We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 3e0c2918 authored by Robin Millette's avatar Robin Millette

Added configurable options for attachments: supported mimetypes and quotas for uploads.

parent ed1e1d9f
......@@ -84,20 +84,24 @@ class NewnoticeAction extends Action
function handle($args)
{
parent::handle($args);
if (!common_logged_in()) {
$this->clientError(_('Not logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// check for this before token since all POST and FILES data
// is losts when size is exceeded
if (empty($_POST) && $_SERVER['CONTENT_LENGTH']) {
$this->clientError(sprintf(_('The server was unable to handle ' .
'that much POST data (%s bytes) due to its current configuration.'),
$_SERVER['CONTENT_LENGTH']));
}
parent::handle($args);
// CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->clientError(_('There was a problem with your session token. '.
'Try again, please.'));
return;
}
try {
$this->saveNewNotice();
} catch (Exception $e) {
......@@ -109,8 +113,55 @@ class NewnoticeAction extends Action
}
}
function isFileAttached() {
return isset($_FILES['attach']['error']) && ($_FILES['attach']['error'] === UPLOAD_ERR_OK);
function isSupportedFileType() {
require_once 'MIME/Type.php';
$filetype = MIME_Type::autoDetect($_FILES['attach']['tmp_name']);
if (in_array($filetype, common_config('attachments', 'supported'))) {
return true;
}
$media = MIME_Type::getMedia($filetype);
if ('application' !== $media) {
$hint = sprintf(_(' Try using another %s format.'), $media);
} else {
$hint = '';
}
$this->clientError(sprintf(
_('%s is not a supported filetype on this server.'), $filetype) . $hint);
}
function isRespectsQuota($user) {
if ($_FILES['attach']['size'] > common_config('attachments', 'file_quota')) {
$this->clientError(sprintf(_('No file may be larger than %d bytes ' .
'and the file you sent was %d bytes. Try to upload a smaller version.'),
common_config('attachments', 'file_quota'), $_FILES['attach']['size']));
}
$query = "select sum(size) as total from file join file_to_post on file_to_post.file_id = file.id join notice on file_to_post.post_id = notice.id where profile_id = {$user->id} and file.url like '%/notice/%/file'";
$file = new File;
$file->query($query);
$file->fetch();
$total = $file->total + $_FILES['attach']['size'];
if ($total > common_config('attachments', 'user_quota')) {
$this->clientError(sprintf(_('A file this large would exceed your user quota of %d bytes.'), common_config('attachments', 'user_quota')));
}
$query .= ' month(modified) = month(now()) and year(modified) = year(now())';
$file2 = new File;
$file2->query($query);
$file2->fetch();
$total2 = $file2->total + $_FILES['attach']['size'];
if ($total2 > common_config('attachments', 'monthly_quota')) {
$this->clientError(sprintf(_('A file this large would exceed your monthly quota of %d bytes.'), common_config('attachments', 'monthly_quota')));
}
return true;
}
function isValidFileAttached($user) {
return isset($_FILES['attach']['error'])
&& ($_FILES['attach']['error'] === UPLOAD_ERR_OK)
&& $this->isSupportedFileType()
&& $this->isRespectsQuota($user);
}
/**
......@@ -135,7 +186,6 @@ class NewnoticeAction extends Action
$this->clientError(_('No content!'));
} else {
$content_shortened = common_shorten_links($content);
if (mb_strlen($content_shortened) > 140) {
$this->clientError(_('That\'s too long. '.
