From 370f8b84daabbde7bea6dfd5261c49cf5c0871ad Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 26 Oct 2013 14:48:03 -0700 Subject: include/reddav.php is the glue between Red attachments and the SabreDav interfaces. Much work remains beofre we're ready to actually use this interface. Think of it as a conceptual outline and I'm starting to fill it in from the top down. --- include/reddav.php | 154 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 include/reddav.php (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php new file mode 100644 index 000000000..64c109784 --- /dev/null +++ b/include/reddav.php @@ -0,0 +1,154 @@ +attach = $attach; + } + + + function delete() { + + } + + function getName() { + return $this->attach['filename']; + } + + function setName($newName) { + $this->attach['filename'] = $newName; + // FIXME save the DB record + } + + function getLastModified() { + return $this->attach['edited']; + } + +} + + +abstract class RedDirectory extends DAV\Node implements DAV\ICollection { + + private $red_path; + private $dir_key; + private $auth; + private $channel_id; + + function __construct($red_path,$auth_plugin) { + $this->red_path = $red_path; + $this->auth = $auth_plugin; + } + + function getChildren() { + + if(! perm_is_allowed($this->channel_id,'','view_storage')) + return array(); + + $ret = array(); + $r = q("select distinct filename from attach where folder = '%s' and uid = %d group by filename", + dbesc($this->dir_key), + intval($this->channel_id) + ); + if($r) { + foreach($r as $rr) { + $ret[] = $rr['filename']; + } + } + return $ret; + + } + + + function getChild($name) { + if(! perm_is_allowed($this->channel_id,'','view_storage')) { +//check this throw new DAV\Exception\PermissionDenied('Permission denied.'); + return; + } + + $r = q("select * from attach where folder = '%s' and filename = '%s' and uid = %d limit 1", + dbesc($this->dir_key), + dbesc($name), + dbesc($this->channel_id) + ); + if(! $r) { + throw new DAV\Exception\NotFound('The file with name: ' . $name . ' could not be found'); + } + + + } + + + function createFile($name,$data = null) { + + + } + + function createDirectory($name) { + + + + } + + + function childExists($name) { + $r = q("select distinct filename from attach where folder = '%s' and filename = '%s' and uid = %d group by filename", + dbesc($this->dir_key), + dbesc($name), + intval($this->channel_id) + ); + + + } + +} + + +abstract class RedFile extends DAV\Node implements DAV\IFile { + + private $data; + + + function __construct($data) { + $this->data = $data; + + } + + + + function put($data) { + + } + + + function get() { + + + } + + function getETag() { + + + + } + + + function getContentType() { + return $this->data['filetype']; + } + + + function getSize() { + return $this->data['filesize']; + } + +} + + + + + -- cgit v1.2.3 From c9f51d78605250582002627cf43fc38a4fb03d13 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 27 Oct 2013 18:35:40 -0700 Subject: a bit more progress on DAV driver --- include/reddav.php | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 64c109784..0f5204314 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -13,6 +13,18 @@ class RedInode implements DAV\INode { function delete() { + if(! perm_is_allowed($this->channel_id,'','view_storage')) + return; + if($this->attach['flags'] & ATTACH_FLAG_OS) { + // FIXME delete physical file + } + if($this->attach['flags'] & ATTACH_FLAG_DIR) { + // FIXME delete contents (recursive?) + } + + q("delete from attach where id = %d limit 1", + intval($this->attach['id']) + ); } @@ -21,8 +33,16 @@ class RedInode implements DAV\INode { } function setName($newName) { + + if((! $newName) || (! perm_is_allowed($this->channel_id,'','view_storage'))) + return; + $this->attach['filename'] = $newName; - // FIXME save the DB record + $r = q("update attach set filename = '%s' where id = %d limit 1", + dbesc($this->attach['filename']), + intval($this->attach['id']) + ); + } function getLastModified() { @@ -66,10 +86,12 @@ abstract class RedDirectory extends DAV\Node implements DAV\ICollection { function getChild($name) { if(! perm_is_allowed($this->channel_id,'','view_storage')) { -//check this throw new DAV\Exception\PermissionDenied('Permission denied.'); + throw new DAV\Exception\Forbidden('Permission denied.'); return; } +// FIXME check revisions + $r = q("select * from attach where folder = '%s' and filename = '%s' and uid = %d limit 1", dbesc($this->dir_key), dbesc($name), @@ -101,7 +123,9 @@ abstract class RedDirectory extends DAV\Node implements DAV\ICollection { dbesc($name), intval($this->channel_id) ); - + if($r) + return true; + return false; } -- cgit v1.2.3 From 5c98d5eaaed2cb342c7e823f5893c0d0d4e19de5 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 28 Oct 2013 18:43:49 -0700 Subject: doco --- include/reddav.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 0f5204314..c24414610 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -15,6 +15,24 @@ class RedInode implements DAV\INode { function delete() { if(! perm_is_allowed($this->channel_id,'','view_storage')) return; + + /** + * Since I don't believe this is documented elsewhere - + * ATTACH_FLAG_OS means that the file contents are stored in the OS + * rather than in the DB - as is the case for attachments. + * Exactly how they are stored (what path and filename) are still + * TBD. We will probably not be using the original filename but + * instead the attachment 'hash' as this will prevent folks from + * uploading PHP code onto misconfigured servers and executing it. + * It's easy to misconfigure servers because we can provide a + * rule for Apache, but folks using nginx will then be susceptible. + * Then there are those who don't understand these kinds of exploits + * and don't have any idea allowing uploaded PHP files to be executed + * by the server could be a problem. We also don't have any idea what + * executable types are served on their system - like .py, .pyc, .pl, .sh + * .cgi, .exe, .bat, .net, whatever. + */ + if($this->attach['flags'] & ATTACH_FLAG_OS) { // FIXME delete physical file } -- cgit v1.2.3 From 057d885baf670467443dea0da0797b9289b919b4 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 1 Jan 2014 16:07:36 -0800 Subject: return to working on red-dav; This is a bit of a slog at the moment and the basic framework isn't even close to working. This does break the working test we did have (which was never connected to the Red backend). Now we're starting to connect Red and DAV together intimately. There will probably be some twists and turns along the way as we get the information we need into all the class objects that need them. But the important part is that the RedDirectory and RedFile classes are loading without throwing white screens and from here we can use logging to figure out what the DAV front end is trying to do and what it is passing to the backend and hopefully figure out what it expects to do with the results. Unless you're a competent developer with a strong background in OOP and are helping develop this code, you should keep it an arm's length away from any production site and don't even think of enabling it. By default it is turned off. --- include/reddav.php | 116 ++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 102 insertions(+), 14 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index c24414610..ab127afaa 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -1,7 +1,7 @@ red_path = $red_path; $this->auth = $auth_plugin; + logger('RedDirectory: ' . print_r($this->auth,true)); + } function getChildren() { - if(! perm_is_allowed($this->channel_id,'','view_storage')) + logger('RedDirectory::getChildren : ' . print_r($this->auth,true)); + + if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) return array(); + if($this->red_path === '/' . $this->auth->channel_name) { + + return new RedFile('/' . $this->auth->channel_name . '/' . 'test',$this->auth); + + } + + + $ret = array(); $r = q("select distinct filename from attach where folder = '%s' and uid = %d group by filename", dbesc($this->dir_key), @@ -103,23 +118,51 @@ abstract class RedDirectory extends DAV\Node implements DAV\ICollection { function getChild($name) { - if(! perm_is_allowed($this->channel_id,'','view_storage')) { + + + logger('RedDirectory::getChild : ' . $name); + logger('RedDirectory::getChild red_path : ' . $this->red_path); + + logger('RedDirectory::getChild : ' . print_r($this->auth,true)); + + + if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) { throw new DAV\Exception\Forbidden('Permission denied.'); return; } -// FIXME check revisions + + // These should be constants + + if($this->red_path == 'store' && $name == 'cloud') { + return new RedDirectory('/' . $this->auth->channel_name,$this->auth); + } + + if($this->red_path === '/' . $this->auth->channel_name) { + + return new RedFile('/' . $this->auth->channel_name . '/' . 'test',$this->auth); + + } + + // FIXME check file revisions + $r = q("select * from attach where folder = '%s' and filename = '%s' and uid = %d limit 1", dbesc($this->dir_key), dbesc($name), - dbesc($this->channel_id) + dbesc($this->auth->channel_id) ); if(! $r) { throw new DAV\Exception\NotFound('The file with name: ' . $name . ' could not be found'); } + } + + function getName() { + logger('RedDirectory::getName : ' . print_r($this->auth,true)); + + } @@ -136,10 +179,13 @@ abstract class RedDirectory extends DAV\Node implements DAV\ICollection { function childExists($name) { + + logger('RedDirectory::childExists : ' . print_r($this->auth,true)); + $r = q("select distinct filename from attach where folder = '%s' and filename = '%s' and uid = %d group by filename", dbesc($this->dir_key), dbesc($name), - intval($this->channel_id) + intval($this->auth->channel_id) ); if($r) return true; @@ -150,17 +196,27 @@ abstract class RedDirectory extends DAV\Node implements DAV\ICollection { } -abstract class RedFile extends DAV\Node implements DAV\IFile { +class RedFile extends DAV\Node implements DAV\IFile { private $data; + private $auth; + private $name; + function __construct($name, &$auth) { + logger('RedFile::_construct: ' . $name); + $this->name = $name; + $this->auth = $auth; + $this->data = RedFileData($name,$auth); - function __construct($data) { - $this->data = $data; - + logger('RedFile::_construct: ' . print_r($this->data,true)); } + function getName() { + logger('RedFile::getName'); + return basename($data); + + } function put($data) { @@ -180,17 +236,49 @@ abstract class RedFile extends DAV\Node implements DAV\IFile { function getContentType() { - return $this->data['filetype']; + $type = 'text/plain'; + return $type; + +// return $this->data['filetype']; } function getSize() { - return $this->data['filesize']; + return 33122; +// return $this->data['filesize']; } } +function RedFileData($file, $auth) { + + if(substr($file,0,1) !== '/') + return null; + $path_arr = explode('/',$file); + if(! $path_arr) + return null; + + $channel_name = $path_arr[0]; + + $folder = ''; + + for($x = 1; $x < count($path_arr); $x ++) { + + $r = q("select distinct filename from attach where folder = '%s' and filename = '%s' and uid = %d group by filename", + dbesc($folder), + dbesc($path_arr[$x]), + intval($this->auth->channel_id) + ); + + if($r && ( $r[0]['flags'] && ATTACH_FLAG_DIR)) { + $folder = $r[0]['filename']; + } + } + + return $r[0]; + +} -- cgit v1.2.3 From ad08561d84fa73e672b3621c511a95714f4ba99e Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 2 Jan 2014 01:09:57 -0800 Subject: some DAV tweaks before the next round of heavy lifting --- include/reddav.php | 260 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 193 insertions(+), 67 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index ab127afaa..704c13017 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -73,46 +73,39 @@ class RedInode implements DAV\INode { class RedDirectory extends DAV\Node implements DAV\ICollection { private $red_path; + private $ext_path; private $root_dir = ''; - private $dir_key; +// private $dir_key; private $auth; - private $channel_id; +// private $channel_id; - function __construct($red_path,&$auth_plugin) { - logger('RedDirectory::__construct()'); - $this->red_path = $red_path; + function __construct($ext_path,&$auth_plugin) { + logger('RedDirectory::__construct() ' . $ext_path); + $this->ext_path = $ext_path; + $this->red_path = ((strpos($ext_path,'/cloud') === 0) ? substr($ext_path,6) : $ext_path); + if(! $this->red_path) + $this->red_path = '/'; $this->auth = $auth_plugin; - logger('RedDirectory: ' . print_r($this->auth,true)); + logger('Red_Directory: ' . print_r($this,true)); + } function getChildren() { - logger('RedDirectory::getChildren : ' . print_r($this->auth,true)); - - if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) - return array(); - - if($this->red_path === '/' . $this->auth->channel_name) { - - return new RedFile('/' . $this->auth->channel_name . '/' . 'test',$this->auth); + logger('RedDirectory::getChildren : ' . print_r($this,true)); + if(get_config('system','block_public') && (! $this->auth->channel_id) && (! $this->auth->observer)) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; } + if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) + return array(); - $ret = array(); - $r = q("select distinct filename from attach where folder = '%s' and uid = %d group by filename", - dbesc($this->dir_key), - intval($this->channel_id) - ); - if($r) { - foreach($r as $rr) { - $ret[] = $rr['filename']; - } - } - return $ret; + return RedCollectionData($this->red_path,$this->auth); } @@ -121,48 +114,34 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { logger('RedDirectory::getChild : ' . $name); - logger('RedDirectory::getChild red_path : ' . $this->red_path); - - logger('RedDirectory::getChild : ' . print_r($this->auth,true)); - + logger('RedDirectory::getChild : ' . print_r($this,true)); - if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) { + if(get_config('system','block_public') && (! $this->auth->channel_id) && (! $this->auth->observer)) { throw new DAV\Exception\Forbidden('Permission denied.'); return; } - - - // These should be constants - - if($this->red_path == 'store' && $name == 'cloud') { - return new RedDirectory('/' . $this->auth->channel_name,$this->auth); + + if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; } - - if($this->red_path === '/' . $this->auth->channel_name) { - - return new RedFile('/' . $this->auth->channel_name . '/' . 'test',$this->auth); + if($this->red_path === '/' && $name === 'cloud') { + return new RedDirectory('/cloud', $this->auth); } - // FIXME check file revisions - - - $r = q("select * from attach where folder = '%s' and filename = '%s' and uid = %d limit 1", - dbesc($this->dir_key), - dbesc($name), - dbesc($this->auth->channel_id) - ); - if(! $r) { - throw new DAV\Exception\NotFound('The file with name: ' . $name . ' could not be found'); - } + $x = RedFileData('/cloud' . (($this->red_path === '/') ? '' : '/') . '/' . $name, $this->auth); + logger('RedFileData returns: ' . print_r($x,true)); + if($x) + return $x; + throw new DAV\Exception\NotFound('The file with name: ' . $name . ' could not be found'); } function getName() { - logger('RedDirectory::getName : ' . print_r($this->auth,true)); - - + logger('RedDirectory::getName : ' . print_r($this,true)); + return (basename($this->red_path)); } @@ -250,34 +229,181 @@ class RedFile extends DAV\Node implements DAV\IFile { } +function RedChannelList(&$auth) { -function RedFileData($file, $auth) { + $ret = array(); + $r = q("select channel_address from channel where not (channel_pageflags & %d)", + intval(PAGE_REMOVED) + ); - if(substr($file,0,1) !== '/') - return null; - $path_arr = explode('/',$file); + if($r) { + foreach($r as $rr) { + $ret[] = new RedDirectory('/cloud/' . $rr['channel_address'],$auth); + } + } + return $ret; + +} + + +function RedCollectionData($file,&$auth) { + + $ret = array(); + + + $x = strpos($file,'/cloud'); + if($x === 0) { + $file = substr($file,6); + } + + if((! $file) || ($file === '/')) { + return RedChannelList($auth); + + } + + $file = trim($file,'/'); + $path_arr = explode('/', $file); + if(! $path_arr) return null; $channel_name = $path_arr[0]; + $r = q("select channel_id from channel where channel_name = '%s' limit 1", + dbesc($channel_name) + ); + if(! $r) + return null; + + $channel_id = $r[0]['channel_id']; + + $path = '/' . $channel_name; + $folder = ''; - for($x = 1; $x < count($path_arr); $x ++) { - - $r = q("select distinct filename from attach where folder = '%s' and filename = '%s' and uid = %d group by filename", + for($x = 1; $x < count($path_arr); $x ++) { + $r = q("hash, filename, flags from attach where folder = '%s' and (flags & %d)", dbesc($folder), - dbesc($path_arr[$x]), - intval($this->auth->channel_id) + intval($channel_id), + intval(ATTACH_FLAG_DIR) ); + if($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { + $folder = $r[0]['hash']; + $path = $path . '/' . $r[0]['filename']; + } + } - if($r && ( $r[0]['flags'] && ATTACH_FLAG_DIR)) { - $folder = $r[0]['filename']; - } + if($path !== '/' . $file) { + logger("RedCollectionData: Path mismatch: $path !== /$file"); + return NULL; + } + + $ret = array(); + + $r = q("select filename from attach where folder = '%s' group by filename", + dbesc($folder), + intval($channel_id), + intval(ATTACH_FLAG_DIR) + ); + + foreach($r as $rr) { + if($rr['flags'] & ATTACH_FLAG_DIR) + $ret[] = new RedDirectory('/cloud' . $path . '/' . $rr['filename'],$auth); + else + $ret[] = newRedFile('/cloud' . $path . '/' . $rr['filename'],$auth); + } + + return $ret; + +} + +function RedFileData($file, &$auth) { + +logger('RedFileData:' . $file); + + + $x = strpos($file,'/cloud'); + if($x === 0) { + $file = substr($file,6); + } + +logger('RedFileData2: ' . $file); + + if((! $file) || ($file === '/')) { + return RedDirectory('/',$auth); + + } + + $file = trim($file,'/'); + +logger('file=' . $file); + + $path_arr = explode('/', $file); + + if(! $path_arr) + return null; + + logger("file = $file - path = " . print_r($path_arr,true)); + + $channel_name = $path_arr[0]; +//dbg(1); + + $r = q("select channel_id from channel where channel_address = '%s' limit 1", + dbesc($channel_name) + ); + +//dbg(0); + + if(! $r) + return null; + + $channel_id = $r[0]['channel_id']; + + $path = '/' . $channel_name; + + $folder = ''; +//dbg(1); + for($x = 1; $x < count($path_arr); $x ++) { + $r = q("hash, filename, flags from attach where folder = '%s' and uid = %d and (flags & %d)", + dbesc($folder), + intval($channel_id), + intval(ATTACH_FLAG_DIR) + ); + if($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { + $folder = $r[0]['hash']; + $path = $path . '/' . $r[0]['filename']; + } + } +//dbg(0); + + if($path === '/' . $file) { + // final component was a directory. + return new RedDirectory('/cloud/' . $file,$auth); + } + +// //if($path !== dirname($file)) { +// logger("RedFileData: Path mismatch: $path !