diff --git a/boot.php b/boot.php index e2760fefb..266347700 100644 --- a/boot.php +++ b/boot.php @@ -16,7 +16,7 @@ require_once('include/features.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica Red'); define ( 'FRIENDICA_VERSION', trim(file_get_contents('version.inc')) . 'R'); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1022 ); +define ( 'DB_UPDATE_VERSION', 1023 ); define ( 'EOL', '
' . "\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); @@ -2032,6 +2032,14 @@ function dba_timer() { return microtime(true); } +function get_observer_hash() { + $observer = get_app()->get_observer(); + if(is_array($observer)) + return $observer['xchan_hash']; + return ''; +} + + /** * Returns the complete URL of the current page, e.g.: http(s)://something.com/network * diff --git a/include/attach.php b/include/attach.php index 6d611cec0..61514bb51 100644 --- a/include/attach.php +++ b/include/attach.php @@ -81,3 +81,71 @@ function z_mime_content_type($filename) { } } + + +function attach_count_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '') { + + $ret = array('success' => false); + + if(! perm_is_allowed($channel_id,$observer, 'read_storage')) { + $ret['message'] = t('Permission denied.'); + return $ret; + } + + require_once('include/security.php'); + $sql_extra = permissions_sql($channel_id); + + if($hash) + $sql_extra .= protect_sprintf(" and hash = '" . dbesc($hash) . "' "); + + if($filename) + $sql_extra .= protect_sprintf(" and filename like '@" . dbesc($filename) . "@' "); + + if($filetype) + $sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' "); + + $r = q("select id from attach where channel_id = %d $sql_extra", + intval($channel_id) + ); + + $ret['success'] = ((is_array($r)) ? true : false); + $ret['results'] = ((is_array($r)) ? count($r) : false); + return $ret; + +} + +function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '', $orderby = 'created desc', $start = 0, $entries = 0) { + + $ret = array('success' => false); + + if(! perm_is_allowed($channel_id,$observer, 'read_storage')) { + $ret['message'] = t('Permission denied.'); + return $ret; + } + + require_once('include/security.php'); + $sql_extra = permissions_sql($channel_id); + + if($hash) + $sql_extra .= protect_sprintf(" and hash = '" . dbesc($hash) . "' "); + + if($filename) + $sql_extra .= protect_sprintf(" and filename like '@" . dbesc($filename) . "@' "); + + if($filetype) + $sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' "); + + if($entries) + $limit = " limit " . intval($start) . ", " . intval(entries) . " "; + + // Retrieve all columns except 'data' + + $r = q("select id, aid, uid, hash, filename, filetype, filesize, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where channel_id = %d $sql_extra $orderby $limit", + intval($channel_id) + ); + + $ret['success'] = ((is_array($r)) ? true : false); + $ret['results'] = ((is_array($r)) ? $r : false); + return $ret; + +} diff --git a/install/database.sql b/install/database.sql index aee87c119..ba063bfa4 100644 --- a/install/database.sql +++ b/install/database.sql @@ -94,7 +94,12 @@ CREATE TABLE IF NOT EXISTS `attach` ( PRIMARY KEY (`id`), KEY `aid` (`aid`), KEY `uid` (`uid`), - KEY `hash` (`hash`) + KEY `hash` (`hash`), + KEY `filename` (`filename`), + KEY `filetype` (`filetype`), + KEY `filesize` (`filesize`), + KEY `created` (`created`), + KEY `edited` (`edited`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `auth_codes` ( diff --git a/install/update.php b/install/update.php index 41c6a7565..b0eed4818 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ get_observer(); - - if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'write_storage')) { + if(! perm_is_allowed($page_owner_uid,get_observer_hash(),'write_storage')) { notice( t('Permission denied.') . EOL); killme(); } diff --git a/version.inc b/version.inc index 127eebfe8..d9f88242f 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-01-29.215 +2013-01-30.216