diff options
-rw-r--r-- | include/RedDAV/RedBasicAuth.php | 25 | ||||
-rw-r--r-- | include/RedDAV/RedBrowser.php | 8 | ||||
-rw-r--r-- | include/RedDAV/RedDirectory.php | 67 | ||||
-rw-r--r-- | include/RedDAV/RedFile.php | 26 | ||||
-rw-r--r-- | include/attach.php | 244 | ||||
-rw-r--r-- | include/reddav.php | 34 | ||||
-rw-r--r-- | mod/filestorage.php | 47 |
7 files changed, 251 insertions, 200 deletions
diff --git a/include/RedDAV/RedBasicAuth.php b/include/RedDAV/RedBasicAuth.php index c1da73da1..2f86d4f82 100644 --- a/include/RedDAV/RedBasicAuth.php +++ b/include/RedDAV/RedBasicAuth.php @@ -46,7 +46,7 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic { /** * * @see RedBrowser::set_writeable() - * @var DAV\Browser\Plugin + * @var \Sabre\DAV\Browser\Plugin */ public $browser; /** @@ -85,7 +85,7 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic { */ protected function validateUserPass($username, $password) { if (trim($password) === '+++') { - logger('(DAV): RedBasicAuth::validateUserPass(): guest ' . $username); + logger('guest: ' . $username); return true; } @@ -112,13 +112,14 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic { foreach ($x as $record) { if (($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED) && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) { - logger('(DAV) RedBasicAuth: password verified for ' . $username); + logger('password verified for ' . $username); return $this->setAuthenticated($r[0]); } } } } - logger('(DAV) RedBasicAuth: password failed for ' . $username); + logger('password failed for ' . $username); + // @TODO add security logger return false; } @@ -186,23 +187,23 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic { * @brief Set browser plugin for SabreDAV. * * @see RedBrowser::set_writeable() - * @param DAV\Browser\Plugin $browser + * @param \Sabre\DAV\Browser\Plugin $browser */ public function setBrowserPlugin($browser) { $this->browser = $browser; } /** - * Prints out all RedBasicAuth variables to logger(). + * @brief Prints out all RedBasicAuth variables to logger(). * * @return void */ public function log() { - logger('dav: auth: channel_name ' . $this->channel_name, LOGGER_DATA); - logger('dav: auth: channel_id ' . $this->channel_id, LOGGER_DATA); - logger('dav: auth: channel_hash ' . $this->channel_hash, LOGGER_DATA); - logger('dav: auth: observer ' . $this->observer, LOGGER_DATA); - logger('dav: auth: owner_id ' . $this->owner_id, LOGGER_DATA); - logger('dav: auth: owner_nick ' . $this->owner_nick, LOGGER_DATA); + logger('channel_name ' . $this->channel_name, LOGGER_DATA); + logger('channel_id ' . $this->channel_id, LOGGER_DATA); + logger('channel_hash ' . $this->channel_hash, LOGGER_DATA); + logger('observer ' . $this->observer, LOGGER_DATA); + logger('owner_id ' . $this->owner_id, LOGGER_DATA); + logger('owner_nick ' . $this->owner_nick, LOGGER_DATA); } }
\ No newline at end of file diff --git a/include/RedDAV/RedBrowser.php b/include/RedDAV/RedBrowser.php index 1f2550ac1..6ec5c978d 100644 --- a/include/RedDAV/RedBrowser.php +++ b/include/RedDAV/RedBrowser.php @@ -262,6 +262,14 @@ class RedBrowser extends DAV\Browser\Plugin { construct_page(get_app()); } + /** + * @brief Returns a human readable formatted string for filesizes. + * + * Don't we need such a functionality in other places, too? + * + * @param int $size filesize in bytes + * @return string + */ function userReadableSize($size) { $ret = ""; if (is_numeric($size)) { diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php index 72b0fe789..a46b77f5f 100644 --- a/include/RedDAV/RedDirectory.php +++ b/include/RedDAV/RedDirectory.php @@ -49,7 +49,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { * @param RedBasicAuth &$auth_plugin */ public function __construct($ext_path, &$auth_plugin) { - logger('RedDirectory::__construct() ' . $ext_path, LOGGER_DATA); + //logger('directory ' . $ext_path, LOGGER_DATA); $this->ext_path = $ext_path; // remove "/cloud" from the beginning of the path $this->red_path = ((strpos($ext_path, '/cloud') === 0) ? substr($ext_path, 6) : $ext_path); @@ -66,19 +66,19 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { } private function