3 * StatusNet - the distributed open-source microblogging tool
4 * Copyright (C) 2008, 2009, StatusNet, Inc.
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
16 * You should have received a copy of the GNU Affero General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 if (!defined('GNUSOCIAL')) { exit(1); }
23 * Table Definition for file
25 class File extends Managed_DataObject
27 public $__table = 'file'; // table name
28 public $id; // int(4) primary_key not_null
29 public $urlhash; // varchar(64) unique_key
31 public $filehash; // varchar(64) indexed
32 public $mimetype; // varchar(50)
33 public $size; // int(4)
34 public $title; // text()
35 public $date; // int(4)
36 public $protected; // int(4)
37 public $filename; // text()
38 public $width; // int(4)
39 public $height; // int(4)
40 public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
42 const URLHASH_ALG = 'sha256';
43 const FILEHASH_ALG = 'sha256';
45 public static function schemaDef()
49 'id' => array('type' => 'serial', 'not null' => true),
50 'urlhash' => array('type' => 'varchar', 'length' => 64, 'not null' => true, 'description' => 'sha256 of destination URL (url field)'),
51 'url' => array('type' => 'text', 'description' => 'destination URL after following possible redirections'),
52 'filehash' => array('type' => 'varchar', 'length' => 64, 'not null' => false, 'description' => 'sha256 of the file contents, only for locally stored files of course'),
53 'mimetype' => array('type' => 'varchar', 'length' => 50, 'description' => 'mime type of resource'),
54 'size' => array('type' => 'int', 'description' => 'size of resource when available'),
55 'title' => array('type' => 'text', 'description' => 'title of resource when available'),
56 'date' => array('type' => 'int', 'description' => 'date of resource according to http query'),
57 'protected' => array('type' => 'int', 'description' => 'true when URL is private (needs login)'),
58 'filename' => array('type' => 'text', 'description' => 'if file is stored locally (too) this is the filename'),
59 'width' => array('type' => 'int', 'description' => 'width in pixels, if it can be described as such and data is available'),
60 'height' => array('type' => 'int', 'description' => 'height in pixels, if it can be described as such and data is available'),
62 'modified' => array('type' => 'timestamp', 'not null' => true, 'description' => 'date this record was modified'),
64 'primary key' => array('id'),
65 'unique keys' => array(
66 'file_urlhash_key' => array('urlhash'),
69 'file_filehash_idx' => array('filehash'),
74 public static function isProtected($url) {
76 $protected_urls_exps = array(
77 'https://www.facebook.com/login.php',
78 common_path('main/login')
81 foreach ($protected_urls_exps as $protected_url_exp) {
82 if (preg_match('!^'.preg_quote($protected_url_exp).'(.*)$!i', $url) === 1) {
91 * Save a new file record.
93 * @param array $redir_data lookup data eg from File_redirection::where()
94 * @param string $given_url
97 public static function saveNew(array $redir_data, $given_url)
101 // I don't know why we have to keep doing this but we run a last check to avoid
103 $file = File::getByUrl($given_url);
105 } catch (NoResultException $e) {
106 // We don't have the file's URL since before, so let's continue.
109 // if the given url is an local attachment url and the id already exists, don't
110 // save a new file record. This should never happen, but let's make it foolproof
111 // FIXME: how about attachments servers?
112 $u = parse_url($given_url);
113 if (isset($u['host']) && $u['host'] === common_config('site', 'server')) {
115 // Skip the / in the beginning or $r->map won't match
117 $args = $r->map(mb_substr($u['path'], 1));
118 if ($args['action'] === 'attachment') {
120 // $args['attachment'] should always be set if action===attachment, given our routing rules
121 $file = File::getByID($args['attachment']);
123 } catch (EmptyIdException $e) {
124 // ...but $args['attachment'] can also be 0...
125 } catch (NoResultException $e) {
126 // apparently this link goes to us, but is _not_ an existing attachment (File) ID?
