gnu-social/actions/newnotice.php

<?php
/**
 * Laconica, the distributed open-source microblogging tool
 *
 * Handler for posting new notices
 *
 * PHP version 5
 *
 * LICENCE: This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @category  Personal
 * @package   Laconica
 * @author    Evan Prodromou <evan@controlyourself.ca>
 * @author    Zach Copley <zach@controlyourself.ca>
 * @author    Sarven Capadisli <csarven@controlyourself.ca>
 * @copyright 2008-2009 Control Yourself, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://laconi.ca/
 */

if (!defined('LACONICA')) {
    exit(1);
}

require_once INSTALLDIR.'/lib/noticelist.php';

/**
 * Action for posting new notices
 *
 * @category Personal
 * @package  Laconica
 * @author   Evan Prodromou <evan@controlyourself.ca>
 * @author   Zach Copley <zach@controlyourself.ca>
 * @author   Sarven Capadisli <csarven@controlyourself.ca>
 * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link     http://laconi.ca/
 */

class NewnoticeAction extends Action
{
    /**
     * Error message, if any
     */

    var $msg = null;

    /**
     * Title of the page
     *
     * Note that this usually doesn't get called unless something went wrong
     *
     * @return string page title
     */

    function title()
    {
        return _('New notice');
    }

    /**
     * Handle input, produce output
     *
     * Switches based on GET or POST method. On GET, shows a form
     * for posting a notice. On POST, saves the results of that form.
     *
     * Results may be a full page, or just a single notice list item,
     * depending on whether AJAX was requested.
     *
     * @param array $args $_REQUEST contents
     *
     * @return void
     */

    function handle($args)
    {
        if (!common_logged_in()) {
            $this->clientError(_('Not logged in.'));
        } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            // check for this before token since all POST and FILES data
            // is losts when size is exceeded
            if (empty($_POST) && $_SERVER['CONTENT_LENGTH']) {
                $this->clientError(sprintf(_('The server was unable to handle ' .
                    'that much POST data (%s bytes) due to its current configuration.'),
                    $_SERVER['CONTENT_LENGTH']));
            }
            parent::handle($args);

            // CSRF protection
            $token = $this->trimmed('token');
            if (!$token || $token != common_session_token()) {
                $this->clientError(_('There was a problem with your session token. '.
                                     'Try again, please.'));
            }
            try {
                $this->saveNewNotice();
            } catch (Exception $e) {
                $this->showForm($e->getMessage());
                return;
            }
        } else {
            $this->showForm();
        }
    }

    function isSupportedFileType() {
        require_once 'MIME/Type.php';

        $filetype = MIME_Type::autoDetect($_FILES['attach']['tmp_name']);
        if (in_array($filetype, common_config('attachments', 'supported'))) {
            return true;
        }
        $media = MIME_Type::getMedia($filetype);
        if ('application' !== $media) {
            $hint = sprintf(_(' Try using another %s format.'), $media);
        } else {
            $hint = '';
        }
        $this->clientError(sprintf(
            _('%s is not a supported filetype on this server.'), $filetype) . $hint);
    }

    function isRespectsQuota($user) {
        if ($_FILES['attach']['size'] > common_config('attachments', 'file_quota')) {
            $this->clientError(sprintf(_('No file may be larger than %d bytes ' .
                'and the file you sent was %d bytes. Try to upload a smaller version.'),
                common_config('attachments', 'file_quota'), $_FILES['attach']['size']));
        }

        $query = "select sum(size) as total from file join file_to_post on file_to_post.file_id = file.id join notice on file_to_post.post_id = notice.id where profile_id = {$user->id} and file.url like '%/notice/%/file'";
        $file = new File;
        $file->query($query);
        $file->fetch();
        $total = $file->total + $_FILES['attach']['size'];
        if ($total > common_config('attachments', 'user_quota')) {
            $this->clientError(sprintf(_('A file this large would exceed your user quota of %d bytes.'), common_config('attachments', 'user_quota')));
        }