'Max notice size is 140 chars.'));
......@@ -162,19 +212,54 @@ class NewnoticeAction extends Action
$replyto = 'false';
}
switch ($_FILES['attach']['error']) {
case UPLOAD_ERR_NO_FILE:
// no file uploaded
// nothing to do
break;
case UPLOAD_ERR_OK:
// file was uploaded alright
// lets check if we really support its format
// and it doesn't go over quotas
if (!$this->isValidFileAttached($user)) {
die('clientError() should trigger an exception before reaching here.');
}
break;
case UPLOAD_ERR_INI_SIZE:
$this->clientError(_('The uploaded file exceeds the upload_max_filesize directive in php.ini.'));
case UPLOAD_ERR_FORM_SIZE:
$this->clientError(_('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.'));
case UPLOAD_ERR_PARTIAL:
$this->clientError(_('The uploaded file was only partially uploaded.'));
case UPLOAD_ERR_NO_TMP_DIR:
$this->clientError(_('Missing a temporary folder.'));
case UPLOAD_ERR_CANT_WRITE:
$this->clientError(_('Failed to write file to disk.'));
case UPLOAD_ERR_EXTENSION:
$this->clientError(_('File upload stopped by extension.'));
default:
die('Should never reach here.');
}
$notice = Notice::saveNew($user->id, $content_shortened, 'web', 1,
($replyto == 'false') ? null : $replyto);
if (is_string($notice)) {
$this->clientError($notice);
return;
}
if ($this->isFileAttached()) {
$this->storeFile($notice);
}
$this->storeFile($notice);
$this->saveUrls($notice);
common_broadcast_notice($notice);
if ($this->boolean('ajax')) {
......@@ -201,12 +286,12 @@ class NewnoticeAction extends Action
}
function storeFile($notice) {
if (UPLOAD_ERR_NO_FILE === $_FILES['attach']['error']) return;
$filename = basename($_FILES['attach']['name']);
$destination = "file/{$notice->id}-$filename";
if (move_uploaded_file($_FILES['attach']['tmp_name'], INSTALLDIR . "/$destination")) {
$file = new File;
$file->url = common_local_url('file', array('notice' => $notice->id));
// $file->url = common_path($destination);
$file->size = filesize(INSTALLDIR . "/$destination");
$file->date = time();
$file->mimetype = $_FILES['attach']['type'];
......@@ -221,14 +306,9 @@ class NewnoticeAction extends Action
$f2p->post_id = $notice->id;
$f2p->insert();
} else {
die('inserting file, dying');
$this->clientError(_('There was a database error while saving your file. Please try again.'));
}
}
/*
$url = common_local_url('file', array('notice' => $notice->id));
echo "$destination<br />";
die($url);
*/
}
......
......@@ -215,3 +215,11 @@ $config['sphinx']['port'] = 3312;
// $config['snapshot']['run'] = 'never';
// If you want to report statistics in a cron job instead.
// $config['snapshot']['run'] = 'cron';
// Support for file uploads (attachments),
// select supported mimetypes and quotas (in bytes)
// $config['attachments']['supported'] = array('image/png', 'application/ogg');
// $config['attachments']['file_quota'] = 5000000;
// $config['attachments']['user_quota'] = 50000000;
// $config['attachments']['monthly_quota'] = 15000000;
This diff is collapsed.
This diff is collapsed.
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | PHP version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2002 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 3.0 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/3_0.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Ian Eure <ieure@php.net> |
// +----------------------------------------------------------------------+
//
// $Id: Parameter.php,v 1.1 2007/03/25 10:10:21 cweiske Exp $
/**
* Class for working with MIME type parameters
*
* @version 1.2.0
* @package MIME_Type
* @author Ian Eure <ieure@php.net>
*/
class MIME_Type_Parameter {
/**
* Parameter name
*
* @var string
*/
var $name;
/**
* Parameter value
*
* @var string
*/
var $value;
/**
* Parameter comment
*
* @var string
*/
var $comment;
/**
* Constructor.
*
* @param string $param MIME parameter to parse, if set.
* @return void
*/
function MIME_Type_Parameter($param = false)
{
if ($param) {
$this->parse($param);
}
}
/**
* Parse a MIME type parameter and set object fields
*
* @param string $param MIME type parameter to parse
* @return void
*/
function parse($param)
{
$comment = '';
$param = MIME_Type::stripComments($param, $comment);
$this->name = $this->getAttribute($param);
$this->value = $this->getValue($param);
$this->comment = $comment;
}
/**
* Get a parameter attribute (e.g. name)
*
* @param string MIME type parameter
* @return string Attribute name
* @static
*/
function getAttribute($param)
{
$tmp = explode('=', $param);
return trim($tmp[0]);
}
/**
* Get a parameter value
*
* @param string $param MIME type parameter
* @return string Value
* @static
*/
function getValue($param)
{
$tmp = explode('=', $param, 2);
$value = $tmp[1];
$value = trim($value);
if ($value[0] == '"' && $value[strlen($value)-1] == '"') {
$value = substr($value, 1, -1);
}
$value = str_replace('\\"', '"', $value);
return $value;
}
/**
* Get a parameter comment
*
* @param string $param MIME type parameter
* @return string Parameter comment
* @see getComment()
* @static
*/
function getComment($param)
{
$cs = strpos($param, '(');
$comment = substr($param, $cs);
return trim($comment, '() ');
}
/**
* Does this parameter have a comment?
