From c7475d78b43161ae031e7424c826ea27c76770b4 Mon Sep 17 00:00:00 2001
From: Miguel Dantas <biodantasgs@gmail.com>
Date: Wed, 26 Jun 2019 01:54:55 +0100
Subject: [PATCH] [CORE][UI][ROUTER] Added view action, which inlines images
 and videos but downloads everything else. Fixed File url to get an URL
 fromthe view action, so when a making a remote notice, the correct URL is
 used, not accessing directly to the file

---
 README.md                   |  2 +-
 actions/attachment_view.php | 52 +++++++++++++++++++++++++++++++++++++
 classes/File.php            |  7 ++++-
 lib/framework.php           |  2 +-
 lib/router.php              |  4 +++
 5 files changed, 64 insertions(+), 3 deletions(-)
 create mode 100644 actions/attachment_view.php

diff --git a/README.md b/README.md
index e14c7d6b92..f0bd960008 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# GNU social 1.23.x
+# GNU social 1.24.x
 (c) 2010-2019 Free Software Foundation, Inc
 
 This is the README file for GNU social, the free
diff --git a/actions/attachment_view.php b/actions/attachment_view.php
new file mode 100644
index 0000000000..6a3b7df9f5
--- /dev/null
+++ b/actions/attachment_view.php
@@ -0,0 +1,52 @@
+<?php
+
+if (!defined('GNUSOCIAL')) { exit(1); }
+
+/**
+ * Download notice attachment
+ *
+ * @category Personal
+ * @package  GNUsocial
+ * @author   Mikael Nordfeldth <mmn@hethane.se>
+ * @license  https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link     https:/gnu.io/social
+ */
+class Attachment_viewAction extends AttachmentAction
+{
+    public function showPage()
+    {
+        // Checks file exists or throws FileNotStoredLocallyException
+        $filepath = $this->attachment->getPath();
+
+        $filename = MediaFile::getDisplayName($this->attachment);
+
+        // Disable errors, to not mess with the file contents (suppress errors in case access to this
+        // function is blocked, like in some shared hosts). Automatically reset at the end of the
+        // script execution, and we don't want to have any more errors until then, so don't reset it
+        @ini_set('display_errors', 0);
+
+        header("Content-Description: File Transfer");
+        header("Content-Type: {$this->attachment->mimetype}");
+        if (in_array(common_get_mime_media($this->attachment->mimetype), ['image', 'video'])) {
+            header("Content-Disposition: inline; filename=\"{$filename}\"");
+        } else {
+            header("Content-Disposition: attachment; filename=\"{$filename}\"");
+        }
+        header('Expires: 0');
+        header('Content-Transfer-Encoding: binary'); // FIXME? Can this be different?
+        $filesize = $this->attachment->size;
+        // 'if available', it says, so ensure we have it
+        if (empty($filesize)) {
+            $filesize = filesize($this->attachment->filename);
+        }
+        header("Content-Length: {$filesize}");
+        // header('Cache-Control: private, no-transform, no-store, must-revalidate');
+
+        $ret = @readfile($filepath);
+
+        if ($ret === false || $ret !== $filesize) {
+            common_log(LOG_ERR, "The lengths of the file as recorded on the DB (or on disk) for the file " .
+                       "{$filepath}, with id={$this->attachment->id} differ from what was sent to the user.");
+        }
+    }
+}
diff --git a/classes/File.php b/classes/File.php
index 902cafeabc..8df0c25e4e 100644
--- a/classes/File.php
+++ b/classes/File.php
@@ -599,6 +599,11 @@ class File extends Managed_DataObject
         return common_local_url('attachment_download', array('attachment'=>$this->getID()));
     }
 
+    public function getAttachmentViewUrl()
+    {
+        return common_local_url('attachment_view', array('attachment'=>$this->getID()));
+    }
+
     /**
      * @param mixed $use_local true means require local, null means prefer local, false means use whatever is stored
      * @return string
@@ -609,7 +614,7 @@ class File extends Managed_DataObject
         if ($use_local !== false) {
             if (is_string($this->filename) || !empty($this->filename)) {
                 // A locally stored file, so let's generate a URL for our instance.
-                return self::url($this->getFilename());
+                return getAttachmentViewUrl();
             }
             if ($use_local) {
                 // if the file wasn't stored locally (has filename) and we require a local URL
diff --git a/lib/framework.php b/lib/framework.php
index 664e8707b3..1bbdaca3f1 100644
--- a/lib/framework.php
+++ b/lib/framework.php
@@ -32,7 +32,7 @@ defined('GNUSOCIAL') || die();
 define('GNUSOCIAL_ENGINE', 'GNU social');
 define('GNUSOCIAL_ENGINE_URL', 'https://www.gnu.org/software/social/');
 
-define('GNUSOCIAL_BASE_VERSION', '1.23.0');
+define('GNUSOCIAL_BASE_VERSION', '1.24.0');
 define('GNUSOCIAL_LIFECYCLE', 'dev'); // 'dev', 'alpha[0-9]+', 'beta[0-9]+', 'rc[0-9]+', 'release'
 
 define('GNUSOCIAL_VERSION', GNUSOCIAL_BASE_VERSION . '-' . GNUSOCIAL_LIFECYCLE);
diff --git a/lib/router.php b/lib/router.php
index be87afd88d..2bffd84a3b 100644
--- a/lib/router.php
+++ b/lib/router.php
@@ -223,6 +223,10 @@ class Router
                         array('action' => 'attachment'),
                         array('attachment' => '[0-9]+'));
 
+            $m->connect('attachment/:attachment/view',
+                        array('action' => 'attachment_view'),
+                        array('attachment' => '[0-9]+'));
+
             $m->connect('attachment/:attachment/download',
                         array('action' => 'attachment_download'),
                         array('attachment' => '[0-9]+'));