- Fixing cache logic, the logic was inversed.

author: Kjartan Mannes <kjartan@2.no-reply.drupal.org> 2003-09-29 09:32:45 +0000
committer: Kjartan Mannes <kjartan@2.no-reply.drupal.org> 2003-09-29 09:32:45 +0000
commit: 0c3cc7b4877790c01588bd75508111f74c07d536 (patch)
tree: 7e44a457ad2f5f3165f8eef42e5fc84f5d10a126 /includes/common.inc
parent: 88a9f27641fcd3ce0dca4a812dd18fbeb04ccb05 (diff)
download: brdo-0c3cc7b4877790c01588bd75508111f74c07d536.tar.gz
brdo-0c3cc7b4877790c01588bd75508111f74c07d536.tar.bz2
1 files changed, 133 insertions, 12 deletions
diff --git a/includes/common.inc b/includes/common.inc
index f84aceedc..2c88fadb6 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -31,7 +31,10 @@ function error_handler($errno, $message, $filename, $line, $variables) {
 
   if ($errno & E_ALL ^ E_NOTICE) {
     watchdog("error", $types[$errno] .": $message in $filename on line $line.");
-    print "<pre>$entry</pre>";
+    foreach (debug_backtrace() as $trace) {
+      $functions[] = "$trace[function] ($trace[file]:$trace[line])" . $trace["args"][0];
+    }
+    print "<pre>$entry\n". implode(" -> ", $functions) ."</pre>";
   }
 }
 
@@ -485,9 +488,72 @@ function referer_load() {
   }
 }
 
+
+/*
+** Save a common file
+*/
+function drupal_file_save($file) {
+  global $user;
+  // TODO: extend to support filesystem storage
+  if (variable_get("file_save", "database")) {
+    if ($file->fid) {
+      if ($file->tmp_name) {
+        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
+        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, data = '%s', temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, base64_encode($data), $file->temporary, $file->fid);
+      }
+      else {
+        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, $file->temporary, $file->fid);
+      }
+    }
+    else {
+      if ($file->tmp_name) {
+        $file->fid = db_next_id("file_fid");
+        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
+        db_query("INSERT INTO {file} SET fid = %d, uid = %d, created = %d, filename = '%s', type = '%s', size = %d, counter = 0, data = '%s', temporary = %d", $file->fid, $user->uid, time(), $file->filename, $file->type, $file->size, base64_encode($data), $file->temporary);
+      }
+      else {
+        return 0;
+      }
+    }
+  }
+  return $file->fid;
+}
+
+/*
+** Load a common file
+*/
+function drupal_file_load($fid, $data = 0) {
+  // TODO: extend to support filesystem storage
+  if (variable_get("file_save", "database")) {
+    if ($data) {
+      $file = db_fetch_object(db_query("SELECT * FROM {file} WHERE fid = %d", $fid));
+    }
+    else {
+      $file = db_fetch_object(db_query("SELECT fid, uid, filename, created, type, size, counter, temporary FROM {file} WHERE fid = %d", $fid));
+    }
+
+    if ($file->data) {
+      $file->data = base64_decode($file->data);
+    }
+    return $file;
+  }
+}
+
+/*
+** Generate the HTTP headers and dump the data
+*/
+function drupal_file_send($fid) {
+  if (($file = drupal_file_load($fid, 1))) {
+    header("Content-type: $file->type");
+    header("Content-length: $file->size");
+    header("Content-Disposition: inline; filename=$file->filename");
+    print $file->data;
+  }
+}
+
 function valid_input_data($data) {
 
-  if (is_array($data)) {
+  if (is_array($data) || is_object($data)) {
     /*
     ** Form data can contain a number of nested arrays.
     */
@@ -652,13 +718,65 @@ function check_output($text) {
   return $text;
 }
 
