if (isset($redir_data['type'])
&& (('text/html' === substr($redir_data['type'], 0, 9) || 'application/xhtml+xml' === substr($redir_data['type'], 0, 21)))
&& ($oembed_data = File_oembed::_getOembed($given_url))) {
+
+ $fo = File_oembed::staticGet('file_id', $file_id);
+
+ if (empty($fo)) {
File_oembed::saveNew($oembed_data, $file_id);
+ } else {
+ common_log(LOG_WARNING, "Strangely, a File_oembed object exists for new file $file_id", __FILE__);
+ }
}
return $x;
}
return "$nickname-$datestamp-$random.$ext";
}
+ /**
+ * Validation for as-saved base filenames
+ */
+ static function validFilename($filename)
+ {
+ return preg_match('/^[A-Za-z0-9._-]+$/', $filename);
+ }
+
+ /**
+ * @throws ClientException on invalid filename
+ */
static function path($filename)
{
+ if (!self::validFilename($filename)) {
+ throw new ClientException("Invalid filename");
+ }
$dir = common_config('attachments', 'dir');
if ($dir[strlen($dir)-1] != '/') {
static function url($filename)
{
+ if (!self::validFilename($filename)) {
+ throw new ClientException("Invalid filename");
+ }
if(common_config('site','private')) {
return common_local_url('getfile',
$server = common_config('site', 'server');
}
- // XXX: protocol
+ $ssl = common_config('attachments', 'ssl');
+
+ if (is_null($ssl)) { // null -> guess
+ if (common_config('site', 'ssl') == 'always' &&
+ !common_config('attachments', 'server')) {
+ $ssl = true;
+ } else {
+ $ssl = false;
+ }
+ }
+
+ $protocol = ($ssl) ? 'https' : 'http';
- return 'http://'.$server.$path.$filename;
+ return $protocol.'://'.$server.$path.$filename;
}
}
projects / quix0rs-gnu-social.git / blobdiff