X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fwall_attach.php;h=68752a0e1f659082e51ec6df90add56663d5ba1d;hb=89c5989cfb679449fb776df7380e972d0f676d8d;hp=03d9f51055aa43f9920aa4dcbb7f602bfa4d0483;hpb=8269d6aa19eb71063ff578b43b237ffd4fea93b1;p=friendica.git

diff --git a/mod/wall_attach.php b/mod/wall_attach.php
index 03d9f51055..68752a0e1f 100644
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -5,17 +5,28 @@ require_once('include/datetime.php');
 
 function wall_attach_post(&$a) {
 
+	$r_json = (x($_GET,'response') && $_GET['response']=='json');
+
 	if($a->argc > 1) {
 		$nick = $a->argv[1];
 		$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
 			dbesc($nick)
 		);
-		if(! count($r))
+		if(! count($r)){
+			if ($r_json) {
+                            echo json_encode(array('error'=>t('Invalid request.')));
+                            killme();
+                        }
 			return;
+        }
 
-	}
-	else
+	} else {
+		if ($r_json) {
+                    echo json_encode(array('error'=>t('Invalid request.')));
+                    killme();
+                }
 		return;
+    }
 
 	$can_post  = false;
 	$visitor   = 0;
@@ -29,24 +40,43 @@ function wall_attach_post(&$a) {
 		$can_post = true;
 	else {
 		if($community_page && remote_user()) {
-			$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
-				intval(remote_user()),
-				intval($page_owner_uid)
-			);
-			if(count($r)) {
-				$can_post = true;
-				$visitor = remote_user();
+			$cid = 0;
+			if(is_array($_SESSION['remote'])) {
+				foreach($_SESSION['remote'] as $v) {
+					if($v['uid'] == $page_owner_uid) {
+						$cid = $v['cid'];
+						break;
+					}
+				}
+			}
+			if($cid) {
+
+				$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
+					intval($cid),
+					intval($page_owner_uid)
+				);
+				if(count($r)) {
+					$can_post = true;
+					$visitor = $cid;
+				}
 			}
 		}
 	}
-
 	if(! $can_post) {
+		if ($r_json) {
+                    echo json_encode(array('error'=>t('Permission denied.')));
+                    killme();
+                }
 		notice( t('Permission denied.') . EOL );
 		killme();
 	}
 
-	if(! x($_FILES,'userfile'))
+	if(! x($_FILES,'userfile')) {
+		if ($r_json) {
+                    echo json_encode(array('error'=>t('Invalid request.')));
+                }
 		killme();
+	}
 
 	$src      = $_FILES['userfile']['tmp_name'];
 	$filename = basename($_FILES['userfile']['name']);
@@ -54,15 +84,55 @@ function wall_attach_post(&$a) {
 
 	$maxfilesize = get_config('system','maxfilesize');
 
+	/* Found html code written in text field of form,
+	 * when trying to upload a file with filesize
+	 * greater than upload_max_filesize. Cause is unknown.
+	 * Then Filesize gets <= 0.
+	 */
+
+	if($filesize <=0) {
+		$msg = t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(t('Or - did you try to upload an empty file?'));
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			notice( $msg. EOL );
+		}
+		@unlink($src);
+		killme();
+	}
+
 	if(($maxfilesize) && ($filesize > $maxfilesize)) {
-		notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
+		$msg = sprintf(t('File exceeds size limit of %s'), formatBytes($maxfilesize));
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			echo  $msg. EOL ;
+		}
 		@unlink($src);
-		return;
+		killme();
 	}
 
+	$r = q("select sum(octet_length(data)) as total from attach where uid = %d ",
+		intval($page_owner_uid)
+	);
+
+	$limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
+
+	if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
+		$msg = upgrade_message(true);
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			echo  $msg. EOL ;
+		}
+		@unlink($src);
+		killme();
+	}
+
+
 	$filedata = @file_get_contents($src);
 	$mimetype = z_mime_content_type($filename);
-	$hash = random_string();
+	$hash = get_guid(64);
 	$created = datetime_convert();
 	$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
 		VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
@@ -78,12 +148,17 @@ function wall_attach_post(&$a) {
 		dbesc(''),
 		dbesc(''),
 		dbesc('')
-	);		
+	);
 
 	@unlink($src);
 
 	if(! $r) {
-		echo ( t('File upload failed.') . EOL);
+		$msg =  t('File upload failed.');
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			echo  $msg. EOL ;
+		}
 		killme();
 	}
 
@@ -94,17 +169,24 @@ function wall_attach_post(&$a) {
 	);
 
 	if(! count($r)) {
-		echo ( t('File upload failed.') . EOL);
+		$msg = t('File upload failed.');
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			echo  $msg. EOL ;
+		}
 		killme();
 	}
 
-	$lf = '<br />';
+	if ($r_json) {
+            echo json_encode(array('ok'=>true));
+            killme();
+        }
 
-	if(local_user() && intval(get_pconfig(local_user(),'system','plaintext')))
-		$lf = "\n";
+	$lf = "\n";
 
 	echo  $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
-	
+
 	killme();
 	// NOTREACHED
 }