*
* Licensed under GPLv3
* (see COPYING for full license text)
*
*/
class File_mod extends CI_Model {
var $data;
function __construct()
{
parent::__construct();
$this->data =& get_instance()->data;
$this->load->model("muser");
}
// Returns an unused ID
// TODO: make threadsafe
function new_id()
{
$id = random_alphanum(3,6);
if ($this->id_exists($id) || $id == 'file' || $id == 'user') {
return $this->new_id();
} else {
return $id;
}
}
function id_exists($id)
{
if(!$id) {
return false;
}
$sql = '
SELECT id
FROM `files`
WHERE `id` = ?
LIMIT 1';
$query = $this->db->query($sql, array($id));
if ($query->num_rows() == 1) {
return true;
} else {
return false;
}
}
function get_filedata($id)
{
$sql = '
SELECT hash, filename, mimetype, date, user, filesize
FROM `files`
WHERE `id` = ?
LIMIT 1';
$query = $this->db->query($sql, array($id));
if ($query->num_rows() == 1) {
$return = $query->result_array();
return $return[0];
} else {
return false;
}
}
// return the folder in which the file with $hash is stored
function folder($hash) {
return $this->config->item('upload_path').'/'.substr($hash, 0, 3);
}
// Returns the full path to the file with $hash
function file($hash) {
return $this->folder($hash).'/'.$hash;
}
// Add a hash to the DB
// TODO: Should only update not insert; see new_id()
function add_file($hash, $id, $filename)
{
$userid = $this->muser->get_userid();
$mimetype = exec("perl ".FCPATH.'scripts/mimetype '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash)));
$filesize = filesize($this->file($hash));
$query = $this->db->query('
INSERT INTO `files` (`hash`, `id`, `filename`, `user`, `date`, `mimetype`, `filesize`)
VALUES (?, ?, ?, ?, ?, ?, ?)',
array($hash, $id, $filename, $userid, time(), $mimetype, $filesize));
}
function adopt($id)
{
$userid = $this->muser->get_userid();
$this->db->query("
UPDATE files
SET user = ?
WHERE id = ?
", array($userid, $id));
}
function show_url($id, $mode)
{
$redirect = false;
if (!$this->muser->logged_in()) {
// keep the upload but require the user to login
$this->session->set_userdata("last_upload", array(
"id" => $id,
"mode" => $mode
));
$this->session->set_flashdata("uri", "file/claim_id");
$this->muser->require_access();
}
if ($mode) {
$this->data['url'] = site_url($id).'/'.$mode;
} else {
$this->data['url'] = site_url($id).'/';
$filedata = $this->get_filedata($id);
$file = $this->file($filedata['hash']);
$type = $filedata['mimetype'];
$mode = $this->mime2mode($type);
// If we detected a highlightable file redirect,
// otherwise show the URL because browsers would just show a DL dialog
if ($mode) {
$redirect = true;
}
}
if ($this->var->cli_client) {
$redirect = false;
}
if ($redirect) {
redirect($this->data['url'], "location", 303);
} else {
$this->load->view($this->var->view_dir.'/header', $this->data);
$this->load->view($this->var->view_dir.'/show_url', $this->data);
$this->load->view($this->var->view_dir.'/footer', $this->data);
}
}
function non_existent()
{
$this->data["title"] .= " - Not Found";
$this->output->set_status_header(404);
$this->load->view($this->var->view_dir.'/header', $this->data);
$this->load->view($this->var->view_dir.'/non_existent', $this->data);
$this->load->view($this->var->view_dir.'/footer', $this->data);
}
// remove old/invalid/broken IDs
function valid_id($id)
{
$filedata = $this->get_filedata($id);
if (!$filedata) {
return false;
}
$file = $this->file($filedata['hash']);
if (!file_exists($file)) {
if (isset($filedata["hash"])) {
$this->db->query('DELETE FROM files WHERE hash = ?', array($filedata['hash']));
}
return false;
}
// small files don't expire
if (filesize($file) <= $this->config->item("small_upload_size")) {
return true;
}
// files older than this should be removed
$remove_before = (time()-$this->config->item('upload_max_age'));
if ($filedata["date"] < $remove_before) {
// if the file has been uploaded multiple times the mtime is the time
// of the last upload
if (filemtime($file) < $remove_before) {
unlink($file);
$this->db->query('DELETE FROM files WHERE hash = ?', array($filedata['hash']));
