diff options
| author | zotlabs <mike@macgirvin.com> | 2017-02-20 23:03:48 -0800 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-02-20 23:03:48 -0800 |
| commit | e54ba7ecbc7391069b38d9f911bf77623d0ee582 (patch) | |
| tree | 025a92390bc8ed78452a44e421c52c2fc2e68ea1 | |
| parent | 1c1d1f11851722db3c8c7e6bb1d814b42399f67e (diff) | |
| download | volse-hubzilla-e54ba7ecbc7391069b38d9f911bf77623d0ee582.tar.gz volse-hubzilla-e54ba7ecbc7391069b38d9f911bf77623d0ee582.tar.bz2 volse-hubzilla-e54ba7ecbc7391069b38d9f911bf77623d0ee582.zip | |
fix find_folder_hash_by_path() which was not safe against multiple attach structures with the same filename but in different directories
| -rw-r--r-- | Zotlabs/Storage/Browser.php | 8 | ||||
| -rw-r--r-- | include/attach.php | 32 |
2 files changed, 30 insertions, 10 deletions
diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index a30eedba5..f527a6a44 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -314,7 +314,13 @@ class Browser extends DAV\Browser\Plugin { $quota['desc'] = $quotaDesc; $quota['warning'] = ((($limit) && ((round($used / $limit, 1) * 100) >= 90)) ? t('WARNING:') : ''); // 10485760 bytes = 100MB - $path = trim(str_replace('cloud/' . $this->auth->owner_nick, '', $path), '/'); + // strip 'cloud/nickname', but only at the beginning of the path + + $special = 'cloud/' . $this->auth->owner_nick; + $count = strlen($special); + + if(strpos($path,$special) === 0) + $path = trim(substr($path,$count),'/'); $output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array( '$folder_header' => t('Create new folder'), diff --git a/include/attach.php b/include/attach.php index 5f0fa4ff8..79313ab1a 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1477,20 +1477,34 @@ function find_folder_hash_by_attach_hash($channel_id, $attachHash, $recurse = fa function find_folder_hash_by_path($channel_id, $path) { - $filename = end(explode('/', $path)); + if(! $path) + return ''; - if($filename) { - $r = q("SELECT hash FROM attach WHERE uid = %d AND filename = '%s' LIMIT 1", + $comps = explode('/',$path); + $errors = false; + $parent_hash = ''; + + for($x = 0; $x < count($comps); $x ++) { + $element = $comps[$x]; + $r = q("SELECT hash FROM attach WHERE uid = %d AND filename = '%s' AND folder = '%s' LIMIT 1", intval($channel_id), - dbesc($filename) + dbesc($element), + dbesc($parent_hash) ); + if($r) { + $parent_hash = $r[0]['hash']; + } + else { + $errors ++; + break; + } } - $hash = ''; - if($r && $r[0]['hash']) { - $hash = $r[0]['hash']; - } - return $hash; + if($errors) + return ''; + + return $parent_hash; + } /** |