== dirname($file)"); +// return NULL; +// } + + $ret = array(); +//dbg(1); + $r = q("select filename from attach where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", + dbesc($folder), + basename($file), + intval($channel_id) + + ); +//dbg(0); + foreach($r as $rr) { + if($rr['flags'] & ATTACH_FLAG_DIR) + $ret[] = new RedDirectory($path . '/' . $rr['filename'],$auth); + else + $ret[] = newRedFile($path . '/' . $rr['filename'],$auth); } - return $r[0]; + return $ret[0]; } -- cgit v1.2.3 From a1c198814d4ae82314f87610b2ea2157e11e6b7c Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 2 Jan 2014 17:49:39 -0800 Subject: basic browsing and file retrieval for webdav working - uploads not yet. A lot of permissions stuff is in place so it's marginally (but probably not completely) permission controlled --- include/reddav.php | 185 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 126 insertions(+), 59 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 704c13017..97903edb2 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -75,9 +75,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { private $red_path; private $ext_path; private $root_dir = ''; -// private $dir_key; private $auth; -// private $channel_id; + function __construct($ext_path,&$auth_plugin) { @@ -101,9 +100,10 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { return; } - if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) - return array(); - + if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; + } return RedCollectionData($this->red_path,$this->auth); @@ -130,8 +130,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { return new RedDirectory('/cloud', $this->auth); } - - $x = RedFileData('/cloud' . (($this->red_path === '/') ? '' : '/') . '/' . $name, $this->auth); + $x = RedFileData($this->ext_path . '/' . $name, $this->auth); logger('RedFileData returns: ' . print_r($x,true)); if($x) return $x; @@ -141,16 +140,29 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { function getName() { logger('RedDirectory::getName : ' . print_r($this,true)); + logger('RedDirectory::getName returns: ' . basename($this->red_path)); + return (basename($this->red_path)); } + + function createFile($name,$data = null) { + if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage')) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; + } + } function createDirectory($name) { + if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage')) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; + } @@ -161,12 +173,13 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { logger('RedDirectory::childExists : ' . print_r($this->auth,true)); - $r = q("select distinct filename from attach where folder = '%s' and filename = '%s' and uid = %d group by filename", - dbesc($this->dir_key), - dbesc($name), - intval($this->auth->channel_id) - ); - if($r) + if($this->red_path === '/' && $name === 'cloud') { + return true; + } + + $x = RedFileData($this->ext_path . '/' . $name, $this->auth); + logger('RedFileData returns: ' . print_r($x,true)); + if($x) return true; return false; @@ -181,65 +194,101 @@ class RedFile extends DAV\Node implements DAV\IFile { private $auth; private $name; - function __construct($name, &$auth) { + function __construct($name, $data, &$auth) { logger('RedFile::_construct: ' . $name); $this->name = $name; + $this->data = $data; $this->auth = $auth; - $this->data = RedFileData($name,$auth); logger('RedFile::_construct: ' . print_r($this->data,true)); } function getName() { - logger('RedFile::getName'); - return basename($data); + logger('RedFile::getName: ' . basename($this->name)); + return basename($this->name); } - function put($data) { + + function setName($newName) { + logger('RedFile::setName: ' . basename($this->name) . ' -> ' . $newName); + + if((! $newName) || (! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage'))) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; + } + + $newName = str_replace('/','%2F',$newName); + + $r = q("update attach set filename = '%s' where hash = '%s' and id = %d limit 1", + dbesc($this->data['filename']), + intval($this->data['id']) + ); } + + function put($data) { + logger('RedFile::put: ' . basename($this->name)); + $r = q("update attach set data = '%s' where hash = '%s' and uid = %d limit 1", + dbesc($data), + dbesc($this->data['hash']), + intval($this->data['uid']) + ); + } + + function get() { + logger('RedFile::get: ' . basename($this->name)); + $r = q("select data from attach where hash = '%s' and uid = %d limit 1", + dbesc($this->data['hash']), + intval($this->data['uid']) + ); + if($r) return $r[0]['data']; } function getETag() { - - + logger('RedFile::getETag: ' . basename($this->name)); + return $this->data['hash']; } function getContentType() { - $type = 'text/plain'; - return $type; - -// return $this->data['filetype']; + return $this->data['filetype']; } function getSize() { - return 33122; -// return $this->data['filesize']; + return $this->data['filesize']; } + + function getLastModified() { + logger('RedFile::getLastModified: ' . basename($this->name)); + return $this->data['edited']; + } + + } function RedChannelList(&$auth) { $ret = array(); - $r = q("select channel_address from channel where not (channel_pageflags & %d)", + $r = q("select channel_id, channel_address from channel where not (channel_pageflags & %d)", intval(PAGE_REMOVED) ); if($r) { foreach($r as $rr) { - $ret[] = new RedDirectory('/cloud/' . $rr['channel_address'],$auth); + if(perm_is_allowed($rr['channel_id'],$auth->observer,'view_storage')) { + $ret[] = new RedDirectory('/cloud/' . $rr['channel_address'],$auth); + } } } return $ret; @@ -251,12 +300,14 @@ function RedCollectionData($file,&$auth) { $ret = array(); - $x = strpos($file,'/cloud'); if($x === 0) { $file = substr($file,6); } + +logger('RedCollectionData: ' . $file); + if((! $file) || ($file === '/')) { return RedChannelList($auth); @@ -270,9 +321,12 @@ function RedCollectionData($file,&$auth) { $channel_name = $path_arr[0]; - $r = q("select channel_id from channel where channel_name = '%s' limit 1", + $r = q("select channel_id from channel where channel_address = '%s' limit 1", dbesc($channel_name) ); + +logger('dbg1: ' . print_r($r,true)); + if(! $r) return null; @@ -283,7 +337,7 @@ function RedCollectionData($file,&$auth) { $folder = ''; for($x = 1; $x < count($path_arr); $x ++) { - $r = q("hash, filename, flags from attach where folder = '%s' and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and (flags & %d)", dbesc($folder), intval($channel_id), intval(ATTACH_FLAG_DIR) @@ -294,6 +348,8 @@ function RedCollectionData($file,&$auth) { } } +logger('dbg2: ' . print_r($r,true)); + if($path !== '/' . $file) { logger("RedCollectionData: Path mismatch: $path !== /$file"); return NULL; @@ -301,17 +357,19 @@ function RedCollectionData($file,&$auth) { $ret = array(); - $r = q("select filename from attach where folder = '%s' group by filename", + + $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d group by filename", dbesc($folder), - intval($channel_id), - intval(ATTACH_FLAG_DIR) + intval($channel_id) ); +logger('dbg2: ' . print_r($r,true)); + foreach($r as $rr) { if($rr['flags'] & ATTACH_FLAG_DIR) $ret[] = new RedDirectory('/cloud' . $path . '/' . $rr['filename'],$auth); else - $ret[] = newRedFile('/cloud' . $path . '/' . $rr['filename'],$auth); + $ret[] = new RedFile('/cloud' . $path . '/' . $rr['filename'],$rr,$auth); } return $ret; @@ -347,13 +405,13 @@ logger('file=' . $file); logger("file = $file - path = " . print_r($path_arr,true)); $channel_name = $path_arr[0]; -//dbg(1); + $r = q("select channel_id from channel where channel_address = '%s' limit 1", dbesc($channel_name) ); -//dbg(0); + logger('dbg0: ' . print_r($r,true)); if(! $r) return null; @@ -364,46 +422,55 @@ logger('file=' . $file); $folder = ''; //dbg(1); + + require_once('include/security.php'); + $perms = permissions_sql($channel_id); + + $errors = false; + for($x = 1; $x < count($path_arr); $x ++) { - $r = q("hash, filename, flags from attach where folder = '%s' and uid = %d and (flags & %d)", +dbg(1); + $r = q("select id, hash, filename, flags from attach where folder = '%s' and uid = %d and (flags & %d) $perms", dbesc($folder), intval($channel_id), intval(ATTACH_FLAG_DIR) ); +dbg(0); + logger('dbg1: ' . print_r($r,true)); + if($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { $folder = $r[0]['hash']; $path = $path . '/' . $r[0]['filename']; } + if(! $r) { + $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach + where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", + dbesc($folder), + basename($file), + intval($channel_id) + + ); + } + if(! $r) + $errors = true; } -//dbg(0); + + logger('dbg1: ' . print_r($r,true)); if($path === '/' . $file) { // final component was a directory. return new RedDirectory('/cloud/' . $file,$auth); } -// //if($path !== dirname($file)) { -// logger("RedFileData: Path mismatch: $path !== dirname($file)"); -// return NULL; -// } - - $ret = array(); -//dbg(1); - $r = q("select filename from attach where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", - dbesc($folder), - basename($file), - intval($channel_id) - - ); -//dbg(0); - foreach($r as $rr) { - if($rr['flags'] & ATTACH_FLAG_DIR) - $ret[] = new RedDirectory($path . '/' . $rr['filename'],$auth); - else - $ret[] = newRedFile($path . '/' . $rr['filename'],$auth); + if($errors) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; } - return $ret[0]; + if($r[0]['flags'] & ATTACH_FLAG_DIR) + return new RedDirectory('/cloud' . $path . '/' . $r[0]['filename'],$auth); + else + return new RedFile('/cloud' . $path . '/' . $r[0]['filename'],$r[0],$auth); } -- cgit v1.2.3 From 475b24ca9e758b257bde6f81c727178ae8b64bec Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 3 Jan 2014 01:44:25 -0800 Subject: more dav work --- include/reddav.php | 79 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 71 insertions(+), 8 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 97903edb2..79c68a000 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -3,6 +3,8 @@ use Sabre\DAV; require_once('vendor/autoload.php'); +require_once('include/attach.php'); + class RedInode implements DAV\INode { private $attach; @@ -149,15 +151,56 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { function createFile($name,$data = null) { + logger('RedDirectory::createFile : ' . $name); + logger('RedDirectory::createFile : ' . print_r($this,true)); + + logger('createFile():' . stream_get_contents($data)); + + if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage')) { + logger('createFile: permission denied'); throw new DAV\Exception\Forbidden('Permission denied.'); return; } + $mimetype = z_mime_content_type($name); + + + $c = q("select * from channel where channel_id = %d limit 1", + intval($this->auth->channel_id) + ); + + + $filesize = 0; + $hash = random_string(); +dbg(1); + + $r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited ) + VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s' ) ", + intval($c[0]['channel_account_id']), + intval($c[0]['channel_id']), + dbesc($hash), + dbesc($name), + dbesc($mimetype), + intval($filesize), + intval(0), + dbesc(stream_get_contents($data)), + dbesc(datetime_convert()), + dbesc(datetime_convert()) + ); + + $r = q("update attach set filesize = length(data) where hash = '%s' and uid = %d limit 1", + dbesc($hash), + intval($c[0]['channel_id']) + ); + +dbg(0); + } + function createDirectory($name) { if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage')) { throw new DAV\Exception\Forbidden('Permission denied.'); @@ -166,6 +209,12 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { + + + + + + } @@ -174,10 +223,11 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { logger('RedDirectory::childExists : ' . print_r($this->auth,true)); if($this->red_path === '/' && $name === 'cloud') { + logger('RedDirectory::childExists /cloud: true'); return true; } - $x = RedFileData($this->ext_path . '/' . $name, $this->auth); + $x = RedFileData($this->ext_path . '/' . $name, $this->auth,true); logger('RedFileData returns: ' . print_r($x,true)); if($x) return true; @@ -232,11 +282,20 @@ class RedFile extends DAV\Node implements DAV\IFile { function put($data) { logger('RedFile::put: ' . basename($this->name)); + logger('put():' . stream_get_contents($data)); + +dbg(1); $r = q("update attach set data = '%s' where hash = '%s' and uid = %d limit 1", - dbesc($data), + dbesc(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']) ); + $r = q("update attach set filesize = length(data) where hash = '%s' and uid = %d limit 1", + dbesc($this->data['hash']), + intval($this->data['uid']) + ); +dbg(0); + } @@ -376,7 +435,7 @@ logger('dbg2: ' . print_r($r,true)); } -function RedFileData($file, &$auth) { +function RedFileData($file, &$auth,$test = false) { logger('RedFileData:' . $file); @@ -463,15 +522,19 @@ dbg(0); } if($errors) { + if($test) + return false; throw new DAV\Exception\Forbidden('Permission denied.'); return; } - if($r[0]['flags'] & ATTACH_FLAG_DIR) - return new RedDirectory('/cloud' . $path . '/' . $r[0]['filename'],$auth); - else - return new RedFile('/cloud' . $path . '/' . $r[0]['filename'],$r[0],$auth); - + if($r) { + if($r[0]['flags'] & ATTACH_FLAG_DIR) + return new RedDirectory('/cloud' . $path . '/' . $r[0]['filename'],$auth); + else + return new RedFile('/cloud' . $path . '/' . $r[0]['filename'],$r[0],$auth); + } + return false; } -- cgit v1.2.3 From 061894d37f9883c8c5033a2e75337660dbc39ad9 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 16:00:05 -0800 Subject: reddav - basic mkdir support - needs more work to be robust --- include/reddav.php | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 104 insertions(+), 5 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 79c68a000..beec0ac21 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -75,12 +75,12 @@ class RedInode implements DAV\INode { class RedDirectory extends DAV\Node implements DAV\ICollection { private $red_path; + private $folder_hash; private $ext_path; private $root_dir = ''; private $auth; - function __construct($ext_path,&$auth_plugin) { logger('RedDirectory::__construct() ' . $ext_path); $this->ext_path = $ext_path; @@ -89,7 +89,9 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $this->red_path = '/'; $this->auth = $auth_plugin; logger('Red_Directory: ' . print_r($this,true)); + $this->folder_hash = ''; + $this->getDir(); } @@ -202,12 +204,24 @@ dbg(0); function createDirectory($name) { - if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage')) { + + logger('RedDirectory::createDirectory: ' . $name); + + if((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); return; } + $r = q("select * from channel where channel_id = %d limit 1", + dbesc($this->auth->owner_id) + ); + + if($r) { + $result = attach_mkdir($r[0],$this->auth->observer,array('filename' => $name,'folder' => $this->folder_hash)); + logger('RedDirectory::createDirectory: ' . print_r($result,true)); + + } @@ -235,6 +249,64 @@ dbg(0); } + function getDir() { + + logger('getDir: ' . $this->ext_path); + + $x = strpos($this->ext_path,'/cloud'); + if($x === false) + return; + if($x === 0) { + $file = substr($file,6); + } + + if((! $file) || ($file === '/')) { + return; + } + + $file = trim($file,'/'); + $path_arr = explode('/', $file); + + if(! $path_arr) + return; + + $channel_name = $path_arr[0]; + + $r = q("select channel_id from channel where channel_address = '%s' limit 1", + dbesc($channel_name) + ); + + if(! $r) + return; + + $channel_id = $r[0]['channel_id']; + $this->auth->owner_id = $channel_id; + + $path = '/' . $channel_name; + + $folder = ''; + + for($x = 1; $x < count($path_arr); $x ++) { +dbg(1); + $r = q("select id, hash, filename, flags from attach where folder = '%s' and (flags & %d)", + dbesc($folder), + intval($channel_id), + intval(ATTACH_FLAG_DIR) + ); +dbg(0); + if($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { + $folder = $r[0]['hash']; + $path = $path . '/' . $r[0]['filename']; + } + } + $this->folder_hash = $folder; + return; + } + + + + + } @@ -390,6 +462,7 @@ logger('dbg1: ' . print_r($r,true)); return null; $channel_id = $r[0]['channel_id']; + $auth->owner_id = $channel_id; $path = '/' . $channel_name; @@ -437,7 +510,7 @@ logger('dbg2: ' . print_r($r,true)); function RedFileData($file, &$auth,$test = false) { -logger('RedFileData:' . $file); +logger('RedFileData:' . $file . (($test) ? ' (test mode) ' : '')); $x = strpos($file,'/cloud'); @@ -479,6 +552,11 @@ logger('file=' . $file); $path = '/' . $channel_name; + $auth->owner_id = $channel_id; + + $permission_error = false; + + $folder = ''; //dbg(1); @@ -510,13 +588,27 @@ dbg(0); ); } - if(! $r) + if(! $r) { + $errors = true; + $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach + where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", + dbesc($folder), + basename($file), + intval($channel_id) + ); + if($r) + $permission_error = true; + + } + } logger('dbg1: ' . print_r($r,true)); if($path === '/' . $file) { + if($test) + return true; // final component was a directory. return new RedDirectory('/cloud/' . $file,$auth); } @@ -524,11 +616,18 @@ dbg(0); if($errors) { if($test) return false; - throw new DAV\Exception\Forbidden('Permission denied.'); + if($permission_error) { + logger('RedFileData: permission error'); + throw new DAV\Exception\Forbidden('Permission denied.'); + } + logger('RedFileData: not found'); return; } if($r) { + if($test) + return true; + if($r[0]['flags'] & ATTACH_FLAG_DIR) return new RedDirectory('/cloud' . $path . '/' . $r[0]['filename'],$auth); else -- cgit v1.2.3 From 0297241a64b41fdac34d5fa0bd1cb03a961a88e3 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 16:37:07 -0800 Subject: some dav cleanup --- include/reddav.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index beec0ac21..1e2962972 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -104,13 +104,13 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { return; } - if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) { + if(($this->auth->owner_id) && (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'view_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); return; } - return RedCollectionData($this->red_path,$this->auth); - + $contents = RedCollectionData($this->red_path,$this->auth); + return $contents; } @@ -469,9 +469,9 @@ logger('dbg1: ' . print_r($r,true)); $folder = ''; for($x = 1; $x < count($path_arr); $x ++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d)", dbesc($folder), - intval($channel_id), + dbesc($path_arr[$x]), intval(ATTACH_FLAG_DIR) ); if($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { @@ -567,8 +567,9 @@ logger('file=' . $file); for($x = 1; $x < count($path_arr); $x ++) { dbg(1); - $r = q("select id, hash, filename, flags from attach where folder = '%s' and uid = %d and (flags & %d) $perms", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) $perms", dbesc($folder), + dbesc($path_arr[$x]), intval($channel_id), intval(ATTACH_FLAG_DIR) ); -- cgit v1.2.3 From d0be9d3b23ee980fde94e1a8130ddfa070ee4dba Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 17:28:19 -0800 Subject: dav uploading actually works - there's just an issue with the AnyClient running through a proxy. There are probably still some issues with tree structure, but you should be able to use your personal cloud in your top level storage directory now. --- include/reddav.