[MODULES] Allow to upload third party plugins
Fixed some bugs
This commit is contained in:
parent
ca22279797
commit
0d7c0069f2
|
@ -60,7 +60,7 @@ class PluginenableAction extends Action
|
||||||
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
|
||||||
// TRANS: Client error displayed when trying to use another method than POST.
|
// TRANS: Client error displayed when trying to use another method than POST.
|
||||||
// TRANS: Do not translate POST.
|
// TRANS: Do not translate POST.
|
||||||
$this->clientError(_('This action only accepts POST requests.'));
|
$this->clientError(_m('This action only accepts POST requests.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
// CSRF protection
|
// CSRF protection
|
||||||
|
@ -99,7 +99,7 @@ class PluginenableAction extends Action
|
||||||
/**
|
/**
|
||||||
* Handle request
|
* Handle request
|
||||||
*
|
*
|
||||||
* Does the subscription and returns results.
|
* Enables the plugin and returns results.
|
||||||
*
|
*
|
||||||
* @return void
|
* @return void
|
||||||
* @throws ClientException
|
* @throws ClientException
|
||||||
|
|
198
actions/plugininstall.php
Normal file
198
actions/plugininstall.php
Normal file
|
@ -0,0 +1,198 @@
|
||||||
|
<?php
|
||||||
|
// This file is part of GNU social - https://www.gnu.org/software/social
|
||||||
|
//
|
||||||
|
// GNU social is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// GNU social is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
defined('STATUSNET') || die();
|
||||||
|
|
||||||
|
require_once INSTALLDIR . '/lib/deletetree.php';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Plugin install action.
|
||||||
|
*
|
||||||
|
* Uploads a third party plugin to the right directories.
|
||||||
|
*
|
||||||
|
* Takes parameters:
|
||||||
|
*
|
||||||
|
* - pluginfile: plugin file
|
||||||
|
* - token: session token to prevent CSRF attacks
|
||||||
|
* - ajax: bool; whether to return Ajax or full-browser results
|
||||||
|
*
|
||||||
|
* Only works if the current user is logged in.
|
||||||
|
*
|
||||||
|
* @category Action
|
||||||
|
* @package GNUsocial
|
||||||
|
* @author Diogo Cordeiro <diogo@fc.up.pt>
|
||||||
|
* @copyright 2019 Free Software Foundation, Inc http://www.fsf.org
|
||||||
|
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
|
||||||
|
*/
|
||||||
|
class PlugininstallAction extends Action
|
||||||
|
{
|
||||||
|
public $pluginfile = null;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $args
|
||||||
|
* @return bool
|
||||||
|
* @throws ClientException
|
||||||
|
*/
|
||||||
|
public function prepare(array $args = [])
|
||||||
|
{
|
||||||
|
parent::prepare($args);
|
||||||
|
|
||||||
|
// @fixme these are pretty common, should a parent class factor these out?
|
||||||
|
|
||||||
|
// Only allow POST requests
|
||||||
|
|
||||||
|
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
|
||||||
|
// TRANS: Client error displayed when trying to use another method than POST.
|
||||||
|
// TRANS: Do not translate POST.
|
||||||
|
$this->clientError(_('This action only accepts POST requests.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
// CSRF protection
|
||||||
|
|
||||||
|
$token = $this->trimmed('token');
|
||||||
|
|
||||||
|
if (!$token || $token != common_session_token()) {
|
||||||
|
// TRANS: Client error displayed when the session token does not match or is not given.
|
||||||
|
$this->clientError(_m('There was a problem with your session token.'.
|
||||||
|
' Try again, please.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Only for logged-in users
|
||||||
|
|
||||||
|
$this->user = common_current_user();
|
||||||
|
|
||||||
|
if (empty($this->user)) {
|
||||||
|
// TRANS: Error message displayed when trying to perform an action that requires a logged in user.
|
||||||
|
$this->clientError(_m('Not logged in.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!AdminPanelAction::canAdmin('plugins')) {
|
||||||
|
// TRANS: Client error displayed when trying to enable or disable a plugin without access rights.
