summaryrefslogtreecommitdiffstats
path: root/application/controllers/file.php
AgeCommit message (Collapse)AuthorFilesLines
2013-10-22Update CSP header; change order to fix svg display in firefoxFlorian Pritz1-1/+1
Apparently firefox doesn't like "style-src * 'unsafe-inline'", but wants "style-src 'unsafe-inline' *" otherwise it doesn't honor 'unsafe-inline'. In chromium both behave the same. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-10-06Fix display error when redering markdownLukas Epple1-2/+4
Initial-patch-by: Lukas Epple <lukas.epple@me.com> Switch from <table> to <div> like we did for pygments. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-25Remove chmod on uploaded filesFlorian Pritz1-2/+0
It interferes with multiuser setups if you use X-Sendfile and it isn't really needed anyway because you can set an upload_path outside the docroot and because the default path is protected by an .htaccess file. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-23Implement rangeDownload() as driver and provide sendfile implementations for ↵Pierre Schmitz1-2/+4
Nginx and Lighttpd * The rangeDownload() function has been moved to libraries/Ddownload/drivers/Ddownload_php.php * The nginx and lighttpd drivers can be set via $config['download_driver'] Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2013-09-22Move user_logged_in check to controller constructorFlorian Pritz1-1/+0
TL;DR: Allows us to show a proper error page if encryption_key is missing from the config. muser->logged_in() can load the session class which will die if encryption_key is not set in the config causing an error to be displayed. Because the header is also loaded when we display an error loading the class will be tried again. CI maintains an array with information which classes have been tried to be loaded and will simply return true without loading again. muser->logged_in() will then try to access $this->session which doesn't exist. Since all of this happens when we are already in the header the error message appears in the navigation being hard to read. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Replace is_cli_client() with stateful_client where applicableFlorian Pritz1-4/+4
Stateless clients (cli client and clients using api keys) can't reclaim IDs (no cookie) so they should be required to log in asap and they will always get an error if they didn't log in. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Generalize request_type() to static_storage()Florian Pritz1-3/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02claim_id: Fix error when called directly without last_upload dataFlorian Pritz1-0/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Replace echo with show_error; misc cleanupFlorian Pritz1-9/+8
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Provide json output for api functionsFlorian Pritz1-29/+35
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-22Remove empty line after ansi2htmlFlorian Pritz1-4/+8
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-22Deduplicate initialisation code in controllersFlorian Pritz1-19/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-22Only determine latest client version when neededFlorian Pritz1-6/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-22Validate IDs when generating thumbnail historyFlorian Pritz1-0/+5
The thumbnail function generates an invalid image (HTML error message) if the ID is invalid resulting in empty images. Catch those when creating the page to prevent that. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-15Switch to CI's caching classFlorian Pritz1-3/+3
This supports more caching backends and doesn't force users to install the memcache extension. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-14Use python-ansi2html instead of cpan moduleFlorian Pritz1-14/+8
Way, way, way, way faster. Did I mention it is faster? Also we now have line numbers because we can. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-13Coding style fixesFlorian Pritz1-4/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-13remove caching code from historyFlorian Pritz1-61/+52
Simply enabling it again would cause breakage (json handling). Just get rid of it. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-11Add API key supportFlorian Pritz1-5/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-05Invert sorting order on thumbnail historyFlorian Pritz1-1/+1
Newest first to match the normal history's default. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-05Add history page with thumbnails of imagesFlorian Pritz1-0/+62
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-18Add json support to upload_historyFlorian Pritz1-0/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-18file/download: output html directly, don't use output classFlorian Pritz1-3/+6
$this->output->parse_exec_vars is a protected variable so we can't access it like the documentation suggests (yes this is a bug that should be reported...), but even if it worked I'm not confident the output class should be trusted with arbitrary input. Upstream might at some point add another "feature" so this is the safe way to go. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-16Fix handling of upload_max_age = 0Florian Pritz1-0/+1
cron code already handled this correctly, valid() didn't. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-15Add footer; move contact info to footerFlorian Pritz1-1/+14
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-15Rework auto login for cli clientsFlorian Pritz1-0/+10
Only login when necessary. This also makes test_login() work properly (before the automatic login would have intercepted the failure and in case of a good login test_login() would test the credentials a second time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-13Add profile page to allow changing the upload id limitsFlorian Pritz1-2/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-12c/file: clarify commentFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-12Add standard name for CSP headerFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-06-23c/file: remove unused variableFlorian Pritz1-1/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-06-23c/file: improve upload error handlingFlorian Pritz1-8/+16
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-06-09implement repasting (fills textarea with ID's content)Florian Pritz1-0/+10
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-06-02c/file/do_upload: fix fallback if base64_decode failsFlorian Pritz1-1/+3
trim() would give us an empty string if base64_decode() returns false. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-05-24upload_history: Allow column sorting (jquery.tablesorter)Florian Pritz1-1/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-25pygmentize: Disable newline strippingFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-25automatically wrap linesFlorian Pritz1-8/+32
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-23CLI: update_file_metadata: also update mimetypesFlorian Pritz1-7/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-14Move cli client login code to muser constructorFlorian Pritz1-21/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-13Change license to AGPLFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-08c/file/claim_id(): Call _show_url() with an arrayFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-23Reverse sort order on upload_historyFlorian Pritz1-1/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-17Support multiple uploads in the same requestFlorian Pritz1-67/+98
This change *should* be backwards compatible. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-09Fix some indentation issuesFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-09Fix copyright informationFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-11-09Rework file/client pageFlorian Pritz1-0/+6
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-10-22switch design to bootstrap; minor fixes along the wayFlorian Pritz1-38/+40
Initial-work-by: Oliver Mader <b52@reaktor42.de> Additional-work-by: Markus Cisler <mrkscslr@gmail.com> Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-10-16Fall back to plain text if lexer is unknown/brokenFlorian Pritz1-13/+46
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-10-10Accept authentication via post parametersFlorian Pritz1-5/+18
Passing the authentication headers is slightly complicated with fastcgi so we support both and let the users choose. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-10-09Rename $mode to $lexerFlorian Pritz1-26/+26
Pygments calls it that and mode was an undescriptive name anyway. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-10-07c/file/download: display an error if highlighting failsFlorian Pritz1-5/+9
Previously we displayed an empty page since stderr usually goes to the error log of the web server. Signed-off-by: Florian Pritz <bluewind@xinu.at>