Commit Graph

54 Commits

Author SHA1 Message Date
Miguel Dantas
3c9a07677e [CORE] Attachments and thumbnails aren't accessed directly by the file under the file storage folder, but indirectly from PHP, so that access to the file folder can be blocked in the server config 2019-08-03 17:31:40 +01:00
Miguel Dantas
ccebe536b3 [MEDIA] Removed blacklisted extensions, "trusts" upload extension (doesn't affect anything) and updated sysadmin documentation
Fixes bug which broke the UI. Oops
2019-08-03 17:31:39 +01:00
Miguel Dantas
b9a0733062 [MEDIA][CORE] Add common function for converting a string with a size unit to an int and MediaFile uses file_quota 2019-08-03 17:31:39 +01:00
Miguel Dantas
5961b45140 [MEDIA][UI] In case an attachment preview isn't possible, the name is displayed anyway 2019-08-03 17:31:39 +01:00
Miguel Dantas
5eb4a7d711 [MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments

The filename has a new format:
  bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"

This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".

This new name is displayed in the UI, instead of the previous name.
2019-08-03 17:31:36 +01:00
Miguel Dantas
20c73f0596 [FORMATING] Ran php-cs-fixer on lib/mediafile.php, lib/imagefile.php and classes/File.php 2019-06-10 00:38:16 +01:00
Miguel Dantas
b224d93098 [MEDIA] ImageFile now extends MediaFile and validates images more aggressively.
Default supported files need to use consistent names. Bumped version to 1.20.0

ImageFile has been changed to extend MediaFile and rely on it to partially
validate files. This validation has been extended to not rely solely on
Fileinfo, as it is disabled on some places. Now it'll try to use the shell
command `file`, if Fileinfo isn't available.

ImageFile now converts every new upload to PNG, except JPEG and GIF, which
are kept, but still resized (to the same size), to remove possible scripts
embedded therein.

MediaFile::fromUpload will return an ImageFile if the uploaded file is an image
or a MediaFile otherwise.

MediaFile can be constructed with an id with value -1 to denote a temporary
object, which is not added to the DB. This is useful to create a temporary
object for representing images, so it can be used to rescale them.

The supported attachment array needs to be populated with the result of calling
`image_type_to_extension` for the appropriate image type, in the case of images.
This is important so all parts of the code see the same extension for each image
type (jpg vs jpeg).

Added documentation to classes/File.php and to lib/MediaFile and lib/ImageFile
2019-06-10 00:35:53 +01:00
Mikael Nordfeldth
71afb5be75 If the file is text/plain, see if we accept the extension 2016-07-06 09:34:09 +02:00
Mikael Nordfeldth
7ca0ff9a19 MediaFile::fromUpload handles missing local file better 2016-03-05 12:05:12 +01:00
Mikael Nordfeldth
1db02d7f36 filename_base option isn't optimal
For different "download filenames" we should use some other method.
2016-03-05 11:59:46 +01:00
Mikael Nordfeldth
57d57b8d8f Handle reuploads via filehandle better if original is missing 2016-03-05 01:26:34 +01:00
Mikael Nordfeldth
952f68fed5 File upload logging for dummies 2016-03-05 00:59:39 +01:00
Mikael Nordfeldth
e6e1705852 Make uploads work properly if we accept _all_ attachment types
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
0dfafe2567 NewnoticeAction now uses Notice::saveActivity(...) 2016-01-01 20:18:54 +01:00
Mikael Nordfeldth
fe6498e7c8 Send objects instead of integers to File_to_post::processNew 2015-06-04 17:36:11 +02:00
Mikael Nordfeldth
ff6969302b Some SVG files are "text/html" according to 'file' 2015-03-05 11:54:30 +01:00
Mikael Nordfeldth
325e784ccd Don't store duplicates of files.
If a new file is uploaded, it will be matched with a previously uploaded
file so we don't have to store duplicates. SHA256 is random enough and
also unlikely enough to cause collisions.
2015-02-24 21:11:25 +01:00
Mikael Nordfeldth
5b940f255f Mediafile updated to insert urlhash and lookup properly 2015-02-19 19:19:47 +01:00
Mikael Nordfeldth
45dc76de26 File and File_redirection adhoc storage methods updated for urlhash 2015-02-19 19:05:24 +01:00
Mikael Nordfeldth
015e95829b MediaFile->getFile() instead of accessing fileRecord 2015-01-23 14:46:47 +01:00
Mikael Nordfeldth
9f87359d04 Non-ajax file submissions should throw NoUploadedMediaException 2015-01-22 12:38:57 +01:00
Mikael Nordfeldth
8b585ff647 MediaFile upload simplifying 2015-01-21 17:39:48 +01:00
Hannes Mannerheim
5a72a25905 Bug, attachments stored double in file table
This if-statement looked like this before:

if (empty($file_redir))

and so it needs a ! when rewritten as instanceof
2014-09-30 13:10:43 +02:00
Mikael Nordfeldth
ce23c68d1c FileAction removed (we have AttachmentAction).
It seems it was only used to get a _single_ file attachment from
the posted notice, with no possibility to get multiple attachments.

If one fetches metadata about attachments for the notice, we have
enough data there to fulfill anyone's fetching dreams.
2014-05-10 12:29:34 +02:00
Mikael Nordfeldth
e526909bd8 File width and height is now properly set for File 2014-04-22 12:09:24 +02:00
Mikael Nordfeldth
d59eb5e184 Dynamically generate thumbnails (see full text)
The File object now stores width and height of files that can
supply this kind of information. Formats which we can not read
natively in PHP do not currently benefit from this. However an
event hook will be introduced later.