129 } catch (Exception $e) {
130 // Some other exception was thrown from $r->map, likely a
131 // ClientException (404) because of some malformed link to
132 // our own instance. It's still a valid URL however, so we
133 // won't abort anything... I noticed this when linking:
134 // https://social.umeahackerspace.se/mmn/foaf' (notice the
135 // apostrophe in the end, making it unrecognizable for our
137 // That specific issue (the apostrophe being part of a link
138 // is something that may or may not have been fixed since,
139 // in lib/util.php in common_replace_urls_callback().
144 $file->url = $given_url;
145 if (!empty($redir_data['protected'])) $file->protected = $redir_data['protected'];
146 if (!empty($redir_data['title'])) $file->title = $redir_data['title'];
147 if (!empty($redir_data['type'])) $file->mimetype = $redir_data['type'];
148 if (!empty($redir_data['size'])) $file->size = intval($redir_data['size']);
149 if (isset($redir_data['time']) && $redir_data['time'] > 0) $file->date = intval($redir_data['time']);
154 public function saveFile() {
155 $this->urlhash = self::hashurl($this->url);
157 if (!Event::handle('StartFileSaveNew', array(&$this))) {
158 throw new ServerException('File not saved due to an aborted StartFileSaveNew event.');
161 $this->id = $this->insert();
163 if ($this->id === false) {
164 throw new ServerException('File/URL metadata could not be saved to the database.');
167 Event::handle('EndFileSaveNew', array($this));
171 * Go look at a URL and possibly save data about it if it's new:
172 * - follow redirect chains and store them in file_redirection
173 * - if a thumbnail is available, save it in file_thumbnail
174 * - save file record with basic info
175 * - optionally save a file_to_post record
176 * - return the File object with the full reference
178 * @param string $given_url the URL we're looking at
179 * @param Notice $notice (optional)
180 * @param bool $followRedirects defaults to true
182 * @return mixed File on success, -1 on some errors
184 * @throws ServerException on failure
186 public static function processNew($given_url, Notice $notice=null, $followRedirects=true) {
187 if (empty($given_url)) {
188 throw new ServerException('No given URL to process');
191 $given_url = File_redirection::_canonUrl($given_url);
192 if (empty($given_url)) {
193 throw new ServerException('No canonical URL from given URL to process');
196 $redir = File_redirection::where($given_url);
197 $file = $redir->getFile();
199 if (!$file instanceof File || empty($file->id)) {
200 // This should not happen
201 throw new ServerException('URL processing failed without new File object');
204 if ($notice instanceof Notice) {
205 File_to_post::processNew($file, $notice);
211 public static function respectsQuota(Profile $scoped, $fileSize) {
212 if ($fileSize > common_config('attachments', 'file_quota')) {
213 // TRANS: Message used to be inserted as %2$s in the text "No file may
214 // TRANS: be larger than %1$d byte and the file you sent was %2$s.".
215 // TRANS: %1$d is the number of bytes of an uploaded file.
216 $fileSizeText = sprintf(_m('%1$d byte','%1$d bytes',$fileSize),$fileSize);
218 $fileQuota = common_config('attachments', 'file_quota');
219 // TRANS: Message given if an upload is larger than the configured maximum.
220 // TRANS: %1$d (used for plural) is the byte limit for uploads,
221 // TRANS: %2$s is the proper form of "n bytes". This is the only ways to have
222 // TRANS: gettext support multiple plurals in the same message, unfortunately...
223 throw new ClientException(
224 sprintf(_m('No file may be larger than %1$d byte and the file you sent was %2$s. Try to upload a smaller version.',
225 'No file may be larger than %1$d bytes and the file you sent was %2$s. Try to upload a smaller version.',
227 $fileQuota, $fileSizeText));
232 $query = "select sum(size) as total from file join file_to_post on file_to_post.file_id = file.id join notice on file_to_post.post_id = notice.id where profile_id = {$scoped->id} and file.url like '%/notice/%/file'";
233 $file->query($query);
235 $total = $file->total + $fileSize;
236 if ($total > common_config('attachments', 'user_quota')) {
237 // TRANS: Message given if an upload would exceed user quota.
238 // TRANS: %d (number) is the user quota in bytes and is used for plural.
