aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/attach.php84
1 files changed, 73 insertions, 11 deletions
diff --git a/include/attach.php b/include/attach.php
index 152489179..2f77460a4 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -530,19 +530,75 @@ function attach_mkdir($channel,$observer_hash,$arr = null) {
$channel_id = $channel['channel_id'];
$sql_options = '';
- if(! perm_is_allowed($channel_id,get_observer_hash(),'write_storage')) {
+ $basepath = 'store/' . $channel['channel_address'];
+ if(! is_dir($basepath))
+ @mkdir($basepath,0700,true);
+
+
+ if(! perm_is_allowed($channel_id, get_observer_hash(),'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
- // Walk the directory tree from root to parent to make sure the parent is valid and name is unique.
- // FIXME
+ if(! $arr['filename']) {
+ $ret['message'] = t('Empty pathname');
+ return $ret;
+ }
$arr['hash'] = (($arr['hash']) ? $arr['hash'] : random_string());
+
+
+ // Check for duplicate name.
+ // Check both the filename and the hash as we will be making use of both.
+
+ $r = q("select hash from attach where ( filename = '%s' or hash = '%s' ) and folder = '%s' and uid = %d limit 1",
+ dbesc($arr['filename']),
+ dbesc($arr['hash']),
+ dbesc($arr['folder']),
+ intval($channel['channel_id'])
+ );
+ if($r) {
+ $ret['message'] = t('duplicate filename or path');
+ return $ret;
+ }
+
+ if($arr['folder']) {
+
+ // Walk the directory tree from parent back to root to make sure the parent is valid and name is unique and we
+ // have permission to see this path. This implies the root directory itself is public since we won't have permissions
+ // set on the psuedo-directory. We can however set permissions for anything and everything contained within it.
+
+ $lpath = '';
+ $lfile = $arr['folder'];
+ $sql_options = permissions_sql($channel);
+
+ do {
+ $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )
+ $sql_options limit 1",
+ intval($channel['channel_id']),
+ dbesc($lfile),
+ intval(ATTACH_FLAG_DIR)
+ );
+ if(! $r) {
+ $ret['message'] = t('Path not found.');
+ return $ret;
+ }
+ if($lfile)
+ $lpath = $r[0]['hash'] . '/' . $lpath;
+ $lfile = $r[0]['folder'];
+ } while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ;
+ $path = $basepath . '/' . $lpath;
+
+ }
+ else
+ $path = $basepath . '/';
+
+ $path .= $arr['hash'];
+
$created = datetime_convert();
- $r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, folder, flags, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )
+ $r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, folder, flags, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
intval($channel['channel_account_id']),
intval($channel_id),
@@ -552,22 +608,28 @@ function attach_mkdir($channel,$observer_hash,$arr = null) {
intval(0),
intval(0),
dbesc($arr['folder']),
- intval(ATTACH_FLAGS_DIR),
+ intval(ATTACH_FLAG_DIR),
dbesc(''),
dbesc($created),
dbesc($created),
- dbesc(($arr && array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : '<' . $channel['channel_hash'] . '>'),
+ dbesc(($arr && array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : ''),
dbesc(($arr && array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : ''),
dbesc(($arr && array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : ''),
dbesc(($arr && array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : '')
);
- if(! $r)
- $ret['message'] = t('database storage failed.');
- else {
- $ret['success'] = true;
- $ret['data'] = $arr;
+ if($r) {
+ if(mkdir($path,0700)) {
+ $ret['success'] = true;
+ $ret['data'] = $arr;
+ }
+ else {
+ logger('attach_mkdir: ' . mkdir . ' ' . $path . 'failed.');
+ $ret['message'] = t('mkdir failed.');
+ }
}
+ else
+ $ret['message'] = t('database storage failed.');
return $ret;