log() { - logger('RedDirectory::log() ext_path ' . $this->ext_path, LOGGER_DATA); - logger('RedDirectory::log() os_path ' . $this->os_path, LOGGER_DATA); - logger('RedDirectory::log() red_path ' . $this->red_path, LOGGER_DATA); + logger('ext_path ' . $this->ext_path, LOGGER_DATA); + logger('os_path ' . $this->os_path, LOGGER_DATA); + logger('red_path ' . $this->red_path, LOGGER_DATA); } /** * @brief Returns an array with all the child nodes. * - * @throws DAV\Exception\Forbidden - * @return array DAV\INode[] + * @throw \Sabre\DAV\Exception\Forbidden + * @return array \Sabre\DAV\INode[] */ public function getChildren() { - logger('RedDirectory::getChildren() called for ' . $this->ext_path, LOGGER_DATA); + //logger('children for ' . $this->ext_path, LOGGER_DATA); $this->log(); if (get_config('system', 'block_public') && (! $this->auth->channel_id) && (! $this->auth->observer)) { @@ -97,12 +97,12 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { * @brief Returns a child by name. * * - * @throw DAV\Exception\Forbidden - * @throw DAV\Exception\NotFound + * @throw \Sabre\DAV\Exception\Forbidden + * @throw \Sabre\DAV\Exception\NotFound * @param string $name */ public function getChild($name) { - logger('RedDirectory::getChild(): ' . $name, LOGGER_DATA); + logger($name, LOGGER_DATA); if (get_config('system', 'block_public') && (! $this->auth->channel_id) && (! $this->auth->observer)) { throw new DAV\Exception\Forbidden('Permission denied.'); @@ -130,7 +130,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { * @return string */ public function getName() { - logger('RedDirectory::getName() returns: ' . basename($this->red_path), LOGGER_DATA); + //logger(basename($this->red_path), LOGGER_DATA); return (basename($this->red_path)); } @@ -139,20 +139,20 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { * * @todo handle duplicate directory name * - * @throw DAV\Exception\Forbidden + * @throw \Sabre\DAV\Exception\Forbidden * @param string $name The new name of the directory. * @return void */ public function setName($name) { - logger('RedDirectory::setName(): ' . basename($this->red_path) . ' -> ' . $name, LOGGER_DATA); + logger('old name ' . basename($this->red_path) . ' -> ' . $name, LOGGER_DATA); if ((! $name) || (! $this->auth->owner_id)) { - logger('RedDirectory::setName(): permission denied'); + logger('permission denied ' . $name); throw new DAV\Exception\Forbidden('Permission denied.'); } if (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) { - logger('RedDirectory::setName(): permission denied'); + logger('permission denied '. $name); throw new DAV\Exception\Forbidden('Permission denied.'); } @@ -177,21 +177,21 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { * After successful creation of the file, you may choose to return the ETag * of the new file here. * - * @throws DAV\Exception\Forbidden + * @throw \Sabre\DAV\Exception\Forbidden * @param string $name Name of the file * @param resource|string $data Initial payload * @return null|string ETag */ public function createFile($name, $data = null) { - logger('RedDirectory::createFile(): ' . $name, LOGGER_DATA); + logger($name, LOGGER_DEBUG); if (! $this->auth->owner_id) { - logger('RedDirectory::createFile(): permission denied'); + logger('permission denied ' . $name); throw new DAV\Exception\Forbidden('Permission denied.'); } if (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) { - logger('RedDirectory::createFile(): permission denied'); + logger('permission denied ' . $name); throw new DAV\Exception\Forbidden('Permission denied.'); } @@ -203,7 +203,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { ); if (! $c) { - logger('RedDirectory::createFile(): no channel'); + logger('no channel'); throw new DAV\Exception\Forbidden('Permission denied.'); } @@ -237,7 +237,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $size = file_put_contents($f, $data); // delete attach entry if file_put_contents() failed if ($size === false) { - logger('RedDirectory::createFile(): file_put_contents() failed for ' . $name, LOGGER_DEBUG); + logger('file_put_contents() failed to ' . $f); attach_delete($c[0]['channel_id'], $hash); return; } @@ -273,7 +273,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { intval($c[0]['channel_account_id']) ); if (($x) && ($x[0]['total'] + $size > $limit)) { - logger('reddav: service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); + logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); attach_delete($c[0]['channel_id'], $hash); return; } @@ -287,7 +287,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { * @return void */ public function createDirectory($name) { - logger('RedDirectory::createDirectory(): ' . $name, LOGGER_DEBUG); + logger($name, LOGGER_DEBUG); if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); @@ -301,7 +301,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { if ($r) { $result = attach_mkdir($r[0], $this->auth->observer, array('filename' => $name, 'folder' => $this->folder_hash)); if (! $result['success']) { - logger('RedDirectory::createDirectory(): ' . print_r($result, true), LOGGER_DEBUG); + logger('error ' . print_r($result, true), LOGGER_DEBUG); } } } @@ -310,31 +310,33 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { * @brief Checks if a child exists. * * @param string $name + * The name to check if it exists. * @return boolean */ public function childExists($name) { // On /cloud we show a list of available channels. // @todo what happens if no channels are available? if ($this->red_path === '/' && $name === 'cloud') { - logger('RedDirectory::childExists() /cloud: true', LOGGER_DATA); + //logger('We are at /cloud show a channel list', LOGGER_DEBUG); return true; } $x = RedFileData($this->ext_path . '/' . $name, $this->auth, true); - logger('RedFileData returns: ' . print_r($x, true), LOGGER_DATA); + //logger('RedFileData returns: ' . print_r($x, true), LOGGER_DATA); if ($x) return true; + return false; } /** * @todo add description of what this function does. * - * @throw DAV\Exception\NotFound + * @throw \Sabre\DAV\Exception\NotFound * @return void */ function getDir() { - logger('RedDirectory::getDir(): ' . $this->ext_path, LOGGER_DEBUG); + //logger($this->ext_path, LOGGER_DEBUG); $this->auth->log(); $file = $this->ext_path; @@ -356,7 +358,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { if (! $path_arr) return; - logger('RedDirectory::getDir(): path: ' . print_r($path_arr, true), LOGGER_DATA); + logger('paths: ' . print_r($path_arr, true), LOGGER_DATA); $channel_name = $path_arr[0]; @@ -367,7 +369,6 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { if (! $r) { throw new DAV\Exception\NotFound('The file with name: ' . $channel_name . ' could not be found.'); - return; } $channel_id = $r[0]['channel_id']; @@ -397,12 +398,11 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { } $this->folder_hash = $folder; $this->os_path = $os_path; - return; } /** * @brief Returns the last modification time for the directory, as a UNIX - * timestamp. + * timestamp. * * It looks for the last edited file in the folder. If it is an empty folder * it returns the lastmodified time of the folder itself, to prevent zero @@ -429,7 +429,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { /** * @brief Return quota usage. * - * Do guests relly see the used/free values from filesystem of the complete store directory? + * @fixme Should guests relly see the used/free values from filesystem of the + * complete store directory? * * @return array with used and free values in bytes. */ diff --git a/include/RedDAV/RedFile.php b/include/RedDAV/RedFile.php index 32dbc17e5..f96790631 100644 --- a/include/RedDAV/RedFile.php +++ b/include/RedDAV/RedFile.php @@ -49,7 +49,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $this->data = $data; $this->auth = $auth; - logger('RedFile::__construct(): ' . print_r($this->data, true), LOGGER_DATA); + //logger(print_r($this->data, true), LOGGER_DATA); } /** @@ -58,7 +58,7 @@ class RedFile extends DAV\Node implements DAV\IFile { * @return string */ public function getName() { - logger('RedFile::getName(): ' . basename($this->name), LOGGER_DEBUG); + //logger(basename($this->name), LOGGER_DATA); return basename($this->name); } @@ -70,9 +70,10 @@ class RedFile extends DAV\Node implements DAV\IFile { * @return void */ public function setName($newName) { - logger('RedFile::setName(): ' . basename($this->name) . ' -> ' . $newName, LOGGER_DEBUG); + logger('old name ' . basename($this->name) . ' -> ' . $newName, LOGGER_DATA); if ((! $newName) || (! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) { + logger('permission denied '. $newName); throw new DAV\Exception\Forbidden('Permission denied.'); } @@ -91,7 +92,7 @@ class RedFile extends DAV\Node implements DAV\IFile { * @return void */ public function put($data) { - logger('RedFile::put(): ' . basename($this->name), LOGGER_DEBUG); + logger('put file: ' . basename($this->name), LOGGER_DEBUG); $size = 0; // @todo only 3 values are needed @@ -110,7 +111,7 @@ class RedFile extends DAV\Node implements DAV\IFile { // @todo check return value and set $size directly @file_put_contents($f, $data); $size = @filesize($f); - logger('RedFile::put(): filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); + logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); } else { $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc(stream_get_contents($data)), @@ -161,7 +162,7 @@ class RedFile extends DAV\Node implements DAV\IFile { intval($c[0]['channel_account_id']) ); if (($x) && ($x[0]['total'] + $size > $limit)) { - logger('RedFile::put(): service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); + logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); attach_delete($c[0]['channel_id'], $this->data['hash']); return; } @@ -174,7 +175,7 @@ class RedFile extends DAV\Node implements DAV\IFile { * @return string */ public function get() { - logger('RedFile::get(): ' . basename($this->name), LOGGER_DEBUG); + logger('get file ' . basename($this->name), LOGGER_DEBUG); $r = q("SELECT data, flags, filename, filetype FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), @@ -206,7 +207,7 @@ class RedFile extends DAV\Node implements DAV\IFile { * * Return null if the ETag can not effectively be determined. * - * @return mixed + * @return null|string */ public function getETag() { $ret = null; @@ -236,6 +237,7 @@ class RedFile extends DAV\Node implements DAV\IFile { * @brief Returns the size of the node, in bytes. * * @return int + * filesize in bytes */ public function getSize() { return $this->data['filesize']; @@ -254,11 +256,13 @@ class RedFile extends DAV\Node implements DAV\IFile { /** * @brief Delete the file. * - * @throw Sabre\DAV\Exception\Forbidden - * @return void + * This method checks the permissions and then calls attach_delete() function + * to actually remove the file. + * + * @throw \Sabre\DAV\Exception\Forbidden */ public function delete() { - logger('RedFile::delete(): ' . basename($this->name), LOGGER_DEBUG); + logger('delete file ' . basename($this->name), LOGGER_DEBUG); if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); diff --git a/include/attach.php b/include/attach.php index 0df2e82a5..6bce617cd 100644 --- a/include/attach.php +++ b/include/attach.php @@ -26,77 +26,74 @@ function z_mime_content_type($filename) { $mime_types = array( - 'txt' => 'text/plain', - 'htm' => 'text/html', - 'html' => 'text/html', - 'php' => 'text/html', - 'css' => 'text/css', - 'js' => 'application/javascript', - 'json' => 'application/json', - 'xml' => 'application/xml', - 'swf' => 'application/x-shockwave-flash', - 'flv' => 'video/x-flv', - 'epub' => 'application/epub+zip', - - // images - 'png' => 'image/png', - 'jpe' => 'image/jpeg', - 'jpeg' => 'image/jpeg', - 'jpg' => 'image/jpeg', - 'gif' => 'image/gif', - 'bmp' => 'image/bmp', - 'ico' => 'image/vnd.microsoft.icon', - 'tiff' => 'image/tiff', - 'tif' => 'image/tiff', - 'svg' => 'image/svg+xml', - 'svgz' => 'image/svg+xml', - - // archives - 'zip' => 'application/zip', - 'rar' => 'application/x-rar-compressed', - 'exe' => 'application/x-msdownload', - 'msi' => 'application/x-msdownload', - 'cab' => 'application/vnd.ms-cab-compressed', - - // audio/video - 'mp3' => 'audio/mpeg', - 'wav' => 'audio/wav', - 'qt' => 'video/quicktime', - 'mov' => 'video/quicktime', - 'ogg' => 'application/ogg', - - // adobe - 'pdf' => 'application/pdf', - 'psd' => 'image/vnd.adobe.photoshop', - 'ai' => 'application/postscript', - 'eps' => 'application/postscript', - 'ps' => 'application/postscript', - - // ms office - 'doc' => 'application/msword', - 