diff options
Diffstat (limited to 'inc/media.php')
| -rw-r--r-- | inc/media.php | 201 |
1 files changed, 132 insertions, 69 deletions
diff --git a/inc/media.php b/inc/media.php index af4647ecb..6335bf210 100644 --- a/inc/media.php +++ b/inc/media.php @@ -175,10 +175,10 @@ define('DOKU_MEDIA_EMPTY_NS', 8); * * @author Andreas Gohr <andi@splitbrain.org> * @return int One of: 0, - DOKU_MEDIA_DELETED, - DOKU_MEDIA_DELETED | DOKU_MEDIA_EMPTY_NS, - DOKU_MEDIA_NOT_AUTH, - DOKU_MEDIA_INUSE + * DOKU_MEDIA_DELETED, + * DOKU_MEDIA_DELETED | DOKU_MEDIA_EMPTY_NS, + * DOKU_MEDIA_NOT_AUTH, + * DOKU_MEDIA_INUSE */ function media_delete($id,$auth){ global $lang; @@ -189,7 +189,7 @@ function media_delete($id,$auth){ // trigger an event - MEDIA_DELETE_FILE $data['id'] = $id; - $data['name'] = basename($file); + $data['name'] = utf8_basename($file); $data['path'] = $file; $data['size'] = (@file_exists($file)) ? filesize($file) : 0; @@ -226,26 +226,29 @@ function media_delete($id,$auth){ */ function media_upload_xhr($ns,$auth){ if(!checkSecurityToken()) return false; + global $INPUT; - $id = $_GET['qqfile']; + $id = $INPUT->get->str('qqfile'); list($ext,$mime,$dl) = mimetype($id); $input = fopen("php://input", "r"); - $temp = tmpfile(); - $realSize = stream_copy_to_stream($input, $temp); - fclose($input); - if ($realSize != (int)$_SERVER["CONTENT_LENGTH"]) return false; if (!($tmp = io_mktmpdir())) return false; $path = $tmp.'/'.md5($id); $target = fopen($path, "w"); - fseek($temp, 0, SEEK_SET); - stream_copy_to_stream($temp, $target); + $realSize = stream_copy_to_stream($input, $target); fclose($target); + fclose($input); + if ($realSize != (int)$_SERVER["CONTENT_LENGTH"]){ + unlink($target); + unlink($path); + return false; + } + $res = media_save( array('name' => $path, 'mime' => $mime, 'ext' => $ext), $ns.':'.$id, - (($_REQUEST['ow'] == 'checked') ? true : false), + (($INPUT->get->str('ow') == 'checked') ? true : false), $auth, 'copy' ); @@ -268,9 +271,10 @@ function media_upload_xhr($ns,$auth){ function media_upload($ns,$auth,$file=false){ if(!checkSecurityToken()) return false; global $lang; + global $INPUT; // get file and id - $id = $_POST['mediaid']; + $id = $INPUT->post->str('mediaid'); if (!$file) $file = $_FILES['upload']; if(empty($id)) $id = $file['name']; @@ -292,7 +296,7 @@ function media_upload($ns,$auth,$file=false){ $res = media_save(array('name' => $file['tmp_name'], 'mime' => $imime, 'ext' => $iext), $ns.':'.$id, - $_REQUEST['ow'], $auth, 'move_uploaded_file'); + $INPUT->post->bool('ow'), $auth, 'copy_uploaded_file'); if (is_array($res)) { msg($res[0], $res[1]); return false; @@ -301,6 +305,23 @@ function media_upload($ns,$auth,$file=false){ } /** + * An alternative to move_uploaded_file that copies + * + * Using copy, makes sure any setgid bits on the media directory are honored + * + * @see move_uploaded_file() + * @param string $from + * @param string $to + * @return bool + */ +function copy_uploaded_file($from, $to){ + if(!is_uploaded_file($from)) return false; + $ok = copy($from, $to); + @unlink($from); + return $ok; +} + +/** * This generates an action event and delegates to _media_upload_action(). * Action plugins are allowed to pre/postprocess the uploaded