2011-05-25 07:40:52 +02:00
< ? php
2018-01-15 14:32:11 +01:00
/**
2022-01-02 08:27:47 +01:00
* @ copyright Copyright ( C ) 2010 - 2022 , the Friendica project
2020-02-09 16:18:46 +01:00
*
* @ license GNU AGPL version 3 or any later version
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation , either version 3 of the
* License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*
2018-01-15 14:32:11 +01:00
*/
2018-01-25 03:08:45 +01:00
2017-04-30 06:07:00 +02:00
use Friendica\App ;
2022-09-25 18:43:00 +02:00
use Friendica\Core\Logger ;
2022-04-09 13:58:01 +02:00
use Friendica\Core\System ;
2018-07-20 14:19:26 +02:00
use Friendica\Database\DBA ;
2020-01-19 16:29:55 +01:00
use Friendica\DI ;
2019-01-02 16:17:29 +01:00
use Friendica\Model\Attach ;
2019-01-07 05:49:13 +01:00
use Friendica\Model\User ;
2018-11-08 16:28:49 +01:00
use Friendica\Util\Strings ;
2017-04-30 06:07:00 +02:00
2022-09-25 18:15:28 +02:00
function wall_attach_post ( App $a )
{
$isJson = ( ! empty ( $_GET [ 'response' ]) && $_GET [ 'response' ] == 'json' );
2015-08-24 13:54:41 +02:00
2021-07-25 15:08:22 +02:00
if ( DI :: args () -> getArgc () > 1 ) {
$nick = DI :: args () -> getArgv ()[ 1 ];
2021-10-03 00:42:39 +02:00
$owner = User :: getOwnerDataByNick ( $nick );
if ( ! DBA :: isResult ( $owner )) {
2022-09-25 18:43:00 +02:00
Logger :: warning ( 'owner is not a valid record:' , [ 'owner' => $owner , 'nick' => $nick ]);
2022-09-25 18:15:28 +02:00
if ( $isJson ) {
2022-04-09 13:58:01 +02:00
System :: jsonExit ([ 'error' => DI :: l10n () -> t ( 'Invalid request.' )]);
2016-11-14 18:49:51 +01:00
}
2011-05-25 07:40:52 +02:00
return ;
Cleanups: isResult() more used, readability improved (#5608)
* [diaspora]: Maybe SimpleXMLElement is the right type-hint?
* Changes proposed + pre-renaming:
- pre-renamed $db -> $connection
- added TODOs for not allowing bad method invocations (there is a
BadMethodCallException in SPL)
* If no record is found, below $r[0] will fail with a E_NOTICE and the code
doesn't behave as expected.
* Ops, one more left ...
* Continued:
- added documentation for Contact::updateSslPolicy() method
- added type-hint for $contact of same method
- empty lines added + TODO where the bug origins that $item has no element 'body'
* Added empty lines for better readability
* Cleaned up:
- no more x() (deprecated) usage but empty() instead
- fixed mixing of space/tab indending
- merged else/if block goether in elseif() (lesser nested code blocks)
* Re-fixed DBM -> DBA switch
* Fixes/rewrites:
- use empty()/isset() instead of deprecated x()
- merged 2 nested if() blocks into one
- avoided nested if() block inside else block by rewriting it to elseif()
- $contact_id is an integer, let's test on > 0 here
- added a lot spaces and some empty lines for better readability
* Rewrite:
- moved all CONTACT_* constants from boot.php to Contact class
* CR request:
- renamed Contact::CONTACT_IS_* -> Contact::* ;-)
* Rewrites:
- moved PAGE_* to Friendica\Model\Profile class
- fixed mixure with "Contact::* rewrite"
* Ops, one still there (return is no function)
* Rewrite to Proxy class:
- introduced new Friendica\Network\Proxy class for in exchange of proxy_*()
functions
- moved also all PROXY_* constants there as Proxy::*
- removed now no longer needed mod/proxy.php loading as composer's auto-load
will do this for us
- renamed those proxy_*() functions to better names:
+ proxy_init() -> Proxy::init() (public)
+ proxy_url() -> Proxy::proxifyUrl() (public)
+ proxy_parse_html() -> Proxy::proxifyHtml() (public)
+ proxy_is_local_image() -> Proxy::isLocalImage() (private)
+ proxy_parse_query() -> Proxy::parseQuery() (private)
+ proxy_img_cb() -> Proxy::replaceUrl() (private)
* CR request:
- moved all PAGE_* constants to Friendica\Model\Contact class
- fixed all references of both classes
* Ops, need to set $a here ...
