2009-05-15 20:04:58 +01:00
|
|
|
<?php
|
|
|
|
/**
|
2009-08-25 23:12:20 +01:00
|
|
|
* StatusNet, the distributed open-source microblogging tool
|
2009-05-15 20:04:58 +01:00
|
|
|
*
|
|
|
|
* Show notice attachments
|
|
|
|
*
|
|
|
|
* PHP version 5
|
|
|
|
*
|
|
|
|
* LICENCE: This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
* @category Personal
|
2009-08-25 23:12:20 +01:00
|
|
|
* @package StatusNet
|
2009-08-25 23:19:04 +01:00
|
|
|
* @author Evan Prodromou <evan@status.net>
|
2009-08-25 23:12:20 +01:00
|
|
|
* @copyright 2008-2009 StatusNet, Inc.
|
2009-05-15 20:04:58 +01:00
|
|
|
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
2009-08-25 23:16:46 +01:00
|
|
|
* @link http://status.net/
|
2009-05-15 20:04:58 +01:00
|
|
|
*/
|
|
|
|
|
2014-05-18 11:57:46 +01:00
|
|
|
if (!defined('GNUSOCIAL')) { exit(1); }
|
2009-05-15 20:04:58 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Show notice attachments
|
|
|
|
*
|
|
|
|
* @category Personal
|
2009-08-25 23:12:20 +01:00
|
|
|
* @package StatusNet
|
2009-08-25 23:19:04 +01:00
|
|
|
* @author Evan Prodromou <evan@status.net>
|
2009-05-15 20:04:58 +01:00
|
|
|
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
2009-08-25 23:16:46 +01:00
|
|
|
* @link http://status.net/
|
2009-05-15 20:04:58 +01:00
|
|
|
*/
|
2014-05-18 11:57:46 +01:00
|
|
|
class AttachmentAction extends ManagedAction
|
2009-05-15 20:04:58 +01:00
|
|
|
{
|
|
|
|
/**
|
[MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments
The filename has a new format:
bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"
This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".
This new name is displayed in the UI, instead of the previous name.
2019-06-11 02:42:33 +01:00
|
|
|
* Attachment File object to show
|
2009-05-15 20:04:58 +01:00
|
|
|
*/
|
|
|
|
var $attachment = null;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Load attributes based on database arguments
|
|
|
|
*
|
|
|
|
* Loads all the DB stuff
|
|
|
|
*
|
|
|
|
* @param array $args $_REQUEST array
|
|
|
|
*
|
|
|
|
* @return success flag
|
|
|
|
*/
|
|
|
|
|
2014-04-15 09:49:20 +01:00
|
|
|
protected function prepare(array $args=array())
|
2009-05-15 20:04:58 +01:00
|
|
|
{
|
|
|
|
parent::prepare($args);
|
|
|
|
|
2019-06-28 00:18:27 +01:00
|
|
|
try {
|
|
|
|
if (!empty($id = $this->trimmed('attachment'))) {
|
|
|
|
$this->attachment = File::getByID($id);
|
|
|
|
} elseif (!empty($filehash = $this->trimmed('filehash'))) {
|
|
|
|
$this->attachment = File::getByHash($filehash);
|
|
|
|
}
|
|
|
|
} catch (Exception $e) {
|
|
|
|
// Not found
|
2009-05-24 09:43:34 +01:00
|
|
|
}
|
2014-05-18 11:57:46 +01:00
|
|
|
if (!$this->attachment instanceof File) {
|
2010-10-30 23:58:35 +01:00
|
|
|
// TRANS: Client error displayed trying to get a non-existing attachment.
|
2009-05-15 20:04:58 +01:00
|
|
|
$this->clientError(_('No such attachment.'), 404);
|
2019-06-28 00:18:27 +01:00
|
|
|
} elseif (empty($this->attachment->filename)) {
|
|
|
|
$this->clientError(_('Requested local URL for a file that is not stored locally.'), 404);
|
2009-05-15 20:04:58 +01:00
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Is this action read-only?
