File: ItemAddFromServer.inc
<?php /* * Gallery - a web based photo album viewer and editor * Copyright (C) 2000-2007 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at * your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ /** * This plugin will handle the addition of an items from the server filesystem. * @package ItemAdd * @subpackage UserInterface * @author Bharat Mediratta <bharat@menalto.com> * @version $Revision: 15513 $ */ class ItemAddFromServer extends ItemAddPlugin { /** * @see ItemAddPlugin::isAppropriate */ function isAppropriate() { list ($ret, $param) = GalleryCoreApi::getPluginParameter('module', 'itemadd', 'fromserver'); if ($ret) { return array($ret, null); } if ($param == 'admin') { list ($ret, $isAdmin) = GalleryCoreApi::isUserInSiteAdminGroup(); if ($ret) { return array($ret, null); } $param = $isAdmin ? 'on' : 'off'; } return array(null, $param == 'on'); } /** * @see ItemAddPlugin::handleRequest */ function handleRequest($form, &$item) { global $gallery; $this->_platform =& $gallery->getPlatform(); $this->_dirSep = $this->_platform->getDirectorySeparator(); $status = $error = array(); if (isset($form['action']['addFromLocalServer']) && (!empty($form['localServerFiles']) || !empty($form['localServerDirectories']))) { /* Add the selected items */ $textFields = array( 'title' => (isset($form['set']['title'])) ? 1 : 0, 'summary' => (isset($form['set']['summary'])) ? 1 : 0, 'description' => (isset($form['set']['description'])) ? 1 : 0); /* * See loadTemplate: the input is in UTF-8, * the filesystem needs the path in the system charset */ $dir = GalleryCoreApi::convertFromUtf8($form['localServerPath']); GalleryUtilities::unsanitizeInputValues($dir, false); /* We need the localServerDirList only in the system charset */ list ($ret, $unused, $localServerDirList) = $this->fetchLocalServerDirList(); if ($ret) { return array($ret, null, null); } if (!GalleryUtilities::isPathInList($dir, $localServerDirList)) { return array(GalleryCoreApi::error(ERROR_BAD_PARAMETER), null, null); } if ($dir{strlen($dir)-1} != $this->_dirSep) { $dir .= $this->_dirSep; } list ($ret, $lockId) = GalleryCoreApi::acquireReadLock($item->getId()); if ($ret) { return array($ret, null, null); } if (!empty($form['localServerFiles'])) { foreach ($form['localServerFiles'] as $fileKey => $data) { if (!isset($data['selected'])) { continue; } $useSymlink = isset($data['useSymlink']); $file = $dir . urldecode($fileKey); if (!GalleryUtilities::isPathInList(dirname($file), $localServerDirList)) { /* Ensure malformed input like fileKey = ../foo doesn't work */ continue; } $ret = $this->addItem($item->getId(), $file, $useSymlink, $textFields, $status, $error); if ($ret) { GalleryCoreApi::releaseLocks($lockId); return array($ret, null, null); } } } if (!empty($form['localServerDirectories'])) { $this->_localServerDirList = $localServerDirList; /* Make sure we have permission to add subalbums */ $ret = GalleryCoreApi::assertHasItemPermission($item->getId(), 'core.addAlbumItem'); if ($ret) { GalleryCoreApi::releaseLocks($lockId); return array($ret, null, null); } foreach ($form['localServerDirectories'] as $directory => $data) { /* Skip current or parent directory entries */ if (!isset($data['selected']) || $directory == "." || $directory == "..") { continue; } $useSymlink = isset($data['useSymlink']); list ($ret, $albumId) = $this->addDirectory($item->getId(), $dir . urldecode($directory), $useSymlink, $textFields, $status, $error); if ($ret) { GalleryCoreApi::releaseLocks($lockId); return array($ret, null, null); } if ($albumId) { $ret = $this->processDirectory($albumId, $dir . urldecode($directory), $useSymlink, $textFields, $status, $error); if ($ret) { GalleryCoreApi::releaseLocks($lockId); return array($ret, null, null); } } } } $ret = GalleryCoreApi::releaseLocks($lockId); if ($ret) { return array($ret, null, null); } } return array(null, $error, $status); } function