harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

file/attachment storage api with revision control - needs a bit more testing but the framework is in place

Browse Source
This commit is contained in:
friendica 2013-01-31 16:13:44 -08:00
parent a72c16c7c0
commit 02e099da45
8 changed files with 332 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
boot.php
View File

@ -16,7 +16,7 @@ require_once('include/features.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica Red');
define ( 'FRIENDICA_VERSION', trim(file_get_contents('version.inc')) . 'R');
define ( 'ZOT_REVISION', 1 );
define ( 'DB_UPDATE_VERSION', 1024 );
define ( 'DB_UPDATE_VERSION', 1025 );
define ( 'EOL', '<br />' . "\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );

283
include/attach.php
View File

@ -104,7 +104,7 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '',
if($filetype)
$sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' ");
$r = q("select id from attach where channel_id = %d $sql_extra",
$r = q("select id from attach where uid = %d $sql_extra",
intval($channel_id)
);
@ -140,7 +140,7 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $
// Retrieve all columns except 'data'
$r = q("select id, aid, uid, hash, filename, filetype, filesize, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where channel_id = %d $sql_extra $orderby $limit",
$r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d $sql_extra $orderby $limit",
intval($channel_id)
);
@ -149,3 +149,282 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $
return $ret;
}
function attach_by_hash($hash,$rev = 0) {
$ret = array('success' => false);
// Check for existence, which will also provide us the owner uid
$sql_extra = '';
if($rev == (-1))
$sql_extra = " order by revision desc ";
elseif($rev)
$sql_extra = " and revision = " . intval($rev) . " ";
$r = q("SELECT uid FROM attach WHERE hash = '%s' $sql_extra LIMIT 1",
dbesc($hash)
);
if(! $r) {
$ret['message'] = t('Item was not found.');
return $ret;
}
if(! perm_is_allowed($r[0]['uid'],get_observer_hash(),'view_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the attachment
$r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1",
dbesc($hash),
intval($r[0]['uid'])
);
if(! $r) {
$ret['message'] = t('Permission denied.');
return $ret;
}
$ret['success'] = true;
$ret['data'] = $r[0];
return $ret;
}
function attach_by_hash_nodata($hash,$rev = 0) {
$ret = array('success' => false);
// Check for existence, which will also provide us the owner uid
$sql_extra = '';
if($rev == (-1))
$sql_extra = " order by revision desc ";
elseif($rev)
$sql_extra = " and revision = " . intval($rev) . " ";
$r = q("SELECT uid FROM attach WHERE hash = '%s' $sql_extra LIMIT 1",
dbesc($hash)
);
if(! $r) {
$ret['message'] = t('Item was not found.');
return $ret;
}
if(! perm_is_allowed($r[0]['uid'],get_observer_hash(),'view_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the attachment
$r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_extra limit 1",
intval($r[0]['uid']),
dbesc($hash)
);
if(! $r) {
$ret['message'] = t('Permission denied.');
return $ret;
}
$ret['success'] = true;
$ret['data'] = $r[0];
return $ret;
}
function attach_store($channel,$observer_hash,$options = '',$arr = null) {
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$sql_options = '';
if(! perm_is_allowed($channel_id,$observer_hash(),'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
// The 'update' option sets db values without uploading a new attachment
// 'replace' replaces the existing uploaded data
// 'revision' creates a new revision with new upload data
// Default is to upload a new file
// revise or update must provide $arr['hash'] of the thing to revise/update
if($options !== 'update') {
if(! x($_FILES,'userfile')) {
$ret['message'] = t('No source file.');
return $ret;
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
}
$existing_size = 0;
if($options === 'replace') {
$x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1",
intval($replace),
intval($channel_id)
);
if(! $x) {
$ret['message'] = t('Cannot locate file to replace');
return $ret;
}
$existing_id = $x[0]['id'];
$existing_size = intval($x[0]['filesize']);
$hash = $x[0]['hash'];
}
if($options === 'revise' || $options === 'update') {
$sql_options = " order by revision desc ";
if($options === 'update' && $arr && array_key_exists('revision',$arr))
$sql_options = " and revision = " . intval($arr['revision']) . " ";
$x =q("select id, aid, uid, hash, revision, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d $sql_options limit 1",
dbesc($arr['hash']),
intval($channel_id)
);
if(! $x) {
$ret['message'] = t('Cannot locate file to revise/update');
return $ret;
}
$hash = $x[0]['hash'];
}
// Check storage limits
if($options !== 'update') {
$maxfilesize = get_config('system','maxfilesize');
if(($maxfilesize) && ($filesize > $maxfilesize)) {
$ret['message'] = sprintf( t('File exceeds size limit of %d'), $maxfilesize);
@unlink($src);
return $ret;
}
$limit = service_class_fetch($channel_id,'attach_upload_limit');
if($limit !== false) {
$r = q("select sum(filesize) as total from attach where uid = %d ",
intval($channel_id)
);
if(($r) && (($r[0]['total'] + $filesize) > ($limit - $existing_size))) {
$ret['message'] = upgrade_message(true);
@unlink($src);
return $ret;
}
}
$mimetype = z_mime_content_type($filename);
}
if(! isset($hash))
$hash = random_string();
$created = datetime_convert();
if($options === 'replace') {
$r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d limit 1",
dbesc($filename),
dbesc($mimetype),
intval($filesize),
dbesc(@file_get_contents($src)),
dbesc($created),
intval($existing_id),
intval($channel_id)
);
}
elseif($options === 'revise') {
$r = q("insert into attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
intval($x[0]['aid']),
intval($channel_id),
dbesc($x[0]['hash']),
dbesc($filename),
dbesc($mimetype),
intval($filesize),
intval($x[0]['revision'] + 1),
dbesc(@file_get_contents($src)),
dbesc($created),
dbesc($created),
dbesc($x[0]['allow_cid']),
dbesc($x[0]['allow_gid']),
dbesc($x[0]['deny_cid']),
dbesc($x[0]['deny_gid'])
);
}
elseif($options === 'update') {
$r = q("update attach set filename = '%s', filetype = '%s', edited = '%s',
allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1",
dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']),
dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']),
dbesc($created),
dbesc((array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : $x[0]['allow_cid']),
dbesc((array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : $x[0]['allow_gid']),
dbesc((array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : $x[0]['deny_cid']),
dbesc((array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : $x[0]['deny_gid']),
intval($x[0]['id']),
intval($x[0]['uid'])
);
}
else {
$r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )
VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
intval($channel['channel_account_id']),
intval($channel_id),
dbesc($hash),
dbesc($filename),
dbesc($mimetype),
intval($filesize),
intval(0),
dbesc(@file_get_contents($src)),
dbesc($created),
dbesc($created),
dbesc((array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : '<' . $channel['channel_hash'] . '>'),
dbesc((array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : ''),
dbesc((array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : ''),
dbesc((array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : '')
);
}
if($options !== 'update')
@unlink($src);
if(! $r) {
$ret['message'] = t('File upload failed. Possible system limit or action terminated.');
return $ret;
}
// Caution: This re-uses $sql_options set further above
$r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_options limit 1",
intval($channel_id),
dbesc($hash)
);
if(! $r) {
$ret['message'] = t('Stored file could not be verified. Upload failed.');
return $ret;
}
$ret['success'] = true;
$ret['data'] = $r[0];
return $ret;
}

9
install/database.sql
View File

@ -84,6 +84,7 @@ CREATE TABLE IF NOT EXISTS `attach` (
`filename` char(255) NOT NULL DEFAULT '',
`filetype` char(64) NOT NULL DEFAULT '',
`filesize` int(10) unsigned NOT NULL DEFAULT '0',
`revision` int(10) unsigned NOT NULL DEFAULT '0',
`data` longblob NOT NULL,
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`edited` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
@ -99,7 +100,13 @@ CREATE TABLE IF NOT EXISTS `attach` (
KEY `filetype` (`filetype`),
KEY `filesize` (`filesize`),
KEY `created` (`created`),
KEY `edited` (`edited`)
KEY `edited` (`edited`),
KEY `filename_2` (`filename`),
KEY `filetype_2` (`filetype`),
KEY `filesize_2` (`filesize`),
KEY `created_2` (`created`),
KEY `edited_2` (`edited`),
KEY `revision` (`revision`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `auth_codes` (

11
install/update.php
View File

@ -1,6 +1,6 @@
<?php
define( 'UPDATE_VERSION' , 1024 );
define( 'UPDATE_VERSION' , 1025 );
/**
*
@ -316,3 +316,12 @@ function update_r1023() {
return UPDATE_SUCCESS;
return UPDATE_FAILED;
}
function update_r1024() {
$r = q("ALTER TABLE `attach` ADD `revision` INT UNSIGNED NOT NULL DEFAULT '0' AFTER `filesize` ,
ADD INDEX ( `revision` ) ");
if($r)
return UPDATE_SUCCESS;
return UPDATE_FAILED;
}

35
mod/attach.php
View File

@ -1,42 +1,25 @@
<?php
require_once('include/security.php');
require_once('include/attach.php');
function attach_init(&$a) {
if(argc() != 2) {
if(argc() < 2) {
notice( t('Item not available.') . EOL);
return;
}
$hash = argv(1);
$r = attach_by_hash(argv(1),((argc() > 2) ? intval(argv(2)) : 0));
// Check for existence, which will also provide us the owner uid
$r = q("SELECT * FROM `attach` WHERE `hash` = '%s' LIMIT 1",
dbesc($hash)
);
if(! count($r)) {
notice( t('Item was not found.'). EOL);
if(! $r['success']) {
notice( $r['message'] . EOL);
return;
}
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the attachment
$r = q("SELECT * FROM `attach` WHERE hash = '%s' $sql_extra LIMIT 1",
dbesc($hash)
);
if(! count($r)) {
notice( t('Permission denied.') . EOL);
return;
}
header('Content-type: ' . $r[0]['filetype']);
header('Content-disposition: attachment; filename=' . $r[0]['filename']);
echo $r[0]['data'];
header('Content-type: ' . $r['data']['filetype']);
header('Content-disposition: attachment; filename=' . $r['data']['filename']);
echo $r['data']['data'];
killme();
// NOTREACHED
}

43
mod/item.php
View File

@ -377,7 +377,7 @@ function item_post(&$a) {
fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],$body,
$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
fix_attached_file_permissions($profile_uid,$owner_xchan['xchan_hash'],$body,
fix_attached_file_permissions($channel,$observer['xchan_hash'],$body,
$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
}
@ -471,14 +471,13 @@ function item_post(&$a) {
if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) {
foreach($match[2] as $mtch) {
$r = q("SELECT `hash`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `hash` = '%s' LIMIT 1",
intval($profile_uid),
dbesc($mtch)
);
if(count($r)) {
$hash = substr($mtch,0,strpos($mtch,','));
$rev = intval(substr($mtch,strpos($mtch,',')));
$r = attach_by_hash_nodata($hash,$rev);
if($r['success']) {
if(strlen($attachments))
$attachments .= ',';
$attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['hash'] . '" length="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . (($r[0]['filename']) ? $r[0]['filename'] : '') . '"[/attach]';
$attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r['data']['hash'] . '" length="' . $r['data']['filesize'] . '" type="' . $r['data']['filetype'] . '" title="' . $r['data']['filename'] . '"[/attach]';
}
$body = str_replace($match[1],'',$body);
}
@ -1008,7 +1007,7 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body,
}
function fix_attached_file_permissions($uid,$xchan_hash,$body,
function fix_attached_file_permissions($channel,$observer_hash,$body,
$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny) {
$match = false;
@ -1017,24 +1016,16 @@ function fix_attached_file_permissions($uid,$xchan_hash,$body,
$attaches = $match[1];
if($attaches) {
foreach($attaches as $attach) {
$r = q("select * from attach where uid = %d and hash = '%s'
and allow_cid = '%s' and allow_gid = '' and deny_cid = '' and deny_gid = '' limit 1",
intval($uid),
dbesc($attach),
dbesc('<' . $xchan_hash . '>')
);
if($r) {
$r = q("UPDATE attach
SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s'
WHERE uid = %d AND hash = '%s' LIMIT 1",
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny),
intval($uid),
dbesc($attach)
);
}
$hash = substr($attach,0,strpos($attach,','));
$rev = intval(substr($attach,strpos($attach,',')));
attach_store($channel,$observer_hash,$options = 'update', array(
'hash' => $hash,
'revision' => $rev,
'allow_cid' => $str_contact_allow,
'allow_gid' => $str_group_allow,
'deny_cid' => $str_contact_deny,
'deny_gid' => $str_group_deny
));
}
}
}

120
mod/wall_attach.php
View File

@ -5,7 +5,6 @@ require_once('include/datetime.php');
function wall_attach_post(&$a) {
// Figure out who owns the page and if they allow attachments
if(argc() > 1) {
@ -21,122 +20,13 @@ function wall_attach_post(&$a) {
else
killme();
$can_post = false;
$visitor = 0;
$page_owner_uid = $channel['channel_id'];
if(! perm_is_allowed($page_owner_uid,get_observer_hash(),'write_storage')) {
notice( t('Permission denied.') . EOL);
$r = attach_store($channel,get_observer_hash());
if(! $r['success']) {
notice( $r['message'] . EOL);
killme();
}
if(! x($_FILES,'userfile'))
killme();
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$replace = ((x($_REQUEST,'replace')) ? intval($_REQUEST['replace']) : 0);
$existing_size = 0;
if($replace) {
$x = q("select id, filesize, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and uid = %d limit 1",
intval($replace),
intval($page_owner_uid)
);
if(! $x) {
notice('Cannot locate file to replace');
killme();
}
$existing_size = intval($x[0]['filesize']);
}
$maxfilesize = get_config('system','maxfilesize');
if(($maxfilesize) && ($filesize > $maxfilesize)) {
notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
@unlink($src);
killme();
}
$limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
if($limit !== false) {
$r = q("select sum(filesize) as total from attach where uid = %d ",
intval($page_owner_uid)
);
if(($r) && (($r[0]['total'] + $filesize) > ($limit - $existing_size))) {
echo upgrade_message(true) . EOL ;
@unlink($src);
killme();
}
}
// TODO turn this into a general file upload api where permissions can be set on demand and move it out of the front end controller.
// We're making several assumptions that we are uploading into a post, which defaults to owner privacy until the post is completed
// and permissions are updated to match the post.
$filedata = @file_get_contents($src);
$mimetype = z_mime_content_type($filename);
$hash = random_string();
$created = datetime_convert();
if($replace) {
$r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d limit 1",
dbesc($filename),
dbesc($mimetype),
intval($filesize),
dbesc($filedata),
dbesc($created),
intval($replace)
);
}
else {
$r = q("INSERT INTO `attach` ( `aid`, `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
VALUES ( %d, %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
intval($channel['channel_account_id']),
intval($page_owner_uid),
dbesc($hash),
dbesc($filename),
dbesc($mimetype),
intval($filesize),
dbesc($filedata),
dbesc($created),
dbesc($created),
dbesc('<' . $channel['channel_hash'] . '>'),
dbesc(''),
dbesc(''),
dbesc('')
);
}
@unlink($src);
if(! $r) {
echo ( t('File upload failed.') . EOL);
killme();
}
$r = q("SELECT `hash` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
intval($page_owner_uid),
dbesc($created),
dbesc($hash)
);
if(! $r) {
echo ( t('File upload failed.') . EOL);
killme();
}
echo "\n\n" . '[attachment]' . $r[0]['hash'] . '[/attachment]' . "\n";
echo "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n";
killme();
// NOTREACHED
}

2
version.inc
View File

@ -1 +1 @@
2013-01-30.216
2013-01-31.217