|
||||||
|
$this->clientError(_m('You cannot administer plugins.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!is_writable(INSTALLDIR . '/local/plugins/') ||
|
||||||
|
!is_writable(PUBLICDIR . '/local/plugins/')) {
|
||||||
|
$this->clientError(_m("No permissions to write on the third party plugin upload directory(ies)."));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Only handle if we receive an upload request
|
||||||
|
*
|
||||||
|
* @throws ClientException
|
||||||
|
* @throws NoUploadedMediaException
|
||||||
|
*/
|
||||||
|
protected function handle()
|
||||||
|
{
|
||||||
|
if ($this->trimmed('upload')) {
|
||||||
|
$this->uploadPlugin();
|
||||||
|
$url = common_local_url('pluginsadminpanel');
|
||||||
|
common_redirect($url, 303);
|
||||||
|
} else {
|
||||||
|
// TRANS: Unexpected validation error on plugin upload form.
|
||||||
|
throw new ClientException(_('Unexpected form submission.'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handle a plugin upload
|
||||||
|
*
|
||||||
|
* Does all the magic for handling a plugin upload.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
* @throws ClientException
|
||||||
|
* @throws NoUploadedMediaException
|
||||||
|
*/
|
||||||
|
public function uploadPlugin(): void
|
||||||
|
{
|
||||||
|
// The existence of the "error" element means PHP has processed it properly even if it was ok.
|
||||||
|
$form_name = 'pluginfile';
|
||||||
|
if (!isset($_FILES[$form_name]) || !isset($_FILES[$form_name]['error'])) {
|
||||||
|
throw new NoUploadedMediaException($form_name);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($_FILES[$form_name]['error'] != UPLOAD_ERR_OK) {
|
||||||
|
throw new ClientException(_m('System error uploading file.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
$filename = basename($_FILES[$form_name]['name']);
|
||||||
|
$ext = null;
|
||||||
|
if (preg_match('/^.+?\.([A-Za-z0-9]+)$/', $filename, $matches) === 1) {
|
||||||
|
// we matched on a file extension, so let's see if it means something.
|
||||||
|
$ext = mb_strtolower($matches[1]);
|
||||||
|
$plugin_name = basename($filename, '.'.$ext);
|
||||||
|
$temp_path = INSTALLDIR.DIRECTORY_SEPARATOR.ltrim($_FILES[$form_name]['tmp_name'], '/tmp/').'.'.$ext;
|
||||||
|
if (!in_array($ext, ['tar', 'zip'])) { // IF not a Phar extension
|
||||||
|
$ext = null; // Let it throw exception below
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (is_null($ext)) {
|
||||||
|
// garbage collect
|
||||||
|
@unlink($_FILES[$form_name]['tmp_name']);
|
||||||
|
throw new ClientException(_m('Invalid plugin package extension. Must be either tar or zip.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
move_uploaded_file($_FILES[$form_name]['tmp_name'], $temp_path);
|
||||||
|
$this->extractPlugin($temp_path, $plugin_name);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Plugin extractor
|
||||||
|
* The file should have the plugin_name (plus the extension) and inside two directories, the `includes` which will
|
||||||
|
* be unpacked to local/plugins/:filename and a `public` which will go to public/local/plugins/:filename
|
||||||
|
*
|
||||||
|
* @param $temp_path string Current location of the plugin package (either a tarball or a zip archive)
|
||||||
|
* @param $plugin_name string see uploadPlugin()
|
||||||
|
* @throws ClientException If anything goes wrong
|
||||||
|
*/
|
||||||
|
public function extractPlugin($temp_path, $plugin_name): void
|
||||||
|
{
|
||||||
|
$phar = new PharData($temp_path);
|
||||||
|
$dest_installdir = INSTALLDIR . '/local/plugins/'.$plugin_name;
|
||||||
|
$dest_publicdir = PUBLICDIR . '/local/plugins/'.$plugin_name;
|
||||||
|
try {
|
||||||
|
$phar->extractTo($dest_installdir, 'includes', false);
|
||||||
|
$phar->extractTo($dest_publicdir, 'public', false);
|
||||||
|
} catch (PharException $e) {
|
||||||
|
// garbage collect
|
||||||
|
@unlink($temp_path);
|
||||||
|
// Rollback
|
||||||
|
deleteTree($dest_installdir);
|
||||||
|
deleteTree($dest_publicdir);
|
||||||
|
// Warn about the failure
|
||||||
|
throw new ClientException($e->getMessage());
|
||||||
|
}
|
||||||
|
foreach ([$dest_installdir.'includes',
|
||||||
|
$dest_publicdir.'public'] as $source) {
|
||||||
|
$files = scandir("source");
|
||||||
|
foreach ($files as $file) {
|
||||||
|
if (in_array($file, ['.', '..'])) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
rename($source . $file, dirname($source) . $file);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
rmdir($dest_installdir.'includes');
|
||||||
|
rmdir($dest_publicdir.'public');
|
||||||
|
|
||||||
|
// garbage collect
|
||||||
|
@unlink($temp_path);
|
||||||
|
}
|
||||||
|
}
|
|
@ -36,7 +36,7 @@ class PluginsadminpanelAction extends AdminPanelAction
|
||||||
function title()
|
function title()
|
||||||
{
|
{
|
||||||
// TRANS: Tab and title for plugins admin panel.
