diff --git a/boot.php b/boot.php
index 03689bde4..491c182fa 100644
--- a/boot.php
+++ b/boot.php
@@ -6,7 +6,7 @@ ini_set('pcre.backtrack_limit', 250000);
define ( 'FRIENDIKA_VERSION', '2.2.990' );
define ( 'DFRN_PROTOCOL_VERSION', '2.21' );
-define ( 'DB_UPDATE_VERSION', 1056 );
+define ( 'DB_UPDATE_VERSION', 1057 );
define ( 'EOL', "
\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
diff --git a/database.sql b/database.sql
index d9cd016f0..6f4704a22 100644
--- a/database.sql
+++ b/database.sql
@@ -527,6 +527,7 @@ CREATE TABLE IF NOT EXISTS `mailacct` (
CREATE TABLE IF NOT EXISTS `attach` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`uid` INT NOT NULL ,
+`hash` CHAR(64) NOT NULL,
`filetype` CHAR( 64 ) NOT NULL ,
`filesize` INT NOT NULL ,
`data` LONGBLOB NOT NULL ,
diff --git a/include/attach.php b/include/attach.php
new file mode 100644
index 000000000..ca53081d9
--- /dev/null
+++ b/include/attach.php
@@ -0,0 +1,80 @@
+ 'text/plain',
+ 'htm' => 'text/html',
+ 'html' => 'text/html',
+ 'php' => 'text/html',
+ 'css' => 'text/css',
+ 'js' => 'application/javascript',
+ 'json' => 'application/json',
+ 'xml' => 'application/xml',
+ 'swf' => 'application/x-shockwave-flash',
+ 'flv' => 'video/x-flv',
+
+ // images
+ 'png' => 'image/png',
+ 'jpe' => 'image/jpeg',
+ 'jpeg' => 'image/jpeg',
+ 'jpg' => 'image/jpeg',
+ 'gif' => 'image/gif',
+ 'bmp' => 'image/bmp',
+ 'ico' => 'image/vnd.microsoft.icon',
+ 'tiff' => 'image/tiff',
+ 'tif' => 'image/tiff',
+ 'svg' => 'image/svg+xml',
+ 'svgz' => 'image/svg+xml',
+
+ // archives
+ 'zip' => 'application/zip',
+ 'rar' => 'application/x-rar-compressed',
+ 'exe' => 'application/x-msdownload',
+ 'msi' => 'application/x-msdownload',
+ 'cab' => 'application/vnd.ms-cab-compressed',
+
+ // audio/video
+ 'mp3' => 'audio/mpeg',
+ 'qt' => 'video/quicktime',
+ 'mov' => 'video/quicktime',
+ 'ogg' => 'application/ogg',
+
+ // adobe
+ 'pdf' => 'application/pdf',
+ 'psd' => 'image/vnd.adobe.photoshop',
+ 'ai' => 'application/postscript',
+ 'eps' => 'application/postscript',
+ 'ps' => 'application/postscript',
+
+ // ms office
+ 'doc' => 'application/msword',
+ 'rtf' => 'application/rtf',
+ 'xls' => 'application/vnd.ms-excel',
+ 'ppt' => 'application/vnd.ms-powerpoint',
+
+
+ // open office
+ 'odt' => 'application/vnd.oasis.opendocument.text',
+ 'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
+ );
+
+ if(strpos($filename,'.') !== false) {
+ $ext = strtolower(array_pop(explode('.',$filename)));
+ if (array_key_exists($ext, $mime_types)) {
+ return $mime_types[$ext];
+ }
+ }
+ elseif (function_exists('finfo_open')) {
+ $finfo = finfo_open(FILEINFO_MIME);
+ $mimetype = finfo_file($finfo, $filename);
+ finfo_close($finfo);
+ return $mimetype;
+ }
+ else {
+ return 'application/octet-stream';
+ }
+}}
+
diff --git a/mod/wall_attach.php b/mod/wall_attach.php
new file mode 100644
index 000000000..b539171cf
--- /dev/null
+++ b/mod/wall_attach.php
@@ -0,0 +1,105 @@
+argc > 1) {
+ $nick = $a->argv[1];
+ $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
+ dbesc($nick)
+ );
+ if(! count($r))
+ return;
+
+ }
+ else
+ return;
+
+ $can_post = false;
+ $visitor = 0;
+
+ $page_owner_uid = $r[0]['uid'];
+ $page_owner_nick = $r[0]['nickname'];
+ $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
+