        $query .= ' month(modified) = month(now()) and year(modified) = year(now())';
        $file2 = new File;
        $file2->query($query);
        $file2->fetch();
        $total2 = $file2->total + $_FILES['attach']['size'];
        if ($total2 > common_config('attachments', 'monthly_quota')) {
            $this->clientError(sprintf(_('A file this large would exceed your monthly quota of %d bytes.'), common_config('attachments', 'monthly_quota')));
        }
        return true;
    }

    function isValidFileAttached($user) {
        return isset($_FILES['attach']['error'])
            && ($_FILES['attach']['error'] === UPLOAD_ERR_OK)
            && $this->isSupportedFileType()
            && $this->isRespectsQuota($user);
    }

    /**
     * Save a new notice, based on arguments
     *
     * If successful, will show the notice, or return an Ajax-y result.
     * If not, it will show an error message -- possibly Ajax-y.
     *
     * Also, if the notice input looks like a command, it will run the
     * command and show the results -- again, possibly ajaxy.
     *
     * @return void
     */

    function saveNewNotice()
    {
        $user = common_current_user();
        assert($user); // XXX: maybe an error instead...
        $content = $this->trimmed('status_textarea');

        if (!$content) {
            $this->clientError(_('No content!'));
        } else {
            $content_shortened = common_shorten_links($content);
            if (mb_strlen($content_shortened) > 140) {
                $this->clientError(_('That\'s too long. '.
                                     'Max notice size is 140 chars.'));
            }
        }

        $inter = new CommandInterpreter();

        $cmd = $inter->handle_command($user, $content_shortened);

        if ($cmd) {
            if ($this->boolean('ajax')) {
                $cmd->execute(new AjaxWebChannel($this));
            } else {
                $cmd->execute(new WebChannel($this));
            }
            return;
        }

        $replyto = $this->trimmed('inreplyto');
        #If an ID of 0 is wrongly passed here, it will cause a database error,
        #so override it...
        if ($replyto == 0) {
            $replyto = 'false';
        }

        switch ($_FILES['attach']['error']) {
            case UPLOAD_ERR_NO_FILE:
                // no file uploaded
                // nothing to do
                break;

             case UPLOAD_ERR_OK:
                // file was uploaded alright
                // lets check if we really support its format
                // and it doesn't go over quotas


                if (!$this->isValidFileAttached($user)) {
                    die('clientError() should trigger an exception before reaching here.');
                }
                break;

            case UPLOAD_ERR_INI_SIZE:
                $this->clientError(_('The uploaded file exceeds the upload_max_filesize directive in php.ini.'));

            case UPLOAD_ERR_FORM_SIZE:
                $this->clientError(_('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.'));

            case UPLOAD_ERR_PARTIAL:
                $this->clientError(_('The uploaded file was only partially uploaded.'));

            case  UPLOAD_ERR_NO_TMP_DIR:
                $this->clientError(_('Missing a temporary folder.'));

            case UPLOAD_ERR_CANT_WRITE:
                $this->clientError(_('Failed to write file to disk.'));

            case UPLOAD_ERR_EXTENSION:
                $this->clientError(_('File upload stopped by extension.'));

            default:
                die('Should never reach here.');
        }

        $notice = Notice::saveNew($user->id, $content_shortened, 'web', 1,
                                  ($replyto == 'false') ? null : $replyto);

        if (is_string($notice)) {
            $this->clientError($notice);
        }

        $this->storeFile($notice);
        $this->saveUrls($notice);
        common_broadcast_notice($notice);

        if ($this->boolean('ajax')) {
            $this->startHTML('text/xml;charset=utf-8');
            $this->elementStart('head');
            $this->element('title', null, _('Notice posted'));
            $this->elementEnd('head');
            $this->elementStart('body');
            $this->showNotice($notice);
            $this->elementEnd('body');
            $this->elementEnd('html');
        } else {
            $returnto = $this->trimmed('returnto');

