From e54ba7ecbc7391069b38d9f911bf77623d0ee582 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 20 Feb 2017 23:03:48 -0800
Subject: fix find_folder_hash_by_path() which was not safe against multiple
 attach structures with the same filename but in different directories

---
 include/attach.php | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

(limited to 'include/attach.php')

diff --git a/include/attach.php b/include/attach.php
index 5f0fa4ff8..79313ab1a 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -1477,20 +1477,34 @@ function find_folder_hash_by_attach_hash($channel_id, $attachHash, $recurse = fa
 
 function find_folder_hash_by_path($channel_id, $path) {
 
-	$filename = end(explode('/', $path));
+	if(! $path)
+		return '';
 
-	if($filename) {
-		$r = q("SELECT hash FROM attach WHERE uid = %d AND filename = '%s' LIMIT 1",
+	$comps        = explode('/',$path);
+	$errors       = false;
+	$parent_hash  = '';
+
+	for($x = 0; $x < count($comps); $x ++) {
+		$element = $comps[$x];
+		$r = q("SELECT hash FROM attach WHERE uid = %d AND filename = '%s' AND folder = '%s' LIMIT 1",
 			intval($channel_id),
-			dbesc($filename)
+			dbesc($element),
+			dbesc($parent_hash)
 		);
+		if($r) {
+			$parent_hash = $r[0]['hash'];
+		}
+		else {
+			$errors ++;
+			break;
+		}
 	}
 
-	$hash = '';
-	if($r && $r[0]['hash']) {
-		$hash = $r[0]['hash'];
-	}
-	return $hash;
+	if($errors)
+		return '';
+
+	return $parent_hash;
+
 }
 
 /**
-- 
cgit v1.2.3