file. * (The triggered event is preventable.) @@ -418,7 +439,7 @@ function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite, $move = 'mov media_notify($id,$fn,$imime,$old); // add a log entry to the media changelog if ($REV){ - addMediaLogEntry($new, $id, DOKU_CHANGE_TYPE_REVERT, $lang['restored'], $REV); + addMediaLogEntry($new, $id, DOKU_CHANGE_TYPE_REVERT, sprintf($lang['restored'], dformat($REV)), $REV); } elseif ($overwrite) { addMediaLogEntry($new, $id, DOKU_CHANGE_TYPE_EDIT); } else { @@ -514,6 +535,7 @@ function media_contentcheck($file,$mime){ * Send a notify mail on uploads * * @author Andreas Gohr <andi@splitbrain.org> + * @fixme this should embed thumbnails of images in HTML version */ function media_notify($id,$file,$mime,$old_rev=false){ global $lang; @@ -521,31 +543,24 @@ function media_notify($id,$file,$mime,$old_rev=false){ global $INFO; if(empty($conf['notify'])) return; //notify enabled? - $ip = clientIP(); - $text = rawLocale('uploadmail'); - $text = str_replace('@DATE@',dformat(),$text); - $text = str_replace('@BROWSER@',$_SERVER['HTTP_USER_AGENT'],$text); - $text = str_replace('@IPADDRESS@',$ip,$text); - $text = str_replace('@HOSTNAME@',gethostsbyaddrs($ip),$text); - $text = str_replace('@DOKUWIKIURL@',DOKU_URL,$text); - $text = str_replace('@USER@',$_SERVER['REMOTE_USER'],$text); - $text = str_replace('@MIME@',$mime,$text); - $text = str_replace('@MEDIA@',ml($id,'',true,'&',true),$text); - $text = str_replace('@SIZE@',filesize_h(filesize($file)),$text); - if ($old_rev && $conf['mediarevisions']) { - $text = str_replace('@OLD@', ml($id, "rev=$old_rev", true, '&', true), $text); - } else { - $text = str_replace('@OLD@', '', $text); - } + $trep = array( + 'MIME' => $mime, + 'MEDIA' => ml($id,'',true,'&',true), + 'SIZE' => filesize_h(filesize($file)), + ); - if(empty($conf['mailprefix'])) { - $subject = '['.$conf['title'].'] '.$lang['mail_upload'].' '.$id; + if ($old_rev && $conf['mediarevisions']) { + $trep['OLD'] = ml($id, "rev=$old_rev", true, '&', true); } else { - $subject = '['.$conf['mailprefix'].'] '.$lang['mail_upload'].' '.$id; + $trep['OLD'] = '---'; } - mail_send($conf['notify'],$subject,$text,$conf['mailfrom']); + $mail = new Mailer(); + $mail->to($conf['notify']); + $mail->subject($lang['mail_upload'].' '.$id); + $mail->setBody($text,$trep); + return $mail->send(); } /** @@ -645,7 +660,10 @@ function media_tabs_details($image, $selected_tab = ''){ * @author Kate Arzamastseva <pshns@ukr.net> */ function media_tab_files_options(){ - global $lang, $NS; + global $lang; + global $NS; + global $INPUT; + global $ID; $form = new Doku_Form(array('class' => 'options', 'method' => 'get', 'action' => wl($ID))); $media_manager_params = media_managerURL(array(), '', false, true); @@ -653,8 +671,8 @@ function media_tab_files_options(){ $form->addHidden($pKey, $pVal); } $form->addHidden('sectok', null); - if (isset($_REQUEST['q'])) { - $form->addHidden('q', $_REQUEST['q']); + if ($INPUT->has('q')) { + $form->addHidden('q', $INPUT->str('q')); } $form->addElement('<ul>'.NL); foreach(array('list' => array('listType', array('thumbs', 'rows')), @@ -698,9 +716,10 @@ function _media_get_list_type() { } function _media_get_display_param($param, $values) { - if (isset($_REQUEST[$param]) && in_array($_REQUEST[$param], $values)) { + global $INPUT; + if (in_array($INPUT->str($param), $values)) { // FIXME: Set cookie - return $_REQUEST[$param]; + return $INPUT->str($param); } else { $val = get_doku_pref($param, $values['default']); if (!in_array($val, $values)) { @@ -750,14 +769,14 @@ function media_tab_upload($ns,$auth=null,$jump='') { */ function media_tab_search($ns,$auth=null) { global $lang; + global $INPUT; - $do = $_REQUEST['mediado']; - $query = $_REQUEST['q']; - if (!$query) $query = ''; + $do = $INPUT->str('mediado'); + $query = $INPUT->str('q'); echo '<div class="search">'.NL; media_searchform($ns, $query, true); - if ($do == 'searchlist') { + if ($do == 'searchlist' || $query) { media_searchlist($query,$ns,$auth,true,_media_get_sort_type()); } echo '</div>'.NL; @@ -805,14 +824,16 @@ function media_tab_edit($image, $ns, $auth=null) { */ function media_tab_history($image, $ns, $auth=null) { global $lang; + global $INPUT; + if(is_null($auth)) $auth = auth_quickaclcheck("$ns:*"); - $do = $_REQUEST['mediado']; + $do = $INPUT->str('mediado'); if ($auth >= AUTH_READ && $image) { if ($do == 'diff'){ media_diff($image, $ns, $auth); } else { - $first = isset($_REQUEST['first']) ? intval($_REQUEST['first']) : 0; + $first = $INPUT->int('first'); html_revisions($first, $image); } } else { @@ -830,6 +851,7 @@ function media_preview($image, $auth, $rev=false, $meta=false) { $size = media_image_preview_size($image, $rev, $meta); if ($size) { + global $lang; echo '<div class="image">'; $more = array(); @@ -843,7 +865,10 @@ function media_preview($image, $auth, $rev=false, $meta=false) { $more['w'] = $size[0]; $more['h'] = $size[1]; $src = ml($image, $more); + + echo '<a href="'.$src.'" target="_blank" title="'.$lang['mediaview'].'">'; echo '<img src="'.$src.'" alt="" style="max-width: '.$size[0].'px;" />'; + echo '</a>'; echo '</div>'.NL; } @@ -1002,21 +1027,23 @@ function media_details($image, $auth, $rev=false, $meta=false) { function media_diff($image, $ns, $auth, $fromajax = false) { global $lang; global $conf; + global $INPUT; if ($auth < AUTH_READ || !$image || !$conf['mediarevisions']) return ''; - $rev1 = (int) $_REQUEST['rev']; + $rev1 = $INPUT->int('rev'); - if(is_array($_REQUEST['rev2'])){ - $rev1 = (int) $_REQUEST['rev2'][0]; - $rev2 = (int) $_REQUEST['rev2'][1]; + $rev2 = $INPUT->ref('rev2'); + if(is_array($rev2)){ + $rev1 = (int) $rev2[0]; + $rev2 = (int) $rev2[1]; if(!$rev1){ $rev1 = $rev2; unset($rev2); } }else{ - $rev2 = (int) $_REQUEST['rev2']; + $rev2 = $INPUT->int('rev2'); } if ($rev1 && !file_exists(mediaFN($image, $rev1))) $rev1 = false; @@ -1071,7 +1098,9 @@ function _media_file_diff($data) { * @author Kate Arzamastseva <pshns@ukr.net> */ function media_file_diff($image, $l_rev, $r_rev, $ns, $auth, $fromajax){ - global $lang, $config_cascade; + global $lang; + global $config_cascade; + global $INPUT; $l_meta = new JpegMeta(mediaFN($image, $l_rev)); $r_meta = new JpegMeta(mediaFN($image, $r_rev)); @@ -1082,7 +1111,7 @@ function media_file_diff($image, $l_rev, $r_rev, $ns, $auth, $fromajax){ $r_size = media_image_preview_size($image, $r_rev, $r_meta); $is_img = ($l_size && $r_size && ($l_size[0] >= 30 || $r_size[0] >= 30)); - $difftype = $_REQUEST['difftype']; + $difftype = $INPUT->str('difftype'); if (!