} else {
$this->db->query('DELETE FROM files WHERE id = ? LIMIT 1', array($id));
}
return false;
}
return true;
}
private function handle_etag($etag) {
$etag = strtolower($etag);
$modified = true;
if(isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
$oldtag = trim(strtolower($_SERVER['HTTP_IF_NONE_MATCH']), '"');
if($oldtag == $etag) {
$modified = false;
} else {
$modified = true;
}
}
header('Etag: "'.$etag.'"');
if (!$modified) {
header("HTTP/1.1 304 Not Modified");
exit();
}
}
// download a given ID
// TODO: make smaller
function download()
{
$id = $this->uri->segment(1);
$mode = $this->uri->segment(2);
$filedata = $this->get_filedata($id);
$file = $this->file($filedata['hash']);
if (!$this->valid_id($id)) {
$this->non_existent();
return;
}
// don't allow unowned files to be downloaded
if ($filedata["user"] == 0) {
$this->non_existent();
return;
}
// helps to keep traffic low when reloading
$etag = $filedata["hash"]."-".$filedata["date"];
$this->handle_etag($etag);
$type = $filedata['mimetype'];
// autodetect the mode for highlighting if the URL contains a / after the ID (/ID/)
// /ID/mode disables autodetection
$autodetect_mode = !$mode && substr_count(ltrim($this->uri->uri_string(), "/"), '/') >= 1;
if ($autodetect_mode) {
$mode = $this->get_highlight_mode($type, $filedata["filename"]);
}
// resolve aliases of modes
// this is mainly used for compatibility
$mode = $this->resolve_mode_alias($mode);
// create the qr code for /ID/
if ($mode == "qr") {
header("Content-disposition: inline; filename=\"".$id."_qr.png\"\n");
header("Content-Type: image/png\n");
passthru('qrencode -s 10 -o - '.escapeshellarg(site_url($id).'/'));
exit();
}
// user wants to the the plain file
if ($mode == 'plain') {
rangeDownload($file, $filedata["filename"], "text/plain");
exit();
}
if ($mode == 'info') {
$this->display_info($id);
return;
}
// if there is no mimetype mapping we can't highlight it
$can_highlight = $this->can_highlight($type);
$filesize_too_big = filesize($file) > $this->config->item('upload_max_text_size');
if (!$can_highlight || $filesize_too_big || !$mode) {
foreach (array("X-WebKit-CSP", "X-Content-Security-Policy") as $header_name) {
header("$header_name: allow 'none'; img-src *; media-src *; font-src *; style-src * 'unsafe-inline'; script-src 'none'; object-src *; frame-src 'none'; ");
}
rangeDownload($file, $filedata["filename"], $type);
exit();
}
$this->data['title'] = htmlspecialchars($filedata['filename']);
$this->data['id'] = $id;
header("Content-Type: text/html\n");
$this->data['current_highlight'] = htmlspecialchars($mode);
$this->data['timeout'] = $this->get_timeout_string($id);
echo $this->load->view($this->var->view_dir.'/html_header', $this->data, true);
// highlight the file and chache the result
$this->load->library("MemcacheLibrary");
if (! $cached = $this->memcachelibrary->get($filedata['hash'].'_'.$mode)) {
ob_start();
if ($mode == "rmd") {
echo '| '."\n";
passthru('perl '.FCPATH.'scripts/Markdown.pl '.escapeshellarg($file));
} elseif ($mode == "ascii") {
echo ' | '."\n";
passthru('perl '.FCPATH.'scripts/ansi2html '.escapeshellarg($file));
echo "\n";
} else {
echo ' | ';
// generate line numbers (links)
passthru('perl -ne \'print "$.\n"\' '.escapeshellarg($file));
echo ' | '."\n";
$this->load->library('geshi');
$this->geshi->initialize(array('set_language' => $mode, 'set_source' => file_get_contents($file), 'enable_classes' => 'true'));
echo $this->geshi->parse_code();
}
$cached = ob_get_contents();
ob_end_clean();
$this->memcachelibrary->set($filedata['hash'].'_'.$mode, $cached, 100);
}
echo $cached;
echo $this->load->view($this->var->view_dir.'/html_footer', $this->data, true);
exit();
}
function get_timeout_string($id)
{
$filedata = $this->get_filedata($id);
$file = $this->file($filedata["hash"]);
if (filesize($file) > $this->config->item("small_upload_size")) {
return date("r", $filedata["date"] + $this->config->item("upload_max_age"));
} else {
return "unknown";
}
}
private function unused_file($hash)
{
$sql = '
SELECT id
FROM `files`
WHERE `hash` = ?