|
|
|
|
*
|
|
|
|
* @return boolean true
|
|
|
|
*/
|
|
|
|
function isReadOnly($args)
|
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Title of the page
|
|
|
|
*
|
|
|
|
* @return string title of the page
|
|
|
|
*/
|
|
|
|
function title()
|
|
|
|
{
|
|
|
|
$a = new Attachment($this->attachment);
|
|
|
|
return $a->title();
|
|
|
|
}
|
|
|
|
|
2015-01-25 01:25:28 +00:00
|
|
|
public function showPage()
|
2009-05-15 20:04:58 +01:00
|
|
|
{
|
2009-06-25 23:42:17 +01:00
|
|
|
if (empty($this->attachment->filename)) {
|
|
|
|
// if it's not a local file, gtfo
|
2016-03-07 21:33:34 +00:00
|
|
|
common_redirect($this->attachment->getUrl(), 303);
|
2009-06-25 23:42:17 +01:00
|
|
|
}
|
2014-04-21 10:35:42 +01:00
|
|
|
|
2015-01-25 01:25:28 +00:00
|
|
|
parent::showPage();
|
2009-05-15 20:04:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Fill the content area of the page
|
|
|
|
*
|
|
|
|
* Shows a single notice list item.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
function showContent()
|
|
|
|
{
|
|
|
|
$ali = new Attachment($this->attachment, $this);
|
|
|
|
$cnt = $ali->show();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Don't show page notice
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
function showPageNoticeBlock()
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Show aside: this attachments appears in what notices
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
2009-05-18 03:06:08 +01:00
|
|
|
function showSections() {
|
|
|
|
$ns = new AttachmentNoticeSection($this);
|
|
|
|
$ns->show();
|
2009-05-15 20:04:58 +01:00
|
|
|
}
|
2019-06-26 03:25:59 +01:00
|
|
|
|
2019-06-26 03:39:39 +01:00
|
|
|
/**
|
|
|
|
* Last-modified date for file
|
|
|
|
*
|
|
|
|
* @return int last-modified date as unix timestamp
|
|
|
|
*/
|
|
|
|
public function lastModified()
|
|
|
|
{
|
|
|
|
if (common_config('site', 'use_x_sendfile')) {
|
|
|
|
return null;
|
|
|
|
}
|
2019-06-28 00:18:27 +01:00
|
|
|
try {
|
|
|
|
return filemtime($this->attachment->getPath());
|
|
|
|
} catch (InvalidFilenameException $e) {
|
|
|
|
return null;
|
|
|
|
}
|
2019-06-26 03:39:39 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* etag header for file
|
|
|
|
*
|
|
|
|
* This returns the same data (inode, size, mtime) as Apache would,
|
|
|
|
* but in decimal instead of hex.
|
|
|
|
*
|
|
|
|
* @return string etag http header
|
|
|
|
*/
|
|
|
|
function etag()
|
|
|
|
{
|
|
|
|
if (common_config('site', 'use_x_sendfile')) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
$cache = Cache::instance();
|
|
|
|
if($cache) {
|
2019-06-28 00:18:27 +01:00
|
|
|
try {
|
|
|
|
$key = Cache::key('attachments:etag:' . $this->attachment->getPath());
|
|
|
|
$etag = $cache->get($key);
|
|
|
|
if($etag === false) {
|
|
|
|
$etag = crc32(file_get_contents($this->attachment->getPath()));
|
|
|
|
$cache->set($key,$etag);
|
|
|
|
}
|
|
|
|
} catch (InvalidFilenameException $e) {
|
|
|
|
return null;
|
2019-06-26 03:39:39 +01:00
|
|
|
}
|
|
|
|
return $etag;
|
|
|
|
}
|
|
|
|
|
|
|
|
$stat = stat($this->path);
|
|
|
|
return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"';
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-06-27 02:20:39 +01:00
|
|
|
* Include $filepath in the response, for viewing and downloading
|
2019-06-26 03:39:39 +01:00
|
|
|
*/
|
2019-06-28 00:18:27 +01:00
|
|
|
static function sendFile(string $filepath, int $filesize) {
|
2019-06-26 03:25:59 +01:00
|
|
|
if (common_config('site', 'use_x_sendfile')) {
|
|
|
|
header('X-Sendfile: ' . $filepath);
|
|
|
|
} else {
|
2019-06-28 00:18:27 +01:00
|
|
|
if (empty($filesize)) {
|
|
|
|
$filesize = filesize($filepath);
|
2019-06-26 03:25:59 +01:00
|
|
|
}
|
2019-06-28 00:18:27 +01:00
|
|
|
header("Content-Length: {$filesize}");
|
2019-06-26 03:25:59 +01:00
|
|
|
// header('Cache-Control: private, no-transform, no-store, must-revalidate');
|
|
|
|
|
|
|
|
$ret = @readfile($filepath);
|
|
|
|
|
2019-06-28 00:18:27 +01:00
|
|
|
if (ret === false) {
|
|
|
|
common_log(LOG_ERR, "Couldn't read file at {$filepath}.");
|
|
|
|
} elseif ($ret !== $filesize) {
|
2019-06-26 03:25:59 +01:00
|
|
|
common_log(LOG_ERR, "The lengths of the file as recorded on the DB (or on disk) for the file " .
|
2019-06-28 00:18:27 +01:00
|
|
|
"{$filepath} differ from what was sent to the user ({$filesize} vs {$ret}).");
|
2019-06-26 03:25:59 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2009-05-15 20:04:58 +01:00
|
|
|
}
|