239 throw new ClientException(
240 sprintf(_m('A file this large would exceed your user quota of %d byte.',
241 'A file this large would exceed your user quota of %d bytes.',
242 common_config('attachments', 'user_quota')),
243 common_config('attachments', 'user_quota')));
245 $query .= ' AND EXTRACT(month FROM file.modified) = EXTRACT(month FROM now()) and EXTRACT(year FROM file.modified) = EXTRACT(year FROM now())';
246 $file->query($query);
248 $total = $file->total + $fileSize;
249 if ($total > common_config('attachments', 'monthly_quota')) {
250 // TRANS: Message given id an upload would exceed a user's monthly quota.
251 // TRANS: $d (number) is the monthly user quota in bytes and is used for plural.
252 throw new ClientException(
253 sprintf(_m('A file this large would exceed your monthly quota of %d byte.',
254 'A file this large would exceed your monthly quota of %d bytes.',
255 common_config('attachments', 'monthly_quota')),
256 common_config('attachments', 'monthly_quota')));
261 public function getFilename()
263 if (!self::validFilename($this->filename)) {
264 // TRANS: Client exception thrown if a file upload does not have a valid name.
265 throw new ClientException(_("Invalid filename."));
267 return $this->filename;
270 // where should the file go?
272 static function filename(Profile $profile, $origname, $mimetype)
274 $ext = self::guessMimeExtension($mimetype, $origname);
276 // Normalize and make the original filename more URL friendly.
277 $origname = basename($origname, ".$ext");
278 if (class_exists('Normalizer')) {
279 // http://php.net/manual/en/class.normalizer.php
280 // http://www.unicode.org/reports/tr15/
281 $origname = Normalizer::normalize($origname, Normalizer::FORM_KC);
283 $origname = preg_replace('/[^A-Za-z0-9\.\_]/', '_', $origname);
285 $nickname = $profile->getNickname();
286 $datestamp = strftime('%Y%m%d', time());
288 // generate new random strings until we don't run into a filename collision.
289 $random = strtolower(common_confirmation_code(16));
290 $filename = "$nickname-$datestamp-$origname-$random.$ext";
291 } while (file_exists(self::path($filename)));
296 * @param $mimetype The mimetype we've discovered for this file.
297 * @param $filename An optional filename which we can use on failure.
299 static function guessMimeExtension($mimetype, $filename=null)
302 // first see if we know the extension for our mimetype
303 $ext = common_supported_mime_to_ext($mimetype);
306 } catch (Exception $e) { // FIXME: Make this exception more specific to "unknown mime=>ext relation"
307 // We don't know the extension for this mimetype, but let's guess.
309 // If we are very liberal with uploads ($config['attachments']['supported'] === true)
310 // then we try to do some guessing based on the filename, if it was supplied.
311 if (!is_null($filename) && common_config('attachments', 'supported')===true
312 && preg_match('/^.+\.([A-Za-z0-9]+)$/', $filename, $matches)) {
313 // we matched on a file extension, so let's see if it means something.
314 $ext = mb_strtolower($matches[1]);
316 $blacklist = common_config('attachments', 'extblacklist');
317 // If we got an extension from $filename we want to check if it's in a blacklist
318 // so we avoid people uploading .php files etc.
319 if (array_key_exists($ext, $blacklist)) {
320 if (!is_string($blacklist[$ext])) {
321 // we don't have a safe replacement extension
322 throw new ClientException(_('Blacklisted file extension.'));
324 common_debug('Found replaced extension for filename '._ve($filename).': '._ve($ext));
326 // return a safe replacement extension ('php' => 'phps' for example)
327 return $blacklist[$ext];
329 // the attachment extension based on its filename was not blacklisted so it's ok to use it
334 // If nothing else has given us a result, try to extract it from
335 // the mimetype value (this turns .jpg to .jpeg for example...)