addItem($parentId, $file, $useSymlink, $textFields, &$status, &$error) { $fileName = basename($file); list ($base, $extension) = GalleryUtilities::getFileNameComponents($fileName); list ($ret, $mimeType) = GalleryCoreApi::convertExtensionToMime($extension); if ($ret) { return $ret; } $base = GalleryCoreApi::convertToUtf8($base); GalleryUtilities::sanitizeInputValues($base); $title = ($textFields['title']) ? $base : ''; $summary = ($textFields['summary']) ? $base : ''; $description = ($textFields['description']) ? $base : ''; list ($ret, $newItem) = GalleryCoreApi::addItemToAlbum($file, $fileName, $title, $summary, $description, $mimeType, $parentId, $useSymlink); if ($ret) { return $ret; } $status['addedFiles'][] = array('fileName' => GalleryCoreApi::convertToUtf8($fileName), 'id' => $newItem->getId(), 'warnings' => array()); return null; } /** @return array object GalleryStatus, mixed id of new album or false */ function addDirectory($parentId, $path, $useSymlink, $textFields, &$status, &$error) { global $gallery; if (!GalleryUtilities::isPathInList($path, $this->_localServerDirList) || GalleryUtilities::isPathInList($path, array($gallery->getConfig('data.gallery.albums')))) { /* * Silently skip directory if a symlink jumped us outside the approved * directory list or we are trying to add from our own g2data albums. * Also protects against malformed form input like directory = ../foo */ return array(null, false); } /* Create new Album */ $dirName = basename($path); $dirNameUtf8 = GalleryCoreApi::convertToUtf8($dirName); $dirTitle = $textFields['title'] ? $dirNameUtf8 : null; $dirSummary = $textFields['summary'] ? $dirNameUtf8 : null; $dirDescription = $textFields['description'] ? $dirNameUtf8 : null; list ($ret, $album) = GalleryCoreApi::createAlbum($parentId, $dirName, $dirTitle, $dirSummary, $dirDescription, ""); if ($ret) { if ($ret->getErrorCode() & ERROR_COLLISION) { $error[] = 'form[error][pathComponent][collision]'; return array(null, false); } else { return array($ret, null); } } if (!isset($album)) { return array(GalleryCoreApi::error(ERROR_MISSING_OBJECT), null); } $ret = GalleryCoreApi::addUserPermission($album->getId(), $album->getOwnerId(), 'core.all', false); if ($ret) { return array($ret, null); } return array(null, $album->getId()); } function processDirectory($albumId, $path, $useSymlink, $textFields, &$status, &$error) { global $gallery; list ($ret, $lockId) = GalleryCoreApi::acquireReadLock($albumId); if ($ret) { return $ret; } /* Look into the directory, add anything we find */ $dirList = $albumList = array(); $handle = $this->_platform->opendir($path); while (($fileName = $this->_platform->readdir($handle)) !== false) { if ($fileName == '.' || $fileName == '..' || $fileName == '.svn') { continue; } $dirList[] = $fileName; } $this->_platform->closedir($handle); sort($dirList); foreach ($dirList as $fileName) { $gallery->guaranteeTimeLimit(30); $filePath = $path . $this->_dirSep . $fileName; if ($this->_platform->is_readable($filePath)) { if ($this->_platform->is_dir($filePath)) { list ($ret, $newAlbumId) = $this->addDirectory($albumId, $filePath, $useSymlink, $textFields, $status, $error); if ($ret) { GalleryCoreApi::releaseLocks($lockId); return $ret; } if ($newAlbumId) { $albumList[$newAlbumId] = $filePath; } } else { $ret = $this->addItem($albumId, $filePath, $useSymlink, $textFields, $status, $error); if ($ret) { GalleryCoreApi::releaseLocks($lockId); return $ret; } } if (!empty($error)) { /* Bail out if an error has occurred */ break; } } } $ret = GalleryCoreApi::releaseLocks($lockId); if ($ret) { return $ret; } foreach ($albumList as $newAlbumId => $filePath) { $ret = $this->processDirectory($newAlbumId, $filePath, $useSymlink, $textFields, $status, $error); if ($ret) { return $ret; } if (!empty($error)) { /* Bail out if an error has occurred */ break; } } return null; } /* * @return array (object GalleryStatus a status code, * array of UTF-8 strings localServerDirList, * array