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 1e2962972..f5298884a 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -156,7 +156,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { logger('RedDirectory::createFile : ' . $name); logger('RedDirectory::createFile : ' . print_r($this,true)); - logger('createFile():' . stream_get_contents($data)); +// logger('createFile():' . stream_get_contents($data)); if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage')) { @@ -354,7 +354,7 @@ class RedFile extends DAV\Node implements DAV\IFile { function put($data) { logger('RedFile::put: ' . basename($this->name)); - logger('put():' . stream_get_contents($data)); +// logger('put():' . stream_get_contents($data)); dbg(1); $r = q("update attach set data = '%s' where hash = '%s' and uid = %d limit 1", -- cgit v1.2.3 From cbc34a40adc167de5c0c263f0407ba721d0f973e Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 17:42:56 -0800 Subject: reddav: bring permissions up to date with recent code changes --- include/reddav.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index f5298884a..d3a7b35b5 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -125,7 +125,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { return; } - if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) { + if(($this->auth->owner_id) && (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'view_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); return; } @@ -159,7 +159,13 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { // logger('createFile():' . stream_get_contents($data)); - if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage')) { + if(! $this->auth->owner_id) { + logger('createFile: permission denied'); + throw new DAV\Exception\Forbidden('Permission denied.'); + return; + } + + if(! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage')) { logger('createFile: permission denied'); throw new DAV\Exception\Forbidden('Permission denied.'); return; @@ -336,7 +342,7 @@ class RedFile extends DAV\Node implements DAV\IFile { function setName($newName) { logger('RedFile::setName: ' . basename($this->name) . ' -> ' . $newName); - if((! $newName) || (! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage'))) { + if((! $newName) || (! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); return; } -- cgit v1.2.3 From bcb812b2f8b4466b9dd76ca280d328a80638c8de Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 17:54:20 -0800 Subject: set channel default permissions on file creation --- include/reddav.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index d3a7b35b5..65b14fe60 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -184,8 +184,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { dbg(1); - $r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited ) - VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s' ) ", + $r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) + VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), @@ -195,7 +195,13 @@ dbg(1); intval(0), dbesc(stream_get_contents($data)), dbesc(datetime_convert()), - dbesc(datetime_convert()) + dbesc(datetime_convert()), + dbesc($[0]['channel_allow_cid']), + dbesc($[0]['channel_allow_gid']), + dbesc($[0]['channel_deny_cid']), + dbesc($[0]['channel_deny_gid']), + + ); $r = q("update attach set filesize = length(data) where hash = '%s' and uid = %d limit 1", -- cgit v1.2.3 From ea251d2939d30036b01d4e7b6215e9d90947a176 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 18:18:39 -0800 Subject: typos --- include/reddav.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 65b14fe60..8d2b8050f 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -196,10 +196,10 @@ dbg(1); dbesc(stream_get_contents($data)), dbesc(datetime_convert()), dbesc(datetime_convert()), - dbesc($[0]['channel_allow_cid']), - dbesc($[0]['channel_allow_gid']), - dbesc($[0]['channel_deny_cid']), - dbesc($[0]['channel_deny_gid']), + dbesc($c[0]['channel_allow_cid']), + dbesc($c[0]['channel_allow_gid']), + dbesc($c[0]['channel_deny_cid']), + dbesc($c[0]['channel_deny_gid']), ); -- cgit v1.2.3 From 56f4b0f976cd4397d145756b6481cbc17eeae90f Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 18:19:56 -0800 Subject: more syntax --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 8d2b8050f..b8604978f 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -199,7 +199,7 @@ dbg(1); dbesc($c[0]['channel_allow_cid']), dbesc($c[0]['channel_allow_gid']), dbesc($c[0]['channel_deny_cid']), - dbesc($c[0]['channel_deny_gid']), + dbesc($c[0]['channel_deny_gid']) ); -- cgit v1.2.3 From e10c237386c95a180a1b6951304b98ce1d953551 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 18:44:32 -0800 Subject: make directory hierarchy work --- include/reddav.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index b8604978f..fc4a53b17 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -184,12 +184,13 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { dbg(1); - $r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) - VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("INSERT INTO attach ( aid, uid, hash, filename, folder, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), dbesc($name), + dbesc($this->folder_hash), dbesc($mimetype), intval($filesize), intval(0), @@ -264,8 +265,10 @@ dbg(0); function getDir() { logger('getDir: ' . $this->ext_path); + $file = $this->ext_path; - $x = strpos($this->ext_path,'/cloud'); + + $x = strpos($file,'/cloud'); if($x === false) return; if($x === 0) { @@ -282,6 +285,9 @@ dbg(0); if(! $path_arr) return; + + logger('getDir(): path: ' . print_r($path_arr,true)); + $channel_name = $path_arr[0]; $r = q("select channel_id from channel where channel_address = '%s' limit 1", @@ -300,8 +306,9 @@ dbg(0); for($x = 1; $x < count($path_arr); $x ++) { dbg(1); - $r = q("select id, hash, filename, flags from attach where folder = '%s' and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d)", dbesc($folder), + dbesc($path_arr[$x]), intval($channel_id), intval(ATTACH_FLAG_DIR) ); -- cgit v1.2.3 From daf5daa2d3c53a70102c930647bb1e0e755abe28 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 19:25:56 -0800 Subject: disable web browser post inputs if no storage write permission --- include/reddav.php | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index fc4a53b17..34dbfa0fd 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -92,6 +92,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $this->folder_hash = ''; $this->getDir(); + if($this->auth->browser) + $this->auth->browser->set_writeable(); } @@ -657,3 +659,90 @@ dbg(0); } +class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { + + public $channel_name = ''; + public $channel_id = 0; + public $channel_hash = ''; + public $observer = ''; + public $browser; + public $owner_id; + + protected function validateUserPass($username, $password) { + require_once('include/auth.php'); + $record = account_verify_password($email,$pass); + if($record && $record['account_default_channel']) { + $r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1", + intval($record['account_id']), + intval($record['account_default_channel']) + ); + if($r) { + $this->currentUser = $r[0]['channel_address']; + $this->channel_name = $r[0]['channel_address']; + $this->channel_id = $r[0]['channel_id']; + $this->channel_hash = $this->observer = $r[0]['channel_hash']; + return true; + } + } + $r = q("select * from channel where channel_address = '%s' limit 1", + dbesc($username) + ); + if($r) { + $x = q("select * from account where account_id = %d limit 1", + intval($r[0]['channel_account_id']) + ); + if($x) { + foreach($x as $record) { + if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED) + && (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) { + logger('(DAV) RedBasicAuth: password verified for ' . $username); + $this->currentUser = $r[0]['channel_address']; + $this->channel_name = $r[0]['channel_address']; + $this->channel_id = $r[0]['channel_id']; + $this->channel_hash = $this->observer = $r[0]['channel_hash']; + return true; + } + } + } + } + logger('(DAV) RedBasicAuth: password failed for ' . $username); + return false; + } + + function setCurrentUser($name) { + $this->currentUser = $name; + } + + function setBrowserPlugin($browser) { + $this->browser = $browser; + } + +} + + +class RedBrowser extends DAV\Browser\Plugin { + + private $auth; + + function __construct(&$auth) { + + $this->auth = $auth; + + + } + + function set_writeable() { + logger('RedBrowser: ' . print_r($this->auth,true)); + + if(! $this->auth->owner_id) + $this->enablePost = false; + + + if(! perm_is_allowed($this->auth->owner_id, get_observer_hash(), 'write_storage')) + $this->enablePost = false; + else + $this->enablePost = true; + + } + +} \ No newline at end of file -- cgit v1.2.3 From 64152ac95644c1eb7d1f2ef8e57d5508dab1b8e0 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 5 Jan 2014 19:49:45 -0800 Subject: implement storage size limits --- include/reddav.php | 67 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 59 insertions(+), 8 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 34dbfa0fd..214048d6b 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -184,8 +184,6 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $filesize = 0; $hash = random_string(); -dbg(1); - $r = q("INSERT INTO attach ( aid, uid, hash, filename, folder, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), @@ -212,9 +210,36 @@ dbg(1); intval($c[0]['channel_id']) ); + $r = q("select filesize from attach where hash = '%s' and uid = %d limit 1", + dbesc($hash), + intval($c[0]['channel_id']) + ); -dbg(0); - + // FIXME - delete attached file resource if using OS storage + + $maxfilesize = get_config('system','maxfilesize'); + + if(($maxfilesize) && ($r[0]['filesize'] > $maxfilesize)) { + q("delete from attach where hash = '%s' and uid = %d limit 1", + dbesc($hash), + intval($c[0]['channel_id']) + ); + return; + } + + $limit = service_class_fetch($c[0]['channel_id'],'attach_upload_limit'); + if($limit !== false) { + $x = q("select sum(filesize) as total from attach where uid = %d ", + intval($c[0]['channel_id']) + ); + if(($x) && ($x[0]['total'] + $r[0]['filesize'] > $limit)) { + q("delete from attach where hash = '%s' and uid = %d limit 1", + dbesc($hash), + intval($c[0]['channel_id']) + ); + return; + } + } } @@ -307,14 +332,14 @@ dbg(0); $folder = ''; for($x = 1; $x < count($path_arr); $x ++) { -dbg(1); + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d)", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), intval(ATTACH_FLAG_DIR) ); -dbg(0); + if($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { $folder = $r[0]['hash']; $path = $path . '/' . $r[0]['filename']; @@ -377,7 +402,6 @@ class RedFile extends DAV\Node implements DAV\IFile { logger('RedFile::put: ' . basename($this->name)); // logger('put():' . stream_get_contents($data)); -dbg(1); $r = q("update attach set data = '%s' where hash = '%s' and uid = %d limit 1", dbesc(stream_get_contents($data)), dbesc($this->data['hash']), @@ -387,8 +411,35 @@ dbg(1); dbesc($this->data['hash']), intval($this->data['uid']) ); -dbg(0); + $r = q("select filesize from attach where hash = '%s' and uid = %d limit 1", + dbesc($this->data['hash']), + intval($c[0]['channel_id']) + ); + + $maxfilesize = get_config('system','maxfilesize'); + + if(($maxfilesize) && ($r[0]['filesize'] > $maxfilesize)) { + q("delete from attach where hash = '%s' and uid = %d limit 1", + dbesc($this->data['hash']), + intval($c[0]['channel_id']) + ); + return; + } + + $limit = service_class_fetch($c[0]['channel_id'],'attach_upload_limit'); + if($limit !== false) { + $x = q("select sum(filesize) as total from attach where uid = %d ", + intval($c[0]['channel_id']) + ); + if(($x) && ($x[0]['total'] + $r[0]['filesize'] > $limit)) { + q("delete from attach where hash = '%s' and uid = %d limit 1", + dbesc($this->data['hash']), + intval($c[0]['channel_id']) + ); + return; + } + } } -- cgit v1.2.3 From ae8a30273a6b787985d06fa776d1726d4427f9be Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 6 Jan 2014 02:23:56 -0800 Subject: whitespace --- include/reddav.php | 6 ------ 1 file changed, 6 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 214048d6b..17bca790d 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -263,12 +263,6 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { } - - - - - - } -- cgit v1.2.3 From db0867aeec968402becd39b548f13c1e27c0368d Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 6 Jan 2014 14:33:49 -0800 Subject: reddav: improve and cleanup permission checks --- include/reddav.php | 138 ++++++++++++++++++++++++----------------------------- 1 file changed, 62 insertions(+), 76 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 17bca790d..543cdfeac 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -5,73 +5,6 @@ require_once('vendor/autoload.php'); require_once('include/attach.php'); -class RedInode implements DAV\INode { - - private $attach; - - function __construct($attach) { - $this->attach = $attach; - } - - - function delete() { - if(! perm_is_allowed($this->channel_id,'','view_storage')) - return; - - /** - * Since I don't believe this is documented elsewhere - - * ATTACH_FLAG_OS means that the file contents are stored in the OS - * rather than in the DB - as is the case for attachments. - * Exactly how they are stored (what path and filename) are still - * TBD. We will probably not be using the original filename but - * instead the attachment 'hash' as this will prevent folks from - * uploading PHP code onto misconfigured servers and executing it. - * It's easy to misconfigure servers because we can provide a - * rule for Apache, but folks using nginx will then be susceptible. - * Then there are those who don't understand these kinds of exploits - * and don't have any idea allowing uploaded PHP files to be executed - * by the server could be a problem. We also don't have any idea what - * executable types are served on their system - like .py, .pyc, .pl, .sh - * .cgi, .exe, .bat, .net, whatever. - */ - - if($this->attach['flags'] & ATTACH_FLAG_OS) { - // FIXME delete physical file - } - if($this->attach['flags'] & ATTACH_FLAG_DIR) { - // FIXME delete contents (recursive?) - } - - q("delete from attach where id = %d limit 1", - intval($this->attach['id']) - ); - - } - - function getName() { - return $this->attach['filename']; - } - - function setName($newName) { - - if((! $newName) || (! perm_is_allowed($this->channel_id,'','view_storage'))) - return; - - $this->attach['filename'] = $newName; - $r = q("update attach set filename = '%s' where id = %d limit 1", - dbesc($this->attach['filename']), - intval($this->attach['id']) - ); - - } - - function getLastModified() { - return $this->attach['edited']; - } - -} - - class RedDirectory extends DAV\Node implements DAV\ICollection { private $red_path; @@ -79,7 +12,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { private $ext_path; private $root_dir = ''; private $auth; - + private $os_path = ''; function __construct($ext_path,&$auth_plugin) { logger('RedDirectory::__construct() ' . $ext_path); @@ -158,8 +91,6 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { logger('RedDirectory::createFile : ' . $name); logger('RedDirectory::createFile : ' . print_r($this,true)); -// logger('createFile():' . stream_get_contents($data)); - if(! $this->auth->owner_id) { logger('createFile: permission denied'); @@ -324,6 +255,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $path = '/' . $channel_name; $folder = ''; + $os_path = ''; for($x = 1; $x < count($path_arr); $x ++) { @@ -336,10 +268,15 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { if($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { $folder = $r[0]['hash']; + if(strlen($os_path)) + $os_path .= '/'; + $os_path .= $folder; + $path = $path . '/' . $r[0]['filename']; } } $this->folder_hash = $folder; + $this->os_path = $os_path; return; } @@ -394,7 +331,6 @@ class RedFile extends DAV\Node implements DAV\IFile { function put($data) { logger('RedFile::put: ' . basename($this->name)); -// logger('put():' . stream_get_contents($data)); $r = q("update attach set data = '%s' where hash = '%s' and uid = %d limit 1", dbesc(stream_get_contents($data)), @@ -471,6 +407,23 @@ class RedFile extends DAV\Node implements DAV\IFile { } + function delete() { + + if($this->data['flags'] & ATTACH_FLAG_OS) { + // FIXME delete physical file + } + if($this->data['flags'] & ATTACH_FLAG_DIR) { + // FIXME delete contents (recursive?) + } + +// q("delete from attach where id = %d limit 1", +// intval($this->data['id']) +// ); + + + + } + } function RedChannelList(&$auth) { @@ -507,7 +460,6 @@ logger('RedCollectionData: ' . $file); if((! $file) || ($file === '/')) { return RedChannelList($auth); - } $file = trim($file,'/'); @@ -528,25 +480,54 @@ logger('dbg1: ' . print_r($r,true)); return null; $channel_id = $r[0]['channel_id']; + $perms = permissions_sql($channel_id); + $auth->owner_id = $channel_id; $path = '/' . $channel_name; $folder = ''; + $errors = false; + $permission_error = false; for($x = 1; $x < count($path_arr); $x ++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d) $perms limit 1", dbesc($folder), dbesc($path_arr[$x]), intval(ATTACH_FLAG_DIR) ); + if(! $r) { + // path wasn't found. Try without permissions to see if it was the result of permissions. + $errors = true; + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d) limit 1", + dbesc($folder), + basename($path_arr[$x]), + intval(ATTACH_FLAG_DIR) + ); + if($r) { + $permission_error = true; + } + break; + } + if($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { $folder = $r[0]['hash']; $path = $path . '/' . $r[0]['filename']; } } -logger('dbg2: ' . print_r($r,true)); + if($errors) { + if($permission_error) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; + } + else { + throw new DAV\Exception\NotFound('A component of the request file path could not be found'); + return; + } + } + + logger('dbg2: ' . print_r($r,true)); if($path !== '/' . $file) { logger("RedCollectionData: Path mismatch: $path !== /$file"); @@ -555,8 +536,7 @@ logger('dbg2: ' . print_r($r,true)); $ret = array(); - - $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d group by filename", + $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d $perms group by filename", dbesc($folder), intval($channel_id) ); @@ -776,6 +756,12 @@ class RedBrowser extends DAV\Browser\Plugin { } + // The DAV browser is instantiated after the auth module and directory classes but before we know the current + // directory and who the owner and observer are. So we add a pointer to the browser into the auth module and vice + // versa. Then when we've figured out what directory is actually being accessed, we call the following function + // to decide whether or not to show web elements which include writeable objects. + + function set_writeable() { logger('RedBrowser: ' . print_r($this->auth,true)); -- cgit v1.2.3 From 5a5466346cccecec257fc20a993bfa2426b8bf48 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 6 Jan 2014 18:13:02 -0800 Subject: prepare for OS file storage, and add bbcode attachment link to mod/filestorage. This isn't beautiful, but it's a start. --- include/reddav.