Context Navigation

← Previous Changeset
Next Changeset →

Changeset 962

Timestamp:

03/04/2008 12:40:40 AM (3 years ago)

Author:

DotMG

Message:

This ticket can be seen as a COORDINATION ticket for #692 to trunk. But since {{files}} action in 1.1.7 is a somewhat enhanced version, the issue is taken differently.

actions/files/files.php : porting #692 to trunk
handlers/files.xml/files.xml.php : porting #692 to trunk and adding error messages.
lang/en/en.inc.php : More error messages.

refs #696

Location:

trunk

Files:

: 3 modified

actions/files/files.php (modified) (1 diff)
handlers/files.xml/files.xml.php (modified) (3 diffs)
lang/en/en.inc.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/actions/files/files.php

r736	r962
27	27	* @uses Wakka::HasAccess()
28	28	* @uses Wakka::IsAdmin()
29		* @uses Wakka::MiniHref()
30	29	* @uses Wakka::htmlspecialchars_ent()
	30	* @uses Wakka::FormOpen()
	31	* @uses Wakka::FormClose()
	32	* @uses Wakka::SetConfigValue()
	33	* @uses Wakka::ReturnSafeHTML()
	34	* @uses Config::$upload_path
31	35	*
32	36	* @todo security: check file type, not only extension

trunk/handlers/files.xml/files.xml.php

r738	r962
17	17	* @filesource
18	18	*
19		* @uses Wakka::GetConfigValue()
	19	* @uses mkdir_r()
	20	* @uses Wakka::SetConfigValue()
20	21	* @uses Wakka::GetPageTag()
21	22	* @uses Wakka::HasAccess()
22	23	* @uses Wakka::Href()
23	24	* @uses Wakka::IsAdmin()
24		* @uses Wakka::redirect()
	25	* @uses Wakka::SetRedirectMessage()
	26	* @uses Wakka::Redirect()
25	27	* @uses Config::$upload_path
	28	* @uses Config::$root_page
	29	* @uses WIKKA_ERROR_ACL_READ_INFO
	30	*
26	31	* @todo make shared download code for this and grab code handler
27	32	*/
…	…
38	43	}
39	44
	45	if (!isset($_GET['file']) \|\| !isset($_GET['action']) \|\| !is_string($_GET['file']))
	46	{
	47	// invocation of files.xml must provide $_GET['file'] and $_GET['action'].
	48	// todo: add an error message here: probably, ERROR_BAD_PARAMETERS should be splitted.
	49	$this->Redirect('');
	50	}
	51	if ('.' == $_GET['file']{0})
	52	{
	53	$this->Redirect($this->Href(), ERROR_FILETYPE_NOT_ALLOWED);
	54	}
40	55	// do the action
41	56	switch ($_GET['action']) # #312
…	…
49	64	header("Content-Type: application/x-download");
50	65	header("Content-Disposition: attachment; filename=\"".urldecode($filename)."\"");
51		if (~~$this->HasAccess('read'~~))
	66	if (!file_exists($path))
52	67	{
53		if (isset($_SERVER['HTTP_RANGE']) &&
54		(preg_match('/^.bytes[= ]+(\d+)-(\d+)\s$/', $_SERVER['HTTP_RANGE'], $range)) &&
55		((int) $range[2] >= (int) $range[1])
56		)
57		{
58		$rstart = $range[1];
59		$rend = $range[2];
60		$fp = fopen($path, 'rb');
61		fseek($fp, $rstart+SEEK_SET);
62		$data = fread($fp, $rend - $rstart + 1);
63		fclose($fp);
64		header('Content-Range: bytes '.$rstart.'-'.$rend.'/'.filesize($path));
65		header('HTTP/1.1 206 Partial content');
66		echo $data;
67		exit();
68		}
69		//Header("Content-Length: ".filesize($path));
70		//Header("Connection: close");
71		@ob_end_clean();
72		@ob_end_clean();
	68	$this->Redirect($this->Href(), sprintf(ERROR_NONEXISTENT_FILE, $_GET['file']));
	69	}
	70	if (!$this->HasAccess('read'))
	71	{
	72	// The user may have followed a link from email or external site, but he has no access to the page.
	73	// We redirect this user to the HomePage.
	74	$this->Redirect($this->Href('', $this->GetConfigValue('root_page')), WIKKA_ERROR_ACL_READ_INFO);
	75	}
	76	if (isset($_SERVER['HTTP_RANGE']) &&
	77	(preg_match('/^.bytes[= ]+(\d+)-(\d+)\s$/', $_SERVER['HTTP_RANGE'], $range)) &&
	78	((int) $range[2] >= (int) $range[1])
	79	)
	80	{
	81	$rstart = $range[1];
	82	$rend = $range[2];
73	83	$fp = fopen($path, 'rb');
74		while (!feof($fp))
75		{
76		$data = fread($fp, 4096);
77		echo $data;
78		}
	84	fseek($fp, $rstart+SEEK_SET);
	85	$data = fread($fp, $rend - $rstart + 1);
79	86	fclose($fp);
	87	header('Content-Range: bytes '.$rstart.'-'.$rend.'/'.filesize($path));
	88	header('HTTP/1.1 206 Partial content');
	89	echo $data;
80	90	exit();
81	91	}
	92	//Header("Content-Length: ".filesize($path));
	93	//Header("Connection: close");
	94	@ob_end_clean();
	95	@ob_end_clean();
	96	$fp = fopen($path, 'rb');
	97	while (!feof($fp))
	98	{
	99	$data = fread($fp, 4096);
	100	echo $data;
	101	}
	102	fclose($fp);
	103	exit();
82	104	case 'delete':
83	105	if ($this->IsAdmin())
84	106	{
85		@unlink($upload_path.DIRECTORY_SEPARATOR.$_GET['file']); # #89, #312 // TODO if this is admin-only, why hide any errors?
	107	$delete_success = @unlink($upload_path.DIRECTORY_SEPARATOR.$_GET['file']); # #89, #312
	108	if (!$delete_success)
	109	{
	110	$this->SetRedirectMessage(ERROR_FILE_NOT_DELETED);
	111	}
86	112	}
87		~~print $this->redirect($this->Href());~~
88	113	}
	114	print $this->Redirect($this->Href());
89	115	?>

trunk/lang/en/en.inc.php

r953	r962
234	234
235	235	/**#@+
236		* Language constant used by the {@link files.php files~~} action~~
	236	* Language constant used by the {@link files.php files action} and {@link handlers/files.xml/files.xml.php files.xml handler}
237	237	*/
238	238	// files
…	…
244	244	define('ERROR_FILE_ALREADY_EXISTS', 'Sorry, a file named %s already exists.'); // %s - file name ref
245	245	define('ERROR_EXTENSION_NOT_ALLOWED', 'Sorry, files with this extension are not allowed.');
	246	define('ERROR_FILETYPE_NOT_ALLOWED', 'Sorry, files of this type are not allowed.');
	247	define('ERROR_FILE_NOT_DELETED', 'Sorry, the file could not be deleted!');
246	248	define('ERROR_FILE_TOO_BIG', 'Attempted file upload was too big. Maximum allowed size is %s.'); // %s - allowed filesize
247	249	define('ERROR_NO_FILE_SELECTED', 'No file selected.');