diff options
-rw-r--r-- | inc/media.php | 125 | ||||
-rw-r--r-- | lib/exe/xmlrpc.php | 92 |
2 files changed, 87 insertions, 130 deletions
diff --git a/inc/media.php b/inc/media.php index c63bea5a9..3c9340d51 100644 --- a/inc/media.php +++ b/inc/media.php @@ -212,27 +212,13 @@ function media_delete($id,$auth){ /** * Handles media file uploads * - * This generates an action event and delegates to _media_upload_action(). - * Action plugins are allowed to pre/postprocess the uploaded file. - * (The triggered event is preventable.) - * - * Event data: - * $data[0] fn_tmp: the temporary file name (read from $_FILES) - * $data[1] fn: the file name of the uploaded file - * $data[2] id: the future directory id of the uploaded file - * $data[3] imime: the mimetype of the uploaded file - * $data[4] overwrite: if an existing file is going to be overwritten - * - * @triggers MEDIA_UPLOAD_FINISH * @author Andreas Gohr <andi@splitbrain.org> * @author Michael Klier <chi@chimeric.de> * @return mixed false on error, id of the new file on success */ function media_upload($ns,$auth){ - if($auth < AUTH_UPLOAD) return false; if(!checkSecurityToken()) return false; global $lang; - global $conf; // get file and id $id = $_POST['id']; @@ -254,8 +240,50 @@ function media_upload($ns,$auth){ msg(sprintf($lang['mediaextchange'],$fext,$iext)); } + $res = media_save(array('name' => $file['tmp_name'], + 'mime' => $imime, + 'ext' => $iext), $ns.':'.$id, + $_REQUEST['ow'], $auth, 'move_uploaded_file'); + if (is_array($res)) { + msg($res[0], $res[1]); + return false; + } + return $res; +} + +/** + * This generates an action event and delegates to _media_upload_action(). + * Action plugins are allowed to pre/postprocess the uploaded file. + * (The triggered event is preventable.) + * + * Event data: + * $data[0] fn_tmp: the temporary file name (read from $_FILES) + * $data[1] fn: the file name of the uploaded file + * $data[2] id: the future directory id of the uploaded file + * $data[3] imime: the mimetype of the uploaded file + * $data[4] overwrite: if an existing file is going to be overwritten + * + * @triggers MEDIA_UPLOAD_FINISH + */ +function media_save($file, $id, $ow, $auth, $move) { + if($auth < AUTH_UPLOAD) { + return array("You don't have permissions to upload files.", -1); + } + + if (!isset($file['mime']) || !isset($file['ext'])) { + list($ext, $mime) = mimetype($id); + if (!isset($file['mime'])) { + $file['mime'] = $mime; + } + if (!isset($file['ext'])) { + $file['ext'] = $ext; + } + } + + global $lang; + // get filename - $id = cleanID($ns.':'.$id,false,true); + $id = cleanID($id,false,true); $fn = mediaFN($id); // get filetype regexp @@ -264,40 +292,35 @@ function media_upload($ns,$auth){ $regex = join('|',$types); // because a temp file was created already - if(preg_match('/\.('.$regex.')$/i',$fn)){ - //check for overwrite - $overwrite = @file_exists($fn); - if($overwrite && (!$_REQUEST['ow'] || $auth < AUTH_DELETE)){ - msg($lang['uploadexist'],0); - return false; - } - // check for valid content - $ok = media_contentcheck($file['tmp_name'],$imime); - if($ok == -1){ - msg(sprintf($lang['uploadbadcontent'],".$iext"),-1); - return false; - }elseif($ok == -2){ - msg($lang['uploadspam'],-1); - return false; - }elseif($ok == -3){ - msg($lang['uploadxss'],-1); - return false; - } + if(!preg_match('/\.('.$regex.')$/i',$fn)) { + return array($lang['uploadwrong'],-1); + } - // prepare event data - $data[0] = $file['tmp_name']; - $data[1] = $fn; - $data[2] = $id; - $data[3] = $imime; - $data[4] = $overwrite; + //check for overwrite + $overwrite = @file_exists($fn); + if($overwrite && (!$ow || $auth < AUTH_DELETE)) { + return array($lang['uploadexist'], 0); + } + // check for valid content + $ok = media_contentcheck($file['name'], $file['mime']); + if($ok == -1){ + return array(sprintf($lang['uploadbadcontent'],'.' . $file['ext']),-1); + }elseif($ok == -2){ + return array($lang['uploadspam'],-1); + }elseif($ok == -3){ + return array($lang['uploadxss'],-1); + } - // trigger event - return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true); + // prepare event data + $data[0] = $file['name']; + $data[1] = $fn; + $data[2] = $id; + $data[3] = $file['mime']; + $data[4] = $overwrite; + $data[5] = $move; - }else{ - msg($lang['uploadwrong'],-1); - } - return false; + // trigger event + return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true); } /** @@ -306,8 +329,8 @@ function