$fromajax) { $form = new Doku_Form(array( @@ -1110,6 +1139,7 @@ function media_file_diff($image, $l_rev, $r_rev, $ns, $auth, $fromajax){ list($l_head, $r_head) = html_diff_head($l_rev, $r_rev, $image, true); ?> + <div class="table"> <table> <tr> <th><?php echo $l_head; ?></th> @@ -1177,6 +1207,7 @@ function media_file_diff($image, $l_rev, $r_rev, $ns, $auth, $fromajax){ echo '</tr>'.NL; echo '</table>'.NL; + echo '</div>'.NL; if ($is_img && !$fromajax) echo '</div>'; } @@ -1350,11 +1381,11 @@ function media_printfile($item,$auth,$jump,$display_namespace=false){ $info .= filesize_h($item['size']); // output - echo '<div class="'.$zebra.'"'.$jump.'>'.NL; + echo '<div class="'.$zebra.'"'.$jump.' title="'.hsc($item['id']).'">'.NL; if (!$display_namespace) { - echo '<a name="h_:'.$item['id'].'" class="'.$class.'">'.hsc($file).'</a> '; + echo '<a id="h_:'.$item['id'].'" class="'.$class.'">'.hsc($file).'</a> '; } else { - echo '<a name="h_:'.$item['id'].'" class="'.$class.'">'.hsc($item['id']).'</a><br/>'; + echo '<a id="h_:'.$item['id'].'" class="'.$class.'">'.hsc($item['id']).'</a><br/>'; } echo '<span class="info">('.$info.')</span>'.NL; @@ -1411,14 +1442,14 @@ function media_printfile_thumbs($item,$auth,$jump=false,$display_namespace=false $file = utf8_decodeFN($item['file']); // output - echo '<li><dl>'.NL; + echo '<li><dl title="'.hsc($item['id']).'">'.NL; echo '<dt>'; if($item['isimg']) { media_printimgdetail($item, true); } else { - echo '<a name="d_:'.$item['id'].'" class="image" title="'.$item['id'].'" href="'. + echo '<a id="d_:'.$item['id'].'" class="image" title="'.$item['id'].'" href="'. media_managerURL(array('image' => hsc($item['id']), 'ns' => getNS($item['id']), 'tab_details' => 'view')).'">'; echo media_printicon($item['id']); @@ -1431,7 +1462,7 @@ function media_printfile_thumbs($item,$auth,$jump=false,$display_namespace=false $name = hsc($item['id']); } echo '<dd class="name"><a href="'.media_managerURL(array('image' => hsc($item['id']), 'ns' => getNS($item['id']), - 'tab_details' => 'view')).'" name="h_:'.$item['id'].'">'.$name.'</a></dd>'.NL; + 'tab_details' => 'view')).'" id="h_:'.$item['id'].'">'.$name.'</a></dd>'.NL; if($item['isimg']){ $size = ''; @@ -1440,7 +1471,7 @@ function media_printfile_thumbs($item,$auth,$jump=false,$display_namespace=false $size .= (int) $item['meta']->getField('File.Height'); echo '<dd class="size">'.$size.'</dd>'.NL; } else { - echo '<dd class="size"> </dd>'.NL; + echo '<dd class="size"> </dd>'.NL; } $date = dformat($item['mtime']); echo '<dd class="date">'.$date.'</dd>'.NL; @@ -1479,7 +1510,7 @@ function media_printimgdetail($item, $fullscreen=false){ // output if ($fullscreen) { - echo '<a name="l_:'.$item['id'].'" class="image thumb" href="'. + echo '<a id="l_:'.$item['id'].'" class="image thumb" href="'. media_managerURL(array('image' => hsc($item['id']), 'ns' => getNS($item['id']), 'tab_details' => 'view')).'">'; echo '<img src="'.$src.'" '.$att.' />'; echo '</a>'; @@ -1489,7 +1520,7 @@ function media_printimgdetail($item, $fullscreen=false){ echo '<div class="detail">'; echo '<div class="thumb">'; - echo '<a name="d_:'.