+ if((local_user()) && (local_user() == $page_owner_uid))
+ $can_post = true;
+ else {
+ if($community_page && remote_user()) {
+ $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
+ intval(remote_user()),
+ intval($page_owner_uid)
+ );
+ if(count($r)) {
+ $can_post = true;
+ $visitor = remote_user();
+ }
+ }
+ }
+
+ if(! $can_post) {
+ notice( t('Permission denied.') . EOL );
+ killme();
+ }
+
+ if(! x($_FILES,'userfile'))
+ killme();
+
+ $src = $_FILES['userfile']['tmp_name'];
+ $filename = basename($_FILES['userfile']['name']);
+ $filesize = intval($_FILES['userfile']['size']);
+
+ $maxfilesize = get_config('system','maxfilesize');
+
+ if(($maxfilesize) && ($filesize > $maxfilesize)) {
+ notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
+ @unlink($src);
+ return;
+ }
+
+ $filedata = @file_get_contents($src);
+
+ $mimetype = mime_content_type($src);
+ $hash = random_string();
+ $created = datetime_convert();
+dbg(1);
+ $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
+ VALUES ( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+ intval($page_owner_uid),
+ dbesc($hash),
+ dbesc($mimetype),
+ intval($filesize),
+ dbesc($filedata),
+ dbesc($created),
+ dbesc($created),
+ dbesc('<' . $page_owner_uid . '>'),
+ dbesc(''),
+ dbesc(''),
+ dbesc('')
+ );
+
+ @unlink($src);
+
+ if(! $r) {
+ echo ( t('File upload failed.') . EOL);
+ killme();
+ }
+
+ $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
+ intval($page_owner_uid),
+ dbesc($created),
+ dbesc($hash)
+ );
+
+ if(! count($r)) {
+ echo ( t('File upload failed.') . EOL);
+ killme();
+ }
+
+ echo '
[attachment]' . $r[0]['id'] . '[/attachment]' . '
';
+
+ killme();
+ // NOTREACHED
+}
diff --git a/mod/wall_upload.php b/mod/wall_upload.php
index f7638b730..bd6b80562 100644
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -53,7 +53,7 @@ function wall_upload_post(&$a) {
$maximagesize = get_config('system','maximagesize');
if(($maximagesize) && ($filesize > $maximagesize)) {
- notice( sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL);
+ echo sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL;
@unlink($src);
return;
}
diff --git a/update.php b/update.php
index 603b93b63..cf2c763fd 100644
--- a/update.php
+++ b/update.php
@@ -486,4 +486,9 @@ function update_1054() {
function update_1055() {
q("ALTER TABLE `profile` ADD `hidewall` TINYINT( 1 ) NOT NULL DEFAULT '0' AFTER `hide-friends` ");
-}
\ No newline at end of file
+}
+
+function update_1056() {
+ q("ALTER TABLE `attach` ADD `hash` CHAR( 64 ) NOT NULL AFTER `uid` ");
+}
+
diff --git a/view/jot-header.tpl b/view/jot-header.tpl
index 3057618b2..77e5bc4bc 100644
--- a/view/jot-header.tpl
+++ b/view/jot-header.tpl
@@ -79,6 +79,18 @@ tinyMCE.init({
}
}
);
+ var file_uploader = new window.AjaxUpload(
+ 'wall-file-upload',
+ { action: 'wall_attach/$nickname',
+ name: 'userfile',
+ onSubmit: function(file,ext) { $('#profile-rotator').show(); },
+ onComplete: function(file,response) {
+ tinyMCE.execCommand('mceInsertRawHTML',false,response);
+ $('#profile-rotator').hide();
+ }
+ }
+ );
+
$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
var selstr;
$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {
diff --git a/view/jot.tpl b/view/jot.tpl
index 0c9883b11..e2dd6d960 100644
--- a/view/jot.tpl
+++ b/view/jot.tpl
@@ -23,6 +23,10 @@