diff options
author | Florian Pritz <bluewind@xinu.at> | 2012-04-14 22:15:53 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2012-04-14 22:15:53 +0200 |
commit | e654a733b27f0435331dae44b31eff8ed152ebf6 (patch) | |
tree | 1652d3f2a2fbdfc8b4d60bb3dcc5019cc46e98f4 /application/controllers/file.php | |
parent | a63f771db1a3dd74eff6ec0eb65275fdfa1f4092 (diff) |
Allow to keep and reclaim uploads without being logged in
If a user keeps the browser open until his session expires and then
tries to upload something we now add it to the database, add the ID to
the new session and when someone logs in with that session the ID is
assigned. Until then even if you guess it correctly, you won't be able
to download it.
If the user still manages to let the 2nd session expire because he can't
find his password, the upload will be lost. Shit happens.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/controllers/file.php')
-rw-r--r-- | application/controllers/file.php | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php index cb10e9e2f..152e6a011 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -210,8 +210,6 @@ class File extends CI_Controller { // Handle pastes function do_paste() { - $this->muser->require_access(); - $content = $this->input->post("content"); $filesize = strlen($content); $filename = "stdin"; @@ -243,14 +241,12 @@ class File extends CI_Controller { file_put_contents($file, $content); chmod($file, 0600); $this->file_mod->add_file($hash, $id, $filename); - $this->file_mod->show_url($id, $extension); + $this->file_mod->show_url($id, false); } // Handles uploaded files function do_upload() { - $this->muser->require_access(); - $extension = $this->input->post('extension'); if(!isset($_FILES['file']) || $_FILES['file']['error'] !== 0) { $this->output->set_status_header(400); @@ -307,6 +303,26 @@ class File extends CI_Controller { $this->file_mod->show_url($id, $extension); } + function claim_id() + { + $this->muser->require_access(); + + $last_upload = $this->session->userdata("last_upload"); + $id = $last_upload["id"]; + + $filedata = $this->file_mod->get_filedata($id); + + if ($filedata["owner"] != 0) { + show_error("Someone already owns '$id', can't reassign."); + } + + $this->file_mod->adopt($id); + + $this->session->unset_userdata("last_upload"); + + $this->file_mod->show_url($id, $last_upload["mode"]); + } + /* Functions below this comment can only be run via the CLI * `php index.php file <function name>` */ |