|
|
|
|
dbesc($path),
|
2013-11-04 04:55:58 +00:00
|
|
|
dbesc($created),
|
|
|
|
|
dbesc($created),
|
2014-01-06 00:00:05 +00:00
|
|
|
dbesc(($arr && array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : $channel['channel_allow_cid']),
|
|
|
|
|
dbesc(($arr && array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : $channel['channel_allow_gid']),
|
|
|
|
|
dbesc(($arr && array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : $channel['channel_deny_cid']),
|
|
|
|
|
dbesc(($arr && array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : $channel['channel_deny_gid'])
|
2013-11-04 04:55:58 +00:00
|
|
|
);
|
|
|
|
|
|
2013-11-05 03:08:34 +00:00
|
|
|
if($r) {
|
2014-07-16 08:07:00 +00:00
|
|
|
if(os_mkdir($path, STORAGE_DEFAULT_PERMISSIONS, true)) {
|
2013-11-05 03:08:34 +00:00
|
|
|
$ret['success'] = true;
|
|
|
|
|
$ret['data'] = $arr;
|
2014-06-29 15:49:46 +00:00
|
|
|
|
|
|
|
|
// update the parent folder's lastmodified timestamp
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
|
2014-06-29 15:49:46 +00:00
|
|
|
dbesc($created),
|
|
|
|
|
dbesc($arr['folder']),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
2013-11-05 03:08:34 +00:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
logger('attach_mkdir: ' . mkdir . ' ' . $path . 'failed.');
|
|
|
|
|
$ret['message'] = t('mkdir failed.');
|
|
|
|
|
}
|
2013-11-04 04:55:58 +00:00
|
|
|
}
|
2014-06-29 15:49:46 +00:00
|
|
|
else {
|
2013-11-05 03:08:34 +00:00
|
|
|
$ret['message'] = t('database storage failed.');
|
2014-06-29 15:49:46 +00:00
|
|
|
}
|
2013-11-04 04:55:58 +00:00
|
|
|
|
|
|
|
|
return $ret;
|
2014-01-06 22:57:51 +00:00
|
|
|
}
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Changes permissions of a file.
|
|
|
|
|
*
|
|
|
|
|
* @param $channel_id
|
|
|
|
|
* @param $resource
|
|
|
|
|
* @param $allow_cid
|
|
|
|
|
* @param $allow_gid
|
|
|
|
|
* @param $deny_cid
|
|
|
|
|
* @param $deny_gid
|
|
|
|
|
* @param $recurse
|
|
|
|
|
*/
|
|
|
|
|
function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $recurse = false) {
|
2014-01-06 22:57:51 +00:00
|
|
|
|
|
|
|
|
$r = q("select hash, flags from attach where hash = '%s' and uid = %d limit 1",
|
|
|
|
|
dbesc($resource),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if(! $r)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if($r[0]['flags'] & ATTACH_FLAG_DIR) {
|
|
|
|
|
if($recurse) {
|
|
|
|
|
$r = q("select hash, flags from attach where folder = '%s' and uid = %d",
|
|
|
|
|
dbesc($resource),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
if($r) {
|
|
|
|
|
foreach($r as $rr) {
|
2014-12-30 12:56:27 +00:00
|
|
|
attach_change_permissions($channel_id, $rr['hash'], $allow_cid, $allow_gid, $deny_cid, $deny_gid, $recurse);
|
2014-01-06 22:57:51 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d",
|
2014-01-06 22:57:51 +00:00
|
|
|
dbesc($allow_cid),
|
|
|
|
|
dbesc($allow_gid),
|
|
|
|
|
dbesc($deny_cid),
|
|
|
|
|
dbesc($deny_gid),
|
|
|
|
|
dbesc($resource),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
}
|
2014-06-29 15:49:46 +00:00
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
2014-10-13 22:08:55 +00:00
|
|
|
* @brief Delete a file/directory from a channel.
|
|
|
|
|
*
|
|
|
|
|
* If the provided resource hash is from a directory it will delete everything
|
|
|
|
|
* recursively under this directory.