|
// TRANS: Tab and title for plugins admin panel.
|
||||||
return _m('TITLE','Plugins');
|
return _m('TITLE', 'Plugins');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -48,8 +48,8 @@ class PluginsadminpanelAction extends AdminPanelAction
|
||||||
{
|
{
|
||||||
// TRANS: Instructions at top of plugin admin page.
|
// TRANS: Instructions at top of plugin admin page.
|
||||||
return _m('Additional plugins can be enabled and configured manually. ' .
|
return _m('Additional plugins can be enabled and configured manually. ' .
|
||||||
'See the <a href="https://notabug.org/diogo/gnu-social/src/nightly/plugins/README.md">online plugin ' .
|
'See the <a href="https://notabug.org/diogo/gnu-social/src/nightly/plugins/README.md">online plugin ' .
|
||||||
'documentation</a> for more details.');
|
'documentation</a> for more details.');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -59,6 +59,46 @@ class PluginsadminpanelAction extends AdminPanelAction
|
||||||
*/
|
*/
|
||||||
function showForm()
|
function showForm()
|
||||||
{
|
{
|
||||||
|
$this->elementStart('form', [
|
||||||
|
'enctype' => 'multipart/form-data',
|
||||||
|
'method' => 'post',
|
||||||
|
'id' => 'form_install_plugin',
|
||||||
|
'class' => 'form_settings',
|
||||||
|
'action' =>
|
||||||
|
common_local_url('plugininstall')
|
||||||
|
]);
|
||||||
|
$this->elementStart('fieldset');
|
||||||
|
// TRANS: Avatar upload page form legend.
|
||||||
|
$this->element('legend', null, _('Install Plugin'));
|
||||||
|
$this->hidden('token', common_session_token());
|
||||||
|
|
||||||
|
$this->elementStart('ul', 'form_data');
|
||||||
|
|
||||||
|
$this->elementStart('li', ['id' => 'settings_attach']);
|
||||||
|
$this->element('input', [
|
||||||
|
'name' => 'MAX_FILE_SIZE',
|
||||||
|
'type' => 'hidden',
|
||||||
|
'id' => 'MAX_FILE_SIZE',
|
||||||
|
'value' => common_config('attachments', 'file_quota')
|
||||||
|
]);
|
||||||
|
$this->element('input', [
|
||||||
|
'name' => 'pluginfile',
|
||||||
|
'type' => 'file',
|
||||||
|
'id' => 'pluginfile'
|
||||||
|
]);
|
||||||
|
$this->elementEnd('li');
|
||||||
|
$this->elementEnd('ul');
|
||||||
|
|
||||||
|
$this->elementStart('ul', 'form_actions');
|
||||||
|
$this->elementStart('li');
|
||||||
|
// TRANS: Button on avatar upload page to upload an avatar.
