diff options
| -rw-r--r-- | boot.php | 12 | ||||
| -rw-r--r-- | database.sql | 1 | ||||
| -rw-r--r-- | include/conversation.php | 1 | ||||
| -rw-r--r-- | mod/attach.php | 73 | ||||
| -rw-r--r-- | mod/editpost.php | 1 | ||||
| -rw-r--r-- | mod/item.php | 53 | ||||
| -rw-r--r-- | mod/wall_attach.php | 7 | ||||
| -rw-r--r-- | update.php | 3 | ||||
| -rw-r--r-- | view/theme/loozah/style.css | 1 |
9 files changed, 139 insertions, 13 deletions
@@ -6,7 +6,7 @@ ini_set('pcre.backtrack_limit', 250000); define ( 'FRIENDIKA_VERSION', '2.2.990' ); define ( 'DFRN_PROTOCOL_VERSION', '2.21' ); -define ( 'DB_UPDATE_VERSION', 1057 ); +define ( 'DB_UPDATE_VERSION', 1058 ); define ( 'EOL', "<br />\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); @@ -1983,15 +1983,15 @@ function get_tags($s) { $s = preg_replace('/\[code\](.*?)\[\/code\]/sm','',$s); if(preg_match_all('/([@#][^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) { - foreach($match[1] as $match) { - if(strstr($match,"]")) { + foreach($match[1] as $mtch) { + if(strstr($mtch,"]")) { // we might be inside a bbcode color tag - leave it alone continue; } - if(substr($match,-1,1) === '.') - $ret[] = substr($match,0,-1); + if(substr($mtch,-1,1) === '.') + $ret[] = substr($mtch,0,-1); else - $ret[] = $match; + $ret[] = $mtch; } } diff --git a/database.sql b/database.sql index 6f4704a22..008d00a0d 100644 --- a/database.sql +++ b/database.sql @@ -528,6 +528,7 @@ CREATE TABLE IF NOT EXISTS `attach` ( `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `uid` INT NOT NULL , `hash` CHAR(64) NOT NULL, +`filename` CHAR(255) NOT NULL, `filetype` CHAR( 64 ) NOT NULL , `filesize` INT NOT NULL , `data` LONGBLOB NOT NULL , diff --git a/include/conversation.php b/include/conversation.php index 79fa27602..9ffcbe157 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -730,6 +730,7 @@ function status_editor($a,$x, $notes_cid = 0) { '$action' => 'item', '$share' => (($x['button']) ? $x['button'] : t('Share')), '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), diff --git a/mod/attach.php b/mod/attach.php new file mode 100644 index 000000000..3953d3aa1 --- /dev/null +++ b/mod/attach.php @@ -0,0 +1,73 @@ +<?php + +function attach_init(&$a) { + + if($a->argc != 2) { + notice( t('Item not available.') . EOL); + return; + } + + $item_id = intval($a->argv[1]); + + $r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", + intval($item_id) + ); + if(! count($r)) { + notice( t('Item was not found.'). EOL); + return; + } + + $owner = $r[0]['uid']; + + $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; + + if(local_user() && ($owner == $_SESSION['uid'])) { + + // Owner can always see his/her photos + $sql_extra = ''; + + } + elseif(remote_user()) { + + // authenticated visitor - here lie dragons + + $groups = init_groups_visitor($_SESSION['visitor_id']); + $gs = '<<>>'; // should be impossible to match + if(count($groups)) { + foreach($groups as $g) + $gs .= '|<' . intval($g) . '>'; + } + + $sql_extra = sprintf( + " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) + AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) + AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) + AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", + + intval($_SESSION['visitor_id']), + intval($_SESSION['visitor_id']), + dbesc($gs), + dbesc($gs) + ); + } + + // Now we'll see if we can access the attachment + + $r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1", + dbesc($item_id) + ); + + if(count($r)) { + $data = $r[0]['data']; + } + else { + notice( t('Permission denied.') . EOL); + return; + } + + header('Content-type: ' . $r[0]['filetype']); + header('Content-disposition: attachment; filename=' . $r[0]['filename']); + echo $data; + killme(); + // NOTREACHED +}