|
|
|
|
|
*
|
2014-06-29 15:49:46 +00:00
|
|
|
* @param int $channel_id
|
2014-10-13 22:08:55 +00:00
|
|
|
* The id of the channel
|
|
|
|
|
* @param string $resource
|
|
|
|
|
* The hash to delete
|
|
|
|
|
* @return void
|
2014-02-19 20:04:20 +00:00
|
|
|
*/
|
|
|
|
|
function attach_delete($channel_id, $resource) {
|
2014-01-08 02:47:33 +00:00
|
|
|
|
2014-06-29 15:49:46 +00:00
|
|
|
$c = q("SELECT channel_address FROM channel WHERE channel_id = %d LIMIT 1",
|
2014-01-09 02:06:52 +00:00
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$channel_address = (($c) ? $c[0]['channel_address'] : 'notfound');
|
|
|
|
|
|
2015-01-22 01:34:38 +00:00
|
|
|
$r = q("SELECT hash, flags, folder FROM attach WHERE hash = '%s' AND uid = %d limit 1",
|
2014-01-08 02:47:33 +00:00
|
|
|
dbesc($resource),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if(! $r)
|
|
|
|
|
return;
|
|
|
|
|
|
2015-01-23 13:50:39 +00:00
|
|
|
$cloudpath = get_parent_cloudpath($channel_id, $channel_address, $resource);
|
|
|
|
|
$object = get_file_activity_object($channel_id, $resource, $cloudpath);
|
|
|
|
|
|
2014-06-29 15:49:46 +00:00
|
|
|
// If resource is a directory delete everything in the directory recursive
|
2014-01-08 02:47:33 +00:00
|
|
|
if($r[0]['flags'] & ATTACH_FLAG_DIR) {
|
2014-10-13 22:08:55 +00:00
|
|
|
$x = q("SELECT hash, flags FROM attach WHERE folder = '%s' AND uid = %d",
|
2014-01-08 02:47:33 +00:00
|
|
|
dbesc($resource),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
if($x) {
|
|
|
|
|
foreach($x as $xx) {
|
2014-02-19 20:04:20 +00:00
|
|
|
attach_delete($channel_id, $xx['hash']);
|
2014-01-08 02:47:33 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-06-29 15:49:46 +00:00
|
|
|
|
|
|
|
|
// delete a file from filesystem
|
2014-01-08 02:47:33 +00:00
|
|
|
if($r[0]['flags'] & ATTACH_FLAG_OS) {
|
2014-06-29 15:49:46 +00:00
|
|
|
$y = q("SELECT data FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1",
|
2014-01-08 02:47:33 +00:00
|
|
|
dbesc($resource),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if($y) {
|
2014-01-09 02:06:52 +00:00
|
|
|
$f = 'store/' . $channel_address . '/' . $y[0]['data'];
|
|
|
|
|
if(is_dir($f))
|
|
|
|
|
@rmdir($f);
|
|
|
|
|
elseif(file_exists($f))
|
|
|
|
|
unlink($f);
|
2014-01-08 02:47:33 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-29 15:49:46 +00:00
|
|
|
// delete from database
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
$z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d",
|
2014-01-08 02:47:33 +00:00
|
|
|
dbesc($resource),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
|
|
|
|
|
2014-06-29 15:49:46 +00:00
|
|
|
// update the parent folder's lastmodified timestamp
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
|
2014-06-29 15:49:46 +00:00
|
|
|
dbesc(datetime_convert()),
|
|
|
|
|
dbesc($r[0]['folder']),
|
|
|
|
|
intval($channel_id)
|
|
|
|
|
);
|
2015-01-18 13:44:58 +00:00
|
|
|
|
2015-03-20 16:37:01 +00:00
|
|
|
file_activity($channel_id, $object, $object['allow_cid'], $object['allow_gid'], $object['deny_cid'], $object['deny_gid'], 'update', $no_activity=false);
|
2015-01-23 13:50:39 +00:00
|
|
|
|
2014-01-08 02:47:33 +00:00
|
|
|
}
|
2014-06-29 15:49:46 +00:00
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Returns path to file in cloud/.
|
2015-01-19 22:31:45 +00:00
|
|
|
* This function cannot be used with mod/dav as it always returns a path valid under mod/cloud
|
2014-02-19 20:04:20 +00:00
|
|
|
*
|
2014-10-13 22:08:55 +00:00
|
|
|
* @param array
|
|
|
|
|
* $arr[uid] int the channels uid
|
|
|
|
|
* $arr[folder] string
|
|
|
|
|
* $arr[filename]] string
|
|
|
|
|
* @return string
|
|
|
|
|
* path to the file in cloud/
|
2014-02-19 20:04:20 +00:00
|
|
|
*/
|
2014-01-10 05:01:53 +00:00
|
|
|
function get_cloudpath($arr) {
|
2015-01-19 22:31:45 +00:00
|
|
|
$basepath = 'cloud/';
|
2014-10-13 22:08:55 +00:00
|
|
|
|
2014-01-10 05:01:53 +00:00
|
|
|
if($arr['uid']) {
|
|
|
|
|
$r = q("select channel_address from channel where channel_id = %d limit 1",
|
|
|
|
|
intval($arr['uid'])
|
|
|
|
|
);
|
|
|
|
|
if($r)
|
|
|
|
|
$basepath .= $r[0]['channel_address'] . '/';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$path = $basepath;
|
|
|
|
|
|
|
|
|
|
if($arr['folder']) {
|
|
|
|
|
$lpath = '';
|
|
|
|
|
$lfile = $arr['folder'];
|
|
|
|
|
|
|
|
|
|
do {
|
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
|
|
|
$r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
|
2014-01-10 05:01:53 +00:00
|
|
|
limit 1",
|
|
|
|
|
intval($arr['uid']),
|
|
|
|
|
dbesc($lfile),
|
|
|
|
|
intval(ATTACH_FLAG_DIR)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if(! $r)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
if($lfile)
|
|
|
|
|
$lpath = $r[0]['filename'] . '/' . $lpath;
|
|
|
|
|
$lfile = $r[0]['folder'];
|
|
|
|
|
|
2014-10-13 22:08:55 +00:00
|
|
|
} while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR));
|
2014-01-10 05:01:53 +00:00
|
|
|
|
2014-10-13 22:08:55 +00:00
|
|
|
$path .= $lpath;
|
2014-01-10 05:01:53 +00:00
|
|
|
}
|
|
|
|
|
$path .= $arr['filename'];
|
2014-10-13 22:08:55 +00:00
|
|
|
|
2014-01-10 05:01:53 +00:00
|
|
|
return $path;
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-24 10:13:54 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Returns path to parent folder in cloud/.
