summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/controllers/file.php26
-rw-r--r--application/models/file_mod.php29
-rw-r--r--application/models/muser.php12
3 files changed, 59 insertions, 8 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php
index cb10e9e2f..152e6a011 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -210,8 +210,6 @@ class File extends CI_Controller {
// Handle pastes
function do_paste()
{
- $this->muser->require_access();
-
$content = $this->input->post("content");
$filesize = strlen($content);
$filename = "stdin";
@@ -243,14 +241,12 @@ class File extends CI_Controller {
file_put_contents($file, $content);
chmod($file, 0600);
$this->file_mod->add_file($hash, $id, $filename);
- $this->file_mod->show_url($id, $extension);
+ $this->file_mod->show_url($id, false);
}
// Handles uploaded files
function do_upload()
{
- $this->muser->require_access();
-
$extension = $this->input->post('extension');
if(!isset($_FILES['file']) || $_FILES['file']['error'] !== 0) {
$this->output->set_status_header(400);
@@ -307,6 +303,26 @@ class File extends CI_Controller {
$this->file_mod->show_url($id, $extension);
}
+ function claim_id()
+ {
+ $this->muser->require_access();
+
+ $last_upload = $this->session->userdata("last_upload");
+ $id = $last_upload["id"];
+
+ $filedata = $this->file_mod->get_filedata($id);
+
+ if ($filedata["owner"] != 0) {
+ show_error("Someone already owns '$id', can't reassign.");
+ }
+
+ $this->file_mod->adopt($id);
+
+ $this->session->unset_userdata("last_upload");
+
+ $this->file_mod->show_url($id, $last_upload["mode"]);
+ }
+
/* Functions below this comment can only be run via the CLI
* `php index.php file <function name>`
*/
diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index 26d384fa9..e65529971 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -83,8 +83,6 @@ class File_mod extends CI_Model {
// TODO: Should only update not insert; see new_id()
function add_file($hash, $id, $filename)
{
- $this->muser->require_access();
-
$userid = $this->muser->get_userid();
$mimetype = exec("perl ".FCPATH.'scripts/mimetype '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash)));
@@ -95,10 +93,31 @@ class File_mod extends CI_Model {
array($hash, $id, $filename, $userid, time(), $mimetype, $filesize));
}
+ function adopt($id)
+ {
+ $userid = $this->muser->get_userid();
+
+ $this->db->query("
+ UPDATE files
+ SET user = ?
+ WHERE id = ?
+ ", array($userid, $id));
+ }
+
function show_url($id, $mode)
{
$redirect = false;
+ if (!$this->muser->logged_in()) {
+ // keep the upload but require the user to login
+ $this->session->set_userdata("last_upload", array(
+ "id" => $id,
+ "mode" => $mode
+ ));
+ $this->session->set_flashdata("uri", "file/claim_id");
+ $this->muser->require_access();
+ }
+
if ($mode) {
$this->data['url'] = site_url($id).'/'.$mode;
} else {
@@ -191,6 +210,12 @@ class File_mod extends CI_Model {
return;
}
+ // don't allow unowned files to be downloaded
+ if ($filedata["user"] == 0) {
+ $this->non_existent();
+ return;
+ }
+
// MODIFIED SINCE SUPPORT -- START
// helps to keep traffic low when reloading
$etag = strtolower($filedata["hash"]."-".$filedata["date"]);
diff --git a/application/models/muser.php b/application/models/muser.php
index 532fdeb1a..169182c46 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -47,11 +47,19 @@ class Muser extends CI_Model {
function get_username()
{
+ if (!$this->logged_in()) {
+ return "";
+ }
+
return $this->session->userdata('username');
}
function get_userid()
{
+ if (!$this->logged_in()) {
+ return 0;
+ }
+
$query = $this->db->query("
SELECT id
FROM users
@@ -69,7 +77,9 @@ class Muser extends CI_Model {
echo "FileBin requires you to have an account, please go to the homepage for more information.\n";
exit();
} else {
- $this->session->set_flashdata("uri", $this->uri->uri_string());
+ if (!$this->session->userdata("flash:new:uri")) {
+ $this->session->set_flashdata("uri", $this->uri->uri_string());
+ }
redirect('user/login');
}
}