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 543cdfeac..05a93b9f8 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -376,11 +376,16 @@ class RedFile extends DAV\Node implements DAV\IFile { function get() { logger('RedFile::get: ' . basename($this->name)); - $r = q("select data from attach where hash = '%s' and uid = %d limit 1", + $r = q("select data, flags from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), intval($this->data['uid']) ); - if($r) return $r[0]['data']; + if($r) { + if($r[0]['flags'] & ATTACH_FLAG_OS ) { + return fopen($r[0]['data'],'rb'); + } + return $r[0]['data']; + } } -- cgit v1.2.3 From b8564134aaffc2ebe35fecd5dae4fd0f6523eb53 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 7 Jan 2014 14:10:28 -0800 Subject: make storage limit service classes apply to accounts, not channels. Also include a css file that was missing from work yesterday. --- include/reddav.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 05a93b9f8..3bf670711 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -160,8 +160,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $limit = service_class_fetch($c[0]['channel_id'],'attach_upload_limit'); if($limit !== false) { - $x = q("select sum(filesize) as total from attach where uid = %d ", - intval($c[0]['channel_id']) + $x = q("select sum(filesize) as total from attach where aid = %d ", + intval($c[0]['channel_account_id']) ); if(($x) && ($x[0]['total'] + $r[0]['filesize'] > $limit)) { q("delete from attach where hash = '%s' and uid = %d limit 1", @@ -359,8 +359,8 @@ class RedFile extends DAV\Node implements DAV\IFile { $limit = service_class_fetch($c[0]['channel_id'],'attach_upload_limit'); if($limit !== false) { - $x = q("select sum(filesize) as total from attach where uid = %d ", - intval($c[0]['channel_id']) + $x = q("select sum(filesize) as total from attach where aid = %d ", + intval($c[0]['channel_account_id']) ); if(($x) && ($x[0]['total'] + $r[0]['filesize'] > $limit)) { q("delete from attach where hash = '%s' and uid = %d limit 1", -- cgit v1.2.3 From 401183780540812929e35a59348b7f2e347d4b8f Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 7 Jan 2014 18:47:33 -0800 Subject: more work on dav - deletion and a bit more progress on OS storage --- include/reddav.php | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 3bf670711..62208368c 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -21,7 +21,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { if(! $this->red_path) $this->red_path = '/'; $this->auth = $auth_plugin; - logger('Red_Directory: ' . print_r($this,true)); +// logger('Red_Directory: ' . print_r($this,true)); $this->folder_hash = ''; $this->getDir(); @@ -414,19 +414,12 @@ class RedFile extends DAV\Node implements DAV\IFile { function delete() { - if($this->data['flags'] & ATTACH_FLAG_OS) { - // FIXME delete physical file - } - if($this->data['flags'] & ATTACH_FLAG_DIR) { - // FIXME delete contents (recursive?) + if((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage'))) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; } - -// q("delete from attach where id = %d limit 1", -// intval($this->data['id']) -// ); - - + attach_delete($this->auth->owner_id,$this->data['hash']); } } -- cgit v1.2.3 From 6eda8064449d154614345e9bd867dce2faba0deb Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 8 Jan 2014 18:06:52 -0800 Subject: This should be approaching completion for file OS storage. May be a few minor bugs remaining due to some late-breaking fixes but I've been testing it as I go. --- include/reddav.php | 94 +++++++++++++++++++++++++++++------------------------- 1 file changed, 51 insertions(+), 43 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 62208368c..79b5a11f7 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -115,17 +115,18 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $filesize = 0; $hash = random_string(); - $r = q("INSERT INTO attach ( aid, uid, hash, filename, folder, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("INSERT INTO attach ( aid, uid, hash, filename, folder, flags, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), dbesc($name), dbesc($this->folder_hash), + dbesc(ATTACH_FLAG_OS), dbesc($mimetype), intval($filesize), intval(0), - dbesc(stream_get_contents($data)), + dbesc($this->os_path . '/' . $hash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($c[0]['channel_allow_cid']), @@ -136,25 +137,22 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { ); - $r = q("update attach set filesize = length(data) where hash = '%s' and uid = %d limit 1", - dbesc($hash), - intval($c[0]['channel_id']) - ); + $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $hash; + + file_put_contents($f, $data); + $size = filesize($f); + - $r = q("select filesize from attach where hash = '%s' and uid = %d limit 1", + $r = q("update attach set filesize = '%s' where hash = '%s' and uid = %d limit 1", + dbesc($size), dbesc($hash), intval($c[0]['channel_id']) ); - // FIXME - delete attached file resource if using OS storage - $maxfilesize = get_config('system','maxfilesize'); - if(($maxfilesize) && ($r[0]['filesize'] > $maxfilesize)) { - q("delete from attach where hash = '%s' and uid = %d limit 1", - dbesc($hash), - intval($c[0]['channel_id']) - ); + if(($maxfilesize) && ($size > $maxfilesize)) { + attach_delete($c[0]['channel_id'],$hash); return; } @@ -163,11 +161,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id']) ); - if(($x) && ($x[0]['total'] + $r[0]['filesize'] > $limit)) { - q("delete from attach where hash = '%s' and uid = %d limit 1", - dbesc($hash), - intval($c[0]['channel_id']) - ); + if(($x) && ($x[0]['total'] + $size > $limit)) { + attach_delete($c[0]['channel_id'],$hash); return; } } @@ -251,6 +246,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $channel_id = $r[0]['channel_id']; $this->auth->owner_id = $channel_id; + $this->auth->owner_nick = $channel_name; $path = '/' . $channel_name; @@ -328,32 +324,45 @@ class RedFile extends DAV\Node implements DAV\IFile { } - function put($data) { logger('RedFile::put: ' . basename($this->name)); - $r = q("update attach set data = '%s' where hash = '%s' and uid = %d limit 1", - dbesc(stream_get_contents($data)), - dbesc($this->data['hash']), - intval($this->data['uid']) - ); - $r = q("update attach set filesize = length(data) where hash = '%s' and uid = %d limit 1", - dbesc($this->data['hash']), - intval($this->data['uid']) - ); - $r = q("select filesize from attach where hash = '%s' and uid = %d limit 1", - dbesc($this->data['hash']), + $r = q("select flags, data from attach where hash = '%s' and uid = %d limit 1", + dbesc($hash), + intval($c[0]['channel_id']) + ); + if($r) { + if($r[0]['flags'] & ATTACH_FLAG_OS) { + @file_put_contents($r[0]['data'], $data); + $size = @filesize($r[0]['data']); + } + else { + $r = q("update attach set data = '%s' where hash = '%s' and uid = %d limit 1", + dbesc(stream_get_contents($data)), + dbesc($this->data['hash']), + intval($this->data['uid']) + ); + $r = q("select length(data) as fsize from attach where hash = '%s' and uid = %d limit 1", + dbesc($this->data['hash']), + intval($this->data['uid']) + ); + if($r) + $size = $r[0]['fsize']; + } + } + + $r = q("update attach set filesize = '%s' where hash = '%s' and uid = %d limit 1", + dbesc($size), + dbesc($hash), intval($c[0]['channel_id']) ); + $maxfilesize = get_config('system','maxfilesize'); - if(($maxfilesize) && ($r[0]['filesize'] > $maxfilesize)) { - q("delete from attach where hash = '%s' and uid = %d limit 1", - dbesc($this->data['hash']), - intval($c[0]['channel_id']) - ); + if(($maxfilesize) && ($size > $maxfilesize)) { + attach_delete($c[0]['channel_id'],$hash); return; } @@ -362,11 +371,8 @@ class RedFile extends DAV\Node implements DAV\IFile { $x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id']) ); - if(($x) && ($x[0]['total'] + $r[0]['filesize'] > $limit)) { - q("delete from attach where hash = '%s' and uid = %d limit 1", - dbesc($this->data['hash']), - intval($c[0]['channel_id']) - ); + if(($x) && ($x[0]['total'] + $size > $limit)) { + attach_delete($c[0]['channel_id'],$hash); return; } } @@ -382,7 +388,8 @@ class RedFile extends DAV\Node implements DAV\IFile { ); if($r) { if($r[0]['flags'] & ATTACH_FLAG_OS ) { - return fopen($r[0]['data'],'rb'); + $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $r[0]['data']; + return fopen($f,'rb'); } return $r[0]['data']; } @@ -690,6 +697,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { public $observer = ''; public $browser; public $owner_id; + public $owner_nick = ''; protected function validateUserPass($username, $password) { require_once('include/auth.php'); -- cgit v1.2.3 From ca570f97e00bd3b6356e15266b0595c7379058b1 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 9 Jan 2014 13:54:18 -0800 Subject: remove a lot of extraneous debugging now that most of this stuff basically works --- include/reddav.php | 91 +++++++++++++++++------------------------------------- 1 file changed, 28 insertions(+), 63 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 79b5a11f7..bd59afef1 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -15,16 +15,16 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { private $os_path = ''; function __construct($ext_path,&$auth_plugin) { - logger('RedDirectory::__construct() ' . $ext_path); + logger('RedDirectory::__construct() ' . $ext_path, LOGGER_DEBUG); $this->ext_path = $ext_path; $this->red_path = ((strpos($ext_path,'/cloud') === 0) ? substr($ext_path,6) : $ext_path); if(! $this->red_path) $this->red_path = '/'; $this->auth = $auth_plugin; -// logger('Red_Directory: ' . print_r($this,true)); $this->folder_hash = ''; $this->getDir(); + if($this->auth->browser) $this->auth->browser->set_writeable(); @@ -32,8 +32,6 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { function getChildren() { - logger('RedDirectory::getChildren : ' . print_r($this,true)); - if(get_config('system','block_public') && (! $this->auth->channel_id) && (! $this->auth->observer)) { throw new DAV\Exception\Forbidden('Permission denied.'); return; @@ -51,9 +49,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { function getChild($name) { + logger('RedDirectory::getChild : ' . $name, LOGGER_DATA); - logger('RedDirectory::getChild : ' . $name); - logger('RedDirectory::getChild : ' . print_r($this,true)); if(get_config('system','block_public') && (! $this->auth->channel_id) && (! $this->auth->observer)) { throw new DAV\Exception\Forbidden('Permission denied.'); @@ -70,17 +67,15 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { } $x = RedFileData($this->ext_path . '/' . $name, $this->auth); - logger('RedFileData returns: ' . print_r($x,true)); if($x) return $x; + throw new DAV\Exception\NotFound('The file with name: ' . $name . ' could not be found'); } function getName() { - logger('RedDirectory::getName : ' . print_r($this,true)); - logger('RedDirectory::getName returns: ' . basename($this->red_path)); - + logger('RedDirectory::getName returns: ' . basename($this->red_path), LOGGER_DATA); return (basename($this->red_path)); } @@ -88,9 +83,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { function createFile($name,$data = null) { - logger('RedDirectory::createFile : ' . $name); - logger('RedDirectory::createFile : ' . print_r($this,true)); - + logger('RedDirectory::createFile : ' . $name, LOGGER_DEBUG); if(! $this->auth->owner_id) { logger('createFile: permission denied'); @@ -108,10 +101,17 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $c = q("select * from channel where channel_id = %d limit 1", - intval($this->auth->channel_id) + intval($this->auth->owner_id) ); + if(! $c) { + logger('createFile: no channel'); + throw new DAV\Exception\Forbidden('Permission denied.'); + return; + } + + $filesize = 0; $hash = random_string(); @@ -171,7 +171,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { function createDirectory($name) { - logger('RedDirectory::createDirectory: ' . $name); + logger('RedDirectory::createDirectory: ' . $name, LOGGER_DEBUG); if((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); @@ -184,37 +184,31 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { if($r) { $result = attach_mkdir($r[0],$this->auth->observer,array('filename' => $name,'folder' => $this->folder_hash)); - - logger('RedDirectory::createDirectory: ' . print_r($result,true)); - + if(! $result['success']) + logger('RedDirectory::createDirectory: ' . print_r($result,true), LOGGER_DEBUG); } - } function childExists($name) { - logger('RedDirectory::childExists : ' . print_r($this->auth,true)); - if($this->red_path === '/' && $name === 'cloud') { - logger('RedDirectory::childExists /cloud: true'); + logger('RedDirectory::childExists /cloud: true', LOGGER_DATA); return true; } $x = RedFileData($this->ext_path . '/' . $name, $this->auth,true); - logger('RedFileData returns: ' . print_r($x,true)); + logger('RedFileData returns: ' . print_r($x,true), LOGGER_DATA); if($x) return true; return false; - } function getDir() { + logger('getDir: ' . $this->ext_path, LOGGER_DEBUG); - logger('getDir: ' . $this->ext_path); $file = $this->ext_path; - $x = strpos($file,'/cloud'); if($x === false) return; @@ -290,24 +284,23 @@ class RedFile extends DAV\Node implements DAV\IFile { private $name; function __construct($name, $data, &$auth) { - logger('RedFile::_construct: ' . $name); $this->name = $name; $this->data = $data; $this->auth = $auth; - logger('RedFile::_construct: ' . print_r($this->data,true)); + logger('RedFile::_construct: ' . print_r($this->data,true), LOGGER_DATA); } function getName() { - logger('RedFile::getName: ' . basename($this->name)); + logger('RedFile::getName: ' . basename($this->name), LOGGER_DEBUG); return basename($this->name); } function setName($newName) { - logger('RedFile::setName: ' . basename($this->name) . ' -> ' . $newName); + logger('RedFile::setName: ' . basename($this->name) . ' -> ' . $newName, LOGGER_DEBUG); if((! $newName) || (! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); @@ -325,7 +318,7 @@ class RedFile extends DAV\Node implements DAV\IFile { function put($data) { - logger('RedFile::put: ' . basename($this->name)); + logger('RedFile::put: ' . basename($this->name), LOGGER_DEBUG); $r = q("select flags, data from attach where hash = '%s' and uid = %d limit 1", @@ -380,7 +373,7 @@ class RedFile extends DAV\Node implements DAV\IFile { function get() { - logger('RedFile::get: ' . basename($this->name)); + logger('RedFile::get: ' . basename($this->name), LOGGER_DEBUG); $r = q("select data, flags from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), @@ -397,9 +390,7 @@ class RedFile extends DAV\Node implements DAV\IFile { } function getETag() { - logger('RedFile::getETag: ' . basename($this->name)); return $this->data['hash']; - } @@ -414,13 +405,11 @@ class RedFile extends DAV\Node implements DAV\IFile { function getLastModified() { - logger('RedFile::getLastModified: ' . basename($this->name)); return $this->data['edited']; } function delete() { - if((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); return; @@ -460,9 +449,6 @@ function RedCollectionData($file,&$auth) { $file = substr($file,6); } - -logger('RedCollectionData: ' . $file); - if((! $file) || ($file === '/')) { return RedChannelList($auth); } @@ -479,8 +465,6 @@ logger('RedCollectionData: ' . $file); dbesc($channel_name) ); -logger('dbg1: ' . print_r($r,true)); - if(! $r) return null; @@ -532,7 +516,7 @@ logger('dbg1: ' . print_r($r,true)); } } - logger('dbg2: ' . print_r($r,true)); + // This should no longer be needed since we just returned errors for paths not found if($path !== '/' . $file) { logger("RedCollectionData: Path mismatch: $path !== /$file"); @@ -546,8 +530,6 @@ logger('dbg1: ' . print_r($r,true)); intval($channel_id) ); -logger('dbg2: ' . print_r($r,true)); - foreach($r as $rr) { if($rr['flags'] & ATTACH_FLAG_DIR) $ret[] = new RedDirectory('/cloud' . $path . '/' . $rr['filename'],$auth); @@ -561,7 +543,7 @@ logger('dbg2: ' . print_r($r,true)); function RedFileData($file, &$auth,$test = false) { -logger('RedFileData:' . $file . (($test) ? ' (test mode) ' : '')); + logger('RedFileData:' . $file . (($test) ? ' (test mode) ' : ''), LOGGER_DEBUG); $x = strpos($file,'/cloud'); @@ -569,8 +551,6 @@ logger('RedFileData:' . $file . (($test) ? ' (test mode) ' : '')); $file = substr($file,6); } -logger('RedFileData2: ' . $file); - if((! $file) || ($file === '/')) { return RedDirectory('/',$auth); @@ -578,14 +558,11 @@ logger('RedFileData2: ' . $file); $file = trim($file,'/'); -logger('file=' . $file); - $path_arr = explode('/', $file); if(! $path_arr) return null; - logger("file = $file - path = " . print_r($path_arr,true)); $channel_name = $path_arr[0]; @@ -594,8 +571,6 @@ logger('file=' . $file); dbesc($channel_name) ); - logger('dbg0: ' . print_r($r,true)); - if(! $r) return null; @@ -607,9 +582,7 @@ logger('file=' . $file); $permission_error = false; - $folder = ''; -//dbg(1); require_once('include/security.php'); $perms = permissions_sql($channel_id); @@ -617,15 +590,12 @@ logger('file=' . $file); $errors = false; for($x = 1; $x < count($path_arr); $x ++) { -dbg(1); $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) $perms", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), intval(ATTACH_FLAG_DIR) ); -dbg(0); - logger('dbg1: ' . print_r($r,true)); if($r && ( $r[0]['flags'] & ATTACH_FLAG_DIR)) { $folder = $r[0]['hash']; @@ -656,8 +626,6 @@ dbg(0); } - logger('dbg1: ' . print_r($r,true)); - if($path === '/' . $file) { if($test) return true; @@ -666,13 +634,13 @@ dbg(0); } if($errors) { + logger('RedFileData: not found'); if($test) return false; if($permission_error) { logger('RedFileData: permission error'); throw new DAV\Exception\Forbidden('Permission denied.'); } - logger('RedFileData: not found'); return; } @@ -769,17 +737,14 @@ class RedBrowser extends DAV\Browser\Plugin { function set_writeable() { - logger('RedBrowser: ' . print_r($this->auth,true)); if(! $this->auth->owner_id) $this->enablePost = false; - if(! perm_is_allowed($this->auth->owner_id, get_observer_hash(), 'write_storage')) $this->enablePost = false; else $this->enablePost = true; } - } \ No newline at end of file -- cgit v1.2.3 From 5a3ee3f718a9f04c55cab5769cba9a2b99d80092 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 9 Jan 2014 18:19:49 -0800 Subject: wrap the web interface to DAV in a Red page. This is before we make the strings translateable and put it in a template. --- include/reddav.php | 181 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index bd59afef1..a802895de 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -747,4 +747,185 @@ class RedBrowser extends DAV\Browser\Plugin { $this->enablePost = true; } + + public function generateDirectoryIndex($path) { + + $version = ''; + + $html = " + +