$item['id'].'" class="select">'; + echo '<a id="d_:'.$item['id'].'" class="select">'; echo '<img src="'.$src.'" '.$att.' />'; echo '</a>'; echo '</div>'; @@ -1525,11 +1556,12 @@ function media_printimgdetail($item, $fullscreen=false){ function media_managerURL($params=false, $amp='&', $abs=false, $params_array=false) { global $conf; global $ID; + global $INPUT; $gets = array('do' => 'media'); $media_manager_params = array('tab_files', 'tab_details', 'image', 'ns', 'list', 'sort'); foreach ($media_manager_params as $x) { - if (isset($_REQUEST[$x])) $gets[$x] = $_REQUEST[$x]; + if ($INPUT->has($x)) $gets[$x] = $INPUT->str($x); } if ($params) { @@ -1553,7 +1585,9 @@ function media_managerURL($params=false, $amp='&', $abs=false, $params_array * @author Kate Arzamastseva <pshns@ukr.net> */ function media_uploadform($ns, $auth, $fullscreen = false){ - global $lang, $conf; + global $lang; + global $conf; + global $INPUT; if($auth < AUTH_UPLOAD) { echo '<div class="nothing">'.$lang['media_perm_upload'].'</div>'.NL; @@ -1563,9 +1597,9 @@ function media_uploadform($ns, $auth, $fullscreen = false){ $update = false; $id = ''; - if ($auth >= $auth_ow && $fullscreen && $_REQUEST['mediado'] == 'update') { + if ($auth >= $auth_ow && $fullscreen && $INPUT->str('mediado') == 'update') { $update = true; - $id = cleanID($_REQUEST['image']); + $id = cleanID($INPUT->str('image')); } // The default HTML upload form @@ -1600,7 +1634,35 @@ function media_uploadform($ns, $auth, $fullscreen = false){ echo NL.'<div id="mediamanager__uploader">'.NL; html_form('upload', $form); + echo '</div>'.NL; + + echo '<p class="maxsize">'; + printf($lang['maxuploadsize'],filesize_h(media_getuploadsize())); + echo '</p>'.NL; + +} + +/** + * Returns the size uploaded files may have + * + * This uses a conservative approach using the lowest number found + * in any of the limiting ini settings + * + * @returns int size in bytes + */ +function media_getuploadsize(){ + $okay = 0; + + $post = (int) php_to_byte(@ini_get('post_max_size')); + $suho = (int) php_to_byte(@ini_get('suhosin.post.max_value_length')); + $upld = (int) php_to_byte(@ini_get('upload_max_filesize')); + + if($post && ($post < $okay || $okay == 0)) $okay = $post; + if($suho && ($suho < $okay || $okay == 0)) $okay = $suho; + if($upld && ($upld < $okay || $okay == 0)) $okay = $upld; + + return $okay; } /** @@ -1667,12 +1729,13 @@ function media_nstree($ns){ * @author Andreas Gohr <andi@splitbrain.org> */ function media_nstree_item($item){ + global $INPUT; $pos = strrpos($item['id'], ':'); $label = substr($item['id'], $pos > 0 ? $pos + 1 : 0); if(!$item['label']) $item['label'] = $label; $ret = ''; - if (!($_REQUEST['do'] == 'media')) + if (!($INPUT->str('do') == 'media')) $ret .= '<a href="'.DOKU_BASE.'lib/exe/mediamanager.php?ns='.idfilter($item['id']).'" class="idx_dir">'; else $ret .= '<a href="'.media_managerURL(array('ns' => idfilter($item['id'], false), 'tab_files' => 'files')) .'" class="idx_dir">'; @@ -1693,7 +1756,7 @@ function media_nstree_li($item){ if($item['open']){ $class .= ' open'; $img = DOKU_BASE.'lib/images/minus.gif'; - $alt = '−'; + $alt = '−'; }else{ $class .= ' closed'; $img = DOKU_BASE.'lib/images/plus.gif'; |