|
||||||
|
$this->submit('upload', _m('BUTTON', 'Upload'));
|
||||||
|
$this->elementEnd('li');
|
||||||
|
$this->elementEnd('ul');
|
||||||
|
|
||||||
|
$this->elementEnd('fieldset');
|
||||||
|
$this->elementEnd('form');
|
||||||
|
|
||||||
$this->elementStart('fieldset', ['id' => 'settings_plugins_default']);
|
$this->elementStart('fieldset', ['id' => 'settings_plugins_default']);
|
||||||
|
|
||||||
// TRANS: Admin form section header
|
// TRANS: Admin form section header
|
||||||
|
@ -74,4 +114,9 @@ class PluginsadminpanelAction extends AdminPanelAction
|
||||||
$list = new PluginList($this);
|
$list = new PluginList($this);
|
||||||
$list->show();
|
$list->show();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function saveSettings()
|
||||||
|
{
|
||||||
|
parent::saveSettings();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -261,7 +261,14 @@ class File extends Managed_DataObject
|
||||||
|
|
||||||
$file = new File;
|
$file = new File;
|
||||||
|
|
||||||
$query = "select sum(size) as total from file join file_to_post on file_to_post.file_id = file.id join notice on file_to_post.post_id = notice.id where profile_id = {$scoped->id} and file.url like '%/notice/%/file'";
|
$query = "SELECT sum(size) AS total
|
||||||
|
FROM file
|
||||||
|
INNER JOIN file_to_post
|
||||||
|
ON file_to_post.file_id = file.id
|
||||||
|
INNER JOIN notice
|
||||||
|
ON file_to_post.post_id = notice.id
|
||||||
|
WHERE profile_id = {$scoped->id} AND
|
||||||
|
file.url LIKE '%/notice/%/file'";
|
||||||
$file->query($query);
|
$file->query($query);
|
||||||
$file->fetch();
|
$file->fetch();
|
||||||
$total = $file->total + $fileSize;
|
$total = $file->total + $fileSize;
|
||||||
|
@ -279,7 +286,7 @@ class File extends Managed_DataObject
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
$query .= ' AND EXTRACT(month FROM file.modified) = EXTRACT(month FROM now()) and EXTRACT(year FROM file.modified) = EXTRACT(year FROM now())';
|
$query .= ' AND EXTRACT(month FROM file.modified) = EXTRACT(month FROM now()) AND EXTRACT(year FROM file.modified) = EXTRACT(year FROM now())';
|
||||||
$file->query($query);
|
$file->query($query);
|
||||||
$file->fetch();
|
$file->fetch();
|
||||||
$total = $file->total + $fileSize;
|
$total = $file->total + $fileSize;
|
||||||
|
@ -381,10 +388,10 @@ class File extends Managed_DataObject
|
||||||
// If we can't recognize the extension from the MIME, we try
|
// If we can't recognize the extension from the MIME, we try
|
||||||
// to guess based on filename, if one was supplied.
|
// to guess based on filename, if one was supplied.
|
||||||
if (!is_null($filename)) {
|
if (!is_null($filename)) {
|
||||||
$ext = getSafeExtension($filename);
|
$ext = self::getSafeExtension($filename);
|
||||||
if ($ext === false) {
|
if ($ext === false) {
|
||||||
// we don't have a safe replacement extension
|
// we don't have a safe replacement extension
|
||||||
throw new ClientException(_('Blacklisted file extension.'));
|
throw new ClientException(_m('Blacklisted file extension.'));
|
||||||
} else {
|
} else {
|
||||||
return $ext;
|
return $ext;
|
||||||
}
|
}
|
||||||
|
@ -645,7 +652,7 @@ class File extends Managed_DataObject
|
||||||
if ($info !== false) {
|
if ($info !== false) {
|
||||||
return $info['mime'];
|
return $info['mime'];
|
||||||
} else {
|
} else {
|
||||||
throw new UnsupportedMediaException(_("Thumbnail is not an image."));
|
throw new UnsupportedMediaException(_m("Thumbnail is not an image."));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
53
lib/deletetree.php
Normal file
53
lib/deletetree.php
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
<?php
|
||||||
|
/*
|
||||||
|
* StatusNet - the distributed open-source microblogging tool
|
||||||
|
* Copyright (C) 2008, 2009, StatusNet, Inc.