            if ($returnto) {
                $url = common_local_url($returnto,
                                        array('nickname' => $user->nickname));
            } else {
                $url = common_local_url('shownotice',
                                        array('notice' => $notice->id));
            }
            common_redirect($url, 303);
        }
    }

    function storeFile($notice) {
        if (UPLOAD_ERR_NO_FILE === $_FILES['attach']['error']) return;
        $filename = basename($_FILES['attach']['name']);
        $destination = "file/{$notice->id}-$filename";
        if (move_uploaded_file($_FILES['attach']['tmp_name'], INSTALLDIR . "/$destination")) {
            $file = new File;
            $file->url = common_local_url('file', array('notice' => $notice->id));
            $file->size = filesize(INSTALLDIR . "/$destination");
            $file->date = time();
            $file->mimetype = $_FILES['attach']['type'];
            if ($file_id = $file->insert()) {
                $file_redir = new File_redirection;
                $file_redir->url = common_path($destination);
                $file_redir->file_id = $file_id;
                $file_redir->insert();

                $f2p = new File_to_post;
                $f2p->file_id = $file_id; 
                $f2p->post_id = $notice->id; 
                $f2p->insert();
            } else {
                $this->clientError(_('There was a database error while saving your file. Please try again.'));
            }
        }
    }


    /** save all urls in the notice to the db
     *
     * follow redirects and save all available file information
     * (mimetype, date, size, oembed, etc.)
     *
     * @param class $notice Notice to pull URLs from
     *
     * @return void
     */
    function saveUrls($notice, $uploaded = null) {
        common_replace_urls_callback($notice->content, array($this, 'saveUrl'), $notice->id);
    }

    function saveUrl($data) {
        list($url, $notice_id) = $data;
        $zzz = File::processNew($url, $notice_id);
    }

    /**
     * Show an Ajax-y error message
     *
     * Goes back to the browser, where it's shown in a popup.
     *
     * @param string $msg Message to show
     *
     * @return void
     */

    function ajaxErrorMsg($msg)
    {
        $this->startHTML('text/xml;charset=utf-8', true);
        $this->elementStart('head');
        $this->element('title', null, _('Ajax Error'));
        $this->elementEnd('head');
        $this->elementStart('body');
        $this->element('p', array('id' => 'error'), $msg);
        $this->elementEnd('body');
        $this->elementEnd('html');
    }

    /**
     * Formerly page output
     *
     * This used to be the whole page output; now that's been largely
     * subsumed by showPage. So this just stores an error message, if
     * it was passed, and calls showPage.
     *
     * Note that since we started doing Ajax output, this page is rarely
     * seen.
     *
     * @param string $msg An error message, if any
     *
     * @return void
     */

    function showForm($msg=null)
    {
        if ($msg && $this->boolean('ajax')) {
            $this->ajaxErrorMsg($msg);
            return;
        }

        $this->msg = $msg;
        $this->showPage();
    }

    /**
     * Overload for replies or bad results
     *
     * We show content in the notice form if there were replies or results.
     *
     * @return void
     */

    function showNoticeForm()
    {
        $content = $this->trimmed('status_textarea');
        if (!$content) {
            $replyto = $this->trimmed('replyto');
            $profile = Profile::staticGet('nickname', $replyto);
            if ($profile) {
                $content = '@' . $profile->nickname . ' ';
            }
        }

        $notice_form = new NoticeForm($this, '', $content);
        $notice_form->show();
    }

    /**
     * Show an error message
     *
     * Shows an error message if there is one.
     *
     * @return void
     *
     * @todo maybe show some instructions?
     */

    function showPageNotice()
    {
        if ($this->msg) {
            $this->element('p', array('id' => 'error'), $this->msg);
        }
    }

    /**
     * Output a notice
     *
     * Used to generate the notice code for Ajax results.
     *
     * @param Notice $notice Notice that was saved
     *
     * @return void
     */

    function showNotice($notice)
    {
        $nli = new NoticeListItem($notice, $this);
        $nli->show();
    }
}