of system charset strings localServerDirList) */ function fetchLocalServerDirList() { list ($ret, $param) = GalleryCoreApi::fetchAllPluginParameters('module', 'itemadd'); if ($ret) { return array($ret, null, null); } $localServerDirList = array(); $localServerDirListInSystemCharset = array(); for ($i = 1; !empty($param['uploadLocalServer.dir.' . $i]); $i++) { $localServerDirList[] = $param['uploadLocalServer.dir.' . $i]; $localServerDirListInSystemCharset[] = GalleryCoreApi::convertFromUtf8($param['uploadLocalServer.dir.' . $i]); } return array(null, $localServerDirList, $localServerDirListInSystemCharset); } /** * @see ItemAdd:loadTemplate */ function loadTemplate(&$template, &$form, $item) { global $gallery; if ($form['formName'] != 'ItemAddFromServer') { /* First time around, load the form with item data */ $form['localServerPath'] = ''; $form['formName'] = 'ItemAddFromServer'; } list ($ret, $localServerDirList, $localServerDirListInSystemCharset) = $this->fetchLocalServerDirList(); if ($ret) { return array($ret, null, null); } /* Look up the platform type */ $platform =& $gallery->getPlatform(); $slash = $platform->getDirectorySeparator(); if (isset($form['action']['startOver'])) { $form['localServerFiles'] = array(); } else if (isset($form['action']['findFilesFromLocalServer'])) { /* If we're uploading from the local server, get a file list now */ $localServerPath = trim($form['localServerPath']); /* * All input is UTF-8, whether it comes from the browser or from the database. * When we use realpath, is_dir, opendir, readdir, .., we need the path in the system * charset and not in UTF-8. * Therefore, we use UTF-8 for everything (output, db input) but the filesystem * interactions. * $form['localServerPath'] is UTF-8, $localServerPath is in the system charset */ $localServerPath = GalleryCoreApi::convertFromUtf8($localServerPath); GalleryUtilities::unsanitizeInputValues($localServerPath, false); $localServerPath = $platform->realpath($localServerPath); $form['localServerPath'] = GalleryCoreApi::convertToUtf8($localServerPath); /* Validate the path */ $form['localServerFiles'] = array(); if (empty($localServerPath)) { $form['error']['localServerPath']['missing'] = 1; } else if (!$platform->file_exists($localServerPath) || !$platform->is_readable($localServerPath)) { $form['error']['localServerPath']['invalid'] = 1; } else if (!GalleryUtilities::isPathInList($localServerPath, $localServerDirListInSystemCharset)) { $form['error']['localServerPath']['illegal'] = 1; } else { $gallery->guaranteeTimeLimit(30); $path = $localServerPath; if ($platform->is_dir($path)) { $handle = $platform->opendir($path); $mimeTypeItemMap = array(); /* Add path to the recent path list */ $session =& $gallery->getSession(); $recentPaths = $session->get('itemadd.view.ItemAdd.ItemAddFromServer.recentPaths'); /* Use the UTF-8 string, recent paths is only for the output */ $recentPaths[$form['localServerPath']] = 1; $session->put('itemadd.view.ItemAdd.ItemAddFromServer.recentPaths', $recentPaths); while (($fileName = $platform->readdir($handle)) !== false) { if ($fileName == '.') { continue; } $filePath = $path . $slash . $fileName; if ($platform->is_readable($filePath)) { if ($platform->is_dir($filePath)) { $filePath = $platform->realpath($filePath); $legal = GalleryUtilities::isPathInList($filePath, $localServerDirListInSystemCharset); if (!$legal && $fileName == '..') { continue; } $form['localServerFiles'][] = array('type' => 'directory', 'fileName' => GalleryCoreApi::convertToUtf8($fileName), 'filePath' => GalleryCoreApi::convertToUtf8($filePath), 'fileKey' => urlencode($fileName), 'legal' => $legal, 'unknown' => false); } else { list ($ret, $mimeType) = GalleryCoreApi::getMimeType($fileName); if ($ret) { return array($ret, null, null); } if (!isset($mimeTypeItemMap[$mimeType])) { list ($ret, $mimeTypeItem) = GalleryCoreApi::newItemByMimeType($mimeType); if ($ret) { return array($ret, null, null); } /* Get localized and english names: */ $mimeTypeItem->setMimeType($mimeType); $mimeTypeItemMap[$mimeType] = array_merge($mimeTypeItem->itemTypeName(), $mimeTypeItem->itemTypeName(false)); } $form['localServerFiles'][] = array('type' => 'file', 'fileName' => GalleryCoreApi::convertToUtf8($fileName), 'stat' => $platform->stat($filePath), 'itemType' => $mimeTypeItemMap[$mimeType][0], 'unknown' => $mimeTypeItemMap[$mimeType][3] == 'unknown', 'fileKey' => urlencode($fileName)); } } } $platform->closedir($handle); } else if ($platform->is_file($path) && !