summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--inc/media.php125
-rw-r--r--lib/exe/xmlrpc.php92
2 files changed, 87 insertions, 130 deletions
diff --git a/inc/media.php b/inc/media.php
index c63bea5a9..3c9340d51 100644
--- a/inc/media.php
+++ b/inc/media.php
@@ -212,27 +212,13 @@ function media_delete($id,$auth){
/**
* Handles media file uploads
*
- * This generates an action event and delegates to _media_upload_action().
- * Action plugins are allowed to pre/postprocess the uploaded file.
- * (The triggered event is preventable.)
- *
- * Event data:
- * $data[0] fn_tmp: the temporary file name (read from $_FILES)
- * $data[1] fn: the file name of the uploaded file
- * $data[2] id: the future directory id of the uploaded file
- * $data[3] imime: the mimetype of the uploaded file
- * $data[4] overwrite: if an existing file is going to be overwritten
- *
- * @triggers MEDIA_UPLOAD_FINISH
* @author Andreas Gohr <andi@splitbrain.org>
* @author Michael Klier <chi@chimeric.de>
* @return mixed false on error, id of the new file on success
*/
function media_upload($ns,$auth){
- if($auth < AUTH_UPLOAD) return false;
if(!checkSecurityToken()) return false;
global $lang;
- global $conf;
// get file and id
$id = $_POST['id'];
@@ -254,8 +240,50 @@ function media_upload($ns,$auth){
msg(sprintf($lang['mediaextchange'],$fext,$iext));
}
+ $res = media_save(array('name' => $file['tmp_name'],
+ 'mime' => $imime,
+ 'ext' => $iext), $ns.':'.$id,
+ $_REQUEST['ow'], $auth, 'move_uploaded_file');
+ if (is_array($res)) {
+ msg($res[0], $res[1]);
+ return false;
+ }
+ return $res;
+}
+
+/**
+ * This generates an action event and delegates to _media_upload_action().
+ * Action plugins are allowed to pre/postprocess the uploaded file.
+ * (The triggered event is preventable.)
+ *
+ * Event data:
+ * $data[0] fn_tmp: the temporary file name (read from $_FILES)
+ * $data[1] fn: the file name of the uploaded file
+ * $data[2] id: the future directory id of the uploaded file
+ * $data[3] imime: the mimetype of the uploaded file
+ * $data[4] overwrite: if an existing file is going to be overwritten
+ *
+ * @triggers MEDIA_UPLOAD_FINISH
+ */
+function media_save($file, $id, $ow, $auth, $move) {
+ if($auth < AUTH_UPLOAD) {
+ return array("You don't have permissions to upload files.", -1);
+ }
+
+ if (!isset($file['mime']) || !isset($file['ext'])) {
+ list($ext, $mime) = mimetype($id);
+ if (!isset($file['mime'])) {
+ $file['mime'] = $mime;
+ }
+ if (!isset($file['ext'])) {
+ $file['ext'] = $ext;
+ }
+ }
+
+ global $lang;
+
// get filename
- $id = cleanID($ns.':'.$id,false,true);
+ $id = cleanID($id,false,true);
$fn = mediaFN($id);
// get filetype regexp
@@ -264,40 +292,35 @@ function media_upload($ns,$auth){
$regex = join('|',$types);
// because a temp file was created already
- if(preg_match('/\.('.$regex.')$/i',$fn)){
- //check for overwrite
- $overwrite = @file_exists($fn);
- if($overwrite && (!$_REQUEST['ow'] || $auth < AUTH_DELETE)){
- msg($lang['uploadexist'],0);
- return false;
- }
- // check for valid content
- $ok = media_contentcheck($file['tmp_name'],$imime);
- if($ok == -1){
- msg(sprintf($lang['uploadbadcontent'],".$iext"),-1);
- return false;
- }elseif($ok == -2){
- msg($lang['uploadspam'],-1);
- return false;
- }elseif($ok == -3){
- msg($lang['uploadxss'],-1);
- return false;
- }
+ if(!preg_match('/\.('.$regex.')$/i',$fn)) {
+ return array($lang['uploadwrong'],-1);
+ }
- // prepare event data
- $data[0] = $file['tmp_name'];
- $data[1] = $fn;
- $data[2] = $id;
- $data[3] = $imime;
- $data[4] = $overwrite;
+ //check for overwrite
+ $overwrite = @file_exists($fn);
+ if($overwrite && (!$ow || $auth < AUTH_DELETE)) {
+ return array($lang['uploadexist'], 0);
+ }
+ // check for valid content
+ $ok = media_contentcheck($file['name'], $file['mime']);
+ if($ok == -1){
+ return array(sprintf($lang['uploadbadcontent'],'.' . $file['ext']),-1);
+ }elseif($ok == -2){
+ return array($lang['uploadspam'],-1);
+ }elseif($ok == -3){
+ return array($lang['uploadxss'],-1);
+ }
- // trigger event
- return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true);
+ // prepare event data
+ $data[0] = $file['name'];
+ $data[1] = $fn;
+ $data[2] = $id;
+ $data[3] = $file['mime'];
+ $data[4] = $overwrite;
+ $data[5] = $move;
- }else{
- msg($lang['uploadwrong'],-1);
- }
- return false;
+ // trigger event
+ return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true);
}
/**
@@ -306,8 +329,8 @@ function media_upload($ns,$auth){
*/
function _media_upload_action($data) {
// fixme do further sanity tests of given data?