337 // FIXME: try to build a regexp that will get jpeg from image/jpeg as well as json from application/jrd+json
338 if (!preg_match('/\/([a-z0-9]+)/', mb_strtolower($mimetype), $matches)) {
339 throw new Exception('Malformed mimetype: '.$mimetype);
341 return mb_strtolower($matches[1]);
345 * Validation for as-saved base filenames
347 static function validFilename($filename)
349 return preg_match('/^[A-Za-z0-9._-]+$/', $filename);
353 * @throws ClientException on invalid filename
355 static function path($filename)
357 if (!self::validFilename($filename)) {
358 // TRANS: Client exception thrown if a file upload does not have a valid name.
359 throw new ClientException(_("Invalid filename."));
361 $dir = common_config('attachments', 'dir');
363 if (!in_array($dir[mb_strlen($dir)-1], ['/', '\\'])) {
364 $dir .= DIRECTORY_SEPARATOR;
367 return $dir . $filename;
370 static function url($filename)
372 if (!self::validFilename($filename)) {
373 // TRANS: Client exception thrown if a file upload does not have a valid name.
374 throw new ClientException(_("Invalid filename."));
377 if (common_config('site','private')) {
379 return common_local_url('getfile',
380 array('filename' => $filename));
384 if (GNUsocial::useHTTPS()) {
386 $sslserver = common_config('attachments', 'sslserver');
388 if (empty($sslserver)) {
389 // XXX: this assumes that background dir == site dir + /file/
390 // not true if there's another server
391 if (is_string(common_config('site', 'sslserver')) &&
392 mb_strlen(common_config('site', 'sslserver')) > 0) {
393 $server = common_config('site', 'sslserver');
394 } else if (common_config('site', 'server')) {
395 $server = common_config('site', 'server');
397 $path = common_config('site', 'path') . '/file/';
399 $server = $sslserver;
400 $path = common_config('attachments', 'sslpath');
402 $path = common_config('attachments', 'path');
408 $path = common_config('attachments', 'path');
409 $server = common_config('attachments', 'server');
411 if (empty($server)) {
412 $server = common_config('site', 'server');
415 $ssl = common_config('attachments', 'ssl');
417 $protocol = ($ssl) ? 'https' : 'http';
420 if ($path[strlen($path)-1] != '/') {
424 if ($path[0] != '/') {
428 return $protocol.'://'.$server.$path.$filename;
431 static $_enclosures = array();
433 function getEnclosure(){
434 if (isset(self::$_enclosures[$this->getID()])) {
435 return self::$_enclosures[$this->getID()];
438 $enclosure = (object) array();
439 foreach (array('title', 'url', 'date', 'modified', 'size', 'mimetype', 'width', 'height') as $key) {
440 if ($this->$key !== '') {
441 $enclosure->$key = $this->$key;
445 $needMoreMetadataMimetypes = array(null, 'application/xhtml+xml', 'text/html');
447 if (!isset($this->filename) && in_array(common_bare_mime($enclosure->mimetype), $needMoreMetadataMimetypes)) {
448 // This fetches enclosure metadata for non-local links with unset/HTML mimetypes,
449 // which may be enriched through oEmbed or similar (implemented as plugins)
450 Event::handle('FileEnclosureMetadata', array($this, &$enclosure));
452 if (empty($enclosure->mimetype)) {
453 // This means we either don't know what it is, so it can't
454 // be shown as an enclosure, or it is an HTML link which
455 // does not link to a resource with further metadata.
456 throw new ServerException('Unknown enclosure mimetype, not enough metadata');
459 self::$_enclosures[$this->getID()] = $enclosure;
463 public function hasThumbnail()
466 $this->getThumbnail();
467 } catch (Exception $e) {
474 * Get the attachment's thumbnail record, if any.
475 * Make sure you supply proper 'int' typed variables (or null).