\ No newline at end of file diff --git a/mod/editpost.php b/mod/editpost.php index d211074c9..cd0bbf223 100644 --- a/mod/editpost.php +++ b/mod/editpost.php @@ -87,6 +87,7 @@ function editpost_content(&$a) { '$action' => 'item', '$share' => t('Edit'), '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), diff --git a/mod/item.php b/mod/item.php index 1a7acadf3..6120b140b 100644 --- a/mod/item.php +++ b/mod/item.php @@ -218,6 +218,32 @@ function item_post(&$a) { } } + + $match = null; + + if(preg_match_all("/\[attachment\](.+?)\[\/attachment\]/",$body,$match)) { + $attaches = $match[1]; + if(count($attaches)) { + foreach($attaches as $attach) { + $r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval($profile_uid), + intval($attaches) + ); + if(count($r)) { + $r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' + WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval($profile_uid), + intval($attaches) + ); + } + } + } + } + + + + + /** * Fold multi-line [code] sequences */ @@ -322,6 +348,23 @@ function item_post(&$a) { } } + $attachments = ''; + + if(preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) { + foreach($match[2] as $mtch) { + $r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval($profile_uid), + intval($mtch) + ); + if(count($r)) { + if(strlen($attachments)) + $attachments .= ','; + $attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" size="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . $r[0]['filename'] . '"[/attach]'; + } + $body = str_replace($match[1],'',$body); + } + } + $wall = 0; if($post_type === 'wall' || $post_type === 'wall-comment') @@ -365,6 +408,7 @@ function item_post(&$a) { $datarray['deny_gid'] = $str_group_deny; $datarray['private'] = $private; $datarray['pubmail'] = $pubmail_enable; + $datarray['attach'] = $attachments; /** * These fields are for the convenience of plugins... @@ -399,11 +443,11 @@ function item_post(&$a) { else $post_id = 0; - +dbg(1); $r = q("INSERT INTO `item` (`uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `changed`, `uri`, `title`, `body`, `location`, `coord`, - `tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail` ) - VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )", + `tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach` ) + VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s' )", intval($datarray['uid']), dbesc($datarray['type']), intval($datarray['wall']), @@ -431,7 +475,8 @@ function item_post(&$a) { dbesc($datarray['deny_cid']), dbesc($datarray['deny_gid']), intval($datarray['private']), - intval($datarray['pubmail']) + intval($datarray['pubmail']), + dbesc($datarray['attach']) ); $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", diff --git a/mod/wall_attach.php b/mod/wall_attach.php index b539171cf..f18fd10b7 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -64,11 +64,12 @@ function wall_attach_post(&$a) { $mimetype = mime_content_type($src); $hash = random_string(); $created = datetime_convert(); -dbg(1); - $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` ) - VALUES ( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + + $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` ) + VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($page_owner_uid), dbesc($hash), + dbesc($filename), dbesc($mimetype), intval($filesize), dbesc($filedata), diff --git a/update.php b/update.php index cf2c763fd..30ebd66f2 100644 --- a/update.php +++ b/update.php @@ -492,3 +492,6 @@ function update_1056() { q("ALTER TABLE `attach` ADD `hash` CHAR( 64 ) NOT NULL AFTER `uid` "); } +function update_1057() { + q("ALTER TABLE `attach` ADD `filename` CHAR( 255 ) NOT NULL AFTER `hash` "); +} diff --git a/view/theme/loozah/style.css b/view/theme/loozah/style.css index 8397ba346..370e5c61a 100644 --- a/view/theme/loozah/style.css +++ b/view/theme/loozah/style.css @@ -2440,6 +2440,7 @@ a.mail-list-link { .unlock { background-position: -32px -32px;} .video { background-position: -48px -32px;} .youtube { background-position: -64px -32px;} +.attach { background-position: -80px -32px; } .attachtype { display: block; width: 20px; height: 23px; |