|
2015-01-19 22:31:45 +00:00
|
|
|
* This function cannot be used with mod/dav as it always returns a path valid under mod/cloud
|
2014-10-13 22:08:55 +00:00
|
|
|
*
|
|
|
|
|
* @param int $channel_id
|
|
|
|
|
* The id of the channel
|
|
|
|
|
* @param string $channel_name
|
|
|
|
|
* The name of the channel
|
|
|
|
|
* @param string $attachHash
|
|
|
|
|
* @return string with the full folder path
|
2014-06-24 10:13:54 +00:00
|
|
|
*/
|
2014-06-24 10:05:11 +00:00
|
|
|
function get_parent_cloudpath($channel_id, $channel_name, $attachHash) {
|
2014-10-13 22:08:55 +00:00
|
|
|
// build directory tree
|
2014-06-24 10:05:11 +00:00
|
|
|
$parentHash = $attachHash;
|
|
|
|
|
do {
|
2014-06-24 10:13:54 +00:00
|
|
|
$parentHash = find_folder_hash_by_attach_hash($channel_id, $parentHash);
|
2014-06-24 10:05:11 +00:00
|
|
|
if ($parentHash) {
|
2014-06-24 10:13:54 +00:00
|
|
|
$parentName = find_filename_by_hash($channel_id, $parentHash);
|
2014-10-13 22:08:55 +00:00
|
|
|
$parentFullPath = $parentName . '/' . $parentFullPath;
|
2014-06-24 10:05:11 +00:00
|
|
|
}
|
|
|
|
|
} while ($parentHash);
|
2015-01-19 22:31:45 +00:00
|
|
|
$parentFullPath = z_root() . '/cloud/' . $channel_name . '/' . $parentFullPath;
|
2014-10-13 22:08:55 +00:00
|
|
|
|
2014-06-24 10:13:54 +00:00
|
|
|
return $parentFullPath;
|
2014-06-24 10:05:11 +00:00
|
|
|
}
|
2014-10-13 22:08:55 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Return the hash of an attachment's folder.
|
|
|
|
|
*
|
|
|
|
|
* @param int $channel_id
|
|
|
|
|
* The id of the channel
|
|
|
|
|
* @param string $attachHash
|
|
|
|
|
* The hash of the attachment
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
2014-06-24 10:13:54 +00:00
|
|
|
function find_folder_hash_by_attach_hash($channel_id, $attachHash) {
|
2014-10-13 22:08:55 +00:00
|
|
|
$r = q("SELECT folder FROM attach WHERE uid = %d AND hash = '%s' LIMIT 1",
|
|
|
|
|
intval($channel_id),
|
|
|
|
|
dbesc($attachHash)
|
2014-06-24 10:05:11 +00:00
|
|
|
);
|
2014-10-13 22:08:55 +00:00
|
|
|
$hash = '';
|
|
|
|
|
if ($r) {
|
|
|
|
|
$hash = $r[0]['folder'];
|
2014-06-24 10:05:11 +00:00
|
|
|
}
|
2014-10-13 22:08:55 +00:00
|
|
|
return $hash;
|
2014-06-24 10:05:11 +00:00
|
|
|
}
|
2014-10-13 22:08:55 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Returns the filename of an attachment in a given channel.