* CR request:
- moved Proxy class to Friendica\Module
- extended BaseModule
* Ops, no need for own instance of $a when self::getApp() is around.
* Proxy-rewrite:
- proxy_url() and proxy_parse_html() are both non-module functions (now
methods)
- so they must be splitted into a seperate class
- also the SIZE_* and DEFAULT_TIME constants are both not relevant to module
* No instances from utility classes
* Fixed error:
- proxify*() is now located in `Friendica\Util\ProxyUtils`
* Moved back to original place, ops? How did they move here? Well, it was not
intended by me.
* Removed duplicate (left-over from split) constants and static array. Thank to
MrPetovan finding it.
* Renamed ProxyUtils -> Proxy and aliased it back to ProxyUtils.
* Rewrite:
- stopped using deprecated NETWORK_* constants, now Protocol::* should be used
- still left them intact for slow/lazy developers ...
* Ops, was added accidentally ...
* Ops, why these wrong moves?
* Ops, one to much (thanks to MrPetovan)
* Ops, wrong moving ...
* moved back to original place ...
* spaces added
* empty lines add for better readability.
* convertered spaces -> tab for code indenting.
* CR request: Add space between if and brace.
* CR requests fixed + move reverted
- ops, src/Module/*.php has been moved to src/Network/ accidentally
- reverted some parts in src/Database/DBA.php as pointed out by Annando
- removed internal TODO items
- added some spaces for better readability
2018-08-24 07:05:49 +02:00
}
2015-08-24 13:54:41 +02:00
} else {
2022-09-25 18:43:00 +02:00
Logger :: warning ( 'Argument count is zero or one (invalid)' );
2022-09-25 18:15:28 +02:00
if ( $isJson ) {
2022-04-09 13:58:01 +02:00
System :: jsonExit ([ 'error' => DI :: l10n () -> t ( 'Invalid request.' )]);
2016-11-14 18:49:51 +01:00
}
Cleanups: isResult() more used, readability improved (#5608)
* [diaspora]: Maybe SimpleXMLElement is the right type-hint?
* Changes proposed + pre-renaming:
- pre-renamed $db -> $connection
- added TODOs for not allowing bad method invocations (there is a
BadMethodCallException in SPL)
* If no record is found, below $r[0] will fail with a E_NOTICE and the code
doesn't behave as expected.
* Ops, one more left ...
* Continued:
- added documentation for Contact::updateSslPolicy() method
- added type-hint for $contact of same method
- empty lines added + TODO where the bug origins that $item has no element 'body'
* Added empty lines for better readability
* Cleaned up:
- no more x() (deprecated) usage but empty() instead
- fixed mixing of space/tab indending
- merged else/if block goether in elseif() (lesser nested code blocks)
* Re-fixed DBM -> DBA switch
* Fixes/rewrites:
- use empty()/isset() instead of deprecated x()
- merged 2 nested if() blocks into one
- avoided nested if() block inside else block by rewriting it to elseif()
- $contact_id is an integer, let's test on > 0 here
- added a lot spaces and some empty lines for better readability
* Rewrite:
- moved all CONTACT_* constants from boot.php to Contact class
* CR request:
- renamed Contact::CONTACT_IS_* -> Contact::* ;-)
* Rewrites:
- moved PAGE_* to Friendica\Model\Profile class
- fixed mixure with "Contact::* rewrite"
* Ops, one still there (return is no function)
* Rewrite to Proxy class:
- introduced new Friendica\Network\Proxy class for in exchange of proxy_*()
functions
- moved also all PROXY_* constants there as Proxy::*
- removed now no longer needed mod/proxy.php loading as composer's auto-load
will do this for us
- renamed those proxy_*() functions to better names:
+ proxy_init() -> Proxy::init() (public)
+ proxy_url() -> Proxy::proxifyUrl() (public)
+ proxy_parse_html() -> Proxy::proxifyHtml() (public)
+ proxy_is_local_image() -> Proxy::isLocalImage() (private)
+ proxy_parse_query() -> Proxy::parseQuery() (private)
+ proxy_img_cb() -> Proxy::replaceUrl() (private)
* CR request:
- moved all PAGE_* constants to Friendica\Model\Contact class
- fixed all references of both classes
* Ops, need to set $a here ...
