From d3b4a8616d9cd4918c2ab0226afc76ec717a0052 Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Wed, 16 Apr 2014 23:17:27 +0200 Subject: [PATCH] Original name preserved in uploaded file. Avoiding collisions with date (shorter than before) and 4 character random alphanumeric string. I bet someone could mass-upload files and generate all combinations of aaaa-zzzz during the course of a day, but then maybe that user should be disabled anyway :) (filling the collision space will cause a never-ending loop). --- classes/File.php | 25 +++++++++++++++++++++---- lib/attachmentlist.php | 13 +++++++++---- lib/mediafile.php | 6 ++---- 3 files changed, 32 insertions(+), 12 deletions(-) diff --git a/classes/File.php b/classes/File.php index 8d0623bf48..022c6877ca 100644 --- a/classes/File.php +++ b/classes/File.php @@ -263,7 +263,7 @@ class File extends Managed_DataObject // where should the file go? - static function filename($profile, $basename, $mimetype) + static function filename(Profile $profile, $origname, $mimetype) { try { $ext = common_supported_mime_to_ext($mimetype); @@ -272,10 +272,23 @@ class File extends Managed_DataObject $ext = substr(strrchr($mimetype, '/'), 1); } + // Normalize and make the original filename more URL friendly. + $origname = basename($origname); + if (class_exists('Normalizer')) { + // http://php.net/manual/en/class.normalizer.php + // http://www.unicode.org/reports/tr15/ + $origname = Normalizer::normalize($origname, Normalizer::FORM_KC); + } + $origname = preg_replace('/[^A-Za-z0-9\.\_]/', '_', $origname); + $nickname = $profile->nickname; - $datestamp = strftime('%Y%m%dT%H%M%S', time()); - $random = strtolower(common_confirmation_code(32)); - return "$nickname-$datestamp-$random.$ext"; + $datestamp = strftime('%Y%m%d', time()); + do { + // generate new random strings until we don't run into a filename collision. + $random = strtolower(common_confirmation_code(16)); + $filename = "$nickname-$datestamp-$origname-$random.$ext"; + } while (file_exists(self::path($filename))); + return $filename; } /** @@ -437,6 +450,10 @@ class File extends Managed_DataObject { return self::path($this->filename); } + public function getUrl() + { + return $this->url; + } /** * Blow the cache of notices that link to this URL diff --git a/lib/attachmentlist.php b/lib/attachmentlist.php index 4d7bb7a7ca..1b323cd2a1 100644 --- a/lib/attachmentlist.php +++ b/lib/attachmentlist.php @@ -151,7 +151,7 @@ class AttachmentListItem extends Widget function title() { if (empty($this->attachment->title)) { if (empty($this->oembed->title)) { - $title = $this->attachment->url; + $title = $this->attachment->filename; } else { $title = $this->oembed->title; } @@ -185,7 +185,7 @@ class AttachmentListItem extends Widget return array('class' => 'attachment', 'href' => $this->attachment->url, 'id' => 'attachment-' . $this->attachment->id, - 'title' => $this->title()); + 'title' => $this->linkTitle()); } function showLink() { @@ -202,8 +202,8 @@ class AttachmentListItem extends Widget function showRepresentation() { $thumb = $this->getThumbInfo(); - if ($thumb) { - $this->out->element('img', array('alt' => '', 'src' => $thumb->url, 'width' => $thumb->width, 'height' => $thumb->height)); + if ($thumb instanceof File_thumbnail) { + $this->out->element('img', array('alt' => '', 'src' => $thumb->getUrl(), 'width' => $thumb->width, 'height' => $thumb->height)); } } @@ -342,8 +342,13 @@ class Attachment extends AttachmentListItem case 'video/quicktime': case 'video/webm': $mediatype = common_get_mime_media($this->attachment->mimetype); + $thumb = $this->getThumbInfo(); + $poster = ($thumb instanceof File_thumbnail) + ? $thumb->getUrl() + : null; $this->out->elementStart($mediatype, array('class'=>'attachment_player', + 'poster'=>$poster, 'controls'=>'controls')); $this->out->element('source', array('src'=>$this->attachment->url, diff --git a/lib/mediafile.php b/lib/mediafile.php index 4656122536..a835030c55 100644 --- a/lib/mediafile.php +++ b/lib/mediafile.php @@ -30,9 +30,7 @@ * @link http://status.net/ */ -if (!defined('STATUSNET') && !defined('LACONICA')) { - exit(1); -} +if (!defined('GNUSOCIAL')) { exit(1); } class MediaFile { @@ -67,7 +65,7 @@ class MediaFile $this->maybeAddRedir($this->fileRecord->id, $this->short_fileurl); } - function attachToNotice($notice) + public function attachToNotice(Notice $notice) { File_to_post::processNew($this->fileRecord->id, $notice->id); $this->maybeAddRedir($this->fileRecord->id,