X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fwall_attach.php;h=e11d749a3d7b3200f45e12a619db7660966db9d9;hb=12d9c46ec5ba0b0d13f62058e8db4f3d4910ce27;hp=c23efc7869a7181985afdd73c385dd5d43a74c2a;hpb=d3699498ac8fdbbce2883ac07c8a3aac9b11a8e4;p=friendica.git

diff --git a/mod/wall_attach.php b/mod/wall_attach.php
index c23efc7869..e11d749a3d 100644
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -5,17 +5,22 @@ require_once('include/datetime.php');
 
 function wall_attach_post(&$a) {
 
+	$r_json = (x($_GET,'response') && $_GET['response']=='json');
+
 	if($a->argc > 1) {
 		$nick = $a->argv[1];
 		$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
 			dbesc($nick)
 		);
-		if(! count($r))
+		if(! count($r)){
+			if ($r_json) { echo json_encode(['error'=>t('Invalid request.')]); killme(); }
 			return;
+        }
 
-	}
-	else
+	} else {
+		if ($r_json) { echo json_encode(['error'=>t('Invalid request.')]); killme(); }
 		return;
+    }
 
 	$can_post  = false;
 	$visitor   = 0;
@@ -52,12 +57,15 @@ function wall_attach_post(&$a) {
 		}
 	}
 	if(! $can_post) {
+		if ($r_json) { echo json_encode(['error'=>t('Permission denied.')]); killme(); }
 		notice( t('Permission denied.') . EOL );
 		killme();
 	}
 
-	if(! x($_FILES,'userfile'))
+	if(! x($_FILES,'userfile')) {
+		if ($r_json) { echo json_encode(['error'=>t('Invalid request.')]); killme(); }
 		killme();
+	}
 
 	$src      = $_FILES['userfile']['tmp_name'];
 	$filename = basename($_FILES['userfile']['name']);
@@ -65,10 +73,32 @@ function wall_attach_post(&$a) {
 
 	$maxfilesize = get_config('system','maxfilesize');
 
+	/* Found html code written in text field of form,
+	 * when trying to upload a file with filesize
+	 * greater than upload_max_filesize. Cause is unknown.
+	 * Then Filesize gets <= 0.
+	 */
+
+	if($filesize <=0) {
+		$msg = t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(t('Or - did you try to upload an empty file?'));
+		if ($r_json) {
+			echo json_encode(['error'=>$msg]);
+		} else {
+			notice( $msg. EOL );
+		}
+		@unlink($src);
+		killme();
+	}
+
 	if(($maxfilesize) && ($filesize > $maxfilesize)) {
-		notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
+		$msg = sprintf(t('File exceeds size limit of %s'), formatBytes($maxfilesize));
+		if ($r_json) {
+			echo json_encode(['error'=>$msg]);
+		} else {
+			echo  $msg. EOL ;
+		}
 		@unlink($src);
-		return;
+		killme();
 	}
 
 	$r = q("select sum(octet_length(data)) as total from attach where uid = %d ",
@@ -78,7 +108,12 @@ function wall_attach_post(&$a) {
 	$limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
 
 	if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
-		echo upgrade_message(true) . EOL ;
+		$msg = upgrade_message(true);
+		if ($r_json) {
+			echo json_encode(['error'=>$msg]);
+		} else {
+			echo  $msg. EOL ;
+		}
 		@unlink($src);
 		killme();
 	}
@@ -86,7 +121,7 @@ function wall_attach_post(&$a) {
 
 	$filedata = @file_get_contents($src);
 	$mimetype = z_mime_content_type($filename);
-	$hash = random_string();
+	$hash = get_guid(64);
 	$created = datetime_convert();
 	$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
 		VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
@@ -102,12 +137,17 @@ function wall_attach_post(&$a) {
 		dbesc(''),
 		dbesc(''),
 		dbesc('')
-	);		
+	);
 
 	@unlink($src);
 
 	if(! $r) {
-		echo ( t('File upload failed.') . EOL);
+		$msg =  t('File upload failed.');
+		if ($r_json) {
+			echo json_encode(['error'=>$msg]);
+		} else {
+			echo  $msg. EOL ;
+		}
 		killme();
 	}
 
@@ -118,17 +158,21 @@ function wall_attach_post(&$a) {
 	);
 
 	if(! count($r)) {
-		echo ( t('File upload failed.') . EOL);
+		$msg = t('File upload failed.');
+		if ($r_json) {
+			echo json_encode(['error'=>$msg]);
+		} else {
+			echo  $msg. EOL ;
+		}
 		killme();
 	}
 
-	$lf = '<br />';
+	if ($r_json) { echo json_encode(['ok'=>true]); killme(); }
 
-	if(local_user() && intval(get_pconfig(local_user(),'system','plaintext')))
-		$lf = "\n";
+	$lf = "\n";
 
 	echo  $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
-	
+
 	killme();
 	// NOTREACHED
 }