Use common media_save in media_upload and putAttachment

Changes: * XML-RPC now correctly allows leading and trailing _ * Error messages from XML-RPC are correct * MEDIA_UPLOAD_FINISH has a sixth param specifying the move function * Not having upload rights when using media_upload throws a msg
author: Adrian Lang <dokuwiki@adrianlang.de> 2011-02-06 14:25:05 +0100
committer: Adrian Lang <dokuwiki@adrianlang.de> 2011-02-06 14:29:57 +0100
commit: ffb291f214dd47aa34d4e84b166de6e62714307f (patch)
tree: 08cf7449f3e51c472679b02204def0b83dbd2bd9 /inc/media.php
parent: 20aa97d937a545472ddb376ffdbefeea5aa0c497 (diff)
download: rpg-ffb291f214dd47aa34d4e84b166de6e62714307f.tar.gz
rpg-ffb291f214dd47aa34d4e84b166de6e62714307f.tar.bz2
1 files changed, 74 insertions, 51 deletions
diff --git a/inc/media.php b/inc/media.php
index c63bea5a9..3c9340d51 100644
--- a/inc/media.php
+++ b/inc/media.php
@@ -212,27 +212,13 @@ function media_delete($id,$auth){
 /**
  * Handles media file uploads
  *
- * This generates an action event and delegates to _media_upload_action().
- * Action plugins are allowed to pre/postprocess the uploaded file.
- * (The triggered event is preventable.)
- *
- * Event data:
- * $data[0]     fn_tmp: the temporary file name (read from $_FILES)
- * $data[1]     fn: the file name of the uploaded file
- * $data[2]     id: the future directory id of the uploaded file
- * $data[3]     imime: the mimetype of the uploaded file
- * $data[4]     overwrite: if an existing file is going to be overwritten
- *
- * @triggers MEDIA_UPLOAD_FINISH
  * @author Andreas Gohr <andi@splitbrain.org>
  * @author Michael Klier <chi@chimeric.de>
  * @return mixed false on error, id of the new file on success
  */
 function media_upload($ns,$auth){
-    if($auth < AUTH_UPLOAD) return false;
     if(!checkSecurityToken()) return false;
     global $lang;
-    global $conf;
 
     // get file and id
     $id   = $_POST['id'];
@@ -254,8 +240,50 @@ function media_upload($ns,$auth){
         msg(sprintf($lang['mediaextchange'],$fext,$iext));
     }
 
+    $res = media_save(array('name' => $file['tmp_name'],
+                            'mime' => $imime,
+                            'ext'  => $iext), $ns.':'.$id,
+                      $_REQUEST['ow'], $auth, 'move_uploaded_file');
+    if (is_array($res)) {
+        msg($res[0], $res[1]);
+        return false;
+    }
+    return $res;
+}
+
+/**
+ * This generates an action event and delegates to _media_upload_action().
+ * Action plugins are allowed to pre/postprocess the uploaded file.
+ * (The triggered event is preventable.)
+ *
+ * Event data:
+ * $data[0]     fn_tmp: the temporary file name (read from $_FILES)
+ * $data[1]     fn: the file name of the uploaded file
+ * $data[2]     id: the future directory id of the uploaded file
+ * $data[3]     imime: the mimetype of the uploaded file
+ * $data[4]     overwrite: if an existing file is going to be overwritten
+ *
+ * @triggers MEDIA_UPLOAD_FINISH
+ */
+function media_save($file, $id, $ow, $auth, $move) {
+    if($auth < AUTH_UPLOAD) {
+        return array("You don't have permissions to upload files.", -1);
+    }
+
+    if (!isset($file['mime']) || !isset($file['ext'])) {
+        list($ext, $mime) = mimetype($id);
+        if (!isset($file['mime'])) {
+            $file['mime'] = $mime;
+        }
+        if (!isset($file['ext'])) {
+            $file['ext'] = $ext;
+        }
+    }
+
+    global $lang;
+
     // get filename
-    $id   = cleanID($ns.':'.$id,false,true);
+    $id   = cleanID($id,false,true);
     $fn   = mediaFN($id);
 
     // get filetype regexp
@@ -264,40 +292,35 @@ function media_upload($ns,$auth){
     $regex = join('|',$types);
 