|
|
|
|
|
*
|
|
|
|
|
* @param mixed $channel_id
|
|
|
|
|
* The id of the channel
|
|
|
|
|
* @param mixed $attachHash
|
|
|
|
|
* The hash of the attachment
|
|
|
|
|
* @return string
|
|
|
|
|
* The filename of the attachment
|
|
|
|
|
*/
|
2014-06-24 10:13:54 +00:00
|
|
|
function find_filename_by_hash($channel_id, $attachHash) {
|
2014-10-13 22:08:55 +00:00
|
|
|
$r = q("SELECT filename FROM attach WHERE uid = %d AND hash = '%s' LIMIT 1",
|
|
|
|
|
intval($channel_id),
|
|
|
|
|
dbesc($attachHash)
|
2014-06-24 10:05:11 +00:00
|
|
|
);
|
2014-10-13 22:08:55 +00:00
|
|
|
$filename = '';
|
|
|
|
|
if ($r) {
|
|
|
|
|
$filename = $r[0]['filename'];
|
2014-06-24 10:05:11 +00:00
|
|
|
}
|
2014-10-13 22:08:55 +00:00
|
|
|
return $filename;
|
2014-06-24 10:05:11 +00:00
|
|
|
}
|
|
|
|
|
|
2014-02-19 20:04:20 +00:00
|
|
|
/**
|
|
|
|
|
*
|
|
|
|
|
* @param $in
|
|
|
|
|
* @param $out
|
|
|
|
|
*/
|
2014-01-07 02:13:02 +00:00
|
|
|
function pipe_streams($in, $out) {
|
|
|
|
|
$size = 0;
|
2014-02-19 20:04:20 +00:00
|
|
|
while (!feof($in))
|
2014-10-13 22:08:55 +00:00
|
|
|
$size += fwrite($out, fread($in, 8192));
|
2014-01-07 02:13:02 +00:00
|
|
|
return $size;
|
2014-02-19 20:04:20 +00:00
|
|
|
}
|
2015-01-18 13:44:58 +00:00
|
|
|
|
2015-01-23 13:50:39 +00:00
|
|
|
function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $verb, $no_activity) {
|
2015-01-18 13:44:58 +00:00
|
|
|
|
2015-02-04 21:55:22 +00:00
|
|
|
require_once('include/items.php');
|
|
|
|
|
|
|
|
|
|
$poster = get_app()->get_observer();
|
|
|
|
|
|
2015-02-02 14:18:44 +00:00
|
|
|
//if we got no object something went wrong
|
|
|
|
|
if(!$object)
|
|
|
|
|
return;
|
|
|
|
|
|
2015-03-20 16:37:01 +00:00
|
|
|
//turn strings into arrays
|
2015-02-18 09:41:38 +00:00
|
|
|
$arr_allow_cid = expand_acl($allow_cid);
|
2015-03-20 16:37:01 +00:00
|
|
|
$arr_allow_gid = expand_acl($allow_gid);
|
|
|
|
|
$arr_deny_cid = expand_acl($deny_cid);
|
|
|
|
|
$arr_deny_gid = expand_acl($deny_gid);
|
|
|
|
|
|
|
|
|
|
//filter out receivers which do not have permission to view filestorage
|
2015-02-18 09:41:38 +00:00
|
|
|
$arr_allow_cid = check_list_permissions($channel_id, $arr_allow_cid, 'view_storage');
|
|
|
|
|
|
2015-02-02 14:18:44 +00:00
|
|
|
$is_dir = (($object['flags'] & ATTACH_FLAG_DIR) ? true : false);
|
|
|
|
|
|
|
|
|
|
//do not send activity for folders for now
|
|
|
|
|
if($is_dir)
|
|
|
|
|
return;
|
2015-02-04 21:55:22 +00:00
|
|
|
|
2015-02-02 14:18:44 +00:00
|
|
|
//check for recursive perms if we are in a folder
|
|
|
|
|
if($object['folder']) {
|
|
|
|
|
|
|
|
|
|
$folder_hash = $object['folder'];
|
|
|
|
|
|
2015-03-20 16:37:01 +00:00
|
|
|
$r_perms = recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash);
|
2015-02-05 20:16:21 +00:00
|
|
|
|
2015-03-20 16:37:01 +00:00
|
|
|
//split up returned perms
|
|
|
|
|
$arr_allow_cid = $r_perms['allow_cid'];
|
|
|
|
|
$arr_allow_gid = $r_perms['allow_gid'];
|
|
|
|
|
$arr_deny_cid = $r_perms['deny_cid'];
|
|
|
|
|
$arr_deny_gid = $r_perms['deny_gid'];
|
2015-02-18 09:41:38 +00:00
|
|
|
|
2015-03-20 16:37:01 +00:00
|
|
|
//filter out receivers which do not have permission to view filestorage
|
|
|
|
|
$arr_allow_cid = check_list_permissions($channel_id, $arr_allow_cid, 'view_storage');
|
2015-02-02 14:18:44 +00:00
|
|
|
|
2015-02-02 16:45:30 +00:00
|
|
|
}
|
2015-01-18 13:44:58 +00:00
|
|
|
|
|
|
|
|
$mid = item_message_id();
|
|
|
|
|
|
