diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/attach.php | 73 | ||||
-rw-r--r-- | mod/editpost.php | 1 | ||||
-rw-r--r-- | mod/item.php | 53 | ||||
-rw-r--r-- | mod/wall_attach.php | 7 |
4 files changed, 127 insertions, 7 deletions
diff --git a/mod/attach.php b/mod/attach.php new file mode 100644 index 000000000..3953d3aa1 --- /dev/null +++ b/mod/attach.php @@ -0,0 +1,73 @@ +<?php + +function attach_init(&$a) { + + if($a->argc != 2) { + notice( t('Item not available.') . EOL); + return; + } + + $item_id = intval($a->argv[1]); + + $r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", + intval($item_id) + ); + if(! count($r)) { + notice( t('Item was not found.'). EOL); + return; + } + + $owner = $r[0]['uid']; + + $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; + + if(local_user() && ($owner == $_SESSION['uid'])) { + + // Owner can always see his/her photos + $sql_extra = ''; + + } + elseif(remote_user()) { + + // authenticated visitor - here lie dragons + + $groups = init_groups_visitor($_SESSION['visitor_id']); + $gs = '<<>>'; // should be impossible to match + if(count($groups)) { + foreach($groups as $g) + $gs .= '|<' . intval($g) . '>'; + } + + $sql_extra = sprintf( + " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) + AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) + AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) + AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", + + intval($_SESSION['visitor_id']), + intval($_SESSION['visitor_id']), + dbesc($gs), + dbesc($gs) + ); + } + + // Now we'll see if we can access the attachment + + $r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1", + dbesc($item_id) + ); + + if(count($r)) { + $data = $r[0]['data']; + } + else { + notice( t('Permission denied.') . EOL); + return; + } + + header('Content-type: ' . $r[0]['filetype']); + header('Content-disposition: attachment; filename=' . $r[0]['filename']); + echo $data; + killme(); + // NOTREACHED +}
\ No newline at end of file diff --git a/mod/editpost.php b/mod/editpost.php index d211074c9..cd0bbf223 100644 --- a/mod/editpost.php +++ b/mod/editpost.php @@ -87,6 +87,7 @@ function editpost_content(&$a) { '$action' => 'item', '$share' => t('Edit'), '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), diff --git a/mod/item.php b/mod/item.php index 1a7acadf3..6120b140b 100644 --- a/mod/item.php +++ b/mod/item.php @@ -218,6 +218,32 @@ function item_post(&$a) { } } + + $match = null; + + if(preg_match_all("/\[attachment\](.+?)\[\/attachment\]/",$body,$match)) { + $attaches = $match[1]; + if(count($attaches)) { + foreach($attaches as $attach) { + $r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval($profile_uid), + intval($attaches) + ); + if(count($r)) { + $r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' + WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval($profile_uid), + intval($attaches) + ); + } + } + } + } + + + + + /** * Fold multi-line [code] sequences */ @@ -322,6 +348,23 @@ function item_post(&$a) { } } + $attachments = ''; + + if(preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) { + foreach($match[2] as $mtch) { + $r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval($profile_uid), + intval($mtch) + ); + if(count($r)) { + if(strlen($attachments)) + $attachments .= ','; + $attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" size="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . $r[0]['filename'] . '"[/attach]'; + } + $body = str_replace($match[1],'',$body); + } + } + $wall = 0; if($post_type === 'wall' || $post_type === 'wall-comment') @@ -365,6 +408,7 @@ function item_post(&$a) { $datarray['deny_gid'] = $str_group_deny; $datarray['private'] = $private; $datarray['pubmail'] = $pubmail_enable; + $datarray['attach'] = $attachments; /** * These fields are for the convenience of plugins... @@ -399,11 +443,11 @@ function item_post(&$a) { else $post_id = 0; - +dbg(1); $r = q("INSERT INTO `item` (`uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `changed`, `uri`, `title`, `body`, `location`, `coord`, - `tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail` ) - VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )", + `tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach` ) + VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s' )", intval($datarray['uid']), dbesc($datarray['type']), intval($datarray['wall']), @@ -431,7 +475,8 @@ function item_post(&$a) { dbesc($datarray['deny_cid']), dbesc($datarray['deny_gid']), intval($datarray['private']), - intval($datarray['pubmail']) + intval($datarray['pubmail']), + dbesc($datarray['attach']) ); $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", diff --git a/mod/wall_attach.php b/mod/wall_attach.php index b539171cf..f18fd10b7 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -64,11 +64,12 @@ function wall_attach_post(&$a) { $mimetype = mime_content_type($src); $hash = random_string(); $created = datetime_convert(); -dbg(1); - $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` ) - VALUES ( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + + $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` ) + VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($page_owner_uid), dbesc($hash), + dbesc($filename), dbesc($mimetype), intval($filesize), dbesc($filedata), |