mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-23 08:15:14 +00:00
196 lines
3.7 KiB
PHP
196 lines
3.7 KiB
PHP
<?php /** @file */
|
|
|
|
use Sabre\DAV;
|
|
require_once('vendor/autoload.php');
|
|
|
|
class RedInode implements DAV\INode {
|
|
|
|
private $attach;
|
|
|
|
function __construct($attach) {
|
|
$this->attach = $attach;
|
|
}
|
|
|
|
|
|
function delete() {
|
|
if(! perm_is_allowed($this->channel_id,'','view_storage'))
|
|
return;
|
|
|
|
/**
|
|
* Since I don't believe this is documented elsewhere -
|
|
* ATTACH_FLAG_OS means that the file contents are stored in the OS
|
|
* rather than in the DB - as is the case for attachments.
|
|
* Exactly how they are stored (what path and filename) are still
|
|
* TBD. We will probably not be using the original filename but
|
|
* instead the attachment 'hash' as this will prevent folks from
|
|
* uploading PHP code onto misconfigured servers and executing it.
|
|
* It's easy to misconfigure servers because we can provide a
|
|
* rule for Apache, but folks using nginx will then be susceptible.
|
|
* Then there are those who don't understand these kinds of exploits
|
|
* and don't have any idea allowing uploaded PHP files to be executed
|
|
* by the server could be a problem. We also don't have any idea what
|
|
* executable types are served on their system - like .py, .pyc, .pl, .sh
|
|
* .cgi, .exe, .bat, .net, whatever.
|
|
*/
|
|
|
|
if($this->attach['flags'] & ATTACH_FLAG_OS) {
|
|
// FIXME delete physical file
|
|
}
|
|
if($this->attach['flags'] & ATTACH_FLAG_DIR) {
|
|
// FIXME delete contents (recursive?)
|
|
}
|
|
|
|
q("delete from attach where id = %d limit 1",
|
|
intval($this->attach['id'])
|
|
);
|
|
|
|
}
|
|
|
|
function getName() {
|
|
return $this->attach['filename'];
|
|
}
|
|
|
|
function setName($newName) {
|
|
|
|
if((! $newName) || (! perm_is_allowed($this->channel_id,'','view_storage')))
|
|
return;
|
|
|
|
$this->attach['filename'] = $newName;
|
|
$r = q("update attach set filename = '%s' where id = %d limit 1",
|
|
dbesc($this->attach['filename']),
|
|
intval($this->attach['id'])
|
|
);
|
|
|
|
}
|
|
|
|
function getLastModified() {
|
|
return $this->attach['edited'];
|
|
}
|
|
|
|
}
|
|
|
|
|
|
abstract class RedDirectory extends DAV\Node implements DAV\ICollection {
|
|
|
|
private $red_path;
|
|
private $dir_key;
|
|
private $auth;
|
|
private $channel_id;
|
|
|
|
function __construct($red_path,$auth_plugin) {
|
|
$this->red_path = $red_path;
|
|
$this->auth = $auth_plugin;
|
|
}
|
|
|
|
function getChildren() {
|
|
|
|
if(! perm_is_allowed($this->channel_id,'','view_storage'))
|
|
return array();
|
|
|
|
$ret = array();
|
|
$r = q("select distinct filename from attach where folder = '%s' and uid = %d group by filename",
|
|
dbesc($this->dir_key),
|
|
intval($this->channel_id)
|
|
);
|
|
if($r) {
|
|
foreach($r as $rr) {
|
|
$ret[] = $rr['filename'];
|
|
}
|
|
}
|
|
return $ret;
|
|
|
|
}
|
|
|
|
|
|
function getChild($name) {
|
|
if(! perm_is_allowed($this->channel_id,'','view_storage')) {
|
|
throw new DAV\Exception\Forbidden('Permission denied.');
|
|
return;
|
|
}
|
|
|
|
// FIXME check revisions
|
|
|
|
$r = q("select * from attach where folder = '%s' and filename = '%s' and uid = %d limit 1",
|
|
dbesc($this->dir_key),
|
|
dbesc($name),
|
|
dbesc($this->channel_id)
|
|
);
|
|
if(! $r) {
|
|
throw new DAV\Exception\NotFound('The file with name: ' . $name . ' could not be found');
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
function createFile($name,$data = null) {
|
|
|
|
|
|
}
|
|
|
|
function createDirectory($name) {
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
function childExists($name) {
|
|
$r = q("select distinct filename from attach where folder = '%s' and filename = '%s' and uid = %d group by filename",
|
|
dbesc($this->dir_key),
|
|
dbesc($name),
|
|
intval($this->channel_id)
|
|
);
|
|
if($r)
|
|
return true;
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
abstract class RedFile extends DAV\Node implements DAV\IFile {
|
|
|
|
private $data;
|
|
|
|
|
|
function __construct($data) {
|
|
$this->data = $data;
|
|
|
|
}
|
|
|
|
|
|
|
|
function put($data) {
|
|
|
|
}
|
|
|
|
|
|
function get() {
|
|
|
|
|
|
}
|
|
|
|
function getETag() {
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
function getContentType() {
|
|
return $this->data['filetype'];
|
|
}
|
|
|
|
|
|
function getSize() {
|
|
return $this->data['filesize'];
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|