2015-01-22 01:34:38 +00:00
|
|
|
$objtype = ACTIVITY_OBJ_FILE;
|
|
|
|
|
|
2015-02-13 01:45:25 +00:00
|
|
|
$item_flags = ITEM_WALL|ITEM_ORIGIN;
|
2015-01-22 01:34:38 +00:00
|
|
|
|
2015-03-20 16:37:01 +00:00
|
|
|
$private = (($arr_allow_cid[0] || $arr_allow_gid[0] || $arr_deny_cid[0] || $arr_deny_gid[0]) ? 1 : 0);
|
2015-01-24 00:13:02 +00:00
|
|
|
|
2015-01-23 13:50:39 +00:00
|
|
|
$jsonobject = json_encode($object);
|
2015-01-22 01:34:38 +00:00
|
|
|
|
2015-01-24 00:13:02 +00:00
|
|
|
//check if item for this object exists
|
2015-01-24 13:35:21 +00:00
|
|
|
$y = q("SELECT * FROM item WHERE verb = '%s' AND obj_type = '%s' AND resource_id = '%s' AND uid = %d LIMIT 1",
|
2015-01-24 00:13:02 +00:00
|
|
|
dbesc(ACTIVITY_POST),
|
|
|
|
|
dbesc($objtype),
|
2015-01-24 13:35:21 +00:00
|
|
|
dbesc($object['hash']),
|
2015-01-29 04:56:04 +00:00
|
|
|
intval(local_channel())
|
2015-01-24 00:13:02 +00:00
|
|
|
);
|
2015-01-22 01:34:38 +00:00
|
|
|
|
2015-01-24 00:13:02 +00:00
|
|
|
if($y) {
|
|
|
|
|
$update = true;
|
|
|
|
|
$object['d_mid'] = $y[0]['mid']; //attach mid of the old object
|
|
|
|
|
$u_jsonobject = json_encode($object);
|
2015-01-24 11:22:04 +00:00
|
|
|
|
|
|
|
|
//we have got the relevant info - delete the old item before we create the new one
|
|
|
|
|
$z = q("DELETE FROM item WHERE obj_type = '%s' AND verb = '%s' AND mid = '%s'",
|
|
|
|
|
dbesc(ACTIVITY_OBJ_FILE),
|
|
|
|
|
dbesc(ACTIVITY_POST),
|
|
|
|
|
dbesc($y[0]['mid'])
|
|
|
|
|
);
|
|
|
|
|
|
2015-01-24 00:13:02 +00:00
|
|
|
}
|
2015-01-18 13:44:58 +00:00
|
|
|
|
2015-01-24 00:13:02 +00:00
|
|
|
if($update && $verb == 'post' ) {
|
|
|
|
|
//send update activity and create a new one
|
|
|
|
|
|
2015-03-20 16:37:01 +00:00
|
|
|
//updates should be sent to everybody with recursive perms and all eventual former allowed members ($object['allow_cid'] etc.).
|
2015-03-20 16:46:13 +00:00
|
|
|
$u_arr_allow_cid = array_unique(array_merge($arr_allow_cid, expand_acl($object['allow_cid'])));
|
|
|
|
|
$u_arr_allow_gid = array_unique(array_merge($arr_allow_gid, expand_acl($object['allow_gid'])));
|
|
|
|
|
$u_arr_deny_cid = array_unique(array_merge($arr_deny_cid, expand_acl($object['deny_cid'])));
|
|
|
|
|
$u_arr_deny_gid = array_unique(array_merge($arr_deny_gid, expand_acl($object['deny_gid'])));
|
2015-03-20 16:37:01 +00:00
|
|
|
|
2015-01-24 00:13:02 +00:00
|
|
|
$u_mid = item_message_id();
|
|
|
|
|
|
|
|
|
|
$arr = array();
|
|
|
|
|
|
|
|
|
|
$arr['aid'] = get_account_id();
|
|
|
|
|
$arr['uid'] = $channel_id;
|
|
|
|
|
$arr['mid'] = $u_mid;
|
|
|
|
|
$arr['parent_mid'] = $u_mid;
|
|
|
|
|
$arr['item_flags'] = $item_flags;
|
2015-02-13 01:45:25 +00:00
|
|
|
$arr['item_unseen'] = 1;
|
2015-01-24 00:13:02 +00:00
|
|
|
$arr['author_xchan'] = $poster['xchan_hash'];
|
|
|
|
|
$arr['owner_xchan'] = $poster['xchan_hash'];
|
|
|
|
|
$arr['title'] = '';
|
2015-03-20 16:46:13 +00:00
|
|
|
$arr['allow_cid'] = perms2str($u_arr_allow_cid);
|
|
|
|
|
$arr['allow_gid'] = perms2str($u_arr_allow_gid);
|
|
|
|
|
$arr['deny_cid'] = perms2str($u_arr_deny_cid);
|
|
|
|
|
$arr['deny_gid'] = perms2str($u_arr_deny_gid);
|
2015-01-24 00:13:02 +00:00
|
|
|
$arr['item_restrict'] = ITEM_HIDDEN;
|
|
|
|
|
$arr['item_private'] = 0;
|
|
|
|
|
$arr['verb'] = ACTIVITY_UPDATE;
|
|
|
|
|
$arr['obj_type'] = $objtype;
|
|
|
|
|
$arr['object'] = $u_jsonobject;
|
2015-01-24 13:35:21 +00:00
|
|
|
$arr['resource_id'] = $object['hash'];