'rtf' => 'application/rtf', - 'xls' => 'application/vnd.ms-excel', - 'ppt' => 'application/vnd.ms-powerpoint', - - - // open office - 'odt' => 'application/vnd.oasis.opendocument.text', - 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', + 'txt' => 'text/plain', + 'htm' => 'text/html', + 'html' => 'text/html', + 'php' => 'text/html', + 'css' => 'text/css', + 'js' => 'application/javascript', + 'json' => 'application/json', + 'xml' => 'application/xml', + 'swf' => 'application/x-shockwave-flash', + 'flv' => 'video/x-flv', + 'epub' => 'application/epub+zip', + + // images + 'png' => 'image/png', + 'jpe' => 'image/jpeg', + 'jpeg' => 'image/jpeg', + 'jpg' => 'image/jpeg', + 'gif' => 'image/gif', + 'bmp' => 'image/bmp', + 'ico' => 'image/vnd.microsoft.icon', + 'tiff' => 'image/tiff', + 'tif' => 'image/tiff', + 'svg' => 'image/svg+xml', + 'svgz' => 'image/svg+xml', + + // archives + 'zip' => 'application/zip', + 'rar' => 'application/x-rar-compressed', + 'exe' => 'application/x-msdownload', + 'msi' => 'application/x-msdownload', + 'cab' => 'application/vnd.ms-cab-compressed', + + // audio/video + 'mp3' => 'audio/mpeg', + 'wav' => 'audio/wav', + 'qt' => 'video/quicktime', + 'mov' => 'video/quicktime', + 'ogg' => 'application/ogg', + + // adobe + 'pdf' => 'application/pdf', + 'psd' => 'image/vnd.adobe.photoshop', + 'ai' => 'application/postscript', + 'eps' => 'application/postscript', + 'ps' => 'application/postscript', + + // ms office + 'doc' => 'application/msword', + 'rtf' => 'application/rtf', + 'xls' => 'application/vnd.ms-excel', + 'ppt' => 'application/vnd.ms-powerpoint', + + // open office + 'odt' => 'application/vnd.oasis.opendocument.text', + 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', ); - $dot = strpos($filename,'.'); - if($dot !== false) { - $ext = strtolower(substr($filename,$dot+1)); + $dot = strpos($filename, '.'); + if ($dot !== false) { + $ext = strtolower(substr($filename, $dot + 1)); if (array_key_exists($ext, $mime_types)) { return $mime_types[$ext]; } } return 'application/octet-stream'; - } - /** * @brief Count files/attachments. * @@ -138,8 +135,8 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '', $ret['success'] = ((is_array($r)) ? true : false); $ret['results'] = ((is_array($r)) ? count($r) : false); - return $ret; + return $ret; } /** @@ -190,8 +187,8 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ $ret['success'] = ((is_array($r)) ? true : false); $ret['results'] = ((is_array($r)) ? $r : false); - return $ret; + return $ret; } /** @@ -246,8 +243,8 @@ function attach_by_hash($hash, $rev = 0) { $ret['success'] = true; $ret['data'] = $r[0]; - return $ret; + return $ret; } /** @@ -301,7 +298,6 @@ function attach_by_hash_nodata($hash, $rev = 0) { $ret['success'] = true; $ret['data'] = $r[0]; return $ret; - } /** @@ -400,6 +396,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { if(! isset($hash)) $hash = random_string(); + $created = datetime_convert(); if($options === 'replace') { @@ -432,7 +429,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid']) ); - } + } elseif($options === 'update') { $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1", @@ -446,7 +443,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { intval($x[0]['id']), intval($x[0]['uid']) ); - } + } else { $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid ) VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", @@ -466,7 +463,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { dbesc(($arr && array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : ''), dbesc(($arr && array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : '') ); - } + } if($options !