2010-08-10 18:12:50 +02:00
|
|
|
/*
|
|
|
|
* This file is a part of Winix
|
2014-10-04 20:04:03 +02:00
|
|
|
* and is distributed under the 2-Clause BSD licence.
|
|
|
|
* Author: Tomasz Sowa <t.sowa@ttmath.org>
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2014-02-12 17:30:49 +01:00
|
|
|
* Copyright (c) 2008-2014, Tomasz Sowa
|
2010-08-10 18:12:50 +02:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
2014-10-04 20:04:03 +02:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
*
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
*
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
|
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*
|
2010-08-10 18:12:50 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <cstdio>
|
|
|
|
#include <errno.h>
|
|
|
|
#include "upload.h"
|
|
|
|
#include "core/misc.h"
|
2011-09-13 08:08:34 +02:00
|
|
|
#include "core/plugin.h"
|
2010-08-10 18:12:50 +02:00
|
|
|
#include "functions/functions.h"
|
2011-06-24 22:53:21 +02:00
|
|
|
#include "templates/templates.h"
|
2012-01-12 03:24:08 +01:00
|
|
|
#include "utf8/utf8.h"
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
2014-02-12 17:30:49 +01:00
|
|
|
namespace Winix
|
|
|
|
{
|
|
|
|
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
namespace Fun
|
|
|
|
{
|
|
|
|
|
|
|
|
Upload::Upload()
|
|
|
|
{
|
2010-11-21 01:19:17 +01:00
|
|
|
fun.url = L"upload";
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-11-14 21:59:23 +01:00
|
|
|
void Upload::Init()
|
|
|
|
{
|
2014-08-06 22:14:10 +02:00
|
|
|
json_serializer.TreatAsTable(L"files");
|
2013-11-14 21:59:23 +01:00
|
|
|
json_serializer.TreatAsNumeric(L"size");
|
|
|
|
}
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
bool Upload::HasAccess(const Item & item)
|
|
|
|
{
|
|
|
|
// you can use 'upload' only in a directory
|
|
|
|
if( item.type != Item::dir )
|
|
|
|
return false;
|
|
|
|
|
2010-12-10 22:07:01 +01:00
|
|
|
if( config->upload_dir.empty() )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2010-12-10 22:07:01 +01:00
|
|
|
log << log1 << "Request: can't use upload function, upload_dir must be set in the config file" << logend;
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
if( cur->session->puser && cur->session->puser->super_user )
|
2010-08-10 18:12:50 +02:00
|
|
|
// super user can use upload everywhere
|
|
|
|
return true;
|
|
|
|
|
|
|
|
if( !system->HasWriteAccess(item) )
|
|
|
|
return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
bool Upload::HasAccess()
|
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
if( cur->request->is_item || !HasAccess(*cur->request->dir_tab.back()) )
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2010-12-10 22:07:01 +01:00
|
|
|
bool Upload::UploadSaveStaticFile(const Item & item, const std::wstring & tmp_filename)
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2014-09-28 19:30:05 +02:00
|
|
|
if( !system->MakeFilePath(item, path, false, true, config->upload_dirs_chmod, config->upload_group_int) )
|
2010-12-10 22:07:01 +01:00
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->status = WINIX_ERR_PERMISSION_DENIED;
|
2010-12-10 22:07:01 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if( RenameFile(tmp_filename, path) )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2014-10-09 22:44:56 +02:00
|
|
|
if( !SetPriv(path, config->upload_files_chmod, config->upload_group_int) )
|
2014-09-28 19:30:05 +02:00
|
|
|
{
|
|
|
|
cur->request->status = WINIX_ERR_PERMISSION_DENIED;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
log << log2 << "Upload: uploaded a new file: " << path << logend;
|
2010-12-10 22:07:01 +01:00
|
|
|
return true;
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2010-12-10 22:07:01 +01:00
|
|
|
log << log1 << "Upload: can't move the tmp file from: " << tmp_filename << ", to: " << path << logend;
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->status = WINIX_ERR_PERMISSION_DENIED;
|
2010-12-10 22:07:01 +01:00
|
|
|
return false;
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-09-13 08:08:34 +02:00
|
|
|
|
|
|
|
void Upload::ResizeImage(Item & item)
|
2011-02-11 22:37:28 +01:00
|
|
|
{
|
2013-03-29 23:03:28 +01:00
|
|
|
Image::Scale scale = system->image.GetImageScale(item.parent_id);
|
|
|
|
system->image.Resize(item.id, scale.cx, scale.cy, scale.aspect_mode, scale.quality);
|
2011-09-13 08:08:34 +02:00
|
|
|
}
|
|
|
|
|
2011-02-11 22:37:28 +01:00
|
|
|
|
2011-09-13 08:08:34 +02:00
|
|
|
|
|
|
|
void Upload::CreateThumb(Item & item)
|
|