|
|
|
|
|
$arr['resource_type'] = 'attach';
|
2015-01-24 00:13:02 +00:00
|
|
|
$arr['body'] = '';
|
|
|
|
|
|
|
|
|
|
$post = item_store($arr);
|
|
|
|
|
$item_id = $post['item_id'];
|
|
|
|
|
if($item_id) {
|
|
|
|
|
proc_run('php',"include/notifier.php","activity",$item_id);
|
|
|
|
|
}
|
2015-01-18 13:44:58 +00:00
|
|
|
|
2015-01-24 00:13:02 +00:00
|
|
|
call_hooks('post_local_end', $arr);
|
2015-01-22 01:34:38 +00:00
|
|
|
|
2015-01-24 00:13:02 +00:00
|
|
|
$update = false;
|
2015-01-18 13:44:58 +00:00
|
|
|
|
2015-01-24 00:15:54 +00:00
|
|
|
//notice( t('File activity updated') . EOL);
|
2015-01-18 13:44:58 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if($no_activity) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arr = array();
|
|
|
|
|
|
|
|
|
|
$arr['aid'] = get_account_id();
|
|
|
|
|
$arr['uid'] = $channel_id;
|
|
|
|
|
$arr['mid'] = $mid;
|
|
|
|
|
$arr['parent_mid'] = $mid;
|
|
|
|
|
$arr['item_flags'] = $item_flags;
|
2015-02-13 09:01:26 +00:00
|
|
|
$arr['item_unseen'] = 1;
|
2015-01-18 13:44:58 +00:00
|
|
|
$arr['author_xchan'] = $poster['xchan_hash'];
|
|
|
|
|
$arr['owner_xchan'] = $poster['xchan_hash'];
|
|
|
|
|
$arr['title'] = '';
|
2015-03-20 16:37:01 +00:00
|
|
|
$arr['allow_cid'] = perms2str($arr_allow_cid);
|
|
|
|
|
$arr['allow_gid'] = perms2str($arr_allow_gid);
|
|
|
|
|
$arr['deny_cid'] = perms2str($arr_deny_cid);
|
|
|
|
|
$arr['deny_gid'] = perms2str($arr_deny_gid);
|
2015-01-18 13:44:58 +00:00
|
|
|
$arr['item_restrict'] = ITEM_HIDDEN;
|
2015-01-22 01:34:38 +00:00
|
|
|
$arr['item_private'] = $private;
|
2015-01-24 00:13:02 +00:00
|
|
|
$arr['verb'] = (($update) ? ACTIVITY_UPDATE : ACTIVITY_POST);
|
2015-01-22 01:34:38 +00:00
|
|
|
$arr['obj_type'] = $objtype;
|
2015-01-24 13:35:21 +00:00
|
|
|
$arr['resource_id'] = $object['hash'];
|
|
|
|
|
$arr['resource_type'] = 'attach';
|
2015-01-24 00:13:02 +00:00
|
|
|
$arr['object'] = (($update) ? $u_jsonobject : $jsonobject);
|
2015-01-22 01:34:38 +00:00
|
|
|
$arr['body'] = '';
|
2015-01-18 13:44:58 +00:00
|
|
|
|
|
|
|
|
$post = item_store($arr);
|
|
|
|
|
$item_id = $post['item_id'];
|
|
|
|
|
|
|
|
|
|
if($item_id) {
|
|
|
|
|
proc_run('php',"include/notifier.php","activity",$item_id);
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-22 01:34:38 +00:00
|
|
|
call_hooks('post_local_end', $arr);
|
2015-01-18 13:44:58 +00:00
|
|
|
|
2015-01-24 00:15:54 +00:00
|
|
|
//(($verb === 'post') ? notice( t('File activity posted') . EOL) : notice( t('File activity dropped') . EOL));
|
2015-01-18 13:44:58 +00:00
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
}
|
2015-01-23 13:50:39 +00:00
|
|
|
|
|
|
|
|
function get_file_activity_object($channel_id, $hash, $cloudpath) {
|
|
|
|
|
|
2015-03-20 16:37:01 +00:00
|
|
|
$x = q("SELECT creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid FROM attach WHERE uid = %d AND hash = '%s' LIMIT 1",
|
2015-01-23 13:50:39 +00:00
|
|
|
intval($channel_id),
|
|
|
|
|
dbesc($hash)
|
|
|
|
|
);
|
|
|
|
|
|
2015-01-23 14:03:19 +00:00
|
|
|
$url = rawurlencode($cloudpath . $x[0]['filename']);
|
2015-01-23 13:50:39 +00:00
|
|
|
|
|
|
|
|
$links = array();
|
|
|
|
|
$links[] = array(
|
2015-01-23 14:03:19 +00:00
|
|
|
'rel' => 'alternate',
|
2015-01-23 13:50:39 +00:00
|
|
|
'type' => 'text/html',
|
|
|
|
|
'href' => $url
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$object = array(
|
|
|
|
|
'type' => ACTIVITY_OBJ_FILE,
|