== 'update') @unlink($src); @@ -490,6 +487,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $ret['success'] = true; $ret['data'] = $r[0]; + return $ret; } @@ -507,8 +505,8 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { * $ret['data'] = array of attach DB entries without data component */ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { - $ret = array('success' => false); + if(! perm_is_allowed($r[0]['uid'], get_observer_hash(), 'view_storage')) { $ret['message'] = t('Permission denied.'); return $ret; @@ -547,6 +545,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { } $ret['success'] = true; $ret['data'] = $r; + return $ret; } @@ -686,7 +685,6 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { } return $ret; - } /** @@ -732,15 +730,19 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi dbesc($resource), intval($channel_id) ); - - return; } /** - * @brief Delete a file/directory. - * + * @brief Delete a file/directory from a channel. + * + * If the provided resource hash is from a directory it will delete everything + * recursively under this directory. + * * @param int $channel_id - * @param string $resource a hash to delete + * The id of the channel + * @param string $resource + * The hash to delete + * @return void */ function attach_delete($channel_id, $resource) { @@ -760,7 +762,7 @@ function attach_delete($channel_id, $resource) { // If resource is a directory delete everything in the directory recursive if($r[0]['flags'] & ATTACH_FLAG_DIR) { - $x = q("select hash, flags from attach where folder = '%s' and uid = %d", + $x = q("SELECT hash, flags FROM attach WHERE folder = '%s' AND uid = %d", dbesc($resource), intval($channel_id) ); @@ -799,19 +801,21 @@ function attach_delete($channel_id, $resource) { dbesc($r[0]['folder']), intval($channel_id) ); - - return; } /** * @brief Returns path to file in cloud/. * - * @param $arr - * @return string with the path the file to cloud/ + * @param array + * $arr[uid] int the channels uid + * $arr[folder] string + * $arr[filename]] string + * @return string + * path to the file in cloud/ */ function get_cloudpath($arr) { - $basepath = 'cloud/'; + if($arr['uid']) { $r = q("select channel_address from channel where channel_id = %d limit 1", intval($arr['uid']) @@ -823,7 +827,6 @@ function get_cloudpath($arr) { $path = $basepath; if($arr['folder']) { - $lpath = ''; $lfile = $arr['folder']; @@ -842,60 +845,83 @@ function get_cloudpath($arr) { $lpath = $r[0]['filename'] . '/' . $lpath; $lfile = $r[0]['folder']; - } while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ; + } while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)); - $path .= $lpath; + $path .= $lpath; } - $path .= $arr['filename']; + return $path; } /** * @brief Returns path to parent folder in cloud/. - * - * @param $arr - * @return string with the folder path + * + * @param int $channel_id + * The id of the channel + * @param string $channel_name + * The name of the channel + * @param string $attachHash + * @return string with the full folder path */ function get_parent_cloudpath($channel_id, $channel_name, $attachHash) { - //Build directory tree and redirect + // build directory tree $parentHash = $attachHash; do { $parentHash = find_folder_hash_by_attach_hash($channel_id, $parentHash); if ($parentHash) { $parentName = find_filename_by_hash($channel_id, $parentHash); - $parentFullPath = $parentName."/".$parentFullPath; + $parentFullPath = $parentName . '/' . $parentFullPath; } } while ($parentHash); - $parentFullPath = z_root() . "/cloud/" . $channel_name . "/" . $parentFullPath; + $parentFullPath = z_root() . '/cloud/' . $channel_name . '/' . $parentFullPath; + return $parentFullPath; } + +/** + * @brief Return the hash of an attachment's folder. + * + * @param int $channel_id + * The id of the channel + * @param string $attachHash + * The hash of the attachment + * @return string + */ function find_folder_hash_by_attach_hash($channel_id, $attachHash) { - $r = q("select * from attach where uid = %d and hash = '%s' limit 1", - intval($channel_id), dbesc($attachHash) + $r = q("SELECT folder FROM attach WHERE uid = %d AND hash = '%s' LIMIT 1", + intval($channel_id), + dbesc($attachHash) ); - $hash = ""; - if($r) { - foreach($r as $rr) { - $hash = $rr['folder']; - } + $hash = ''; + if ($r) { + $hash = $r[0]['folder']; } - return $hash; + return $hash; } + +/** + * @brief Returns the filename of an attachment in a given channel. + * + * @param mixed $channel_id + * The id of the channel + * @param mixed $attachHash + * The hash of the attachment + * @return string + * The filename of the attachment + */ function find_filename_by_hash($channel_id, $attachHash) { - $r = q("select * from attach where uid = %d and