diff options
| author | zotlabs <mike@macgirvin.com> | 2017-02-20 23:03:48 -0800 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-02-20 23:03:48 -0800 |
| commit | e54ba7ecbc7391069b38d9f911bf77623d0ee582 (patch) | |
| tree | 025a92390bc8ed78452a44e421c52c2fc2e68ea1 /include | |
| parent | 1c1d1f11851722db3c8c7e6bb1d814b42399f67e (diff) | |
| download | volse-hubzilla-e54ba7ecbc7391069b38d9f911bf77623d0ee582.tar.gz volse-hubzilla-e54ba7ecbc7391069b38d9f911bf77623d0ee582.tar.bz2 volse-hubzilla-e54ba7ecbc7391069b38d9f911bf77623d0ee582.zip | |
fix find_folder_hash_by_path() which was not safe against multiple attach structures with the same filename but in different directories
Diffstat (limited to 'include')
| -rw-r--r-- | include/attach.php | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/include/attach.php b/include/attach.php index 5f0fa4ff8..79313ab1a 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1477,20 +1477,34 @@ function find_folder_hash_by_attach_hash($channel_id, $attachHash, $recurse = fa function find_folder_hash_by_path($channel_id, $path) { - $filename = end(explode('/', $path)); + if(! $path) + return ''; - if($filename) { - $r = q("SELECT hash FROM attach WHERE uid = %d AND filename = '%s' LIMIT 1", + $comps = explode('/',$path); + $errors = false; + $parent_hash = ''; + + for($x = 0; $x < count($comps); $x ++) { + $element = $comps[$x]; + $r = q("SELECT hash FROM attach WHERE uid = %d AND filename = '%s' AND folder = '%s' LIMIT 1", intval($channel_id), - dbesc($filename) + dbesc($element), + dbesc($parent_hash) ); + if($r) { + $parent_hash = $r[0]['hash']; + } + else { + $errors ++; + break; + } } - $hash = ''; - if($r && $r[0]['hash']) { - $hash = $r[0]['hash']; - } - return $hash; + if($errors) + return ''; + + return $parent_hash; + } /** |