if (isset($redir_data['type'])
&& (('text/html' === substr($redir_data['type'], 0, 9) || 'application/xhtml+xml' === substr($redir_data['type'], 0, 21)))
&& ($oembed_data = File_oembed::_getOembed($given_url))) {
+
+ $fo = File_oembed::staticGet('file_id', $file_id);
+
+ if (empty($fo)) {
File_oembed::saveNew($oembed_data, $file_id);
+ } else {
+ common_log(LOG_WARNING, "Strangely, a File_oembed object exists for new file $file_id", __FILE__);
+ }
}
return $x;
}
} elseif (is_string($redir_data)) {
$redir_url = $redir_data;
} else {
- throw new ServerException("Cannot process url '$given_url'");
+ throw new ServerException("Can't process url '$given_url'");
}
// TODO: max field length
if ($redir_url === $given_url || strlen($redir_url) > 255) {
return "$nickname-$datestamp-$random.$ext";
}
+ /**
+ * Validation for as-saved base filenames
+ */
+ static function validFilename($filename)
+ {
+ return preg_match('/^[A-Za-z0-9._-]+$/', $filename);
+ }
+
+ /**
+ * @throws ClientException on invalid filename
+ */
static function path($filename)
{
+ if (!self::validFilename($filename)) {
+ throw new ClientException("Invalid filename");
+ }
$dir = common_config('attachments', 'dir');
if ($dir[strlen($dir)-1] != '/') {
static function url($filename)
{
- $path = common_config('attachments', 'path');
-
- if ($path[strlen($path)-1] != '/') {
- $path .= '/';
+ if (!self::validFilename($filename)) {
+ throw new ClientException("Invalid filename");
}
+ if(common_config('site','private')) {
- if ($path[0] != '/') {
- $path = '/'.$path;
- }
+ return common_local_url('getfile',
+ array('filename' => $filename));
- $server = common_config('attachments', 'server');
+ } else {
+ $path = common_config('attachments', 'path');
- if (empty($server)) {
- $server = common_config('site', 'server');
- }
+ if ($path[strlen($path)-1] != '/') {
+ $path .= '/';
+ }
+
+ if ($path[0] != '/') {
+ $path = '/'.$path;
+ }
+
+ $server = common_config('attachments', 'server');
+
+ if (empty($server)) {
+ $server = common_config('site', 'server');
+ }
- // XXX: protocol
+ $ssl = common_config('attachments', 'ssl');
- return 'http://'.$server.$path.$filename;
+ if (is_null($ssl)) { // null -> guess
+ if (common_config('site', 'ssl') == 'always' &&
+ !common_config('attachments', 'server')) {
+ $ssl = true;
+ } else {
+ $ssl = false;
+ }
+ }
+
+ $protocol = ($ssl) ? 'https' : 'http';
+
+ return $protocol.'://'.$server.$path.$filename;
+ }
}
function getEnclosure(){