|
|
{
|
2013-03-29 23:03:28 +01:00
|
|
|
Image::Scale scale = system->image.GetThumbScale(item.parent_id);
|
|
|
|
system->image.CreateThumb(item.id, scale.cx, scale.cy, scale.aspect_mode, scale.quality);
|
2011-02-11 22:37:28 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2010-12-10 22:07:01 +01:00
|
|
|
void Upload::UploadFile(Item & item, const std::wstring & tmp_filename)
|
|
|
|
{
|
|
|
|
// we should add the file beforehand to get the proper item.id
|
2011-09-13 08:08:34 +02:00
|
|
|
cur->request->status = system->AddFile(item, 0, false);
|
2010-12-10 22:07:01 +01:00
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
if( cur->request->status == WINIX_ERR_OK )
|
2010-12-10 22:07:01 +01:00
|
|
|
{
|
|
|
|
if( system->CreateNewFile(item) )
|
|
|
|
{
|
|
|
|
if( UploadSaveStaticFile(item, tmp_filename) )
|
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->status = db->EditFileById(item, item.id);
|
2010-12-10 22:07:01 +01:00
|
|
|
|
2011-09-13 08:08:34 +02:00
|
|
|
plugin.Call(WINIX_FILE_ADDED, &item);
|
|
|
|
|
|
|
|
if( item.file_type == WINIX_ITEM_FILETYPE_IMAGE )
|
|
|
|
{
|
|
|
|
if( config->image_resize )
|
|
|
|
ResizeImage(item);
|
|
|
|
|
|
|
|
if( config->create_thumb )
|
|
|
|
CreateThumb(item);
|
|
|
|
}
|
2011-06-24 22:53:21 +02:00
|
|
|
|
|
|
|
if( is_jquery_upload )
|
|
|
|
cur->request->item_tab.push_back(item);
|
2010-12-10 22:07:01 +01:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
db->DelItem(item);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
bool Upload::FunUploadCheckAbuse()
|
|
|
|
{
|
|
|
|
if( !system->rebus.CheckRebus() )
|
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->status = WINIX_ERR_INCORRECT_REBUS;
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
functions->CheckGetPostTimes(4);
|
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
if( cur->session->spam_score > 0 )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->status = WINIX_ERR_SPAM;
|
2010-08-10 18:12:50 +02:00
|
|
|
log << log1 << "Content: ignoring due to suspected spamming" << logend;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void Upload::UploadMulti()
|
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->item.Clear(); // clearing and setting date
|
|
|
|
cur->request->item.parent_id = cur->request->dir_tab.back()->id;
|
|
|
|
cur->request->item.type = Item::file;
|
2012-01-25 00:03:36 +01:00
|
|
|
cur->request->item.privileges = system->NewFilePrivileges();
|
2011-01-23 15:15:30 +01:00
|
|
|
functions->SetUser(cur->request->item);
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
PostFileTab::iterator i = cur->request->post_file_tab.begin();
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
for( ; i != cur->request->post_file_tab.end() ; ++i)
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2010-11-21 01:19:17 +01:00
|
|
|
const wchar_t * file_name = i->second.filename.c_str();
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->item.subject = file_name;
|
|
|
|
cur->request->item.url = file_name;
|
|
|
|
cur->request->item.file_type = SelectFileType(file_name);
|
2011-06-24 22:53:21 +02:00
|
|
|
cur->request->item.file_size = i->second.file_size;
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
functions->PrepareUrl(cur->request->item);
|
|
|
|
UploadFile(cur->request->item, i->second.tmp_filename);
|
2011-06-24 22:53:21 +02:00
|
|
|
i->second.tmp_filename.clear();
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
2011-06-24 22:53:21 +02:00
|
|
|
if( is_jquery_upload )
|
2013-11-14 21:59:23 +01:00
|
|
|
CreateAnswer();
|
2011-06-24 22:53:21 +02:00
|
|
|
else
|
|
|
|
system->RedirectToLastDir();
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Upload::UploadSingle()
|
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
const std::wstring & new_subject = cur->request->PostVar(L"subject");
|
|
|
|
const std::wstring & new_url = cur->request->PostVar(L"url");
|
2010-08-12 21:10:12 +02:00
|
|
|
bool has_subject = !new_subject.empty();
|
2010-12-10 22:07:01 +01:00
|
|
|
bool has_url = !new_url.empty();
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
functions->ReadItem(cur->request->item, Item::file); // ReadItem() changes the url if it is empty
|
|
|
|
functions->SetUser(cur->request->item);
|
2012-01-25 00:03:36 +01:00
|
|
|
cur->request->item.privileges = system->NewFilePrivileges();
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2011-06-24 22:53:21 +02:00
|
|
|
PostFile & post_file = cur->request->post_file_tab.begin()->second;
|