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Recursively deletes a directory tree.
|
||||||
|
*
|
||||||
|
* @param string $folder The directory path.
|
||||||
|
* @param bool $keepRootFolder Whether to keep the top-level folder.
|
||||||
|
* @return bool TRUE on success, otherwise FALSE.
|
||||||
|
*/
|
||||||
|
function deleteTree(
|
||||||
|
$folder,
|
||||||
|
$keepRootFolder = false
|
||||||
|
) {
|
||||||
|
// Handle bad arguments.
|
||||||
|
if (empty($folder) || !file_exists($folder)) {
|
||||||
|
return true; // No such file/folder exists.
|
||||||
|
} elseif (is_file($folder) || is_link($folder)) {
|
||||||
|
return @unlink($folder); // Delete file/link.
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete all children.
|
||||||
|
$files = new RecursiveIteratorIterator(
|
||||||
|
new RecursiveDirectoryIterator($folder, RecursiveDirectoryIterator::SKIP_DOTS),
|
||||||
|
RecursiveIteratorIterator::CHILD_FIRST
|
||||||
|
);
|
||||||
|
|
||||||
|
foreach ($files as $fileinfo) {
|
||||||
|
$action = ($fileinfo->isDir() ? 'rmdir' : 'unlink');
|
||||||
|
if (!@$action($fileinfo->getRealPath())) {
|
||||||
|
return false; // Abort due to the failure.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete the root folder itself?
|
||||||
|
return (!$keepRootFolder ? @rmdir($folder) : true);
|
||||||
|
}
|
|
@ -181,7 +181,7 @@ class MediaFile
|
||||||
if ($file_id===false) {
|
if ($file_id===false) {
|
||||||
common_log_db_error($file, "INSERT", __FILE__);
|
common_log_db_error($file, "INSERT", __FILE__);
|
||||||
// TRANS: Client exception thrown when a database error was thrown during a file upload operation.
|
// TRANS: Client exception thrown when a database error was thrown during a file upload operation.
|
||||||
throw new ClientException(_('There was a database error while saving your file. Please try again.'));
|
throw new ClientException(_m('There was a database error while saving your file. Please try again.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set file geometrical properties if available
|
// Set file geometrical properties if available
|
||||||
|
@ -244,7 +244,7 @@ class MediaFile
|
||||||
public static function encodeFilename($original_name, string $filehash, $ext = null) : string
|
public static function encodeFilename($original_name, string $filehash, $ext = null) : string
|
||||||
{
|
{
|
||||||
if (empty($original_name)) {
|
if (empty($original_name)) {
|
||||||
$original_name = _('Untitled attachment');
|
$original_name = _m('Untitled attachment');
|
||||||
}
|
}
|
||||||
|
|
||||||
// If we're given an extension explicitly, use it, otherwise...
|
// If we're given an extension explicitly, use it, otherwise...
|
||||||
|
@ -253,7 +253,7 @@ class MediaFile
|
||||||
// null if no extension
|
// null if no extension
|
||||||
File::getSafeExtension($original_name);
|
File::getSafeExtension($original_name);
|
||||||
if ($ext === false) {
|
if ($ext === false) {
|
||||||
throw new ClientException(_('Blacklisted file extension.'));
|
throw new ClientException(_m('Blacklisted file extension.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!empty($ext)) {
|
if (!empty($ext)) {
|
||||||
|
@ -315,7 +315,7 @@ class MediaFile
|
||||||
* This format should be respected. Notice the dash, which is important to distinguish it from the previous
|
* This format should be respected. Notice the dash, which is important to distinguish it from the previous
|
||||||
* format ("{$hash}.{$ext}")
|
* format ("{$hash}.{$ext}")
|
||||||
*
|
*
|
||||||
* @param string $param
|
* @param string $param Form name
|
||||||
* @param Profile|null $scoped
|
* @param Profile|null $scoped
|
||||||
* @return ImageFile|MediaFile
|
* @return ImageFile|MediaFile
|
||||||
* @throws ClientException
|
* @throws ClientException
|
||||||
|
@ -328,7 +328,7 @@ class MediaFile
|
||||||
public static function fromUpload(string $param='media', Profile $scoped=null)
|
public static function fromUpload(string $param='media', Profile $scoped=null)
|
||||||
{
|
{
|
||||||
// The existence of the "error" element means PHP has processed it properly even if it was ok.