2015-01-23 14:06:30 +00:00
|
|
|
'title' => $x[0]['filename'],
|
2015-01-23 13:50:39 +00:00
|
|
|
'id' => $url,
|
|
|
|
|
'link' => $links,
|
|
|
|
|
|
|
|
|
|
'hash' => $hash,
|
2015-01-23 14:03:19 +00:00
|
|
|
'creator' => $x[0]['creator'],
|
|
|
|
|
'filename' => $x[0]['filename'],
|
|
|
|
|
'filetype' => $x[0]['filetype'],
|
|
|
|
|
'filesize' => $x[0]['filesize'],
|
|
|
|
|
'revision' => $x[0]['revision'],
|
|
|
|
|
'folder' => $x[0]['folder'],
|
|
|
|
|
'flags' => $x[0]['flags'],
|
|
|
|
|
'created' => $x[0]['created'],
|
2015-03-20 16:37:01 +00:00
|
|
|
'edited' => $x[0]['edited'],
|
|
|
|
|
'allow_cid' => $x[0]['allow_cid'],
|
|
|
|
|
'allow_gid' => $x[0]['allow_gid'],
|
|
|
|
|
'deny_cid' => $x[0]['deny_cid'],
|
|
|
|
|
'deny_gid' => $x[0]['deny_gid']
|
2015-01-23 13:50:39 +00:00
|
|
|
);
|
|
|
|
|
return $object;
|
|
|
|
|
|
|
|
|
|
}
|
2015-02-02 14:18:44 +00:00
|
|
|
|
2015-03-20 16:37:01 +00:00
|
|
|
function recursive_activity_recipients($arr_allow_cid, $arr_llow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash) {
|
2015-02-05 20:16:21 +00:00
|
|
|
|
|
|
|
|
$poster = get_app()->get_observer();
|
2015-02-02 14:18:44 +00:00
|
|
|
|
2015-02-18 09:41:38 +00:00
|
|
|
//turn allow_gid into allow_cid's
|
|
|
|
|
foreach($arr_allow_gid as $gid) {
|
|
|
|
|
$in_group = in_group($gid);
|
|
|
|
|
$arr_allow_cid = array_unique(array_merge($arr_allow_cid, $in_group));
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-04 21:55:22 +00:00
|
|
|
$count = 0;
|
2015-02-02 14:18:44 +00:00
|
|
|
while($folder_hash) {
|
2015-02-04 21:55:22 +00:00
|
|
|
$x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, folder FROM attach WHERE hash = '%s' LIMIT 1",
|
2015-02-02 14:18:44 +00:00
|
|
|
dbesc($folder_hash)
|
|
|
|
|
);
|
|
|
|
|
|
2015-02-04 21:55:22 +00:00
|
|
|
//only process private folders
|
|
|
|
|
if($x[0]['allow_cid'] || $x[0]['allow_gid'] || $x[0]['deny_cid'] || $x[0]['deny_gid']) {
|
|
|
|
|
|
|
|
|
|
$parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']);
|
|
|
|
|
$parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']);
|
2015-02-05 20:16:21 +00:00
|
|
|
|
|
|
|
|
//TODO: should find a much better solution for the allow_cid <-> allow_gid problem.
|
|
|
|
|
//Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid.
|
|
|
|
|
if($parent_arr['allow_gid']) {
|
|
|
|
|
foreach($parent_arr['allow_gid'][$count] as $gid) {
|
|
|
|
|
$in_group = in_group($gid);
|
|
|
|
|
$parent_arr['allow_cid'][$count] = array_unique(array_merge($parent_arr['allow_cid'][$count], $in_group));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-04 21:55:22 +00:00
|
|
|
$parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']);
|
|
|
|
|
$parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']);
|
|
|
|
|
|
|
|
|
|
$count++;
|
|
|
|
|
|
|
|
|
|
}
|
2015-02-02 14:18:44 +00:00
|
|
|
|
|
|
|
|
$folder_hash = $x[0]['folder'];
|
2015-02-04 21:55:22 +00:00
|
|
|
|
2015-02-02 14:18:44 +00:00
|
|
|
}
|
|
|
|
|
|
2015-02-05 20:16:21 +00:00
|
|
|
//if none of the parent folders is private just return file perms
|
|
|
|
|
if(!$parent_arr['allow_cid'] && !$parent_arr['allow_gid'] && !$parent_arr['deny_cid'] && !$parent_arr['deny_gid']) {
|
|
|
|
|
$ret['allow_gid'] = $arr_allow_gid;
|
|
|
|
|
$ret['allow_cid'] = $arr_allow_cid;
|
|
|
|
|
$ret['deny_gid'] = $arr_deny_gid;
|
|
|
|
|
$ret['deny_cid'] = $arr_deny_cid;
|
|
|
|
|
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-04 21:55:22 +00:00