media_upload($ns,$auth){ */ function _media_upload_action($data) { // fixme do further sanity tests of given data? - if(is_array($data) && count($data)===5) { - return media_upload_finish($data[0], $data[1], $data[2], $data[3], $data[4]); + if(is_array($data) && count($data)===6) { + return media_upload_finish($data[0], $data[1], $data[2], $data[3], $data[4], $data[5]); } else { return false; //callback error } @@ -319,14 +342,14 @@ function _media_upload_action($data) { * @author Andreas Gohr <andi@splitbrain.org> * @author Michael Klier <chi@chimeric.de> */ -function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite) { +function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite, $move = 'move_uploaded_file') { global $conf; global $lang; // prepare directory io_createNamespace($id, 'media'); - if(move_uploaded_file($fn_tmp, $fn)) { + if($move($fn_tmp, $fn)) { // Set the correct permission here. // Always chmod media because they may be saved with different permissions than expected from the php umask. // (Should normally chmod to $conf['fperm'] only if $conf['fperm'] is set.) @@ -341,7 +364,7 @@ function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite) { } return $id; }else{ - msg($lang['uploadfail'],-1); + return array($lang['uploadfail'],-1); } } diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 945dc3f67..9749a2e16 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -605,64 +605,26 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { */ function putAttachment($id, $file, $params) { $id = cleanID($id); - global $conf; - global $lang; - $auth = auth_quickaclcheck(getNS($id).':*'); - if($auth >= AUTH_UPLOAD) { - if(!isset($id)) { - return new IXR_ERROR(1, 'Filename not given.'); - } - - $ftmp = $conf['tmpdir'] . '/' . md5($id.clientIP()); - // save temporary file - @unlink($ftmp); - $buff = base64_decode($file); - io_saveFile($ftmp, $buff); + if(!isset($id)) { + return new IXR_ERROR(1, 'Filename not given.'); + } - // get filename - list($iext, $imime,$dl) = mimetype($id); - $id = cleanID($id); - $fn = mediaFN($id); - - // get filetype regexp - $types = array_keys(getMimeTypes()); - $types = array_map(create_function('$q','return preg_quote($q,"/");'),$types); - $regex = join('|',$types); - - // because a temp file was created already - if(preg_match('/\.('.$regex.')$/i',$fn)) { - //check for overwrite - $overwrite = @file_exists($fn); - if($overwrite && (!$params['ow'] || $auth < AUTH_DELETE)) { - return new IXR_ERROR(1, $lang['uploadexist'].'1'); - } - // check for valid content - $ok = media_contentcheck($ftmp, $imime); - if($ok == -1) { - return new IXR_ERROR(1, sprintf($lang['uploadexist'].'2', ".$iext")); - } elseif($ok == -2) { - return new IXR_ERROR(1, $lang['uploadspam']); - } elseif($ok == -3) { - return new IXR_ERROR(1, $lang['uploadxss']); - } + global $conf; - // prepare event data - $data[0] = $ftmp; - $data[1] = $fn; - $data[2] = $id; - $data[3] = $imime; - $data[4] = $overwrite; + $ftmp = $conf['tmpdir'] . '/' . md5($id.clientIP()); - // trigger event - return trigger_event('MEDIA_UPLOAD_FINISH', $data, array($this, '_media_upload_action'), true); + // save temporary file + @unlink($ftmp); + $buff = base64_decode($file); + io_saveFile($ftmp, $buff); - } else { - return new IXR_ERROR(1, $lang['uploadwrong']); - } + $res = media_save(array('name' => $ftmp), $id, $params['ow'], $auth, 'rename'); + if (is_array($res)) { + return new IXR_ERROR(-$res[1], $res[0]); } else { - return new IXR_ERROR(1, "You don't have permissions to upload files."); + return $res; } } @@ -687,34 +649,6 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { } /** - * Moves the temporary file to its final destination. - * - * Michael Klier <chi@chimeric.de> - */ - function _media_upload_action($data) { - global $conf; - - if(is_array($data) && count($data)===5) { - io_createNamespace($data[2], 'media'); - if(rename($data[0], $data[1])) { - chmod($data[1], $conf['fmode']); - media_notify($data[2], $data[1], $data[3]); - // add a log entry to the media changelog - if ($data[4]) { - addMediaLogEntry(time(), $data[2], DOKU_CHANGE_TYPE_EDIT); - } else { - addMediaLogEntry(time(), $data[2], DOKU_CHANGE_TYPE_CREATE); - } - return $data[2]; - } else { - return new IXR_ERROR(1, 'Upload failed.'); - } - } else { - return new IXR_ERROR(1, 'Upload failed.'); - } - } - - /** * Returns the permissions of a given wiki page */ function aclCheck($id) { |