-function check_file($filename) {
-  if (is_uploaded_file($filename)) {
-    return 1;
+/**
+* Checks if a file is valid and correct.
+*
+* @param $name the name of the form_file item
+* @param $type restrict to mime types
+* @param $size restrict file size
+* @param $paranoid flag to make sure file belongs to the current user
+*
+* @returns mixed file object, or error object, or false if there is no file
+*/
+function check_file($name, $type = "/.+/", $size = 0) {
+  // Make sure we don't have a file stored temporarily
+  if ($_POST["edit"]["__file"][$name]) {
+    $file = drupal_file_load($_POST["edit"]["__file"][$name]);
+    if (!$file->temporary) {
+      unset($file);
+    }
   }
-  else {
-    return 0;
+
+  // make sure $name exists in $_FILES
+  if ($_FILES["edit"]["name"][$name]) {
+
+    // populate $file object to make further testing simpler
+    $file->filename = $_FILES["edit"]["name"][$name];
+    $file->type = $_FILES["edit"]["type"][$name];
+    $file->tmp_name = $_FILES["edit"]["tmp_name"][$name];
+    $file->error = $_FILES["edit"]["error"][$name];
+    $file->size = $_FILES["edit"]["size"][$name];
+
+    if (!valid_input_data($file)) {
+      $return->error = t("possible exploit abuse");
+    }
+
+    // make sure the file is a valid upload
+    if (!is_uploaded_file($file->tmp_name) || $file->error == UPLOAD_ERR_PARTIAL || $file->error == UPLOAD_ERR_NO_FILE) {
+      $return->error = t("invalid file upload");
+    }
+
+    // validate the file type uploaded
+    if (!preg_match($type, $file->filename)) {
+      $return->error = t("invalid file type");
+    }
+
+    // check the file size to make sure the file isn't too big
+    if (($size && $file->size > $size) || $file->error == UPLOAD_ERR_INI_SIZE || $file->error == UPLOAD_ERR_FORM_SIZE) {
+      $return->error = t("file size too big");
+    }
+
+    if (!$return->error) {
+      $file->temporary = 1;
+      $file->fid = drupal_file_save($file);
+    }
+  }
+
+  if ($return->error) {
+    return $return;
   }
+
+  return $file ? $file : false;
 }
 
 function format_rss_channel($title, $link, $description, $items, $language = "en", $args = array()) {
@@ -912,8 +1030,11 @@ function form_radios($title, $name, $value, $options, $description = 0) {
   }
 }
 
-function form_file($title, $name, $size, $description = 0) {
-  return form_item($title, "<input type=\"file\" class=\"form-file\" name=\"edit[$name]\" size=\"$size\" />\n", $description);
+function form_file($title, $name, $size, $description = 0, $fid = 0) {
+  if ($fid) { // Include file upload in case of preview
+    $extra = form_hidden("__file][$name", $fid);
+  }
+  return $extra . form_item($title, "<input type=\"file\" class=\"form-file\" name=\"edit[$name]\" size=\"$size\" />\n", $description);
 }
 
 function form_hidden($name, $value) {
@@ -1052,11 +1173,11 @@ function drupal_page_header() {
       $etag = '"'. md5($date) .'"';
 
       // Check http headers:
-      $modified_since = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? $_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date : true;
-      $none_match = isset($_SERVER["HTTP_IF_NONE_MATCH"]) ? $_SERVER["HTTP_IF_NONE_MATCH"] == $etag : true;
+      $modified_since = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? $_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date : false;
+      $none_match = isset($_SERVER["HTTP_IF_NONE_MATCH"]) ? $_SERVER["HTTP_IF_NONE_MATCH"] == $etag : false;
 
       // Send appropriate response:
-      header("Last-Modified: $date");
+      //header("Last-Modified: $date");
       header("ETag: $etag");
       if ($modified_since && $none_match) {
         header("HTTP/1.0 304 Not Modified");
author	Kjartan Mannes <kjartan@2.no-reply.drupal.org>	2003-09-29 09:32:45 +0000
committer	Kjartan Mannes <kjartan@2.no-reply.drupal.org>	2003-09-29 09:32:45 +0000
commit	0c3cc7b4877790c01588bd75508111f74c07d536 (patch)
tree	7e44a457ad2f5f3165f8eef42e5fc84f5d10a126 /includes/common.inc
parent	88a9f27641fcd3ce0dca4a812dd18fbeb04ccb05 (diff)
download	brdo-0c3cc7b4877790c01588bd75508111f74c07d536.tar.gz brdo-0c3cc7b4877790c01588bd75508111f74c07d536.tar.bz2