The CreateFileImageThumbnail event is renamed to:
CreateFileImageThumbnailSource to clarify that the hooks should not
generate their own thumbnails but only the source image. Also it now
accepts File objects, not MediaFile objects.

The thumbnail generation is documented in the source code. For
developers, call 'getThumbnail' on a File object and hope for the best.

Default thumbnail sizes have increased to be more appealing.
2014-04-21 20:46:11 +02:00
Mikael Nordfeldth
86ddf120d7 Better event name (creating thumbnail _source_) 2014-04-21 12:33:41 +02:00
Mikael Nordfeldth
07b232774d Enable square thumbnailing 2014-04-18 11:07:45 +02:00
Mikael Nordfeldth
d3b4a8616d Original name preserved in uploaded file.
Avoiding collisions with date (shorter than before) and 4 character
random alphanumeric string. I bet someone could mass-upload files
and generate all combinations of aaaa-zzzz during the course of a
day, but then maybe that user should be disabled anyway :)
(filling the collision space will cause a never-ending loop).
2014-04-16 23:17:27 +02:00
Mikael Nordfeldth
06d4cecf7f MediaFile thumbnail event hooks + VideoThumbnails plugin
The exception thrown from MediaFile will be caught and simply result in
no thumbnail at all right now. In the future we might use a catch-all
and have a "cannot generate preview"-icon or something.

VideoThumbnails requires php5-ffmpeg and php5-gd.
2014-04-16 21:48:58 +02:00
Mikael Nordfeldth
639f1a01e0 File class no longer depends on MIME
+ minor tweaks to MediaFile
2014-03-08 03:51:47 +01:00
Mikael Nordfeldth
6faed0e451 MediaFile loses dependency on PEAR::MIME
At the same time we remove the "filecommand" setting, since we will
likely not have use of it thanks to PECL fileinfo.

Also the "supported" list for attachment mime types has changed
format, so we can keep track of at least some known file extensions.
2014-03-08 03:34:50 +01:00
Mikael Nordfeldth
0eb38b8f84 We only allow (and have) MIME types in supported list
$config['attachment']['supported'] may not use only the file extension.
2014-03-08 02:02:26 +01:00
Mikael Nordfeldth
6f6065e5e9 Only accept filenames for existing files in getUploadedFileType
Getting metadata from filehandles just meant duplicating work
2014-03-08 01:42:24 +01:00
Mikael Nordfeldth
48da97f204 MediaFile code improvements, preparing to implement multi-attachments
Maybe in the future we can use this for anonymous file uploads too?
With some kind of anonymous/pseudonymous profile. That'd be neat.
2013-10-05 18:47:45 +02:00
Mikael Nordfeldth
2a4dc77a63 The overloaded DB_DataObject function staticGet is now called getKV
I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV

   sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq)

If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV!

This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class)

Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:13:56 +02:00
Brion Vibber
464e0f8115 Don't trust text/xml mime types; generic content detection gives useless stuff like that on SVG images! Todo: replace the extension check in this case with better content-based checks. 2010-12-22 13:56:19 -08:00
Brion Vibber
504529e8cd Keep aspect ratio when generating local thumbnails 2010-11-08 17:51:53 -08:00
Brion Vibber
694448e0aa Add attachments 'thumb_width' and 'thumb_height' settings for inline thumbs, defaulting to 100x75.
This is used as the max thumb width/height for oEmbed requests (replacing the old default of 500x400 which was more suitable for the lightbox).
2010-11-08 17:36:02 -08:00
Brion Vibber
c36fecb794 Save a thumbnail image when uploading an image file into the file attachments system. Currently hardcoded to 100x75, needs aspect-sensitivity etc. 2010-11-08 17:20:04 -08:00
Brion Vibber
2692b5fc84 Fix for ticket #2853: fix for some unknown MIME type error cases by adjusting the PEAR error handling temporarily around MIME_Type_Extension usage. 2010-11-03 17:05:26 -07:00
Siebrand Mazeland
128607a270 Update translator documentation and add punctuation where missing to exception messages. 2010-09-12 18:24:44 +02:00
Siebrand Mazeland
e88ee4ec46 Fix i18n issue and add translator documentation. 2010-09-12 18:11:28 +02:00
Brion Vibber
53f14ddde6 Merge branch 'testing' of gitorious.org:statusnet/mainline into 0.9.x 2010-06-28 13:39:52 -04:00
Brion Vibber
9c7b66984c Enhanced upload file type detection. If given an original filename, we'll attempt to detect type from the extension if we were unable to make a definitive match from content. Generic octet-stream, zip, and MS Office type are explicitly singled out for re-checks, which fixes OpenOffice and MS Office documents to come up with the proper types when misdetected.
File extensions can also be added to the upload type whitelist; they'll be normalized to types for the actual comparison, so only known extensions will work.
2010-06-28 08:59:47 -07:00
Craig Andrews
abe4be5438 Use $param instead of hardcoded 'attach' name. 2010-03-23 22:42:30 -04:00
Craig Andrews
f9dd83caa7 Modify configuration to have an option to allow uploads regardless of mime type 2010-03-01 21:44:41 -05:00
Siebrand Mazeland
4af6b7f5c3 Lots of tiny message changes.
* Mostly punctuation updates so that the same message is used consistently in all of StatusNet.
* Some cases of "Title Case" removed, because that does not appear to be used consistently.
2010-01-10 12:26:24 +01:00
Brion Vibber
73b9e531bf Detect "no file" upload error and, for now at least, ignore it gracefully.
This was triggering on non-AJAX form submissions for new notices, preventing them from being posted when they contained no attachments.
2009-11-02 09:10:06 -08:00
Zach Copley
e0dbc47f8e Fixed header comment. 2009-10-28 17:47:14 -07:00