     // because a temp file was created already
-    if(preg_match('/\.('.$regex.')$/i',$fn)){
-        //check for overwrite
-        $overwrite = @file_exists($fn);
-        if($overwrite && (!$_REQUEST['ow'] || $auth < AUTH_DELETE)){
-            msg($lang['uploadexist'],0);
-            return false;
-        }
-        // check for valid content
-        $ok = media_contentcheck($file['tmp_name'],$imime);
-        if($ok == -1){
-            msg(sprintf($lang['uploadbadcontent'],".$iext"),-1);
-            return false;
-        }elseif($ok == -2){
-            msg($lang['uploadspam'],-1);
-            return false;
-        }elseif($ok == -3){
-            msg($lang['uploadxss'],-1);
-            return false;
-        }
+    if(!preg_match('/\.('.$regex.')$/i',$fn)) {
+        return array($lang['uploadwrong'],-1);
+    }
 
-        // prepare event data
-        $data[0] = $file['tmp_name'];
-        $data[1] = $fn;
-        $data[2] = $id;
-        $data[3] = $imime;
-        $data[4] = $overwrite;
+    //check for overwrite
+    $overwrite = @file_exists($fn);
+    if($overwrite && (!$ow || $auth < AUTH_DELETE)) {
+        return array($lang['uploadexist'], 0);
+    }
+    // check for valid content
+    $ok = media_contentcheck($file['name'], $file['mime']);
+    if($ok == -1){
+        return array(sprintf($lang['uploadbadcontent'],'.' . $file['ext']),-1);
+    }elseif($ok == -2){
+        return array($lang['uploadspam'],-1);
+    }elseif($ok == -3){
+        return array($lang['uploadxss'],-1);
+    }
 
-        // trigger event
-        return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true);
+    // prepare event data
+    $data[0] = $file['name'];
+    $data[1] = $fn;
+    $data[2] = $id;
+    $data[3] = $file['mime'];
+    $data[4] = $overwrite;
+    $data[5] = $move;
 
-    }else{
-        msg($lang['uploadwrong'],-1);
-    }
-    return false;
+    // trigger event
+    return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true);
 }
 
 /**
@@ -306,8 +329,8 @@ function media_upload($ns,$auth){
  */
 function _media_upload_action($data) {
     // fixme do further sanity tests of given data?
-    if(is_array($data) && count($data)===5) {
-        return media_upload_finish($data[0], $data[1], $data[2], $data[3], $data[4]);
+    if(is_array($data) && count($data)===6) {
+        return media_upload_finish($data[0], $data[1], $data[2], $data[3], $data[4], $data[5]);
     } else {
         return false; //callback error
     }
@@ -319,14 +342,14 @@ function _media_upload_action($data) {
  * @author Andreas Gohr <andi@splitbrain.org>
  * @author Michael Klier <chi@chimeric.de>
  */
-function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite) {
+function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite, $move = 'move_uploaded_file') {
     global $conf;
     global $lang;
 
     // prepare directory
     io_createNamespace($id, 'media');
 
-    if(move_uploaded_file($fn_tmp, $fn)) {
+    if($move($fn_tmp, $fn)) {
         // Set the correct permission here.
         // Always chmod media because they may be saved with different permissions than expected from the php umask.
         // (Should normally chmod to $conf['fperm'] only if $conf['fperm'] is set.)
@@ -341,7 +364,7 @@ function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite) {
         }
         return $id;
     }else{
-        msg($lang['uploadfail'],-1);
+        return array($lang['uploadfail'],-1);
     }
 }
author	Adrian Lang <dokuwiki@adrianlang.de>	2011-02-06 14:25:05 +0100
committer	Adrian Lang <dokuwiki@adrianlang.de>	2011-02-06 14:29:57 +0100
commit	ffb291f214dd47aa34d4e84b166de6e62714307f (patch)
tree	08cf7449f3e51c472679b02204def0b83dbd2bd9 /inc/media.php
parent	20aa97d937a545472ddb376ffdbefeea5aa0c497 (diff)
download	rpg-ffb291f214dd47aa34d4e84b166de6e62714307f.tar.gz rpg-ffb291f214dd47aa34d4e84b166de6e62714307f.tar.bz2