* CR request:
- moved Proxy class to Friendica\Module
- extended BaseModule
* Ops, no need for own instance of $a when self::getApp() is around.
* Proxy-rewrite:
- proxy_url() and proxy_parse_html() are both non-module functions (now
methods)
- so they must be splitted into a seperate class
- also the SIZE_* and DEFAULT_TIME constants are both not relevant to module
* No instances from utility classes
* Fixed error:
- proxify*() is now located in `Friendica\Util\ProxyUtils`
* Moved back to original place, ops? How did they move here? Well, it was not
intended by me.
* Removed duplicate (left-over from split) constants and static array. Thank to
MrPetovan finding it.
* Renamed ProxyUtils -> Proxy and aliased it back to ProxyUtils.
* Rewrite:
- stopped using deprecated NETWORK_* constants, now Protocol::* should be used
- still left them intact for slow/lazy developers ...
* Ops, was added accidentally ...
* Ops, why these wrong moves?
* Ops, one to much (thanks to MrPetovan)
* Ops, wrong moving ...
* moved back to original place ...
* spaces added
* empty lines add for better readability.
* convertered spaces -> tab for code indenting.
* CR request: Add space between if and brace.
* CR requests fixed + move reverted
- ops, src/Module/*.php has been moved to src/Network/ accidentally
- reverted some parts in src/Database/DBA.php as pointed out by Annando
- removed internal TODO items
- added some spaces for better readability
2018-08-24 07:05:49 +02:00
2011-05-25 07:40:52 +02:00
return ;
2016-11-14 18:49:51 +01:00
}
2011-05-25 07:40:52 +02:00
$can_post = false ;
2021-10-03 00:42:39 +02:00
$page_owner_uid = $owner [ 'uid' ];
$page_owner_cid = $owner [ 'id' ];
$community_page = $owner [ 'page-flags' ] == User :: PAGE_FLAGS_COMMUNITY ;
2011-05-25 07:40:52 +02:00
2022-10-20 21:02:49 +02:00
if ( DI :: userSession () -> getLocalUserId () && ( DI :: userSession () -> getLocalUserId () == $page_owner_uid )) {
2011-05-25 07:40:52 +02:00
$can_post = true ;
2022-10-20 21:02:49 +02:00
} elseif ( $community_page && ! empty ( DI :: userSession () -> getRemoteContactID ( $page_owner_uid ))) {
$contact_id = DI :: userSession () -> getRemoteContactID ( $page_owner_uid );
2021-10-03 00:42:39 +02:00
$can_post = DBA :: exists ( 'contact' , [ 'blocked' => false , 'pending' => false , 'id' => $contact_id , 'uid' => $page_owner_uid ]);
2011-05-25 07:40:52 +02:00
}
Cleanups: isResult() more used, readability improved (#5608)
* [diaspora]: Maybe SimpleXMLElement is the right type-hint?
* Changes proposed + pre-renaming:
- pre-renamed $db -> $connection
- added TODOs for not allowing bad method invocations (there is a
BadMethodCallException in SPL)
* If no record is found, below $r[0] will fail with a E_NOTICE and the code
doesn't behave as expected.
* Ops, one more left ...