Index for " . $this->escapeHTML($path) . "/

+ + + "; + + $files = $this->server->getPropertiesForPath($path,array( + '{DAV:}displayname', + '{DAV:}resourcetype', + '{DAV:}getcontenttype', + '{DAV:}getcontentlength', + '{DAV:}getlastmodified', + ),1); + + $parent = $this->server->tree->getNodeForPath($path); + + + if ($path) { + + list($parentUri) = DAV\URLUtil::splitPath($path); + $fullPath = DAV\URLUtil::encodePath($this->server->getBaseUri() . $parentUri); + + $icon = $this->enableAssets?'Parent':''; + $html.= " + + + + + + "; + + } + + foreach($files as $file) { + + // This is the current directory, we can skip it + if (rtrim($file['href'],'/')==$path) continue; + + list(, $name) = DAV\URLUtil::splitPath($file['href']); + + $type = null; + + + if (isset($file[200]['{DAV:}resourcetype'])) { + $type = $file[200]['{DAV:}resourcetype']->getValue(); + + // resourcetype can have multiple values + if (!is_array($type)) $type = array($type); + + foreach($type as $k=>$v) { + + // Some name mapping is preferred + switch($v) { + case '{DAV:}collection' : + $type[$k] = 'Collection'; + break; + case '{DAV:}principal' : + $type[$k] = 'Principal'; + break; + case '{urn:ietf:params:xml:ns:carddav}addressbook' : + $type[$k] = 'Addressbook'; + break; + case '{urn:ietf:params:xml:ns:caldav}calendar' : + $type[$k] = 'Calendar'; + break; + case '{urn:ietf:params:xml:ns:caldav}schedule-inbox' : + $type[$k] = 'Schedule Inbox'; + break; + case '{urn:ietf:params:xml:ns:caldav}schedule-outbox' : + $type[$k] = 'Schedule Outbox'; + break; + case '{http://calendarserver.org/ns/}calendar-proxy-read' : + $type[$k] = 'Proxy-Read'; + break; + case '{http://calendarserver.org/ns/}calendar-proxy-write' : + $type[$k] = 'Proxy-Write'; + break; + } + + } + $type = implode(', ', $type); + } + + // If no resourcetype was found, we attempt to use + // the contenttype property + if (!$type && isset($file[200]['{DAV:}getcontenttype'])) { + $type = $file[200]['{DAV:}getcontenttype']; + } + if (!$type) $type = 'Unknown'; + + $size = isset($file[200]['{DAV:}getcontentlength'])?(int)$file[200]['{DAV:}getcontentlength']:''; + $lastmodified = isset($file[200]['{DAV:}getlastmodified'])?$file[200]['{DAV:}getlastmodified']->getTime()->format(\DateTime::ATOM):''; + + $fullPath = DAV\URLUtil::encodePath('/' . trim($this->server->getBaseUri() . ($path?$path . '/':'') . $name,'/')); + + $displayName = isset($file[200]['{DAV:}displayname'])?$file[200]['{DAV:}displayname']:$name; + + $displayName = $this->escapeHTML($displayName); + $type = $this->escapeHTML($type); + + $icon = ''; + + if ($this->enableAssets) { + $node = $this->server->tree->getNodeForPath(($path?$path.'/':'') . $name); + foreach(array_reverse($this->iconMap) as $class=>$iconName) { + + if ($node instanceof $class) { + $icon = ''; + break; + } + + + } + + } + + $html.= " + + + + + + "; + + } + + $html.= ""; + + $output = ''; + + if ($this->enablePost) { + $this->server->broadcastEvent('onHTMLActionsPanel',array($parent, &$output)); + } + + $html.=$output; + + $html.= "
NameTypeSizeLast modified
$icon..[parent]
$icon{$displayName}{$type}{$size}{$lastmodified}
"; + + get_app()->page['content'] = $html; + construct_page(get_app()); + +// return $html; + + } + + + public function htmlActionsPanel(DAV\INode $node, &$output) { + + if (!$node instanceof DAV\ICollection) + return; + + // We also know fairly certain that if an object is a non-extended + // SimpleCollection, we won't need to show the panel either. + + if (get_class($node)==='Sabre\\DAV\\SimpleCollection') + return; + + $output.= '
+