- if(is_array($data) && count($data)===5) {
- return media_upload_finish($data[0], $data[1], $data[2], $data[3], $data[4]);
+ if(is_array($data) && count($data)===6) {
+ return media_upload_finish($data[0], $data[1], $data[2], $data[3], $data[4], $data[5]);
} else {
return false; //callback error
}
@@ -319,14 +342,14 @@ function _media_upload_action($data) {
* @author Andreas Gohr <andi@splitbrain.org>
* @author Michael Klier <chi@chimeric.de>
*/
-function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite) {
+function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite, $move = 'move_uploaded_file') {
global $conf;
global $lang;
// prepare directory
io_createNamespace($id, 'media');
- if(move_uploaded_file($fn_tmp, $fn)) {
+ if($move($fn_tmp, $fn)) {
// Set the correct permission here.
// Always chmod media because they may be saved with different permissions than expected from the php umask.
// (Should normally chmod to $conf['fperm'] only if $conf['fperm'] is set.)
@@ -341,7 +364,7 @@ function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite) {
}
return $id;
}else{
- msg($lang['uploadfail'],-1);
+ return array($lang['uploadfail'],-1);
}
}
diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php
index 945dc3f67..9749a2e16 100644
--- a/lib/exe/xmlrpc.php
+++ b/lib/exe/xmlrpc.php
@@ -605,64 +605,26 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
*/
function putAttachment($id, $file, $params) {
$id = cleanID($id);
- global $conf;
- global $lang;
-
$auth = auth_quickaclcheck(getNS($id).':*');
- if($auth >= AUTH_UPLOAD) {
- if(!isset($id)) {
- return new IXR_ERROR(1, 'Filename not given.');
- }
-
- $ftmp = $conf['tmpdir'] . '/' . md5($id.clientIP());
- // save temporary file
- @unlink($ftmp);
- $buff = base64_decode($file);
- io_saveFile($ftmp, $buff);
+ if(!isset($id)) {
+ return new IXR_ERROR(1, 'Filename not given.');
+ }
- // get filename
- list($iext, $imime,$dl) = mimetype($id);
- $id = cleanID($id);
- $fn = mediaFN($id);
-
- // get filetype regexp
- $types = array_keys(getMimeTypes());
- $types = array_map(create_function('$q','return preg_quote($q,"/");'),$types);
- $regex = join('|',$types);
-
- // because a temp file was created already
- if(preg_match('/\.('.$regex.')$/i',$fn)) {
- //check for overwrite
- $overwrite = @file_exists($fn);
- if($overwrite && (!$params['ow'] || $auth < AUTH_DELETE)) {
- return new IXR_ERROR(1, $lang['uploadexist'].'1');
- }
- // check for valid content
- $ok = media_contentcheck($ftmp, $imime);
- if($ok == -1) {
- return new IXR_ERROR(1, sprintf($lang['uploadexist'].'2', ".$iext"));
- } elseif($ok == -2) {
- return new IXR_ERROR(1, $lang['uploadspam']);
- } elseif($ok == -3) {
- return new IXR_ERROR(1, $lang['uploadxss']);
- }
+ global $conf;
- // prepare event data
- $data[0] = $ftmp;
- $data[1] = $fn;
- $data[2] = $id;
- $data[3] = $imime;
- $data[4] = $overwrite;
+ $ftmp = $conf['tmpdir'] . '/' . md5($id.clientIP());
- // trigger event
- return trigger_event('MEDIA_UPLOAD_FINISH', $data, array($this, '_media_upload_action'), true);
+ // save temporary file
+ @unlink($ftmp);
+ $buff = base64_decode($file);
+ io_saveFile($ftmp, $buff);
- } else {
- return new IXR_ERROR(1, $lang['uploadwrong']);
- }
+ $res = media_save(array('name' => $ftmp), $id, $params['ow'], $auth, 'rename');
+ if (is_array($res)) {
+ return new IXR_ERROR(-$res[1], $res[0]);
} else {
- return new IXR_ERROR(1, "You don't have permissions to upload files.");
+ return $res;
}
}
@@ -687,34 +649,6 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
}
/**
- * Moves the temporary file to its final destination.
- *
- * Michael Klier <chi@chimeric.de>
- */
- function _media_upload_action($data) {
- global $conf;
-
- if(is_array($data) && count($data)===5) {
- io_createNamespace($data[2], 'media');
- if(rename($data[0], $data[1])) {
- chmod($data[1], $conf['fmode']);
- media_notify($data[2], $data[1], $data[3]);
- // add a log entry to the media changelog
- if ($data[4]) {
- addMediaLogEntry(time(), $data[2], DOKU_CHANGE_TYPE_EDIT);
- } else {
- addMediaLogEntry(time(), $data[2], DOKU_CHANGE_TYPE_CREATE);
- }
- return $data[2];
- } else {
- return new IXR_ERROR(1, 'Upload failed.');
- }
- } else {
- return new IXR_ERROR(1, 'Upload failed.');
- }
- }
-
- /**
* Returns the permissions of a given wiki page
*/
function aclCheck($id) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 01:43:45 +0000