* Continued:
- added documentation for Contact::updateSslPolicy() method
- added type-hint for $contact of same method
- empty lines added + TODO where the bug origins that $item has no element 'body'
* Added empty lines for better readability
* Cleaned up:
- no more x() (deprecated) usage but empty() instead
- fixed mixing of space/tab indending
- merged else/if block goether in elseif() (lesser nested code blocks)
* Re-fixed DBM -> DBA switch
* Fixes/rewrites:
- use empty()/isset() instead of deprecated x()
- merged 2 nested if() blocks into one
- avoided nested if() block inside else block by rewriting it to elseif()
- $contact_id is an integer, let's test on > 0 here
- added a lot spaces and some empty lines for better readability
* Rewrite:
- moved all CONTACT_* constants from boot.php to Contact class
* CR request:
- renamed Contact::CONTACT_IS_* -> Contact::* ;-)
* Rewrites:
- moved PAGE_* to Friendica\Model\Profile class
- fixed mixure with "Contact::* rewrite"
* Ops, one still there (return is no function)
* Rewrite to Proxy class:
- introduced new Friendica\Network\Proxy class for in exchange of proxy_*()
functions
- moved also all PROXY_* constants there as Proxy::*
- removed now no longer needed mod/proxy.php loading as composer's auto-load
will do this for us
- renamed those proxy_*() functions to better names:
+ proxy_init() -> Proxy::init() (public)
+ proxy_url() -> Proxy::proxifyUrl() (public)
+ proxy_parse_html() -> Proxy::proxifyHtml() (public)
+ proxy_is_local_image() -> Proxy::isLocalImage() (private)
+ proxy_parse_query() -> Proxy::parseQuery() (private)
+ proxy_img_cb() -> Proxy::replaceUrl() (private)
* CR request:
- moved all PAGE_* constants to Friendica\Model\Contact class
- fixed all references of both classes
* Ops, need to set $a here ...
* CR request:
- moved Proxy class to Friendica\Module
- extended BaseModule
* Ops, no need for own instance of $a when self::getApp() is around.
* Proxy-rewrite:
- proxy_url() and proxy_parse_html() are both non-module functions (now
methods)
- so they must be splitted into a seperate class
- also the SIZE_* and DEFAULT_TIME constants are both not relevant to module
* No instances from utility classes
* Fixed error:
- proxify*() is now located in `Friendica\Util\ProxyUtils`
* Moved back to original place, ops? How did they move here? Well, it was not
intended by me.
* Removed duplicate (left-over from split) constants and static array. Thank to
MrPetovan finding it.
* Renamed ProxyUtils -> Proxy and aliased it back to ProxyUtils.
* Rewrite:
- stopped using deprecated NETWORK_* constants, now Protocol::* should be used
- still left them intact for slow/lazy developers ...
* Ops, was added accidentally ...
* Ops, why these wrong moves?
* Ops, one to much (thanks to MrPetovan)
* Ops, wrong moving ...
* moved back to original place ...
* spaces added
* empty lines add for better readability.
* convertered spaces -> tab for code indenting.
* CR request: Add space between if and brace.
* CR requests fixed + move reverted
- ops, src/Module/*.php has been moved to src/Network/ accidentally
- reverted some parts in src/Database/DBA.php as pointed out by Annando
- removed internal TODO items
- added some spaces for better readability
2018-08-24 07:05:49 +02:00
2019-09-26 00:24:17 +02:00
if ( ! $can_post ) {
2022-09-25 18:43:00 +02:00
Logger :: warning ( 'User does not have required permissions' , [ 'contact_id' => $contact_id , 'page_owner_uid' => $page_owner_uid ]);
2022-09-25 18:15:28 +02:00
if ( $isJson ) {
2022-04-09 13:58:01 +02:00
System :: jsonExit ([ 'error' => DI :: l10n () -> t ( 'Permission denied.' )]);
2016-11-14 18:49:51 +01:00
}
2022-10-18 14:29:50 +02:00
DI :: sysmsg () -> addNotice ( DI :: l10n () -> t ( 'Permission denied.' ));
2022-05-18 04:13:54 +02:00
System :: exit ();
2011-05-25 07:40:52 +02:00
}
2018-11-30 15:06:22 +01:00
if ( empty ( $_FILES [ 'userfile' ])) {
2022-09-25 18:43:00 +02:00
Logger :: warning ( 'No file uploaded (empty userfile)' );
2022-09-25 18:15:28 +02:00
if ( $isJson ) {
2022-04-09 13:58:01 +02:00
System :: jsonExit ([ 'error' => DI :: l10n () -> t ( 'Invalid request.' )]);
2016-11-14 18:49:51 +01:00
}
2022-05-18 04:13:54 +02:00
System :: exit ();
2015-08-24 13:54:41 +02:00
}
2011-05-25 07:40:52 +02:00
2022-09-25 18:15:28 +02:00
$tempFileName = $_FILES [ 'userfile' ][ 'tmp_name' ];
$fileName = basename ( $_FILES [ 'userfile' ][ 'name' ]);
$fileSize = intval ( $_FILES [ 'userfile' ][ 'size' ]);
$maxFileSize = DI :: config () -> get ( 'system' , 'maxfilesize' );
2011-05-25 07:40:52 +02:00
2022-09-25 18:15:28 +02:00
/*
* Found html code written in text field of form , when trying to upload a
* file with filesize greater than upload_max_filesize . Cause is unknown .
