harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bugfix und variable initialization.

Browse Source 
Fixed a wrong perm_is_allowed() parameter, commented some other places
where we use variables that are not set and should not work.
This commit is contained in:
Klaus Weidenbach 2015-03-21 19:12:43 +01:00
parent 590df06556
commit daed7fbead
2 changed files with 41 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
include/attach.php
View File

@ -275,7 +275,11 @@ function attach_by_hash($hash, $rev = 0) {
* *
* @see attach_by_hash() * @see attach_by_hash()
* @param $hash * @param $hash
* @param $ref * @param $rev revision default 0
* @return array Everything except data.
* * \e boolean \b success boolean true or false
* * \e string \b message (optional) only when success is false
* * \e array \b data array of attach DB entry without data component
*/ */
function attach_by_hash_nodata($hash, $rev = 0) { function attach_by_hash_nodata($hash, $rev = 0) {
@ -318,6 +322,7 @@ function attach_by_hash_nodata($hash, $rev = 0) {
$ret['success'] = true; $ret['success'] = true;
$ret['data'] = $r[0]; $ret['data'] = $r[0];
return $ret; return $ret;
} }
@ -361,6 +366,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
$existing_size = 0; $existing_size = 0;
if($options === 'replace') { if($options === 'replace') {
/** @BUG $replace is undefined here */
$x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1",
intval($replace), intval($replace),
intval($channel_id) intval($channel_id)
@ -373,7 +379,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
$existing_size = intval($x[0]['filesize']); $existing_size = intval($x[0]['filesize']);
$hash = $x[0]['hash']; $hash = $x[0]['hash'];
} }
if($options === 'revise' || $options === 'update') { if($options === 'revise' || $options === 'update') {
$sql_options = " order by revision desc "; $sql_options = " order by revision desc ";
if($options === 'update' && $arr && array_key_exists('revision',$arr)) if($options === 'update' && $arr && array_key_exists('revision',$arr))
@ -513,22 +519,24 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
} }
/** /**
* Read a virtual directory and return contents, checking permissions of all parent components. * @brief Read a virtual directory and return contents.
* @function z_readdir *
* Also checking permissions of all parent components.
*
* @param integer $channel_id * @param integer $channel_id
* @param string $observer_hash hash of current observer * @param string $observer_hash hash of current observer
* @param string $pathname * @param string $pathname
* @param string $parent_hash (optional) * @param string $parent_hash (optional)
* *
* @returns array $ret * @return array $ret
* $ret['success'] = boolean true or false * * \e boolean \b success boolean true or false
* $ret['message'] = error message if success is false * * \e string \b message error message if success is false
* $ret['data'] = array of attach DB entries without data component * * \e array \b data array of attach DB entries without data component
*/ */
function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') {
$ret = array('success' => false); $ret = array('success' => false);
if(! perm_is_allowed($r[0]['uid'], get_observer_hash(), 'view_storage')) { if(! perm_is_allowed($channel_id, get_observer_hash(), 'view_storage')) {
$ret['message'] = t('Permission denied.'); $ret['message'] = t('Permission denied.');
return $ret; return $ret;
} }
@ -833,12 +841,14 @@ function attach_delete($channel_id, $resource) {
/** /**
* @brief Returns path to file in cloud/. * @brief Returns path to file in cloud/.
* This function cannot be used with mod/dav as it always returns a path valid under mod/cloud *
* @warning This function cannot be used with mod/dav as it always returns a
* path valid under mod/cloud.
* *
* @param array * @param array assoziative array with:
* $arr[uid] int the channels uid * * \e int \b uid the channel's uid
* $arr[folder] string * * \e string \b folder
* $arr[filename]] string * * \e string \b filename
* @return string * @return string
* path to the file in cloud/ * path to the file in cloud/
*/ */
@ -895,6 +905,7 @@ function get_cloudpath($arr) {
* @return string with the full folder path * @return string with the full folder path
*/ */
function get_parent_cloudpath($channel_id, $channel_name, $attachHash) { function get_parent_cloudpath($channel_id, $channel_name, $attachHash) {
$parentFullPath = '';
// build directory tree // build directory tree
$parentHash = $attachHash; $parentHash = $attachHash;
do { do {
@ -933,9 +944,9 @@ function find_folder_hash_by_attach_hash($channel_id, $attachHash) {
/** /**
* @brief Returns the filename of an attachment in a given channel. * @brief Returns the filename of an attachment in a given channel.
* *
* @param mixed $channel_id * @param int $channel_id
* The id of the channel * The id of the channel
* @param mixed $attachHash * @param string $attachHash
* The hash of the attachment * The hash of the attachment
* @return string * @return string
* The filename of the attachment * The filename of the attachment
@ -949,6 +960,7 @@ function find_filename_by_hash($channel_id, $attachHash) {
if ($r) { if ($r) {
$filename = $r[0]['filename']; $filename = $r[0]['filename'];
} }
return $filename; return $filename;
} }
@ -1172,8 +1184,10 @@ function get_file_activity_object($channel_id, $hash, $cloudpath) {
} }
function recursive_activity_recipients($arr_allow_cid, $arr_llow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash) { function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash) {
$ret = array();
$parent_arr = array();
$poster = get_app()->get_observer(); $poster = get_app()->get_observer();
//turn allow_gid into allow_cid's //turn allow_gid into allow_cid's
@ -1194,8 +1208,10 @@ function recursive_activity_recipients($arr_allow_cid, $arr_llow_gid, $arr_deny_
$parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']); $parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']);
$parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']); $parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']);
//TODO: should find a much better solution for the allow_cid <-> allow_gid problem. /**
//Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid. * @TODO should find a much better solution for the allow_cid <-> allow_gid problem.
* Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid.
* */
if($parent_arr['allow_gid']) { if($parent_arr['allow_gid']) {
foreach($parent_arr['allow_gid'][$count] as $gid) { foreach($parent_arr['allow_gid'][$count] as $gid) {
$in_group = in_group($gid); $in_group = in_group($gid);
@ -1207,11 +1223,9 @@ function recursive_activity_recipients($arr_allow_cid, $arr_llow_gid, $arr_deny_
$parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']); $parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']);
$count++; $count++;
} }
$folder_hash = $x[0]['folder']; $folder_hash = $x[0]['folder'];
} }
//if none of the parent folders is private just return file perms //if none of the parent folders is private just return file perms
@ -1279,11 +1293,12 @@ function recursive_activity_recipients($arr_allow_cid, $arr_llow_gid, $arr_deny_
} }
return $ret; return $ret;
} }
function in_group($group_id) { function in_group($group_id) {
//TODO: make these two queries one with a join. $group_members = array();
/** @TODO make these two queries one with a join. */
$x = q("SELECT id FROM groups WHERE hash = '%s'", $x = q("SELECT id FROM groups WHERE hash = '%s'",
dbesc($group_id) dbesc($group_id)
); );

7
include/network.php
View File

@ -32,8 +32,6 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
$ret = array('return_code' => 0, 'success' => false, 'header' => "", 'body' => ""); $ret = array('return_code' => 0, 'success' => false, 'header' => "", 'body' => "");
$a = get_app();
$ch = @curl_init($url); $ch = @curl_init($url);
if(($redirects > 8) || (! $ch)) if(($redirects > 8) || (! $ch))
return false; return false;
@ -71,7 +69,6 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,
((x($opts,'novalidate') && intval($opts['novalidate'])) ? false : true)); ((x($opts,'novalidate') && intval($opts['novalidate'])) ? false : true));
$prx = get_config('system','proxy'); $prx = get_config('system','proxy');
if(strlen($prx)) { if(strlen($prx)) {
@curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
@ -518,6 +515,7 @@ function allowed_email($email) {
function avatar_img($email) { function avatar_img($email) {
$avatar = array();
$a = get_app(); $a = get_app();
$avatar['size'] = 175; $avatar['size'] = 175;
@ -527,10 +525,11 @@ function avatar_img($email) {
call_hooks('avatar_lookup', $avatar); call_hooks('avatar_lookup', $avatar);
if(! $avatar['success']) if (! $avatar['success'])
$avatar['url'] = $a->get_baseurl() . '/' . get_default_profile_photo(); $avatar['url'] = $a->get_baseurl() . '/' . get_default_profile_photo();
logger('Avatar: ' . $avatar['email'] . ' ' . $avatar['url'], LOGGER_DEBUG); logger('Avatar: ' . $avatar['email'] . ' ' . $avatar['url'], LOGGER_DEBUG);
return $avatar['url']; return $avatar['url'];
} }