|
// The existence of the "error" element means PHP has processed it properly even if it was ok.
|
||||||
if (!isset($_FILES[$param]) || !isset($_FILES[$param]['error'])) {
|
if (!(isset($_FILES[$param]) && isset($_FILES[$param]['error']))) {
|
||||||
throw new NoUploadedMediaException($param);
|
throw new NoUploadedMediaException($param);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -340,29 +340,29 @@ class MediaFile
|
||||||
// TRANS: Exception thrown when too large a file is uploaded.
|
// TRANS: Exception thrown when too large a file is uploaded.
|
||||||
// TRANS: %s is the maximum file size, for example "500b", "10kB" or "2MB".
|
// TRANS: %s is the maximum file size, for example "500b", "10kB" or "2MB".
|
||||||
throw new ClientException(sprintf(
|
throw new ClientException(sprintf(
|
||||||
_('That file is too big. The maximum file size is %s.'),
|
_m('That file is too big. The maximum file size is %s.'),
|
||||||
self::maxFileSize()
|
self::maxFileSize()
|
||||||
));
|
));
|
||||||
case UPLOAD_ERR_PARTIAL:
|
case UPLOAD_ERR_PARTIAL:
|
||||||
@unlink($_FILES[$param]['tmp_name']);
|
@unlink($_FILES[$param]['tmp_name']);
|
||||||
// TRANS: Client exception.
|
// TRANS: Client exception.
|
||||||
throw new ClientException(_('The uploaded file was only partially uploaded.'));
|
throw new ClientException(_m('The uploaded file was only partially uploaded.'));
|
||||||
case UPLOAD_ERR_NO_FILE:
|
case UPLOAD_ERR_NO_FILE:
|
||||||
// No file; probably just a non-AJAX submission.
|
// No file; probably just a non-AJAX submission.
|
||||||
throw new NoUploadedMediaException($param);
|
throw new NoUploadedMediaException($param);
|
||||||
case UPLOAD_ERR_NO_TMP_DIR:
|
case UPLOAD_ERR_NO_TMP_DIR:
|
||||||
// TRANS: Client exception thrown when a temporary folder is not present to store a file upload.
|
// TRANS: Client exception thrown when a temporary folder is not present to store a file upload.
|
||||||
throw new ClientException(_('Missing a temporary folder.'));
|
throw new ClientException(_m('Missing a temporary folder.'));
|
||||||
case UPLOAD_ERR_CANT_WRITE:
|
case UPLOAD_ERR_CANT_WRITE:
|
||||||
// TRANS: Client exception thrown when writing to disk is not possible during a file upload operation.
|
// TRANS: Client exception thrown when writing to disk is not possible during a file upload operation.
|
||||||
throw new ClientException(_('Failed to write file to disk.'));
|
throw new ClientException(_m('Failed to write file to disk.'));
|
||||||
case UPLOAD_ERR_EXTENSION:
|
case UPLOAD_ERR_EXTENSION:
|
||||||
// TRANS: Client exception thrown when a file upload operation has been stopped by an extension.
|
// TRANS: Client exception thrown when a file upload operation has been stopped by an extension.
|
||||||
throw new ClientException(_('File upload stopped by extension.'));
|
throw new ClientException(_m('File upload stopped by extension.'));
|
||||||
default:
|
default:
|
||||||
common_log(LOG_ERR, __METHOD__ . ": Unknown upload error " . $_FILES[$param]['error']);
|
common_log(LOG_ERR, __METHOD__ . ": Unknown upload error " . $_FILES[$param]['error']);
|
||||||
// TRANS: Client exception thrown when a file upload operation has failed with an unknown reason.
|
// TRANS: Client exception thrown when a file upload operation has failed with an unknown reason.
