mod/wall_attach.php

   1 <?php
   2 /**
   3  * @file mod/wall_attach.php
   4  */
   5
   6 use Friendica\App;
   7 use Friendica\Core\Config;
   8 use Friendica\Core\L10n;
   9 use Friendica\Database\DBM;
  10 use Friendica\Util\DateTimeFormat;
  11 use Friendica\Util\Mimetype;
  12
  13 function wall_attach_post(App $a) {
  14
  15         $r_json = (x($_GET,'response') && $_GET['response']=='json');
  16
  17         if($a->argc > 1) {
  18                 $nick = $a->argv[1];
  19                 $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
  20                         dbesc($nick)
  21                 );
  22                 if (! DBM::is_result($r)) {
  23                         if ($r_json) {
  24                                 echo json_encode(['error'=>L10n::t('Invalid request.')]);
  25                                 killme();
  26                         }
  27                         return;
  28         }
  29
  30         } else {
  31                 if ($r_json) {
  32                         echo json_encode(['error'=>L10n::t('Invalid request.')]);
  33                         killme();
  34                 }
  35                 return;
  36         }
  37
  38         $can_post  = false;
  39         $visitor   = 0;
  40
  41         $page_owner_uid   = $r[0]['uid'];
  42         $page_owner_cid   = $r[0]['id'];
  43         $page_owner_nick  = $r[0]['nickname'];
  44         $community_page   = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
  45
  46         if((local_user()) && (local_user() == $page_owner_uid))
  47                 $can_post = true;
  48         else {
  49                 if($community_page && remote_user()) {
  50                         $contact_id = 0;
  51                         if(is_array($_SESSION['remote'])) {
  52                                 foreach($_SESSION['remote'] as $v) {
  53                                         if($v['uid'] == $page_owner_uid) {
  54                                                 $contact_id = $v['cid'];
  55                                                 break;
  56                                         }
  57                                 }
  58                         }
  59                         if($contact_id) {
  60
  61                                 $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
  62                                         intval($contact_id),
  63                                         intval($page_owner_uid)
  64                                 );
  65                                 if (DBM::is_result($r)) {
  66                                         $can_post = true;
  67                                         $visitor = $contact_id;
  68                                 }
  69                         }
  70                 }
  71         }
  72         if(! $can_post) {
  73                 if ($r_json) {
  74                         echo json_encode(['error'=>L10n::t('Permission denied.')]);
  75                         killme();
  76                 }
  77                 notice(L10n::t('Permission denied.') . EOL );
  78                 killme();
  79         }
  80
  81         if(! x($_FILES,'userfile')) {
  82                 if ($r_json) {
  83                         echo json_encode(['error'=>L10n::t('Invalid request.')]);
  84                 }
  85                 killme();
  86         }
  87
  88         $src      = $_FILES['userfile']['tmp_name'];
  89         $filename = basename($_FILES['userfile']['name']);
  90         $filesize = intval($_FILES['userfile']['size']);
  91
  92         $maxfilesize = Config::get('system','maxfilesize');
  93
  94         /* Found html code written in text field of form,
  95          * when trying to upload a file with filesize
  96          * greater than upload_max_filesize. Cause is unknown.
  97          * Then Filesize gets <= 0.
  98          */
  99
 100         if($filesize <=0) {
 101                 $msg = L10n::t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(L10n::t('Or - did you try to upload an empty file?'));
 102                 if ($r_json) {
 103                         echo json_encode(['error'=>$msg]);
 104                 } else {
 105                         notice( $msg. EOL );
 106                 }
 107                 @unlink($src);
 108                 killme();
 109         }
 110
 111         if(($maxfilesize) && ($filesize > $maxfilesize)) {
 112                 $msg = L10n::t('File exceeds size limit of %s', formatBytes($maxfilesize));
 113                 if ($r_json) {
 114                         echo json_encode(['error'=>$msg]);
 115                 } else {
 116                         echo  $msg. EOL ;
 117                 }
 118                 @unlink($src);
 119                 killme();
 120         }
 121
 122         $filedata = @file_get_contents($src);
 123         $mimetype = Mimetype::getContentType($filename);
 124         $hash = get_guid(64);
 125         $created = DateTimeFormat::utcNow();
 126
 127         $fields = ['uid' => $page_owner_uid, 'hash' => $hash, 'filename' => $filename, 'filetype' => $mimetype,
 128                 'filesize' => $filesize, 'data' => $filedata, 'created' => $created, 'edited' => $created,
 129                 'allow_cid' => '<' . $page_owner_cid . '>', 'allow_gid' => '','deny_cid' => '', 'deny_gid' => ''];
 130
 131         $r = dba::insert('attach', $fields);
 132
 133         @unlink($src);
 134
 135         if(! $r) {
 136                 $msg =  L10n::t('File upload failed.');
 137                 if ($r_json) {
 138                         echo json_encode(['error'=>$msg]);
 139                 } else {
 140                         echo  $msg. EOL ;
 141                 }
 142                 killme();
 143         }
 144
 145         $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
 146                 intval($page_owner_uid),
 147                 dbesc($created),
 148                 dbesc($hash)
 149         );
 150
 151         if (! DBM::is_result($r)) {
 152                 $msg = L10n::t('File upload failed.');
 153                 if ($r_json) {
 154                         echo json_encode(['error'=>$msg]);
 155                 } else {
 156                         echo  $msg. EOL ;
 157                 }
 158                 killme();
 159         }
 160
 161         if ($r_json) {
 162                 echo json_encode(['ok'=>true]);
 163                 killme();
 164         }
 165
 166         $lf = "\n";
 167
 168         echo  $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
 169
 170         killme();
 171         // NOTREACHED
 172 }