477 * @param $width int Max width of thumbnail in pixels. (if null, use common_config values)
478 * @param $height int Max height of thumbnail in pixels. (if null, square-crop to $width)
479 * @param $crop bool Crop to the max-values' aspect ratio
481 * @return File_thumbnail
483 * @throws UseFileAsThumbnailException if the file is considered an image itself and should be itself as thumbnail
484 * @throws UnsupportedMediaException if, despite trying, we can't understand how to make a thumbnail for this format
485 * @throws ServerException on various other errors
487 public function getThumbnail($width=null, $height=null, $crop=false, $force_still=true, $upscale=null)
489 // Get some more information about this file through our ImageFile class
490 $image = ImageFile::fromFileObject($this);
491 if ($image->animated && !common_config('thumbnail', 'animated')) {
492 // null means "always use file as thumbnail"
493 // false means you get choice between frozen frame or original when calling getThumbnail
494 if (is_null(common_config('thumbnail', 'animated')) || !$force_still) {
496 // remote files with animated GIFs as thumbnails will match this
497 return File_thumbnail::byFile($this);
498 } catch (NoResultException $e) {
499 // and if it's not a remote file, it'll be safe to use the locally stored File
500 throw new UseFileAsThumbnailException($this->id);
505 return $image->getFileThumbnail($width, $height, $crop,
506 !is_null($upscale) ? $upscale : common_config('thumbnail', 'upscale'));
509 public function getPath()
511 $filepath = self::path($this->filename);
512 if (!file_exists($filepath)) {
513 throw new FileNotFoundException($filepath);
518 public function getUrl($prefer_local=true)
520 if ($prefer_local && !empty($this->filename)) {
521 // A locally stored file, so let's generate a URL for our instance.
522 return self::url($this->getFilename());
525 // No local filename available, return the URL we have stored
529 static public function getByUrl($url)
532 $file->urlhash = self::hashurl($url);
533 if (!$file->find(true)) {
534 throw new NoResultException($file);
540 * @param string $hashstr String of (preferrably lower case) hexadecimal characters, same as result of 'hash_file(...)'
542 static public function getByHash($hashstr)
545 $file->filehash = strtolower($hashstr);
546 if (!$file->find(true)) {
547 throw new NoResultException($file);
552 public function updateUrl($url)
554 $file = File::getKV('urlhash', self::hashurl($url));
555 if ($file instanceof File) {
556 throw new ServerException('URL already exists in DB');
558 $sql = 'UPDATE %1$s SET urlhash=%2$s, url=%3$s WHERE urlhash=%4$s;';
559 $result = $this->query(sprintf($sql, $this->tableName(),
560 $this->_quote((string)self::hashurl($url)),
561 $this->_quote((string)$url),
562 $this->_quote((string)$this->urlhash)));
563 if ($result === false) {
564 common_log_db_error($this, 'UPDATE', __FILE__);
565 throw new ServerException("Could not UPDATE {$this->tableName()}.url");
572 * Blow the cache of notices that link to this URL
574 * @param boolean $last Whether to blow the "last" cache too
579 function blowCache($last=false)
581 self::blow('file:notice-ids:%s', $this->id);
583 self::blow('file:notice-ids:%s;last', $this->id);
585 self::blow('file:notice-count:%d', $this->id);
589 * Stream of notices linking to this URL
591 * @param integer $offset Offset to show; default is 0
592 * @param integer $limit Limit of notices to show
593 * @param integer $since_id Since this notice
594 * @param integer $max_id Before this notice
596 * @return array ids of notices that link to this file
599 function stream($offset=0, $limit=NOTICES_PER_PAGE, $since_id=0, $max_id=0)
601 // FIXME: Try to get the Profile::current() here in some other way to avoid mixing
602 // the current session user with possibly background/queue processing.