Create new folder

+ + Name: + +
+
+

Upload file

+ + Name (optional):
+ File:
+ +
+ '; + + } + + } \ No newline at end of file -- cgit v1.2.3 From 170d4c9c68486d875f3b7f9574bb0b00524b5f33 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 9 Jan 2014 18:34:25 -0800 Subject: add link from DAV web ui to filestorage to set properties or delete or whatever --- include/reddav.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index a802895de..24eca9e81 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -925,6 +925,14 @@ class RedBrowser extends DAV\Browser\Plugin { '; + + if($this->auth->owner_id && $this->auth->owner_id == $this->auth->channel_id) { + $channel = get_app()->get_channel(); + if($channel) { + $output .= ' ' . t('Edit File properties') . ''; + } + } + } -- cgit v1.2.3 From a309bc0d478f5335853ed0cb7a0f0bfe41110643 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 9 Jan 2014 19:20:10 -0800 Subject: only let visitors remove their own files. --- include/reddav.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 24eca9e81..2aedeed04 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -115,11 +115,12 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $filesize = 0; $hash = random_string(); - $r = q("INSERT INTO attach ( aid, uid, hash, filename, folder, flags, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, flags, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), + dbesc($this->auth->observer), dbesc($name), dbesc($this->folder_hash), dbesc(ATTACH_FLAG_OS), @@ -415,6 +416,13 @@ class RedFile extends DAV\Node implements DAV\IFile { return; } + if($this->auth->owner_id !== $this->auth->channel_id) { + if(($this->auth->observer !== $this->data['creator']) || ($this->data['flags'] & ATTACH_FLAG_DIR)) { + throw new DAV\Exception\Forbidden('Permission denied.'); + return; + } + } + attach_delete($this->auth->owner_id,$this->data['hash']); } -- cgit v1.2.3 From 3298768d957421743eaa56dec5381141ab094d53 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Jan 2014 00:47:40 -0800 Subject: directory creation error, display localtimes on cloud webpage, doc updates --- include/reddav.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 2aedeed04..b2683885d 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -674,6 +674,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { public $browser; public $owner_id; public $owner_nick = ''; + public $timezone; protected function validateUserPass($username, $password) { require_once('include/auth.php'); @@ -758,6 +759,9 @@ class RedBrowser extends DAV\Browser\Plugin { public function generateDirectoryIndex($path) { + if($this->auth->timezone) + date_default_timezone_set($this->auth->timezone); + $version = ''; $html = " @@ -852,7 +856,7 @@ class RedBrowser extends DAV\Browser\Plugin { if (!$type) $type = 'Unknown'; $size = isset($file[200]['{DAV:}getcontentlength'])?(int)$file[200]['{DAV:}getcontentlength']:''; - $lastmodified = isset($file[200]['{DAV:}getlastmodified'])?$file[200]['{DAV:}getlastmodified']->getTime()->format(\DateTime::ATOM):''; + $lastmodified = ((isset($file[200]['{DAV:}getlastmodified']))? $file[200]['{DAV:}getlastmodified']->getTime()->format('Y-m-d H:i:s') :''); $fullPath = DAV\URLUtil::encodePath('/' . trim($this->server->getBaseUri() . ($path?$path . '/':'') . $name,'/')); @@ -882,7 +886,7 @@ class RedBrowser extends DAV\Browser\Plugin { {$displayName} {$type} {$size} - {$lastmodified} + " . datetime_convert('UTC', date_default_timezone_get(),$lastmodified) . " "; } -- cgit v1.2.3 From c9879edb3e1c7058dca083b11a13840cf7cbe609 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Jan 2014 12:37:48 -0800 Subject: break delivery loop if an item is deleted twice --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index b2683885d..69fcf8bec 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -886,7 +886,7 @@ class RedBrowser extends DAV\Browser\Plugin { {$displayName} {$type} {$size} - " . datetime_convert('UTC', date_default_timezone_get(),$lastmodified) . " + " . (($lastmodified) ? datetime_convert('UTC', date_default_timezone_get(),$lastmodified) : '') . " "; } -- cgit v1.2.3 From ffa86dfea8aef25af8bff9a5ff6342f5b6e7a7c3 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Jan 2014 13:10:50 -0800 Subject: this may fix filesize 0 issues --- include/reddav.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 69fcf8bec..a962d1bcc 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -321,15 +321,15 @@ class RedFile extends DAV\Node implements DAV\IFile { function put($data) { logger('RedFile::put: ' . basename($this->name), LOGGER_DEBUG); - $r = q("select flags, data from attach where hash = '%s' and uid = %d limit 1", dbesc($hash), intval($c[0]['channel_id']) ); if($r) { if($r[0]['flags'] & ATTACH_FLAG_OS) { - @file_put_contents($r[0]['data'], $data); - $size = @filesize($r[0]['data']); + $f = 'store/' . $this->auth->owner_nick . '/' . (($r[0]['data']) ? $r[0]['data'] . '/' : ''); + @file_put_contents($f, $data); + $size = @filesize($f); } else { $r = q("update attach set data = '%s' where hash = '%s' and uid = %d limit 1", -- cgit v1.2.3 From 0ce3e7235af16f13ab3101a09ae39006aa64cb7e Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Jan 2014 13:47:56 -0800 Subject: other reddav issues, but probably won't fix the empty file --- include/reddav.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index a962d1bcc..a6c550e2d 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -322,7 +322,7 @@ class RedFile extends DAV\Node implements DAV\IFile { logger('RedFile::put: ' . basename($this->name), LOGGER_DEBUG); $r = q("select flags, data from attach where hash = '%s' and uid = %d limit 1", - dbesc($hash), + dbesc($this->data['hash']), intval($c[0]['channel_id']) ); if($r) { @@ -330,6 +330,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $f = 'store/' . $this->auth->owner_nick . '/' . (($r[0]['data']) ? $r[0]['data'] . '/' : ''); @file_put_contents($f, $data); $size = @filesize($f); + logger('reddav: put() filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); } else { $r = q("update attach set data = '%s' where hash = '%s' and uid = %d limit 1", @@ -348,7 +349,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $r = q("update attach set filesize = '%s' where hash = '%s' and uid = %d limit 1", dbesc($size), - dbesc($hash), + dbesc($this->data['hash']), intval($c[0]['channel_id']) ); @@ -356,7 +357,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $maxfilesize = get_config('system','maxfilesize'); if(($maxfilesize) && ($size > $maxfilesize)) { - attach_delete($c[0]['channel_id'],$hash); + attach_delete($c[0]['channel_id'],$this->data['hash']); return; } @@ -366,7 +367,7 @@ class RedFile extends DAV\Node implements DAV\IFile { intval($c[0]['channel_account_id']) ); if(($x) && ($x[0]['total'] + $size > $limit)) { - attach_delete($c[0]['channel_id'],$hash); + attach_delete($c[0]['channel_id'],$this->data['hash']); return; } } -- cgit v1.2.3 From f125be846c4e0b68bf687eecf12e64512dd40df0 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Jan 2014 19:18:30 -0800 Subject: DAV put() issues --- include/reddav.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index a6c550e2d..d80bcedde 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -321,13 +321,18 @@ class RedFile extends DAV\Node implements DAV\IFile { function put($data) { logger('RedFile::put: ' . basename($this->name), LOGGER_DEBUG); + + $c = q("select * from channel where channel_id = %d limit 1", + intval($this->auth->owner_id) + ); + $r = q("select flags, data from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), intval($c[0]['channel_id']) ); if($r) { if($r[0]['flags'] & ATTACH_FLAG_OS) { - $f = 'store/' . $this->auth->owner_nick . '/' . (($r[0]['data']) ? $r[0]['data'] . '/' : ''); + $f = 'store/' . $this->auth->owner_nick . '/' . (($r[0]['data']) ? $r[0]['data'] : ''); @file_put_contents($f, $data); $size = @filesize($f); logger('reddav: put() filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); -- cgit v1.2.3 From cff7056f8ff809251448de269bbc5e13780f35de Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 11 Jan 2014 12:58:00 -0800 Subject: mod_attach: output stream wasn't working --- include/reddav.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index d80bcedde..d00980011 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -163,6 +163,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { intval($c[0]['channel_account_id']) ); if(($x) && ($x[0]['total'] + $size > $limit)) { + logger('reddav: service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); attach_delete($c[0]['channel_id'],$hash); return; } @@ -372,6 +373,7 @@ class RedFile extends DAV\Node implements DAV\IFile { intval($c[0]['channel_account_id']) ); if(($x) && ($x[0]['total'] + $size > $limit)) { + logger('reddav: service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); attach_delete($c[0]['channel_id'],$this->data['hash']); return; } -- cgit v1.2.3 From 47b8071ca7968ea489bd00c0746a2be39d6a6f2d Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 15 Jan 2014 03:12:47 -0800 Subject: dav: throw exception if channel for requested DAV directory is deleted --- include/reddav.php | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index d00980011..c2dd07c5f 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -100,11 +100,11 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $mimetype = z_mime_content_type($name); - $c = q("select * from channel where channel_id = %d limit 1", + $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", + intval(PAGE_REMOVED), intval($this->auth->owner_id) ); - if(! $c) { logger('createFile: no channel'); throw new DAV\Exception\Forbidden('Permission denied.'); @@ -180,8 +180,9 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { return; } - $r = q("select * from channel where channel_id = %d limit 1", - dbesc($this->auth->owner_id) + $r = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", + intval(PAGE_REMOVED), + intval($this->auth->owner_id) ); if($r) { @@ -233,13 +234,17 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $channel_name = $path_arr[0]; - $r = q("select channel_id from channel where channel_address = '%s' limit 1", - dbesc($channel_name) + + $r = q("select channel_id from channel where channel_address = '%s' and not ( channel_pageflags & %d ) limit 1", + dbesc($channel_name), + intval(PAGE_REMOVED) ); - if(! $r) - return; + if(! $r) { + throw new DAV\Exception\NotFound('The file with name: ' . $channel_name . ' could not be found'); + return; + } $channel_id = $r[0]['channel_id']; $this->auth->owner_id = $channel_id; $this->auth->owner_nick = $channel_name; @@ -322,8 +327,8 @@ class RedFile extends DAV\Node implements DAV\IFile { function put($data) { logger('RedFile::put: ' . basename($this->name), LOGGER_DEBUG); - - $c = q("select * from channel where channel_id = %d limit 1", + $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", + intval(PAGE_REMOVED), intval($this->auth->owner_id) ); @@ -440,8 +445,9 @@ function RedChannelList(&$auth) { $ret = array(); - $r = q("select channel_id, channel_address from channel where not (channel_pageflags & %d)", - intval(PAGE_REMOVED) + $r = q("select channel_id, channel_address from channel where not (channel_pageflags & %d) and not (channel_pageflags & %d) ", + intval(PAGE_REMOVED), + intval(PAGE_HIDDEN) ); if($r) { -- cgit v1.2.3 From e4217dc1417438a3dc8f745efec8bc122b991a03 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 15 Jan 2014 04:02:15 -0800 Subject: fix folder timestamps and change them when a child DAV file is written to --- include/reddav.php | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index c2dd07c5f..c53838297 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -143,13 +143,21 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { file_put_contents($f, $data); $size = filesize($f); + $edited = datetime_convert(); - $r = q("update attach set filesize = '%s' where hash = '%s' and uid = %d limit 1", + $d = q("update attach set filesize = '%s', edited = '%s' where hash = '%s' and uid = %d limit 1", dbesc($size), + dbesc($edited), dbesc($hash), intval($c[0]['channel_id']) ); + $e = q("update attach set edited = '%s' where folder = '%s' and uid = %d limit 1", + dbesc($edited), + dbesc($this->folder_hash), + intval($c[0]['channel_id']) + ); + $maxfilesize = get_config('system','maxfilesize'); if(($maxfilesize) && ($size > $maxfilesize)) { @@ -278,6 +286,15 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { } + function getLastModified() { + $r = q("select edited from attach where folder = '%s' and uid = %d order by edited desc limit 1", + dbesc($this->folder_hash), + intval($this->auth->owner_id) + ); + if($r) + return datetime_convert('UTC','UTC', $r[0]['edited'],'U'); + return ''; + } @@ -332,7 +349,7 @@ class RedFile extends DAV\Node implements DAV\IFile { intval($this->auth->owner_id) ); - $r = q("select flags, data from attach where hash = '%s' and uid = %d limit 1", + $r = q("select flags, folder, data from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), intval($c[0]['channel_id']) ); @@ -356,14 +373,23 @@ class RedFile extends DAV\Node implements DAV\IFile { if($r) $size = $r[0]['fsize']; } + } - - $r = q("update attach set filesize = '%s' where hash = '%s' and uid = %d limit 1", + + $edited = datetime_convert(); + + $d = q("update attach set filesize = '%s', edited = '%s' where hash = '%s' and uid = %d limit 1", dbesc($size), + dbesc($edited), dbesc($this->data['hash']), intval($c[0]['channel_id']) ); + $e = q("update attach set edited = '%s' where folder = '%s' and uid = %d limit 1", + dbesc($edited), + dbesc($r[0]['folder']), + intval($c[0]['channel_id']) + ); $maxfilesize = get_config('system','maxfilesize'); @@ -419,7 +445,7 @@ class RedFile extends DAV\Node implements DAV\IFile { function getLastModified() { - return $this->data['edited']; + return datetime_convert('UTC','UTC',$this->data['edited'],'U'); } -- cgit v1.2.3 From 1a76f1c65952af16be6f00cde9317b817028f1b6 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Fri, 17 Jan 2014 20:52:57 +0000 Subject: Un-break dav auth. --- include/reddav.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index c53838297..838ead7b7 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -101,8 +101,9 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", - intval(PAGE_REMOVED), - intval($this->auth->owner_id) + intval($this->auth->owner_id), + intval(PAGE_REMOVED) + ); if(! $c) { @@ -988,4 +989,4 @@ class RedBrowser extends DAV\Browser\Plugin { } -} \ No newline at end of file +} -- cgit v1.2.3 From 9fb36df8d981716a6557068b18ee364e62522180 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Mon, 20 Jan 2014 01:54:52 +0000 Subject: Fix dav directory creation. --- include/reddav.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 838ead7b7..1658e43c4 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -190,8 +190,9 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { } $r = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", - intval(PAGE_REMOVED), - intval($this->auth->owner_id) + intval($this->auth->owner_id), + intval(PAGE_REMOVED) + ); if($r) { -- cgit v1.2.3 From 26dfcecf054e19616f198872b66c7645270f4430 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Mon, 20 Jan 2014 06:28:38 +0000 Subject: Prevent zids messing up dav --- include/reddav.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 1658e43c4..0d2aac19e 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -50,6 +50,9 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { function getChild($name) { logger('RedDirectory::getChild : ' . $name, LOGGER_DATA); + $name = str_replace(array('?f=','&f='),array('',''),$name); + $name = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$name); + logger('RedDirectory::getChild post strip zid: ' . $name, LOGGER_DATA); if(get_config('system','block_public') && (! $this->auth->channel_id) && (! $this->auth->observer)) { @@ -190,9 +193,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { } $r = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", - intval($this->auth->owner_id), - intval(PAGE_REMOVED) - + intval(PAGE_REMOVED), + intval($this->auth->owner_id) ); if($r) { -- cgit v1.2.3 From 0250223438d38a508b991a581ef08de904ac6368 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 19 Jan 2014 22:34:28 -0800 Subject: revert 26dfcecf054e1 --- include/reddav.