2014-04-23 20:22:53 +02:00
* Then Filesize gets <= 0.
*/
2022-09-25 18:15:28 +02:00
if ( $fileSize <= 0 ) {
$msg = DI :: l10n () -> t ( 'Sorry, maybe your upload is bigger than the PHP configuration allows' ) . '<br />' . ( DI :: l10n () -> t ( 'Or - did you try to upload an empty file?' ));
2022-09-25 18:43:00 +02:00
Logger :: warning ( $msg , [ 'fileSize' => $fileSize ]);
2022-09-25 18:15:28 +02:00
@ unlink ( $tempFileName );
if ( $isJson ) {
2022-04-09 13:58:01 +02:00
System :: jsonExit ([ 'error' => $msg ]);
2015-08-24 13:54:41 +02:00
} else {
2022-10-17 20:55:22 +02:00
DI :: sysmsg () -> addNotice ( $msg );
2015-08-24 13:54:41 +02:00
}
2022-05-18 04:13:54 +02:00
System :: exit ();
2014-04-23 20:22:53 +02:00
}
2022-09-25 18:15:28 +02:00
if ( $maxFileSize && $fileSize > $maxFileSize ) {
$msg = DI :: l10n () -> t ( 'File exceeds size limit of %s' , Strings :: formatBytes ( $maxFileSize ));
2022-09-25 18:43:00 +02:00
Logger :: warning ( $msg , [ 'fileSize' => $fileSize ]);
2022-09-25 18:15:28 +02:00
@ unlink ( $tempFileName );
if ( $isJson ) {
2022-04-09 13:58:01 +02:00
System :: jsonExit ([ 'error' => $msg ]);
2015-08-24 13:54:41 +02:00
} else {
2022-10-18 14:29:50 +02:00
echo $msg . '<br />' ;
2015-08-24 13:54:41 +02:00
}
2022-05-18 04:13:54 +02:00
System :: exit ();
2011-05-25 07:40:52 +02:00
}
2022-09-25 18:15:28 +02:00
$newid = Attach :: storeFile ( $tempFileName , $page_owner_uid , $fileName , '<' . $page_owner_cid . '>' );
2011-05-25 07:40:52 +02:00
2022-09-25 18:15:28 +02:00
@ unlink ( $tempFileName );
2011-05-25 07:40:52 +02:00
2019-01-02 16:17:29 +01:00
if ( $newid === false ) {
2020-01-18 20:52:34 +01:00
$msg = DI :: l10n () -> t ( 'File upload failed.' );
2022-09-25 18:43:00 +02:00
Logger :: warning ( $msg );
2022-09-25 18:15:28 +02:00
if ( $isJson ) {
2022-04-09 13:58:01 +02:00
System :: jsonExit ([ 'error' => $msg ]);
2015-08-24 13:54:41 +02:00
} else {
2022-10-18 14:29:50 +02:00
echo $msg . '<br />' ;
2015-08-24 13:54:41 +02:00
}
2022-05-18 04:13:54 +02:00
System :: exit ();
2011-05-25 07:40:52 +02:00
}
2022-09-25 18:15:28 +02:00
if ( $isJson ) {
2022-04-09 13:58:01 +02:00
System :: jsonExit ([ 'ok' => true , 'id' => $newid ]);
2016-11-14 18:49:51 +01:00
}
2015-08-24 13:54:41 +02:00
2012-12-03 10:05:10 +01:00
$lf = " \n " ;
2012-04-17 15:11:41 +02:00
2019-01-02 16:17:29 +01:00
echo $lf . $lf . '[attachment]' . $newid . '[/attachment]' . $lf ;
2022-05-18 04:13:54 +02:00
System :: exit ();
2011-05-25 07:40:52 +02:00
// NOTREACHED
}