X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fwall_attach.php;h=957e25f543bc102f3fe50be0aa888dff84911fb6;hb=a7ce601580b07e9b3e7653cbdb0a9b6bbb5c474e;hp=646a776a4ab6d73e7c6aeea3fb1728fc684fae10;hpb=741aab091601ce268df44bb32b87cd9a81804192;p=friendica.git

diff --git a/mod/wall_attach.php b/mod/wall_attach.php
index 646a776a4a..957e25f543 100644
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -3,19 +3,30 @@
 require_once('include/attach.php');
 require_once('include/datetime.php');
 
-function wall_attach_post(&$a) {
+function wall_attach_post(App $a) {
+
+	$r_json = (x($_GET,'response') && $_GET['response']=='json');
 
 	if($a->argc > 1) {
 		$nick = $a->argv[1];
 		$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
 			dbesc($nick)
 		);
-		if(! count($r))
+		if (! dbm::is_result($r)) {
+			if ($r_json) {
+				echo json_encode(array('error'=>t('Invalid request.')));
+				killme();
+			}
 			return;
-
 	}
-	else
+
+	} else {
+		if ($r_json) {
+			echo json_encode(array('error'=>t('Invalid request.')));
+			killme();
+		}
 		return;
+	}
 
 	$can_post  = false;
 	$visitor   = 0;
@@ -29,35 +40,43 @@ function wall_attach_post(&$a) {
 		$can_post = true;
 	else {
 		if($community_page && remote_user()) {
-			$cid = 0;
+			$contact_id = 0;
 			if(is_array($_SESSION['remote'])) {
 				foreach($_SESSION['remote'] as $v) {
 					if($v['uid'] == $page_owner_uid) {
-						$cid = $v['cid'];
+						$contact_id = $v['cid'];
 						break;
 					}
 				}
 			}
-			if($cid) {
+			if($contact_id) {
 
 				$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
-					intval($cid),
+					intval($contact_id),
 					intval($page_owner_uid)
 				);
-				if(count($r)) {
+				if (dbm::is_result($r)) {
 					$can_post = true;
-					$visitor = $cid;
+					$visitor = $contact_id;
 				}
 			}
 		}
 	}
 	if(! $can_post) {
+		if ($r_json) {
+			echo json_encode(array('error'=>t('Permission denied.')));
+			killme();
+		}
 		notice( t('Permission denied.') . EOL );
 		killme();
 	}
 
-	if(! x($_FILES,'userfile'))
+	if(! x($_FILES,'userfile')) {
+		if ($r_json) {
+			echo json_encode(array('error'=>t('Invalid request.')));
+		}
 		killme();
+	}
 
 	$src      = $_FILES['userfile']['tmp_name'];
 	$filename = basename($_FILES['userfile']['name']);
@@ -72,15 +91,25 @@ function wall_attach_post(&$a) {
 	 */
 
 	if($filesize <=0) {
-		notice(t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(t('Or - did you try to upload an empty file?')) . EOL);
+		$msg = t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(t('Or - did you try to upload an empty file?'));
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			notice( $msg. EOL );
+		}
 		@unlink($src);
 		killme();
 	}
 
 	if(($maxfilesize) && ($filesize > $maxfilesize)) {
-		notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
+		$msg = sprintf(t('File exceeds size limit of %s'), formatBytes($maxfilesize));
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			echo  $msg. EOL ;
+		}
 		@unlink($src);
-		return;
+		killme();
 	}
 
 	$r = q("select sum(octet_length(data)) as total from attach where uid = %d ",
@@ -90,7 +119,12 @@ function wall_attach_post(&$a) {
 	$limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
 
 	if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
-		echo upgrade_message(true) . EOL ;
+		$msg = upgrade_message(true);
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			echo  $msg. EOL ;
+		}
 		@unlink($src);
 		killme();
 	}
@@ -98,7 +132,7 @@ function wall_attach_post(&$a) {
 
 	$filedata = @file_get_contents($src);
 	$mimetype = z_mime_content_type($filename);
-	$hash = random_string();
+	$hash = get_guid(64);
 	$created = datetime_convert();
 	$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
 		VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
@@ -114,12 +148,17 @@ function wall_attach_post(&$a) {
 		dbesc(''),
 		dbesc(''),
 		dbesc('')
-	);		
+	);
 
 	@unlink($src);
 
 	if(! $r) {
-		echo ( t('File upload failed.') . EOL);
+		$msg =  t('File upload failed.');
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			echo  $msg. EOL ;
+		}
 		killme();
 	}
 
@@ -129,15 +168,25 @@ function wall_attach_post(&$a) {
 		dbesc($hash)
 	);
 
-	if(! count($r)) {
-		echo ( t('File upload failed.') . EOL);
+	if (! dbm::is_result($r)) {
+		$msg = t('File upload failed.');
+		if ($r_json) {
+			echo json_encode(array('error'=>$msg));
+		} else {
+			echo  $msg. EOL ;
+		}
+		killme();
+	}
+
+	if ($r_json) {
+		echo json_encode(array('ok'=>true));
 		killme();
 	}
 
 	$lf = "\n";
 
 	echo  $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
-	
+
 	killme();
 	// NOTREACHED
 }