X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=classes%2FFile.php;h=91b12d2e28664e61206aadb9abb4e8301fe21441;hb=1a86bf9c65d2579d9245c6edcc968fed3d674f39;hp=e04a9d5255ad50c85c840e3563e58ed0017610b9;hpb=fc5002015b2a9e16a3c6b9992d55b45c73a8d2fb;p=quix0rs-gnu-social.git

diff --git a/classes/File.php b/classes/File.php
index e04a9d5255..91b12d2e28 100644
--- a/classes/File.php
+++ b/classes/File.php
@@ -80,7 +80,14 @@ class File extends Memcached_DataObject
         if (isset($redir_data['type'])
             && (('text/html' === substr($redir_data['type'], 0, 9) || 'application/xhtml+xml' === substr($redir_data['type'], 0, 21)))
             && ($oembed_data = File_oembed::_getOembed($given_url))) {
+
+            $fo = File_oembed::staticGet('file_id', $file_id);
+
+            if (empty($fo)) {
                 File_oembed::saveNew($oembed_data, $file_id);
+            } else {
+                common_log(LOG_WARNING, "Strangely, a File_oembed object exists for new file $file_id", __FILE__);
+            }
         }
         return $x;
     }
@@ -169,8 +176,22 @@ class File extends Memcached_DataObject
         return "$nickname-$datestamp-$random.$ext";
     }
 
+    /**
+     * Validation for as-saved base filenames
+     */
+    static function validFilename($filename)
+    {
+        return preg_match('/^[A-Za-z0-9._-]+$/', $filename);
+    }
+
+    /**
+     * @throws ClientException on invalid filename
+     */
     static function path($filename)
     {
+        if (!self::validFilename($filename)) {
+            throw new ClientException("Invalid filename");
+        }
         $dir = common_config('attachments', 'dir');
 
         if ($dir[strlen($dir)-1] != '/') {
@@ -182,25 +203,46 @@ class File extends Memcached_DataObject
 
     static function url($filename)
     {
-        $path = common_config('attachments', 'path');
-
-        if ($path[strlen($path)-1] != '/') {
-            $path .= '/';
+        if (!self::validFilename($filename)) {
+            throw new ClientException("Invalid filename");
         }
+        if(common_config('site','private')) {
 
-        if ($path[0] != '/') {
-            $path = '/'.$path;
-        }
+            return common_local_url('getfile',
+                                array('filename' => $filename));
 
-        $server = common_config('attachments', 'server');
+        } else {
+            $path = common_config('attachments', 'path');
 
-        if (empty($server)) {
-            $server = common_config('site', 'server');
-        }
+            if ($path[strlen($path)-1] != '/') {
+                $path .= '/';
+            }
+
+            if ($path[0] != '/') {
+                $path = '/'.$path;
+            }
+
+            $server = common_config('attachments', 'server');
+
+            if (empty($server)) {
+                $server = common_config('site', 'server');
+            }
 
-        // XXX: protocol
+            $ssl = common_config('attachments', 'ssl');
 
-        return 'http://'.$server.$path.$filename;
+            if (is_null($ssl)) { // null -> guess
+                if (common_config('site', 'ssl') == 'always' &&
+                    !common_config('attachments', 'server')) {
+                    $ssl = true;
+                } else {
+                    $ssl = false;
+                }
+            }
+
+            $protocol = ($ssl) ? 'https' : 'http';
+
+            return $protocol.'://'.$server.$path.$filename;
+        }
     }
 
     function getEnclosure(){