hash = '%s' limit 1", - intval($channel_id), dbesc($attachHash) + $r = q("SELECT filename FROM attach WHERE uid = %d AND hash = '%s' LIMIT 1", + intval($channel_id), + dbesc($attachHash) ); - $filename = ""; - if($r) { - foreach($r as $rr) { - $filename = $rr['filename']; - } + $filename = ''; + if ($r) { + $filename = $r[0]['filename']; } - return $filename; + return $filename; } - /** * * @param $in @@ -904,6 +930,6 @@ function find_filename_by_hash($channel_id, $attachHash) { function pipe_streams($in, $out) { $size = 0; while (!feof($in)) - $size += fwrite($out, fread($in,8192)); + $size += fwrite($out, fread($in, 8192)); return $size; } diff --git a/include/reddav.php b/include/reddav.php index 6785131c6..86b3a00e4 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -36,8 +36,8 @@ require_once('include/RedDAV/RedBasicAuth.php'); * @todo Is there any reason why this is not inside RedDirectory class? * @fixme function name looks like a class name, should we rename it? * - * @param $auth - * @return array containing RedDirectory objects + * @param RedBasicAuth &$auth + * @return array RedDirectory[] */ function RedChannelList(&$auth) { $ret = array(); @@ -50,7 +50,7 @@ function RedChannelList(&$auth) { if ($r) { foreach ($r as $rr) { if (perm_is_allowed($rr['channel_id'], $auth->observer, 'view_storage')) { - logger('RedChannelList: ' . '/cloud/' . $rr['channel_address'], LOGGER_DATA); + logger('found channel: /cloud/' . $rr['channel_address'], LOGGER_DEBUG); // @todo can't we drop '/cloud'? It gets stripped off anyway in RedDirectory $ret[] = new RedDAV\RedDirectory('/cloud/' . $rr['channel_address'], $auth); } @@ -70,8 +70,10 @@ function RedChannelList(&$auth) { * @fixme function name looks like a class name, should we rename it? * * @param string $file path to a directory - * @param &$auth - * @returns array DAV\INode[] + * @param RedBasicAuth &$auth + * @returns null|array \Sabre\DAV\INode[] + * @throw \Sabre\DAV\Exception\Forbidden + * @throw \Sabre\DAV\Exception\NotFound */ function RedCollectionData($file, &$auth) { $ret = array(); @@ -88,7 +90,7 @@ function RedCollectionData($file, &$auth) { $file = trim($file, '/'); $path_arr = explode('/', $file); - + if (! $path_arr) return null; @@ -150,7 +152,7 @@ function RedCollectionData($file, &$auth) { // This should no longer be needed since we just returned errors for paths not found if ($path !== '/' . $file) { - logger("RedCollectionData: Path mismatch: $path !== /$file"); + logger("Path mismatch: $path !== /$file"); return NULL; } @@ -160,8 +162,7 @@ function RedCollectionData($file, &$auth) { ); foreach ($r as $rr) { - logger('RedCollectionData: filename: ' . $rr['filename'], LOGGER_DATA); - + //logger('filename: ' . $rr['filename'], LOGGER_DEBUG); if ($rr['flags'] & ATTACH_FLAG_DIR) { // @todo can't we drop '/cloud'? it gets stripped off anyway in RedDirectory $ret[] = new RedDAV\RedDirectory('/cloud' . $path . '/' . $rr['filename'], $auth); @@ -180,11 +181,14 @@ function RedCollectionData($file, &$auth) { * @fixme function name looks like a class name, should we rename it? * * @param string $file - * @param &$auth + * path to file or directory + * @param RedBasicAuth &$auth * @param boolean $test (optional) enable test mode + * @return RedFile|RedDirectory|boolean|null + * @throw \Sabre\DAV\Exception\Forbidden */ function RedFileData($file, &$auth, $test = false) { - logger('RedFileData:' . $file . (($test) ? ' (test mode) ' : ''), LOGGER_DEBUG); + logger($file . (($test) ? ' (test mode) ' : ''), LOGGER_DEBUG); $x = strpos($file, '/cloud'); if ($x === 0) { @@ -198,7 +202,7 @@ function RedFileData($file, &$auth, $test = false) { $file = trim($file, '/'); $path_arr = explode('/', $file); - + if (! $path_arr) return null; @@ -237,7 +241,7 @@ function RedFileData($file, &$auth, $test = false) { if ($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { $folder = $r[0]['hash']; $path = $path . '/' . $r[0]['filename']; - } + } if (! $r) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", @@ -267,11 +271,11 @@ function RedFileData($file, &$auth, $test = false) { } if ($errors) { - logger('RedFileData: not found'); + logger('not found ' . $file); if ($test) return