}
}
- function isSupportedFileType() {
+ function getUploadedFileType() {
require_once 'MIME/Type.php';
$filetype = MIME_Type::autoDetect($_FILES['attach']['tmp_name']);
if (in_array($filetype, common_config('attachments', 'supported'))) {
- return true;
+ return $filetype;
}
$media = MIME_Type::getMedia($filetype);
if ('application' !== $media) {
}
function isRespectsQuota($user) {
- if ($_FILES['attach']['size'] > common_config('attachments', 'file_quota')) {
- $this->clientError(sprintf(_('No file may be larger than %d bytes ' .
- 'and the file you sent was %d bytes. Try to upload a smaller version.'),
- common_config('attachments', 'file_quota'), $_FILES['attach']['size']));
- }
-
- $query = "select sum(size) as total from file join file_to_post on file_to_post.file_id = file.id join notice on file_to_post.post_id = notice.id where profile_id = {$user->id} and file.url like '%/notice/%/file'";
$file = new File;
- $file->query($query);
- $file->fetch();
- $total = $file->total + $_FILES['attach']['size'];
- if ($total > common_config('attachments', 'user_quota')) {
- $this->clientError(sprintf(_('A file this large would exceed your user quota of %d bytes.'), common_config('attachments', 'user_quota')));
- }
-
- $query .= ' month(modified) = month(now()) and year(modified) = year(now())';
- $file2 = new File;
- $file2->query($query);
- $file2->fetch();
- $total2 = $file2->total + $_FILES['attach']['size'];
- if ($total2 > common_config('attachments', 'monthly_quota')) {
- $this->clientError(sprintf(_('A file this large would exceed your monthly quota of %d bytes.'), common_config('attachments', 'monthly_quota')));
- }
- return true;
- }
-
- function isValidFileAttached($user) {
- return isset($_FILES['attach']['error'])
- && ($_FILES['attach']['error'] === UPLOAD_ERR_OK)
- && $this->isSupportedFileType()
- && $this->isRespectsQuota($user);
+ $ret = $file->isRespectsQuota($user);
+ if (true === $ret) return true;
+ $this->clientError($ret);
}
/**
$replyto = 'false';
}
- switch ($_FILES['attach']['error']) {
- case UPLOAD_ERR_NO_FILE:
- // no file uploaded
- // nothing to do
- break;
+ if (isset($_FILES['attach']['error'])) {
+ switch ($_FILES['attach']['error']) {
+ case UPLOAD_ERR_NO_FILE:
+ // no file uploaded, nothing to do
+ break;
- case UPLOAD_ERR_OK:
- // file was uploaded alright
- // lets check if we really support its format
- // and it doesn't go over quotas
+ case UPLOAD_ERR_OK:
+ $mimetype = $this->getUploadedFileType();
+ if (!$this->isRespectsQuota($user)) {
+ die('clientError() should trigger an exception before reaching here.');
+ }
+ break;
+ case UPLOAD_ERR_INI_SIZE:
+ $this->clientError(_('The uploaded file exceeds the upload_max_filesize directive in php.ini.'));
- if (!$this->isValidFileAttached($user)) {
- die('clientError() should trigger an exception before reaching here.');
- }
- break;
+ case UPLOAD_ERR_FORM_SIZE:
+ $this->clientError(_('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.'));
- case UPLOAD_ERR_INI_SIZE:
- $this->clientError(_('The uploaded file exceeds the upload_max_filesize directive in php.ini.'));
+ case UPLOAD_ERR_PARTIAL:
+ $this->clientError(_('The uploaded file was only partially uploaded.'));
- case UPLOAD_ERR_FORM_SIZE:
- $this->clientError(_('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.'));
+ case UPLOAD_ERR_NO_TMP_DIR:
+ $this->clientError(_('Missing a temporary folder.'));
- case UPLOAD_ERR_PARTIAL:
- $this->clientError(_('The uploaded file was only partially uploaded.'));
+ case UPLOAD_ERR_CANT_WRITE:
+ $this->clientError(_('Failed to write file to disk.'));
- case UPLOAD_ERR_NO_TMP_DIR:
- $this->clientError(_('Missing a temporary folder.'));
+ case UPLOAD_ERR_EXTENSION:
+ $this->clientError(_('File upload stopped by extension.'));
- case UPLOAD_ERR_CANT_WRITE:
- $this->clientError(_('Failed to write file to disk.'));
-
- case UPLOAD_ERR_EXTENSION:
- $this->clientError(_('File upload stopped by extension.'));
-
- default:
- die('Should never reach here.');
+ default:
+ die('Should never reach here.');
+ }
}
$notice = Notice::saveNew($user->id, $content_shortened, 'web', 1,
$this->clientError($notice);
}
- $this->storeFile($notice);
+ if (isset($mimetype)) {
+ $this->storeFile($notice, $mimetype);
+ }
$this->saveUrls($notice);
common_broadcast_notice($notice);
}
}
- function storeFile($notice) {
- if (UPLOAD_ERR_NO_FILE === $_FILES['attach']['error']) return;
+ function storeFile($notice, $mimetype) {
$filename = basename($_FILES['attach']['name']);
$destination = "file/{$notice->id}-$filename";
if (move_uploaded_file($_FILES['attach']['tmp_name'], INSTALLDIR . "/$destination")) {
$file->url = common_local_url('file', array('notice' => $notice->id));
$file->size = filesize(INSTALLDIR . "/$destination");
$file->date = time();
- $file->mimetype = $_FILES['attach']['type'];
+ $file->mimetype = $mimetype;
if ($file_id = $file->insert()) {
$file_redir = new File_redirection;
$file_redir->url = common_path($destination);
} else {
$this->clientError(_('There was a database error while saving your file. Please try again.'));
}
+ } else {
+ $this->clientError(_('File could not be moved to destination directory.'));
}
}
-
/** save all urls in the notice to the db
*
* follow redirects and save all available file information
$nli->show();
}
}
+