GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Original name preserved in uploaded file.

Browse Source 
Avoiding collisions with date (shorter than before) and 4 character
random alphanumeric string. I bet someone could mass-upload files
and generate all combinations of aaaa-zzzz during the course of a
day, but then maybe that user should be disabled anyway :)
(filling the collision space will cause a never-ending loop).
This commit is contained in:
Mikael Nordfeldth 2014-04-16 23:17:27 +02:00
parent 5ef6ee4bc5
commit d3b4a8616d
3 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
classes/File.php
View File

@ -263,7 +263,7 @@ class File extends Managed_DataObject
// where should the file go?
static function filename($profile, $basename, $mimetype)
static function filename(Profile $profile, $origname, $mimetype)
{
try {
$ext = common_supported_mime_to_ext($mimetype);
@ -272,10 +272,23 @@ class File extends Managed_DataObject
$ext = substr(strrchr($mimetype, '/'), 1);
}
// Normalize and make the original filename more URL friendly.
$origname = basename($origname);
if (class_exists('Normalizer')) {
// http://php.net/manual/en/class.normalizer.php
// http://www.unicode.org/reports/tr15/
$origname = Normalizer::normalize($origname, Normalizer::FORM_KC);
}
$origname = preg_replace('/[^A-Za-z0-9\.\_]/', '_', $origname);
$nickname = $profile->nickname;
$datestamp = strftime('%Y%m%dT%H%M%S', time());
$random = strtolower(common_confirmation_code(32));
return "$nickname-$datestamp-$random.$ext";
$datestamp = strftime('%Y%m%d', time());
do {
// generate new random strings until we don't run into a filename collision.
$random = strtolower(common_confirmation_code(16));
$filename = "$nickname-$datestamp-$origname-$random.$ext";
} while (file_exists(self::path($filename)));
return $filename;
}
/**
@ -437,6 +450,10 @@ class File extends Managed_DataObject
{
return self::path($this->filename);
}
public function getUrl()
{
return $this->url;
}
/**
* Blow the cache of notices that link to this URL

13
lib/attachmentlist.php
View File

@ -151,7 +151,7 @@ class AttachmentListItem extends Widget
function title() {
if (empty($this->attachment->title)) {
if (empty($this->oembed->title)) {
$title = $this->attachment->url;
$title = $this->attachment->filename;
} else {
$title = $this->oembed->title;
}
@ -185,7 +185,7 @@ class AttachmentListItem extends Widget
return array('class' => 'attachment',
'href' => $this->attachment->url,
'id' => 'attachment-' . $this->attachment->id,
'title' => $this->title());
'title' => $this->linkTitle());
}
function showLink() {
@ -202,8 +202,8 @@ class AttachmentListItem extends Widget
function showRepresentation() {
$thumb = $this->getThumbInfo();
if ($thumb) {
$this->out->element('img', array('alt' => '', 'src' => $thumb->url, 'width' => $thumb->width, 'height' => $thumb->height));
if ($thumb instanceof File_thumbnail) {
$this->out->element('img', array('alt' => '', 'src' => $thumb->getUrl(), 'width' => $thumb->width, 'height' => $thumb->height));
}
}
@ -342,8 +342,13 @@ class Attachment extends AttachmentListItem
case 'video/quicktime':
case 'video/webm':
$mediatype = common_get_mime_media($this->attachment->mimetype);
$thumb = $this->getThumbInfo();
$poster = ($thumb instanceof File_thumbnail)
? $thumb->getUrl()
: null;
$this->out->elementStart($mediatype,
array('class'=>'attachment_player',
'poster'=>$poster,
'controls'=>'controls'));
$this->out->element('source',
array('src'=>$this->attachment->url,

6
lib/mediafile.php
View File

@ -30,9 +30,7 @@
* @link http://status.net/
*/
if (!defined('STATUSNET') && !defined('LACONICA')) {
exit(1);
}
if (!defined('GNUSOCIAL')) { exit(1); }
class MediaFile
{
@ -67,7 +65,7 @@ class MediaFile
$this->maybeAddRedir($this->fileRecord->id, $this->short_fileurl);
}
function attachToNotice($notice)
public function attachToNotice(Notice $notice)
{
File_to_post::processNew($this->fileRecord->id, $notice->id);
$this->maybeAddRedir($this->fileRecord->id,