|
|
|
|
|
|
|
const wchar_t * file_name = post_file.filename.c_str();
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->item.file_type = SelectFileType(file_name);
|
2011-06-24 22:53:21 +02:00
|
|
|
cur->request->item.file_size = post_file.file_size;
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
if( !has_subject )
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->item.subject = file_name;
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
if( !has_url )
|
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->item.url = file_name;
|
|
|
|
functions->PrepareUrl(cur->request->item);
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
2011-06-24 22:53:21 +02:00
|
|
|
UploadFile(cur->request->item, post_file.tmp_filename);
|
|
|
|
post_file.tmp_filename.clear();
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2011-06-24 22:53:21 +02:00
|
|
|
if( is_jquery_upload )
|
2013-11-14 21:59:23 +01:00
|
|
|
CreateAnswer();
|
2011-06-24 22:53:21 +02:00
|
|
|
else
|
2011-01-23 15:15:30 +01:00
|
|
|
if( cur->request->status == WINIX_ERR_OK )
|
|
|
|
system->RedirectTo(cur->request->item, L"/cat");
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2011-06-24 22:53:21 +02:00
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
void Upload::MakePost()
|
|
|
|
{
|
2011-06-24 22:53:21 +02:00
|
|
|
cur->request->item_tab.clear();
|
|
|
|
is_jquery_upload = cur->request->IsParam(L"jquery_upload");
|
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
if( cur->request->post_file_tab.empty() )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
cur->request->status = WINIX_ERR_PERMISSION_DENIED;
|
2010-08-10 18:12:50 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if( !FunUploadCheckAbuse() )
|
|
|
|
return;
|
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
if( cur->request->post_file_tab.size() > 1 )
|
2010-08-10 18:12:50 +02:00
|
|
|
UploadMulti();
|
|
|
|
else
|
|
|
|
UploadSingle();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2013-11-14 21:59:23 +01:00
|
|
|
void Upload::CreateAnswer()
|
2011-06-24 22:53:21 +02:00
|
|
|
{
|
2013-11-14 21:59:23 +01:00
|
|
|
Request & req = *cur->request;
|
2014-08-06 22:14:10 +02:00
|
|
|
PT::Space & files = req.info.AddSpace(L"files"); // 'files' will be serialized to an array
|
2011-06-24 22:53:21 +02:00
|
|
|
|
2013-11-14 21:59:23 +01:00
|
|
|
for(size_t i=0 ; i<req.item_tab.size() ; ++i)
|
2011-06-24 22:53:21 +02:00
|
|
|
{
|
2014-08-06 22:14:10 +02:00
|
|
|
PT::Space & file = files.AddSpace(L"");
|
2013-11-14 21:59:23 +01:00
|
|
|
|
|
|
|
file.Add(L"name", req.item_tab[i].url);
|
|
|
|
file.Add(L"size", req.item_tab[i].file_size);
|
|
|
|
|
|
|
|
std::wstring & link = file.Add(L"url", L"");
|
|
|
|
system->CreateItemLink(req.item_tab[i], link);
|
|
|
|
|
2014-08-06 22:14:10 +02:00
|
|
|
std::wstring & del_url = file.Add(L"deleteUrl", link);
|
2013-11-14 21:59:23 +01:00
|
|
|
del_url += L"/rm/jquery_upload";
|
|
|
|
|
2014-08-06 22:14:10 +02:00
|
|
|
file.Add(L"deleteType", L"POST");
|
2013-11-14 21:59:23 +01:00
|
|
|
|
|
|
|
if( req.item_tab[i].file_type == WINIX_ITEM_FILETYPE_IMAGE )
|
|
|
|
{
|
2014-08-06 22:14:10 +02:00
|
|
|
std::wstring & thumb = file.Add(L"thumbnailUrl", link);
|
2013-11-14 21:59:23 +01:00
|
|
|
|
|
|
|
if( req.item_tab[i].has_thumb )
|
|
|
|
thumb += L"/-/thumb";
|
|
|
|
}
|
2014-08-06 22:14:10 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* if there was an error add "error" item e.g.
|
|
|
|
* "error": "Filetype not allowed"
|
|
|
|
*/
|
2011-06-24 22:53:21 +02:00
|
|
|
}
|
2013-11-14 21:59:23 +01:00
|
|
|
|
|
|
|
cur->request->return_json = true;
|
|
|
|
cur->request->return_info_only = true;
|
|
|
|
cur->request->info_serializer = &json_serializer;
|
2014-08-06 22:14:10 +02:00
|
|
|
|
|
|
|
|
|
|
|
//cur->request->out_headers.Add(L"Content-Type", L"text/html");
|
2011-06-24 22:53:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Upload::MakeGet()
|
|
|
|
{
|
|
|
|
if( cur->request->IsParam(L"jquery_upload") )
|
|
|
|
{
|
|
|
|
query.Clear();
|
|
|
|
query.WhereParentId(cur->request->dir_tab.back()->id);
|
|
|
|
query.WhereType(Item::file);
|
|
|
|
query.WhereFileType(WINIX_ITEM_FILETYPE_NONE, false);
|
|
|
|
|
|
|
|
db->GetItems(cur->request->item_tab, query);
|
|
|
|
|
2013-11-14 21:59:23 +01:00
|
|
|
CreateAnswer();
|
2011-06-24 22:53:21 +02:00
|
|
|
}
|
|
|
|
}
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
|
|
|
|
} // namespace
|
2014-02-12 17:30:49 +01:00
|
|
|
|
|
|
|
|
|
|
|
} // namespace Winix
|
|
|
|
|