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 0d2aac19e..a937360a8 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -50,10 +50,6 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { function getChild($name) { logger('RedDirectory::getChild : ' . $name, LOGGER_DATA); - $name = str_replace(array('?f=','&f='),array('',''),$name); - $name = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$name); - logger('RedDirectory::getChild post strip zid: ' . $name, LOGGER_DATA); - if(get_config('system','block_public') && (! $this->auth->channel_id) && (! $this->auth->observer)) { throw new DAV\Exception\Forbidden('Permission denied.'); @@ -193,8 +189,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { } $r = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", - intval(PAGE_REMOVED), - intval($this->auth->owner_id) + intval($this->auth->owner_id), + intval(PAGE_REMOVED) ); if($r) { -- cgit v1.2.3 From 0dbbe007e8fa1cf9e1fd514624c7600e3f87f0f1 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 21 Jan 2014 15:38:02 -0800 Subject: add the quota and volume size code --- include/reddav.php | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index a937360a8..daa7fd734 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -5,7 +5,7 @@ require_once('vendor/autoload.php'); require_once('include/attach.php'); -class RedDirectory extends DAV\Node implements DAV\ICollection { +class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { private $red_path; private $folder_hash; @@ -297,6 +297,34 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { } + public function getQuotaInfo() { + + $limit = disk_total_space('store'); + $free = disk_free_space('store'); + + if($this->auth->owner_id) { + + $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", + intval($this->auth->owner_id), + intval(PAGE_REMOVED) + + ); + + $ulimit = service_class_fetch($c[0]['channel_id'],'attach_upload_limit'); + $limit = (($ulimit) ? $ulimit : $limit); + + $x = q("select sum(filesize) as total from attach where aid = %d ", + intval($c[0]['channel_account_id']) + ); + $free = (($x) ? $limit - $x[0]['total'] : 0); + } + + return array( + $limit - $free, + $free + ); + + } } -- cgit v1.2.3 From a13393fb230f83cbb93ad36494ce337ef5c48ee0 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 21 Jan 2014 20:42:10 -0800 Subject: seems you can't easily have a blank password for DAV guests, so the guest password is now +++ --- include/reddav.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index daa7fd734..c5ef39097 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -745,6 +745,12 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { public $timezone; protected function validateUserPass($username, $password) { + + if(trim($password) === '+++') { + logger('reddav: validateUserPass: guest ' . $username); + return true; + } + require_once('include/auth.php'); $record = account_verify_password($email,$pass); if($record && $record['account_default_channel']) { -- cgit v1.2.3 From 677f5f641e6c37244ee67459b6fa2c7e5aea119b Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 29 Jan 2014 16:02:02 -0800 Subject: more testing of chatroom interfaces, also corrected a function call that should have been a class instantiation in reddav --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index c5ef39097..e6e066770 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -628,7 +628,7 @@ function RedFileData($file, &$auth,$test = false) { } if((! $file) || ($file === '/')) { - return RedDirectory('/',$auth); + return new RedDirectory('/',$auth); } -- cgit v1.2.3 From 0fae8acdefa26c19429ffef218066050d1ae825e Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 30 Jan 2014 14:36:56 -0800 Subject: fix basic auth with account (not channel) login --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index e6e066770..af79a0db1 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -752,7 +752,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { } require_once('include/auth.php'); - $record = account_verify_password($email,$pass); + $record = account_verify_password($username,$password); if($record && $record['account_default_channel']) { $r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1", intval($record['account_id']), -- cgit v1.2.3 From b92f00587b8791b5aea20ae2dc390b084c8ca444 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 9 Feb 2014 14:56:52 -0800 Subject: don't allow the browser to open uploaded html/css/js --- include/reddav.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index af79a0db1..63d073d2a 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -443,11 +443,18 @@ class RedFile extends DAV\Node implements DAV\IFile { function get() { logger('RedFile::get: ' . basename($this->name), LOGGER_DEBUG); - $r = q("select data, flags from attach where hash = '%s' and uid = %d limit 1", + $r = q("select data, flags, filename, filetype from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), intval($this->data['uid']) ); if($r) { + $unsafe_types = array('text/html','text/css','application/javascript'); + + if(in_array($r[0]['filetype'],$unsafe_types)) { + header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"'); + header('Content-type: text/plain'); + } + if($r[0]['flags'] & ATTACH_FLAG_OS ) { $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $r[0]['data']; return fopen($f,'rb'); @@ -463,6 +470,10 @@ class RedFile extends DAV\Node implements DAV\IFile { function getContentType() { + $unsafe_types = array('text/html','text/css','application/javascript'); + if(in_array($this->data['filetype'],$unsafe_types)) { + return 'text/plain'; + } return $this->data['filetype']; } -- cgit v1.2.3 From 8089c3202bb6af5019ee3e34c6ff37cff0c907c9 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 11 Feb 2014 21:20:34 -0800 Subject: better auth logging in dav --- include/reddav.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 63d073d2a..7fcd81d61 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -217,6 +217,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { function getDir() { logger('getDir: ' . $this->ext_path, LOGGER_DEBUG); + $this->auth->log(); $file = $this->ext_path; @@ -810,6 +811,17 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { $this->browser = $browser; } + + function log() { + logger('dav: auth: channel_name ' . $this->channel_name); + logger('dav: auth: channel_id ' . $this->channel_id); + logger('dav: auth: channel_hash ' . $this->channel_hash); + logger('dav: auth: observer ' . $this->observer); + logger('dav: auth: owner_id ' . $this->owner_id); + logger('dav: auth: owner_nick ' . $this->owner_nick); + } + + } -- cgit v1.2.3 From 13a3dcf47ffa3b32fef7e8e9bae4726cb998d292 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 12 Feb 2014 00:04:35 -0800 Subject: dav issue when listing protected contents from OS interface --- include/reddav.php | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 7fcd81d61..5ffffdab2 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -30,8 +30,19 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { } + + function log() { + logger('RedDirectory::log() ext_path ' . $this->ext_path, LOGGER_DATA); + logger('RedDirectory::log() os_path ' . $this->os_path, LOGGER_DATA); + logger('RedDirectory::log() red_path ' . $this->red_path, LOGGER_DATA); + } + function getChildren() { + logger('RedDirectory::getChildren() called for ' . $this->ext_path, LOGGER_DATA); + + $this->log(); + if(get_config('system','block_public') && (! $this->auth->channel_id) && (! $this->auth->observer)) { throw new DAV\Exception\Forbidden('Permission denied.'); return; @@ -239,7 +250,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { return; - logger('getDir(): path: ' . print_r($path_arr,true)); + logger('getDir(): path: ' . print_r($path_arr,true), LOGGER_DEBUG); $channel_name = $path_arr[0]; @@ -519,6 +530,7 @@ function RedChannelList(&$auth) { if($r) { foreach($r as $rr) { if(perm_is_allowed($rr['channel_id'],$auth->observer,'view_storage')) { + logger('RedChannelList: ' . '/cloud/' . $rr['channel_address'], LOGGER_DATA); $ret[] = new RedDirectory('/cloud/' . $rr['channel_address'],$auth); } } @@ -568,6 +580,7 @@ function RedCollectionData($file,&$auth) { $permission_error = false; for($x = 1; $x < count($path_arr); $x ++) { + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d) $perms limit 1", dbesc($folder), dbesc($path_arr[$x]), @@ -619,6 +632,8 @@ function RedCollectionData($file,&$auth) { ); foreach($r as $rr) { + logger('RedCollectionData: filename: ' . $rr['filename'], LOGGER_DATA); + if($rr['flags'] & ATTACH_FLAG_DIR) $ret[] = new RedDirectory('/cloud' . $path . '/' . $rr['filename'],$auth); else @@ -775,6 +790,8 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { $this->channel_name = $r[0]['channel_address']; $this->channel_id = $r[0]['channel_id']; $this->channel_hash = $this->observer = $r[0]['channel_hash']; + $_SESSION['uid'] = $r[0]['channel_id']; + $_SESSION['authenticated'] = true; return true; } } @@ -794,6 +811,8 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { $this->channel_name = $r[0]['channel_address']; $this->channel_id = $r[0]['channel_id']; $this->channel_hash = $this->observer = $r[0]['channel_hash']; + $_SESSION['uid'] = $r[0]['channel_id']; + $_SESSION['authenticated'] = true; return true; } } @@ -813,12 +832,12 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { function log() { - logger('dav: auth: channel_name ' . $this->channel_name); - logger('dav: auth: channel_id ' . $this->channel_id); - logger('dav: auth: channel_hash ' . $this->channel_hash); - logger('dav: auth: observer ' . $this->observer); - logger('dav: auth: owner_id ' . $this->owner_id); - logger('dav: auth: owner_nick ' . $this->owner_nick); + logger('dav: auth: channel_name ' . $this->channel_name, LOGGER_DATA); + logger('dav: auth: channel_id ' . $this->channel_id, LOGGER_DATA); + logger('dav: auth: channel_hash ' . $this->channel_hash, LOGGER_DATA); + logger('dav: auth: observer ' . $this->observer, LOGGER_DATA); + logger('dav: auth: owner_id ' . $this->owner_id, LOGGER_DATA); + logger('dav: auth: owner_nick ' . $this->owner_nick, LOGGER_DATA); } -- cgit v1.2.3 From 5cedc324eb290e32f547e23799ec3e09fc30c496 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 13 Feb 2014 03:06:48 -0800 Subject: reddav - disable assets --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 5ffffdab2..94ff48d21 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -851,7 +851,7 @@ class RedBrowser extends DAV\Browser\Plugin { function __construct(&$auth) { $this->auth = $auth; - + $this->enableAssets = false; } -- cgit v1.2.3 From 213c03c6068639b67f90e8a5ceb4a70dc502c993 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 13 Feb 2014 03:52:16 -0800 Subject: more debugging dav in windows, windows never forgets your dav credentials even if you get them wrong and even if you remove them from the credential vault. This makes it very difficult to manage two or more channels with file resources. --- include/reddav.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 94ff48d21..a8d6739f0 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -773,6 +773,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { protected function validateUserPass($username, $password) { + if(trim($password) === '+++') { logger('reddav: validateUserPass: guest ' . $username); return true; -- cgit v1.2.3 From 53d6d4c6556fe85a05ef6945d2ebc327e82cb3fb Mon Sep 17 00:00:00 2001 From: Klaus Date: Sat, 15 Feb 2014 21:48:40 +0100 Subject: Fix call to asset icons in RedBrowser. RedBrowser was not displaying asset icons correctly, because the URL was wrong. --- include/reddav.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index a8d6739f0..cb2aa3bb9 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -1064,5 +1064,15 @@ class RedBrowser extends DAV\Browser\Plugin { } + /** + * This method takes a path/name of an asset and turns it into url + * suiteable for http access. + * + * @param string $assetName + * @return string + */ + protected function getAssetUrl($assetName) { + return '/cloud/?sabreAction=asset&assetName=' . urlencode($assetName); + } } -- cgit v1.2.3 From 01f31c2f2060a925c22b3f92e841d4f951d1825c Mon Sep 17 00:00:00 2001 From: Klaus Date: Sat, 15 Feb 2014 22:25:14 +0100 Subject: Make asset icons work in subdir installs as well. This should be the right way I guess, especially if red# is installed in a subdirectory. (untested) --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index cb2aa3bb9..6182aeacd 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -1072,7 +1072,7 @@ class RedBrowser extends DAV\Browser\Plugin { * @return string */ protected function getAssetUrl($assetName) { - return '/cloud/?sabreAction=asset&assetName=' . urlencode($assetName); + return z_root() .'/cloud/?sabreAction=asset&assetName=' . urlencode($assetName); } } -- cgit v1.2.3 From 075b7fa9c82d5b0663528d2cf5e6f28dd1c5f4ab Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 22 Feb 2014 13:33:18 -0800 Subject: This should resolve the dav authentication loop (correctly) --- include/reddav.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 6182aeacd..2a26ac42a 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -792,6 +792,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { $this->channel_id = $r[0]['channel_id']; $this->channel_hash = $this->observer = $r[0]['channel_hash']; $_SESSION['uid'] = $r[0]['channel_id']; + $_SESSION['account_id'] = $r[0]['channel_account_id']; $_SESSION['authenticated'] = true; return true; } @@ -813,6 +814,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { $this->channel_id = $r[0]['channel_id']; $this->channel_hash = $this->observer = $r[0]['channel_hash']; $_SESSION['uid'] = $r[0]['channel_id']; + $_SESSION['account_id'] = $r[0]['channel_account_id']; $_SESSION['authenticated'] = true; return true; } -- cgit v1.2.3 From ecb2e52a7411a8a39b8030964604f0f28f2facce Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 16 Mar 2014 20:34:21 -0700 Subject: little fixes of hopefully nil significance --- include/reddav.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 2a26ac42a..a39a84e21 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -708,7 +708,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); @@ -719,7 +719,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); if($r) -- cgit v1.2.3 From aa07edbdd107b512caf5a83d863c9d79a6e46694 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 17 Mar 2014 18:44:01 -0700 Subject: sprintf error --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index a39a84e21..d6c3d126b 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -276,7 +276,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { for($x = 1; $x < count($path_arr); $x ++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), -- cgit v1.2.3 From 1446cc80960d278d26a2c2a0a529728beed10215 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Tue, 18 Mar 2014 02:41:58 +0000 Subject: Missed one --- include/reddav.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index d6c3d126b..c65cb569b 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -276,7 +276,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { for($x = 1; $x < count($path_arr); $x ++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = '%d' and (flags & %d)", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), @@ -581,9 +581,10 @@ function RedCollectionData($file,&$auth) { for($x = 1; $x < count($path_arr); $x ++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d) $perms limit 1", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) $perms limit 1", dbesc($folder), dbesc($path_arr[$x]), + intval($channel_id), intval(ATTACH_FLAG_DIR) ); if(! $r) { -- cgit v1.2.3 From c8fb979ed86403bc38baaf92c90f299434b25fdf Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Tue, 18 Mar 2014 02:43:36 +0000 Subject: oops --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index c65cb569b..1047bdc9e 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -276,7 +276,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { for($x = 1; $x < count($path_arr); $x ++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = '%d' and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), -- cgit v1.2.3 From 8c177fbc4b20c297afbd7035dbb5e59d94fb4020 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 18 Mar 2014 16:50:46 -0700 Subject: cleanup --- include/reddav.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 1047bdc9e..b7bb94fa0 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -590,9 +590,10 @@ function RedCollectionData($file,&$auth) { if(! $r) { // path wasn't found. Try without permissions to see if it was the result of permissions. $errors = true; - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d) limit 1", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) limit 1", dbesc($folder), basename($path_arr[$x]), + intval($channel_id), intval(ATTACH_FLAG_DIR) ); if($r) { -- cgit v1.2.3 From 64dfe3ab64a7f39c2c88d141a7d8a8b9d60756ff Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 6 Apr 2014 03:47:53 -0700 Subject: issue #395, item 2 --- include/reddav.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index b7bb94fa0..7c14ca472 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -884,8 +884,12 @@ class RedBrowser extends DAV\Browser\Plugin { date_default_timezone_set($this->auth->timezone); $version = ''; + require_once('include/conversation.php'); - $html = " + if($this->auth->channel_name) + $html = profile_tabs(get_app(),(($this->auth->channel_id == local_user()) ? true : false),$this->auth->channel_name); + + $html .= "