LIMIT 1';
$query = $this->db->query($sql, array($hash));
if ($query->num_rows() == 0) {
return true;
} else {
return false;
}
}
function display_info($id)
{
$this->data["title"] .= " - Info $id";
$this->data["filedata"] = $this->get_filedata($id);
$this->data["id"] = $id;
$this->data['timeout'] = $this->get_timeout_string($id);
if (!isset($this->data["can_delete"])) {
$this->data["can_delete"] = false;
}
$this->load->view($this->var->view_dir.'/header', $this->data);
$this->load->view($this->var->view_dir.'/file_info', $this->data);
$this->load->view($this->var->view_dir.'/footer', $this->data);
}
function delete_id($id)
{
$this->muser->require_access();
$filedata = $this->get_filedata($id);
$userid = $this->muser->get_userid();
if(!$this->id_exists($id)) {
return false;
}
$sql = '
DELETE
FROM `files`
WHERE `id` = ?
AND user = ?
LIMIT 1';
$this->db->query($sql, array($id, $userid));
if($this->id_exists($id)) {
return false;
}
if($this->unused_file($filedata['hash'])) {
unlink($this->file($filedata['hash']));
@rmdir($this->folder($filedata['hash']));
}
return true;
}
// Allow certain types to be highlight without doing it automatically
function can_highlight($type)
{
$typearray = array(
'image/svg+xml',
);
if (in_array($type, $typearray)) return true;
if ($this->mime2mode($type)) return true;
return false;
}
// Return the mode that should be used for highlighting
function get_highlight_mode($type, $filename)
{
$mode = $this->mime2mode($type);
// filename modes overwrite mime type mappings
$filename_mode = $this->filename2mode($filename);
if ($filename_mode) {
return $filename_mode;
}
return $mode;
}
// Map MIME types to modes needed for highlighting
private function mime2mode($type)
{
$typearray = array(
'text/plain' => 'text',
'text/plain-ascii' => 'ascii',
'text/x-python' => 'python',
'text/x-csrc' => 'c',
'text/x-chdr' => 'c',
'text/x-c++hdr' => 'c',
'text/x-c++src' => 'cpp',
'text/x-patch' => 'diff',
'text/x-lua' => 'lua',
'text/x-java' => 'java',
'text/x-haskell' => 'haskell',
'text/x-literate-haskell' => 'haskell',
'text/x-subviewer' => 'bash',
'text/x-scheme' => 'scheme',
'text/x-makefile' => 'make',
#'text/x-log' => 'log',
'text/html' => 'xml',
'text/css' => 'css',
'text/x-ocaml' => 'ocaml',
'message/rfc822' => 'email',
#'image/svg+xml' => 'xml',
'application/x-perl' => 'perl',
'application/xml' => 'xml',
'application/xml-dtd' => "xml",
'application/xslt+xml' => "xml",
'application/javascript' => 'javascript',
'application/smil' => 'ocaml',
'application/x-desktop' => 'text',
'application/x-m4' => 'text',
'application/x-awk' => 'text',
'application/x-fluid' => 'text',
'application/x-java' => 'java',
'application/x-php' => 'php',
'application/x-ruby' => 'ruby',
'application/x-shellscript' => 'bash',
'application/x-x509-ca-cert' => 'text',
'application/mbox' => 'email',
'application/x-genesis-rom' => 'text',
'application/x-applix-spreadsheet' => 'actionscript'
);
if (array_key_exists($type, $typearray)) return $typearray[$type];
if (strpos($type, 'text/') === 0) return 'text';
# default
return false;
}
// Map special filenames to modes
private function filename2mode($name)
{
$namearray = array(
'PKGBUILD' => 'bash',
'.vimrc' => 'vim'
);
if (array_key_exists($name, $namearray)) return $namearray[$name];
return false;
}
// Handle mode aliases
function resolve_mode_alias($alias)
{
if ($alias === false) return false;
$aliasarray = array(
'py' => 'python',
'sh' => 'bash',
's' => 'asm',
'pl' => 'perl'
);
if (array_key_exists($alias, $aliasarray)) return $aliasarray[$alias];
return $alias;
}
}
# vim: set noet:
|