$platform->is_link($path)) { list ($ret, $mimeType) = GalleryCoreApi::getMimeType($path); if ($ret) { return array($ret, null, null); } list ($ret, $mimeTypeItem) = GalleryCoreApi::newItemByMimeType($mimeType); if ($ret) { return array($ret, null, null); } $mimeTypeItem->setMimeType($mimeType); $mimeTypeItemName = array_merge($mimeTypeItem->itemTypeName(), $mimeTypeItem->itemTypeName(false)); $fileName = basename($path); $form['localServerFiles'][] = array('type' => 'file', 'fileName' => GalleryCoreApi::convertToUtf8($fileName), 'stat' => $platform->stat($path), 'itemType' => $mimeTypeItemName[0], 'unknown' => $mimeTypeItemName[3] == 'unknown', 'fileKey' => urlencode($fileName)); /* Change localServerPath from file path to parent dir */ $form['localServerPath'] = GalleryCoreApi::convertToUtf8(dirname($path)); } } } /* Do we have permission to add subalbums */ list ($ret, $canAddAlbum) = GalleryCoreApi::hasItemPermission($item->getId(), 'core.addAlbumItem'); if ($ret) { return array($ret, null, null); } $ItemAddFromServer = array('pathSeparator' => $slash, 'localServerDirList' => $localServerDirList, 'localServerFileCount' => isset($localServerFileCount) ? $localServerFileCount : null, 'canAddAlbum' => $canAddAlbum); if (!empty($form['localServerFiles'])) { usort($form['localServerFiles'], array($this, '_sortFiles')); $accumulator = ''; foreach ($platform->splitPath($form['localServerPath']) as $element) { $accumulator .= $element; $ItemAddFromServer['pathElements'][] = array( 'name' => $element, 'path' => $accumulator, 'legal' => GalleryUtilities::isPathInList( GalleryCoreApi::convertFromUtf8($accumulator), $localServerDirListInSystemCharset)); if (count($ItemAddFromServer['pathElements']) > 1) { $accumulator .= $slash; } } } $session =& $gallery->getSession(); $recentPaths = $session->get('itemadd.view.ItemAdd.ItemAddFromServer.recentPaths'); if (!isset($recentPaths)) { $recentPaths = array(); } $ItemAddFromServer['recentPaths'] = array_keys($recentPaths); /* * Set the ItemAdmin form's encoding type specially since legal paths may contain special * characters like ampersands (&) */ if ($template->hasVariable('ItemAdmin')) { $ItemAdmin =& $template->getVariableByReference('ItemAdmin'); $ItemAdmin['enctype'] = 'multipart/form-data'; } else { $ItemAdmin['enctype'] = 'multipart/form-data'; $template->setVariable('ItemAdmin', $ItemAdmin); } if (!isset($form['set'])) { $form['set'] = array('title' => 1, 'summary' => 0, 'description' => 0); } /* Do we want to allow symlinks? */ $ItemAddFromServer['showSymlink'] = $platform->isSymlinkSupported(); $template->setVariable('ItemAddFromServer', $ItemAddFromServer); return array(null, 'modules/itemadd/templates/ItemAddFromServer.tpl', 'modules_itemadd'); } /** * @see ItemAddPlugin::getTitle */ function getTitle() { list ($ret, $module) = GalleryCoreApi::loadPlugin('module', 'itemadd'); if ($ret) { return array($ret, null); } return array(null, $module->translate('From Local Server')); } /** * Sort directory listing.. directory, known types, unknowns. * @access private */ function _sortFiles($a, $b) { if (($a['type'] == 'directory' || $b['type'] == 'directory') && $a['type'] != $b['type']) { return ($a['type'] == 'directory') ? -1 : 1; } if (($a['unknown'] || $b['unknown']) && $a['unknown'] != $b['unknown']) { return $a['unknown'] ? 1 : -1; } return strcasecmp($a['fileName'], $b['fileName']); } } ?>