Index for " . $this->escapeHTML($path) . "/

-- cgit v1.2.3 From 95751dddff2b1b7a2074d37a5b3102f256842ae4 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 7 Apr 2014 20:20:28 -0700 Subject: some fixes to #395 --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 7c14ca472..03cfe1aab 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -887,7 +887,7 @@ class RedBrowser extends DAV\Browser\Plugin { require_once('include/conversation.php'); if($this->auth->channel_name) - $html = profile_tabs(get_app(),(($this->auth->channel_id == local_user()) ? true : false),$this->auth->channel_name); + $html = profile_tabs(get_app(),(($this->auth->owner_id == local_user()) ? true : false),$this->auth->owner_nick); $html .= " -- cgit v1.2.3 From d93df86298450512853e4085f519486eea2d8468 Mon Sep 17 00:00:00 2001 From: jeroenpraat Date: Mon, 5 May 2014 13:54:56 +0000 Subject: Fixed some wrapping problems when the user has set a larger font size. And some UI love for the file permissions page (as requested by Mike ;) and changed the position of the file properties link on the cloud page. --- include/reddav.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 03cfe1aab..0650531dd 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -1038,6 +1038,14 @@ class RedBrowser extends DAV\Browser\Plugin { public function htmlActionsPanel(DAV\INode $node, &$output) { + + if($this->auth->owner_id && $this->auth->owner_id == $this->auth->channel_id) { + $channel = get_app()->get_channel(); + if($channel) { + $output .= ''; + } + } + if (!$node instanceof DAV\ICollection) return; @@ -1062,14 +1070,6 @@ class RedBrowser extends DAV\Browser\Plugin { '; - - if($this->auth->owner_id && $this->auth->owner_id == $this->auth->channel_id) { - $channel = get_app()->get_channel(); - if($channel) { - $output .= ''; - } - } - } /** -- cgit v1.2.3 From b17f923abbfcc79ed80b8a8779681a77a77f0ecc Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 27 May 2014 16:49:47 -0700 Subject: give the cloud file list a bit of padding --- include/reddav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 0650531dd..3c2801e89 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -892,7 +892,7 @@ class RedBrowser extends DAV\Browser\Plugin { $html .= "

Index for " . $this->escapeHTML($path) . "/

-
' . t('Edit File properties') . '
 
 
' . t('Edit File properties') . '
+
"; -- cgit v1.2.3 From f6959dd18b5b863a4390fd053b20cf508f78b62d Mon Sep 17 00:00:00 2001 From: tuscanhobbit Date: Tue, 24 Jun 2014 00:04:13 +0200 Subject: Dav file browser on a single page --- include/reddav.php | 105 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 78 insertions(+), 27 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 3c2801e89..141c73ffe 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -890,11 +890,18 @@ class RedBrowser extends DAV\Browser\Plugin { $html = profile_tabs(get_app(),(($this->auth->owner_id == local_user()) ? true : false),$this->auth->owner_nick); $html .= " - -

Index for " . $this->escapeHTML($path) . "/

-
NameTypeSizeLast modified
- - "; + +

".t('Files').": ".$this->escapeHTML($path) . "/

+
NameTypeSizeLast modified
+ + + + + + + + + "; $files = $this->server->getPropertiesForPath($path,array( '{DAV:}displayname', @@ -913,13 +920,15 @@ class RedBrowser extends DAV\Browser\Plugin { $fullPath = DAV\URLUtil::encodePath($this->server->getBaseUri() . $parentUri); $icon = $this->enableAssets?'Parent':''; - $html.= " - - - - - - "; + $html.= " + + + + + + + "; } @@ -1005,18 +1014,34 @@ class RedBrowser extends DAV\Browser\Plugin { } } - - $html.= " - - - - - - "; + + $parentHash=""; + $owner=$this->auth->owner_id; + $splitPath = split("/",$fullPath); + if (count($splitPath) > 3) { + for ($i=3; $ifindAttachHash($owner,$parentHash,$attachName); + $parentHash = $attachHash; + } + } + $attachId = $this->findAttachIdByHash($attachHash); + $fileStorageUrl = str_replace("cloud/","filestorage/",$path); + $attachIcon = ""; + $html.= " + + + + + + + + + "; } - $html.= ""; + $html.= ""; $output = ''; @@ -1039,12 +1064,13 @@ class RedBrowser extends DAV\Browser\Plugin { public function htmlActionsPanel(DAV\INode $node, &$output) { - if($this->auth->owner_id && $this->auth->owner_id == $this->auth->channel_id) { - $channel = get_app()->get_channel(); - if($channel) { - $output .= ''; - } - } + //Removed link to filestorage page + //if($this->auth->owner_id && $this->auth->owner_id == $this->auth->channel_id) { + // $channel = get_app()->get_channel(); + // if($channel) { + // $output .= ''; + // } + //} if (!$node instanceof DAV\ICollection) return; @@ -1083,4 +1109,29 @@ class RedBrowser extends DAV\Browser\Plugin { return z_root() .'/cloud/?sabreAction=asset&assetName=' . urlencode($assetName); } + protected function findAttachHash($owner, $parentHash, $attachName) { + $r = q("select * from attach where uid = %d and folder = '%s' and filename = '%s' order by edited desc limit 1", + intval($owner), dbesc($parentHash), dbesc($attachName) + ); + $hash = ""; + if($r) { + foreach($r as $rr) { + $hash = $rr['hash']; + } + } + return $hash; + } + + protected function findAttachIdByHash($attachHash) { + $r = q("select * from attach where hash = '%s' order by edited desc limit 1", + dbesc($attachHash) + ); + $id = ""; + if($r) { + foreach($r as $rr) { + $id = $rr['id']; + } + } + return $id; + } } -- cgit v1.2.3 From 177c33be10a2cfb7deb23daa9aeece2eab3d4400 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 23 Jun 2014 16:05:00 -0700 Subject: block edit/delete ability for everybody but the owner --- include/reddav.php | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 141c73ffe..852a18869 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -880,6 +880,8 @@ class RedBrowser extends DAV\Browser\Plugin { public function generateDirectoryIndex($path) { + $is_owner = ((local_user() && $this->auth->owner_id == local_user()) ? true : false); + if($this->auth->timezone) date_default_timezone_set($this->auth->timezone); @@ -887,7 +889,7 @@ class RedBrowser extends DAV\Browser\Plugin { require_once('include/conversation.php'); if($this->auth->channel_name) - $html = profile_tabs(get_app(),(($this->auth->owner_id == local_user()) ? true : false),$this->auth->owner_nick); + $html = profile_tabs(get_app(),(($is_owner) ? true : false),$this->auth->owner_nick); $html .= " @@ -1027,14 +1029,21 @@ class RedBrowser extends DAV\Browser\Plugin { } $attachId = $this->findAttachIdByHash($attachHash); $fileStorageUrl = str_replace("cloud/","filestorage/",$path); - $attachIcon = ""; + $attachIcon = ""; // ""; $html.= " - - - - - + "; + + if($is_owner) { + $html .= " + + "; + } + else { + $html .= ""; + } + $html .= + ""; -- cgit v1.2.3 From cc4001fce7934b49e6e7888a602b9bb9c33cf37f Mon Sep 17 00:00:00 2001 From: tuscanhobbit Date: Tue, 24 Jun 2014 12:05:11 +0200 Subject: Fixes to links and forward URLs in filestorage --- include/reddav.php | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) (limited to 'include/reddav.php') diff --git a/include/reddav.php b/include/reddav.php index 852a18869..fe05af606 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -1028,16 +1028,16 @@ class RedBrowser extends DAV\Browser\Plugin { } } $attachId = $this->findAttachIdByHash($attachHash); - $fileStorageUrl = str_replace("cloud/","filestorage/",$path); + $fileStorageUrl = substr($fullPath, 0, strpos($fullPath,"cloud/")) . "filestorage/".$this->auth->channel_name; $attachIcon = ""; // ""; $html.= " - "; + "; if($is_owner) { $html .= " - "; + "; } else { $html .= ""; @@ -1090,20 +1090,24 @@ class RedBrowser extends DAV\Browser\Plugin { if (get_class($node)==='Sabre\\DAV\\SimpleCollection') return; - $output.= ''; + $output.= '
".t('Name')."TypeSizeLast modified
$icon..[parent]
$icon.. + [parent]
$icon{$displayName}{$type}{$size}" . (($lastmodified) ? datetime_convert('UTC', date_default_timezone_get(),$lastmodified) : '') . "
$icon{$displayName}" . (($size) ? $attachIcon : '') . "{$type}". $size ."" . (($lastmodified) ? datetime_convert('UTC', date_default_timezone_get(),$lastmodified) : '') . "
' . t('Edit File properties') . '
 
' . t('Edit File properties') . '
 
$icon{$displayName}" . (($size) ? $attachIcon : '') . "{$type}{$displayName}" . (($size) ? $attachIcon : '') . "{$type} ". $size ." " . (($lastmodified) ? datetime_convert('UTC', date_default_timezone_get(),$lastmodified) : '') . "
$icon{$displayName}{$displayName}" . (($size) ? $attachIcon : '') . "
-

Create new folder

- - Name: - -
-
-

Upload file

- - Name (optional):
- File:
- -
-
+ + + + + + + +
Create new folder   
+ + + +
Upload file   
+ + + + +
'; } -- cgit v1.2.3