|
||||||
throw new ClientException(_('System error uploading file.'));
|
throw new ClientException(_m('System error uploading file.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$filehash = strtolower(self::getHashOfFile($_FILES[$param]['tmp_name']));
|
$filehash = strtolower(self::getHashOfFile($_FILES[$param]['tmp_name']));
|
||||||
|
@ -386,19 +386,19 @@ class MediaFile
|
||||||
|
|
||||||
$basename = basename($_FILES[$param]['name']);
|
$basename = basename($_FILES[$param]['name']);
|
||||||
|
|
||||||
if ($media === 'image') {
|
if ($media == 'image') {
|
||||||
// Use -1 for the id to avoid adding this temporary file to the DB
|
// Use -1 for the id to avoid adding this temporary file to the DB
|
||||||
$img = new ImageFile(-1, $_FILES[$param]['tmp_name']);
|
$img = new ImageFile(-1, $_FILES[$param]['tmp_name']);
|
||||||
// Validate the image by reencoding it. Additionally normalizes old formats to PNG,
|
// Validate the image by re-encoding it. Additionally normalizes old formats to PNG,
|
||||||
// keeping JPEG and GIF untouched
|
// keeping JPEG and GIF untouched
|
||||||
$outpath = $img->resizeTo($img->filepath);
|
$outpath = $img->resizeTo($img->filepath);
|
||||||
$ext = image_type_to_extension($img->preferredType(), false);
|
$ext = image_type_to_extension($img->preferredType(), false);
|
||||||
}
|
}
|
||||||
|
$filename = self::encodeFilename($basename, $filehash, isset($ext) ? $ext : File::getSafeExtension($basename));
|
||||||
|
|
||||||
$filename = self::encodeFilename($basename, $filehash, $ext);
|
|
||||||
$filepath = File::path($filename);
|
$filepath = File::path($filename);
|
||||||
|
|
||||||
if ($media === 'image') {
|
if ($media == 'image') {
|
||||||
$result = rename($outpath, $filepath);
|
$result = rename($outpath, $filepath);
|
||||||
} else {
|
} else {
|
||||||
$result = move_uploaded_file($_FILES[$param]['tmp_name'], $filepath);
|
$result = move_uploaded_file($_FILES[$param]['tmp_name'], $filepath);
|
||||||
|
@ -407,10 +407,10 @@ class MediaFile
|
||||||
// TRANS: Client exception thrown when a file upload operation fails because the file could
|
// TRANS: Client exception thrown when a file upload operation fails because the file could
|
||||||
// TRANS: not be moved from the temporary folder to the permanent file location.
|
// TRANS: not be moved from the temporary folder to the permanent file location.
|
||||||
// UX: too specific
|
// UX: too specific
|
||||||
throw new ClientException(_('File could not be moved to destination directory.'));
|
throw new ClientException(_m('File could not be moved to destination directory.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($media === 'image') {
|
if ($media == 'image') {
|
||||||
return new ImageFile(null, $filepath);
|
return new ImageFile(null, $filepath);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -443,7 +443,7 @@ class MediaFile
|
||||||
if (false === file_put_contents($e->path, fread($fh, filesize($stream['uri'])))) {
|
if (false === file_put_contents($e->path, fread($fh, filesize($stream['uri'])))) {
|
||||||
// TRANS: Client exception thrown when a file upload operation fails because the file could
|
// TRANS: Client exception thrown when a file upload operation fails because the file could
|
||||||
// TRANS: not be moved from the temporary folder to the permanent file location.
|
// TRANS: not be moved from the temporary folder to the permanent file location.
|
||||||
throw new ClientException(_('File could not be moved to destination directory.'));
|
throw new ClientException(_m('File could not be moved to destination directory.'));
|
||||||
}
|
}
|
||||||
if (!chmod($e->path, 0664)) {
|
if (!chmod($e->path, 0664)) {
|
||||||
common_log(LOG_ERR, 'Could not chmod uploaded file: '._ve($e->path));
|
common_log(LOG_ERR, 'Could not chmod uploaded file: '._ve($e->path));
|
||||||
|
@ -467,7 +467,7 @@ class MediaFile
|
||||||
common_log(LOG_ERR, 'File could not be moved (or chmodded) from '._ve($stream['uri']) . ' to ' . _ve($filepath));
|
common_log(LOG_ERR, 'File could not be moved (or chmodded) from '._ve($stream['uri']) . ' to ' . _ve($filepath));
|
||||||
// TRANS: Client exception thrown when a file upload operation fails because the file could
|
// TRANS: Client exception thrown when a file upload operation fails because the file could
|
||||||
// TRANS: not be moved from the temporary folder to the permanent file location.