false; if ($permission_error) { - logger('RedFileData: permission error'); + logger('permission error ' . $file); throw new DAV\Exception\Forbidden('Permission denied.'); } return; diff --git a/mod/filestorage.php b/mod/filestorage.php index 383af84fc..e27087a92 100644 --- a/mod/filestorage.php +++ b/mod/filestorage.php @@ -1,18 +1,26 @@ <?php +/** + * @file mod/filestorage.php + * + */ require_once('include/attach.php'); +/** + * + * @param object &$a + */ function filestorage_post(&$a) { - $channel_id = ((x($_POST,'uid')) ? intval($_POST['uid']) : 0); + $channel_id = ((x($_POST, 'uid')) ? intval($_POST['uid']) : 0); if((! $channel_id) || (! local_user()) || ($channel_id != local_user())) { notice( t('Permission denied.') . EOL); return; } - $recurse = ((x($_POST,'recurse')) ? intval($_POST['recurse']) : 0); - $resource = ((x($_POST,'filehash')) ? notags($_POST['filehash']) : ''); + $recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0); + $resource = ((x($_POST, 'filehash')) ? notags($_POST['filehash']) : ''); if(! $resource) { notice(t('Item not found.') . EOL); @@ -24,11 +32,11 @@ function filestorage_post(&$a) { $str_group_deny = perms2str($_REQUEST['group_deny']); $str_contact_deny = perms2str($_REQUEST['contact_deny']); - attach_change_permissions($channel_id,$resource,$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny,$recurse = false); + attach_change_permissions($channel_id, $resource, $str_contact_allow, $str_group_allow, $str_contact_deny,$str_group_deny, $recurse = false); //Build directory tree and redirect $channel = $a->get_channel(); - $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource) ; + $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource); goaway($cloudPath); } @@ -53,15 +61,15 @@ function filestorage_content(&$a) { $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - $perms = get_all_perms($owner,$ob_hash); + $perms = get_all_perms($owner, $ob_hash); if(! $perms['view_storage']) { notice( t('Permission denied.') . EOL); return; } - // Since we have ACL'd files in the wild, but don't have ACL here yet, we - // need to return for anyone other than the owner, despite the perms check for now. + // Since we have ACL'd files in the wild, but don't have ACL here yet, we + // need to return for anyone other than the owner, despite the perms check for now. $is_owner = (((local_user()) && ($owner == local_user())) ? true : false); if(! $is_owner) { @@ -69,7 +77,6 @@ function filestorage_content(&$a) { return; } - if(argc() > 3 && argv(3) === 'delete') { if(! $perms['write_storage']) { notice( t('Permission denied.') . EOL); @@ -77,7 +84,7 @@ function filestorage_content(&$a) { } $file = intval(argv(2)); - $r = q("select hash from attach where id = %d and uid = %d limit 1", + $r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1", dbesc($file), intval($owner) ); @@ -86,11 +93,15 @@ function filestorage_content(&$a) { goaway(z_root() . '/cloud/' . $which); } - attach_delete($owner,$r[0]['hash']); - - goaway(z_root() . '/cloud/' . $which); - } + $f = $r[0]; + $channel = $a->get_channel(); + + $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); + attach_delete($owner, $f['hash']); + + goaway($parentpath); + } if(argc() > 3 && argv(3) === 'edit') { require_once('include/acl_selectors.php'); @@ -106,18 +117,16 @@ function filestorage_content(&$a) { ); $f = $r[0]; - $channel = $a->get_channel(); $cloudpath = get_cloudpath($f) . (($f['flags'] & ATTACH_FLAG_DIR) ? '?f=&davguest=1' : ''); $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); - $aclselect_e = populate_acl($f,false); + $aclselect_e = populate_acl($f, false); $is_a_dir = (($f['flags'] & ATTACH_FLAG_DIR) ? true : false); $lockstate = (($f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid']) ? 'lock' : 'unlock'); - $o = replace_macros(get_markup_template('attach_edit.tpl'), array( '$header' => t('Edit file permissions'), '$file' => $f, @@ -135,12 +144,10 @@ function filestorage_content(&$a) { '$cpdesc' => t('Copy/paste this code to attach file to a post'), '$cpldesc' => t('Copy/paste this URL to link file from a web page'), '$submit' => t('Submit') - )); return $o; - } + } goaway(z_root() . '/cloud/' . $which); - } |