|
|
|
//if there are no perms on the file we get them from the first parent folder
|
|
|
|
|
if(!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) {
|
|
|
|
|
$arr_allow_cid = $parent_arr['allow_cid'][0];
|
|
|
|
|
$arr_allow_gid = $parent_arr['allow_gid'][0];
|
|
|
|
|
$arr_deny_cid = $parent_arr['deny_cid'][0];
|
|
|
|
|
$arr_deny_gid = $parent_arr['deny_gid'][0];
|
2015-02-02 14:18:44 +00:00
|
|
|
}
|
|
|
|
|
|
2015-02-04 21:55:22 +00:00
|
|
|
//allow_cid
|
2015-02-05 20:16:21 +00:00
|
|
|
$r_arr_allow_cid = false;
|
|
|
|
|
foreach ($parent_arr['allow_cid'] as $folder_arr_allow_cid) {
|
2015-02-04 21:55:22 +00:00
|
|
|
foreach ($folder_arr_allow_cid as $ac_hash) {
|
|
|
|
|
$count_values[$ac_hash]++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
foreach ($arr_allow_cid as $fac_hash) {
|
2015-02-05 20:16:21 +00:00
|
|
|
if($count_values[$fac_hash] == $count)
|
2015-02-04 21:55:22 +00:00
|
|
|
$r_arr_allow_cid[] = $fac_hash;
|
2015-02-02 14:18:44 +00:00
|
|
|
}
|
|
|
|
|
|
2015-02-04 21:55:22 +00:00
|
|
|
//allow_gid
|
2015-02-05 20:16:21 +00:00
|
|
|
$r_arr_allow_gid = false;
|
|
|
|
|
foreach ($parent_arr['allow_gid'] as $folder_arr_allow_gid) {
|
2015-02-04 21:55:22 +00:00
|
|
|
foreach ($folder_arr_allow_gid as $ag_hash) {
|
|
|
|
|
$count_values[$ag_hash]++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
foreach ($arr_allow_gid as $fag_hash) {
|
2015-02-05 20:16:21 +00:00
|
|
|
if($count_values[$fag_hash] == $count)
|
2015-02-04 21:55:22 +00:00
|
|
|
$r_arr_allow_gid[] = $fag_hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//deny_gid
|
2015-02-05 20:16:21 +00:00
|
|
|
foreach($parent_arr['deny_gid'] as $folder_arr_deny_gid) {
|
|
|
|
|
$r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid);
|
2015-02-02 14:18:44 +00:00
|
|
|
}
|
2015-02-05 20:16:21 +00:00
|
|
|
$r_arr_deny_gid = array_unique($r_arr_deny_gid);
|
2015-02-02 14:18:44 +00:00
|
|
|
|
2015-02-04 21:55:22 +00:00
|
|
|
//deny_cid
|
2015-02-05 20:16:21 +00:00
|
|
|
foreach($parent_arr['deny_cid'] as $folder_arr_deny_cid) {
|
|
|
|
|
$r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid);
|
|
|
|
|
}
|
|
|
|
|
$r_arr_deny_cid = array_unique($r_arr_deny_cid);
|
|
|
|
|
|
|
|
|
|
//if none is allowed restrict to self
|
2015-02-05 20:46:46 +00:00
|
|
|
if(($r_arr_allow_gid === false) && ($r_arr_allow_cid === false)) {
|
2015-02-05 20:16:21 +00:00
|
|
|
$ret['allow_cid'] = $poster['xchan_hash'];
|
|
|
|
|
} else {
|
|
|
|
|
$ret['allow_gid'] = $r_arr_allow_gid;
|
|
|
|
|
$ret['allow_cid'] = $r_arr_allow_cid;
|
|
|
|
|
$ret['deny_gid'] = $r_arr_deny_gid;
|
|
|
|
|
$ret['deny_cid'] = $r_arr_deny_cid;
|
2015-02-02 14:18:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $ret;
|
2015-02-05 20:16:21 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function in_group($group_id) {
|
2015-02-18 09:41:38 +00:00
|
|
|
//TODO: make these two queries one with a join.
|
|
|
|
|
$x = q("SELECT id FROM groups WHERE hash = '%s'",
|
2015-02-05 20:16:21 +00:00
|
|
|
dbesc($group_id)
|
|
|
|
|
);
|
|
|
|
|
|
2015-02-18 09:41:38 +00:00
|
|
|
$r = q("SELECT xchan FROM group_member WHERE gid = %d",
|
|
|
|
|
intval($x[0]['id'])
|
|
|
|
|
);
|
|
|
|
|
|
2015-02-05 20:16:21 +00:00
|
|
|
foreach($r as $ig) {
|
|
|
|
|
$group_members[] = $ig['xchan'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $group_members;
|
2015-02-02 14:18:44 +00:00
|
|
|
}
|