603 $stream = new FileNoticeStream($this, Profile::current());
604 return $stream->getNotices($offset, $limit, $since_id, $max_id);
607 function noticeCount()
609 $cacheKey = sprintf('file:notice-count:%d', $this->id);
611 $count = self::cacheGet($cacheKey);
613 if ($count === false) {
615 $f2p = new File_to_post();
617 $f2p->file_id = $this->id;
619 $count = $f2p->count();
621 self::cacheSet($cacheKey, $count);
627 public function isLocal()
629 return !empty($this->filename);
632 public function delete($useWhere=false)
634 // Delete the file, if it exists locally
635 if (!empty($this->filename) && file_exists(self::path($this->filename))) {
636 $deleted = @unlink(self::path($this->filename));
638 common_log(LOG_ERR, sprintf('Could not unlink existing file: "%s"', self::path($this->filename)));
642 // Clear out related things in the database and filesystem, such as thumbnails
643 if (Event::handle('FileDeleteRelated', array($this))) {
644 $thumbs = new File_thumbnail();
645 $thumbs->file_id = $this->id;
646 if ($thumbs->find()) {
647 while ($thumbs->fetch()) {
652 $f2p = new File_to_post();
653 $f2p->file_id = $this->id;
655 while ($f2p->fetch()) {
661 // And finally remove the entry from the database
662 return parent::delete($useWhere);
665 public function getTitle()
667 $title = $this->title ?: $this->filename;
669 return $title ?: null;
672 static public function hashurl($url)
675 throw new Exception('No URL provided to hash algorithm.');
677 return hash(self::URLHASH_ALG, $url);
680 static public function beforeSchemaUpdate()
682 $table = strtolower(get_called_class());
683 $schema = Schema::get();
684 $schemadef = $schema->getTableDef($table);
686 // 2015-02-19 We have to upgrade our table definitions to have the urlhash field populated
687 if (isset($schemadef['fields']['urlhash']) && isset($schemadef['unique keys']['file_urlhash_key'])) {
688 // We already have the urlhash field, so no need to migrate it.
691 echo "\nFound old $table table, upgrading it to contain 'urlhash' field...";
694 $file->query(sprintf('SELECT id, LEFT(url, 191) AS shortenedurl, COUNT(*) AS c FROM %1$s WHERE LENGTH(url)>191 GROUP BY shortenedurl HAVING c > 1', $schema->quoteIdentifier($table)));
695 print "\nFound {$file->N} URLs with too long entries in file table\n";
696 while ($file->fetch()) {
697 // We've got a URL that is too long for our future file table
698 // so we'll cut it. We could save the original URL, but there is
699 // no guarantee it is complete anyway since the previous max was 255 chars.
700 $dupfile = new File();
701 // First we find file entries that would be duplicates of this when shortened
702 // ... and we'll just throw the dupes out the window for now! It's already so borken.
703 $dupfile->query(sprintf('SELECT * FROM file WHERE LEFT(url, 191) = "%1$s"', $file->shortenedurl));
704 // Leave one of the URLs in the database by using ->find(true) (fetches first entry)
705 if ($dupfile->find(true)) {
706 print "\nShortening url entry for $table id: {$file->id} [";
707 $orig = clone($dupfile);
708 $dupfile->url = $file->shortenedurl; // make sure it's only 191 chars from now on
709 $dupfile->update($orig);
710 print "\nDeleting duplicate entries of too long URL on $table id: {$file->id} [";
711 // only start deleting with this fetch.
712 while($dupfile->fetch()) {
718 print "\nWarning! URL suddenly disappeared from database: {$file->url}\n";
721 echo "...and now all the non-duplicates which are longer than 191 characters...\n";
722 $file->query('UPDATE file SET url=LEFT(url, 191) WHERE LENGTH(url)>191');
724 echo "\n...now running hacky pre-schemaupdate change for $table:";
725 // We have to create a urlhash that is _not_ the primary key,
726 // transfer data and THEN run checkSchema
727 $schemadef['fields']['urlhash'] = array (
730 'not null' => false, // this is because when adding column, all entries will _be_ NULL!
731 'description' => 'sha256 of destination URL (url field)',
733 $schemadef['fields']['url'] = array (
735 'description' => 'destination URL after following possible redirections',
737 unset($schemadef['unique keys']);
738 $schema->ensureTable($table, $schemadef);
741 $classname = ucfirst($table);
742 $tablefix = new $classname;
743 // urlhash is hash('sha256', $url) in the File table
744 echo "Updating urlhash fields in $table table...";
745 // Maybe very MySQL specific :(
746 $tablefix->query(sprintf('UPDATE %1$s SET %2$s=%3$s;',
747 $schema->quoteIdentifier($table),
749 // The line below is "result of sha256 on column `url`"
752 echo "Resuming core schema upgrade...";