*
* @param string $param MIME type parameter
* @return boolean true if $param has a comment, false otherwise
* @static
*/
function hasComment($param)
{
if (strstr($param, '(')) {
return true;
}
return false;
}
/**
* Get a string representation of this parameter
*
* This function performs the oppsite of parse()
*
* @return string String representation of parameter
*/
function get()
{
$val = $this->name . '="' . str_replace('"', '\\"', $this->value) . '"';
if ($this->comment) {
$val .= ' (' . $this->comment . ')';
}
return $val;
}
}
?>
\ No newline at end of file
......@@ -163,6 +163,40 @@ $config =
array('run' => 'web',
'frequency' => 10000,
'reporturl' => 'http://laconi.ca/stats/report'),
'attachments' =>
array('supported' => array('image/png',
'image/jpeg',
'image/gif',
'image/svg+xml',
'audio/mpeg',
'application/ogg',
'application/pdf',
'application/vnd.oasis.opendocument.text',
'application/vnd.oasis.opendocument.text-template',
'application/vnd.oasis.opendocument.graphics',
'application/vnd.oasis.opendocument.graphics-template',
'application/vnd.oasis.opendocument.presentation',
'application/vnd.oasis.opendocument.presentation-template',
'application/vnd.oasis.opendocument.spreadsheet',
'application/vnd.oasis.opendocument.spreadsheet-template',
'application/vnd.oasis.opendocument.chart',
'application/vnd.oasis.opendocument.chart-template',
'application/vnd.oasis.opendocument.image',
'application/vnd.oasis.opendocument.image-template',
'application/vnd.oasis.opendocument.formula',
'application/vnd.oasis.opendocument.formula-template',
'application/vnd.oasis.opendocument.text-master',
'application/vnd.oasis.opendocument.text-web',
'application/zip',
'text/plain',
'video/mpeg',
'video/mp4',
'video/quicktime',
'video/mpeg'),
'file_quota' => 5000000,
'user_quota' => 50000000,
'monthly_quota' => 15000000,
),
);
$config['db'] = &PEAR::getStaticProperty('DB_DataObject','options');
......@@ -223,19 +257,19 @@ if ($_db_name != 'laconica' && !array_key_exists('ini_'.$_db_name, $config['db']
// XXX: how many of these could be auto-loaded on use?
require_once('Validate.php');
require_once('markdown.php');
require_once 'Validate.php';
require_once 'markdown.php';
require_once(INSTALLDIR.'/lib/util.php');
require_once(INSTALLDIR.'/lib/action.php');
require_once(INSTALLDIR.'/lib/theme.php');
require_once(INSTALLDIR.'/lib/mail.php');
require_once(INSTALLDIR.'/lib/subs.php');
require_once(INSTALLDIR.'/lib/Shorturl_api.php');
require_once(INSTALLDIR.'/lib/twitter.php');
require_once INSTALLDIR.'/lib/util.php';
require_once INSTALLDIR.'/lib/action.php';
require_once INSTALLDIR.'/lib/theme.php';
require_once INSTALLDIR.'/lib/mail.php';
require_once INSTALLDIR.'/lib/subs.php';
require_once INSTALLDIR.'/lib/Shorturl_api.php';
require_once INSTALLDIR.'/lib/twitter.php';
require_once(INSTALLDIR.'/lib/clientexception.php');
require_once(INSTALLDIR.'/lib/serverexception.php');
require_once INSTALLDIR.'/lib/clientexception.php';
require_once INSTALLDIR.'/lib/serverexception.php';
// XXX: other formats here
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment