friendica/mod/wall_attach.php

143 lines
4.3 KiB
PHP
Raw Permalink Normal View History

2011-05-25 05:40:52 +00:00
<?php
/**
2022-01-02 07:27:47 +00:00
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
use Friendica\App;
use Friendica\Core\Logger;
2022-04-09 11:58:01 +00:00
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\Attach;
use Friendica\Model\User;
use Friendica\Util\Strings;
function wall_attach_post(App $a)
{
$isJson = (!empty($_GET['response']) && $_GET['response'] == 'json');
if (DI::args()->getArgc() > 1) {
2022-10-25 21:07:49 +00:00
$nick = DI::args()->getArgv()[1];
2021-10-02 22:42:39 +00:00
$owner = User::getOwnerDataByNick($nick);
if (!DBA::isResult($owner)) {
Logger::warning('owner is not a valid record:', ['owner' => $owner, 'nick' => $nick]);
if ($isJson) {
2022-04-09 11:58:01 +00:00
System::jsonExit(['error' => DI::l10n()->t('Invalid request.')]);
2016-11-14 17:49:51 +00:00
}
2011-05-25 05:40:52 +00:00
return;
Cleanups: isResult() more used, readability improved (#5608) * [diaspora]: Maybe SimpleXMLElement is the right type-hint? * Changes proposed + pre-renaming: - pre-renamed $db -> $connection - added TODOs for not allowing bad method invocations (there is a BadMethodCallException in SPL) * If no record is found, below $r[0] will fail with a E_NOTICE and the code doesn't behave as expected. * Ops, one more left ... * Continued: - added documentation for Contact::updateSslPolicy() method - added type-hint for $contact of same method - empty lines added + TODO where the bug origins that $item has no element 'body' * Added empty lines for better readability * Cleaned up: - no more x() (deprecated) usage but empty() instead - fixed mixing of space/tab indending - merged else/if block goether in elseif() (lesser nested code blocks) * Re-fixed DBM -> DBA switch * Fixes/rewrites: - use empty()/isset() instead of deprecated x() - merged 2 nested if() blocks into one - avoided nested if() block inside else block by rewriting it to elseif() - $contact_id is an integer, let's test on > 0 here - added a lot spaces and some empty lines for better readability * Rewrite: - moved all CONTACT_* constants from boot.php to Contact class * CR request: - renamed Contact::CONTACT_IS_* -> Contact::* ;-) * Rewrites: - moved PAGE_* to Friendica\Model\Profile class - fixed mixure with "Contact::* rewrite" * Ops, one still there (return is no function) * Rewrite to Proxy class: - introduced new Friendica\Network\Proxy class for in exchange of proxy_*() functions - moved also all PROXY_* constants there as Proxy::* - removed now no longer needed mod/proxy.php loading as composer's auto-load will do this for us - renamed those proxy_*() functions to better names: + proxy_init() -> Proxy::init() (public) + proxy_url() -> Proxy::proxifyUrl() (public) + proxy_parse_html() -> Proxy::proxifyHtml() (public) + proxy_is_local_image() -> Proxy::isLocalImage() (private) + proxy_parse_query() -> Proxy::parseQuery() (private) + proxy_img_cb() -> Proxy::replaceUrl() (private) * CR request: - moved all PAGE_* constants to Friendica\Model\Contact class - fixed all references of both classes * Ops, need to set $a here ... * CR request: - moved Proxy class to Friendica\Module - extended BaseModule * Ops, no need for own instance of $a when self::getApp() is around. * Proxy-rewrite: - proxy_url() and proxy_parse_html() are both non-module functions (now methods) - so they must be splitted into a seperate class - also the SIZE_* and DEFAULT_TIME constants are both not relevant to module * No instances from utility classes * Fixed error: - proxify*() is now located in `Friendica\Util\ProxyUtils` * Moved back to original place, ops? How did they move here? Well, it was not intended by me. * Removed duplicate (left-over from split) constants and static array. Thank to MrPetovan finding it. * Renamed ProxyUtils -> Proxy and aliased it back to ProxyUtils. * Rewrite: - stopped using deprecated NETWORK_* constants, now Protocol::* should be used - still left them intact for slow/lazy developers ... * Ops, was added accidentally ... * Ops, why these wrong moves? * Ops, one to much (thanks to MrPetovan) * Ops, wrong moving ... * moved back to original place ... * spaces added * empty lines add for better readability. * convertered spaces -> tab for code indenting. * CR request: Add space between if and brace. * CR requests fixed + move reverted - ops, src/Module/*.php has been moved to src/Network/ accidentally - reverted some parts in src/Database/DBA.php as pointed out by Annando - removed internal TODO items - added some spaces for better readability
2018-08-24 05:05:49 +00:00
}
} else {
Logger::warning('Argument count is zero or one (invalid)');
if ($isJson) {
2022-04-09 11:58:01 +00:00
System::jsonExit(['error' => DI::l10n()->t('Invalid request.')]);
2016-11-14 17:49:51 +00:00
}
Cleanups: isResult() more used, readability improved (#5608) * [diaspora]: Maybe SimpleXMLElement is the right type-hint? * Changes proposed + pre-renaming: - pre-renamed $db -> $connection - added TODOs for not allowing bad method invocations (there is a BadMethodCallException in SPL) * If no record is found, below $r[0] will fail with a E_NOTICE and the code doesn't behave as expected. * Ops, one more left ... * Continued: - added documentation for Contact::updateSslPolicy() method - added type-hint for $contact of same method - empty lines added + TODO where the bug origins that $item has no element 'body' * Added empty lines for better readability * Cleaned up: - no more x() (deprecated) usage but empty() instead - fixed mixing of space/tab indending - merged else/if block goether in elseif() (lesser nested code blocks) * Re-fixed DBM -> DBA switch * Fixes/rewrites: - use empty()/isset() instead of deprecated x() - merged 2 nested if() blocks into one - avoided nested if() block inside else block by rewriting it to elseif() - $contact_id is an integer, let's test on > 0 here - added a lot spaces and some empty lines for better readability * Rewrite: - moved all CONTACT_* constants from boot.php to Contact class * CR request: - renamed Contact::CONTACT_IS_* -> Contact::* ;-) * Rewrites: - moved PAGE_* to Friendica\Model\Profile class - fixed mixure with "Contact::* rewrite" * Ops, one still there (return is no function) * Rewrite to Proxy class: - introduced new Friendica\Network\Proxy class for in exchange of proxy_*() functions - moved also all PROXY_* constants there as Proxy::* - removed now no longer needed mod/proxy.php loading as composer's auto-load will do this for us - renamed those proxy_*() functions to better names: + proxy_init() -> Proxy::init() (public) + proxy_url() -> Proxy::proxifyUrl() (public) + proxy_parse_html() -> Proxy::proxifyHtml() (public) + proxy_is_local_image() -> Proxy::isLocalImage() (private) + proxy_parse_query() -> Proxy::parseQuery() (private) + proxy_img_cb() -> Proxy::replaceUrl() (private) * CR request: - moved all PAGE_* constants to Friendica\Model\Contact class - fixed all references of both classes * Ops, need to set $a here ... * CR request: - moved Proxy class to Friendica\Module - extended BaseModule * Ops, no need for own instance of $a when self::getApp() is around. * Proxy-rewrite: - proxy_url() and proxy_parse_html() are both non-module functions (now methods) - so they must be splitted into a seperate class - also the SIZE_* and DEFAULT_TIME constants are both not relevant to module * No instances from utility classes * Fixed error: - proxify*() is now located in `Friendica\Util\ProxyUtils` * Moved back to original place, ops? How did they move here? Well, it was not intended by me. * Removed duplicate (left-over from split) constants and static array. Thank to MrPetovan finding it. * Renamed ProxyUtils -> Proxy and aliased it back to ProxyUtils. * Rewrite: - stopped using deprecated NETWORK_* constants, now Protocol::* should be used - still left them intact for slow/lazy developers ... * Ops, was added accidentally ... * Ops, why these wrong moves? * Ops, one to much (thanks to MrPetovan) * Ops, wrong moving ... * moved back to original place ... * spaces added * empty lines add for better readability. * convertered spaces -> tab for code indenting. * CR request: Add space between if and brace. * CR requests fixed + move reverted - ops, src/Module/*.php has been moved to src/Network/ accidentally - reverted some parts in src/Database/DBA.php as pointed out by Annando - removed internal TODO items - added some spaces for better readability
2018-08-24 05:05:49 +00:00
2011-05-25 05:40:52 +00:00
return;
2016-11-14 17:49:51 +00:00
}
2011-05-25 05:40:52 +00:00
2022-10-25 21:07:49 +00:00
$can_post = false;
2011-05-25 05:40:52 +00:00
2021-10-02 22:42:39 +00:00
$page_owner_uid = $owner['uid'];
$page_owner_cid = $owner['id'];
$community_page = $owner['page-flags'] == User::PAGE_FLAGS_COMMUNITY;
2011-05-25 05:40:52 +00:00
if (DI::userSession()->getLocalUserId() && (DI::userSession()->getLocalUserId() == $page_owner_uid)) {
2011-05-25 05:40:52 +00:00
$can_post = true;
} elseif ($community_page && !empty(DI::userSession()->getRemoteContactID($page_owner_uid))) {
$contact_id = DI::userSession()->getRemoteContactID($page_owner_uid);
2022-10-25 21:07:49 +00:00
$can_post = DBA::exists('contact', ['blocked' => false, 'pending' => false, 'id' => $contact_id, 'uid' => $page_owner_uid]);
2011-05-25 05:40:52 +00:00
}
Cleanups: isResult() more used, readability improved (#5608) * [diaspora]: Maybe SimpleXMLElement is the right type-hint? * Changes proposed + pre-renaming: - pre-renamed $db -> $connection - added TODOs for not allowing bad method invocations (there is a BadMethodCallException in SPL) * If no record is found, below $r[0] will fail with a E_NOTICE and the code doesn't behave as expected. * Ops, one more left ... * Continued: - added documentation for Contact::updateSslPolicy() method - added type-hint for $contact of same method - empty lines added + TODO where the bug origins that $item has no element 'body' * Added empty lines for better readability * Cleaned up: - no more x() (deprecated) usage but empty() instead - fixed mixing of space/tab indending - merged else/if block goether in elseif() (lesser nested code blocks) * Re-fixed DBM -> DBA switch * Fixes/rewrites: - use empty()/isset() instead of deprecated x() - merged 2 nested if() blocks into one - avoided nested if() block inside else block by rewriting it to elseif() - $contact_id is an integer, let's test on > 0 here - added a lot spaces and some empty lines for better readability * Rewrite: - moved all CONTACT_* constants from boot.php to Contact class * CR request: - renamed Contact::CONTACT_IS_* -> Contact::* ;-) * Rewrites: - moved PAGE_* to Friendica\Model\Profile class - fixed mixure with "Contact::* rewrite" * Ops, one still there (return is no function) * Rewrite to Proxy class: - introduced new Friendica\Network\Proxy class for in exchange of proxy_*() functions - moved also all PROXY_* constants there as Proxy::* - removed now no longer needed mod/proxy.php loading as composer's auto-load will do this for us - renamed those proxy_*() functions to better names: + proxy_init() -> Proxy::init() (public) + proxy_url() -> Proxy::proxifyUrl() (public) + proxy_parse_html() -> Proxy::proxifyHtml() (public) + proxy_is_local_image() -> Proxy::isLocalImage() (private) + proxy_parse_query() -> Proxy::parseQuery() (private) + proxy_img_cb() -> Proxy::replaceUrl() (private) * CR request: - moved all PAGE_* constants to Friendica\Model\Contact class - fixed all references of both classes * Ops, need to set $a here ... * CR request: - moved Proxy class to Friendica\Module - extended BaseModule * Ops, no need for own instance of $a when self::getApp() is around. * Proxy-rewrite: - proxy_url() and proxy_parse_html() are both non-module functions (now methods) - so they must be splitted into a seperate class - also the SIZE_* and DEFAULT_TIME constants are both not relevant to module * No instances from utility classes * Fixed error: - proxify*() is now located in `Friendica\Util\ProxyUtils` * Moved back to original place, ops? How did they move here? Well, it was not intended by me. * Removed duplicate (left-over from split) constants and static array. Thank to MrPetovan finding it. * Renamed ProxyUtils -> Proxy and aliased it back to ProxyUtils. * Rewrite: - stopped using deprecated NETWORK_* constants, now Protocol::* should be used - still left them intact for slow/lazy developers ... * Ops, was added accidentally ... * Ops, why these wrong moves? * Ops, one to much (thanks to MrPetovan) * Ops, wrong moving ... * moved back to original place ... * spaces added * empty lines add for better readability. * convertered spaces -> tab for code indenting. * CR request: Add space between if and brace. * CR requests fixed + move reverted - ops, src/Module/*.php has been moved to src/Network/ accidentally - reverted some parts in src/Database/DBA.php as pointed out by Annando - removed internal TODO items - added some spaces for better readability
2018-08-24 05:05:49 +00:00
2019-09-25 22:24:17 +00:00
if (!$can_post) {
Logger::warning('User does not have required permissions', ['contact_id' => $contact_id, 'page_owner_uid' => $page_owner_uid]);
if ($isJson) {
2022-04-09 11:58:01 +00:00
System::jsonExit(['error' => DI::l10n()->t('Permission denied.')]);
2016-11-14 17:49:51 +00:00
}
2022-10-18 12:29:50 +00:00
DI::sysmsg()->addNotice(DI::l10n()->t('Permission denied.'));
2022-05-18 02:13:54 +00:00
System::exit();
2011-05-25 05:40:52 +00:00
}
if (empty($_FILES['userfile'])) {
Logger::warning('No file uploaded (empty userfile)');
if ($isJson) {
2022-04-09 11:58:01 +00:00
System::jsonExit(['error' => DI::l10n()->t('Invalid request.')]);
2016-11-14 17:49:51 +00:00
}
2022-05-18 02:13:54 +00:00
System::exit();
}
2011-05-25 05:40:52 +00:00
$tempFileName = $_FILES['userfile']['tmp_name'];
$fileName = basename($_FILES['userfile']['name']);
$fileSize = intval($_FILES['userfile']['size']);
$maxFileSize = DI::config()->get('system', 'maxfilesize');
2011-05-25 05:40:52 +00:00
/*
* Found html code written in text field of form, when trying to upload a
* file with filesize greater than upload_max_filesize. Cause is unknown.
* Then Filesize gets <= 0.
*/
if ($fileSize <= 0) {
2022-10-25 21:07:49 +00:00
$msg = DI::l10n()->t('Sorry, maybe your upload is bigger than the PHP configuration allows') . '<br />' . DI::l10n()->t('Or - did you try to upload an empty file?');
Logger::warning($msg, ['fileSize' => $fileSize]);
@unlink($tempFileName);
if ($isJson) {
2022-04-09 11:58:01 +00:00
System::jsonExit(['error' => $msg]);
} else {
2022-10-17 18:55:22 +00:00
DI::sysmsg()->addNotice($msg);
}
2022-05-18 02:13:54 +00:00
System::exit();
}
if ($maxFileSize && $fileSize > $maxFileSize) {
$msg = DI::l10n()->t('File exceeds size limit of %s', Strings::formatBytes($maxFileSize));
Logger::warning($msg, ['fileSize' => $fileSize]);
@unlink($tempFileName);
if ($isJson) {
2022-04-09 11:58:01 +00:00
System::jsonExit(['error' => $msg]);
} else {
2022-10-18 12:29:50 +00:00
echo $msg . '<br />';
}
2022-05-18 02:13:54 +00:00
System::exit();
2011-05-25 05:40:52 +00:00
}
$newid = Attach::storeFile($tempFileName, $page_owner_uid, $fileName, '<' . $page_owner_cid . '>');
2011-05-25 05:40:52 +00:00
@unlink($tempFileName);
2011-05-25 05:40:52 +00:00
if ($newid === false) {
2022-10-25 21:07:49 +00:00
$msg = DI::l10n()->t('File upload failed.');
Logger::warning($msg);
if ($isJson) {
2022-04-09 11:58:01 +00:00
System::jsonExit(['error' => $msg]);
} else {
2022-10-18 12:29:50 +00:00
echo $msg . '<br />';
}
2022-05-18 02:13:54 +00:00
System::exit();
2011-05-25 05:40:52 +00:00
}
if ($isJson) {
2022-04-09 11:58:01 +00:00
System::jsonExit(['ok' => true, 'id' => $newid]);
2016-11-14 17:49:51 +00:00
}
$lf = "\n";
echo $lf . $lf . '[attachment]' . $newid . '[/attachment]' . $lf;
2022-05-18 02:13:54 +00:00
System::exit();
2011-05-25 05:40:52 +00:00
// NOTREACHED
}