|
// TRANS: not be moved from the temporary folder to the permanent file location.
|
||||||
throw new ClientException(_('File could not be moved to destination directory.'));
|
throw new ClientException(_m('File could not be moved to destination directory.'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -614,12 +614,12 @@ class MediaFile
|
||||||
// TRANS: Client exception thrown trying to upload a forbidden MIME type.
|
// TRANS: Client exception thrown trying to upload a forbidden MIME type.
|
||||||
// TRANS: %1$s is the file type that was denied, %2$s is the application part of
|
// TRANS: %1$s is the file type that was denied, %2$s is the application part of
|
||||||
// TRANS: the MIME type that was denied.
|
// TRANS: the MIME type that was denied.
|
||||||
$hint = sprintf(_('"%1$s" is not a supported file type on this server. ' .
|
$hint = sprintf(_m('"%1$s" is not a supported file type on this server. ' .
|
||||||
'Try using another %2$s format.'), $mimetype, $media);
|
'Try using another %2$s format.'), $mimetype, $media);
|
||||||
} else {
|
} else {
|
||||||
// TRANS: Client exception thrown trying to upload a forbidden MIME type.
|
// TRANS: Client exception thrown trying to upload a forbidden MIME type.
|
||||||
// TRANS: %s is the file type that was denied.
|
// TRANS: %s is the file type that was denied.
|
||||||
$hint = sprintf(_('"%s" is not a supported file type on this server.'), $mimetype);
|
$hint = sprintf(_m('"%s" is not a supported file type on this server.'), $mimetype);
|
||||||
}
|
}
|
||||||
throw new ClientException($hint);
|
throw new ClientException($hint);
|
||||||
}
|
}
|
||||||
|
@ -632,7 +632,7 @@ class MediaFile
|
||||||
*/
|
*/
|
||||||
public static function getDisplayName(File $file) : string {
|
public static function getDisplayName(File $file) : string {
|
||||||
if (empty($file->filename)) {
|
if (empty($file->filename)) {
|
||||||
return _('Untitled attachment');
|
return _m('Untitled attachment');
|
||||||
}
|
}
|
||||||
|
|
||||||
// New file name format is "{bin2hex(original_name.ext)}-{$hash}"
|
// New file name format is "{bin2hex(original_name.ext)}-{$hash}"
|
||||||
|
@ -650,7 +650,7 @@ class MediaFile
|
||||||
$ret = preg_match('/^.+?\.+?(.+)$/', $file->filename, $matches);
|
$ret = preg_match('/^.+?\.+?(.+)$/', $file->filename, $matches);
|
||||||
if ($ret !== 1) {
|
if ($ret !== 1) {
|
||||||
common_log(LOG_ERR, $log_error_msg);
|
common_log(LOG_ERR, $log_error_msg);
|
||||||
return _('Untitled attachment');
|
return _m('Untitled attachment');
|
||||||
}
|
}
|
||||||
$ext = $matches[1];
|
$ext = $matches[1];
|
||||||
// There's a blacklisted extension array, which could have an alternative
|
// There's a blacklisted extension array, which could have an alternative
|
||||||
|
|
|
@ -811,6 +811,8 @@ class Router
|
||||||
$m->connect('panel/plugins/disable/:plugin',
|
$m->connect('panel/plugins/disable/:plugin',
|
||||||
['action' => 'plugindisable'],
|
['action' => 'plugindisable'],
|
||||||
['plugin' => '[A-Za-z0-9_]+']);
|
['plugin' => '[A-Za-z0-9_]+']);
|
||||||
|
$m->connect('panel/plugins/install',
|
||||||
|
['action' => 'plugininstall']);
|
||||||
|
|
||||||
// Common people-tag stuff
|
// Common people-tag stuff
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user