Rev 1116 | Rev 1131 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 635 | daniel-mar | 1 | <?php |
| 2 | |||
| 3 | /* |
||
| 4 | * OIDplus 2.0 |
||
| 1086 | daniel-mar | 5 | * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft |
| 635 | daniel-mar | 6 | * |
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
| 8 | * you may not use this file except in compliance with the License. |
||
| 9 | * You may obtain a copy of the License at |
||
| 10 | * |
||
| 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
| 12 | * |
||
| 13 | * Unless required by applicable law or agreed to in writing, software |
||
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
| 16 | * See the License for the specific language governing permissions and |
||
| 17 | * limitations under the License. |
||
| 18 | */ |
||
| 19 | |||
| 1050 | daniel-mar | 20 | namespace ViaThinkSoft\OIDplus; |
| 635 | daniel-mar | 21 | |
| 1086 | daniel-mar | 22 | // phpcs:disable PSR1.Files.SideEffects |
| 23 | \defined('INSIDE_OIDPLUS') or die; |
||
| 24 | // phpcs:enable PSR1.Files.SideEffects |
||
| 25 | |||
| 635 | daniel-mar | 26 | class OIDplusPagePublicAttachments extends OIDplusPagePluginPublic { |
| 27 | |||
| 1130 | daniel-mar | 28 | /** |
| 29 | * |
||
| 30 | */ |
||
| 635 | daniel-mar | 31 | const DIR_UNLOCK_FILE = 'oidplus_upload.dir'; |
| 32 | |||
| 1116 | daniel-mar | 33 | /** |
| 1130 | daniel-mar | 34 | * @param string $dir |
| 1116 | daniel-mar | 35 | * @return void |
| 36 | * @throws OIDplusException |
||
| 37 | */ |
||
| 1130 | daniel-mar | 38 | private static function checkUploadDir(string $dir) { |
| 635 | daniel-mar | 39 | if (!is_dir($dir)) { |
| 40 | throw new OIDplusException(_L('The attachment directory "%1" is not existing.', $dir)); |
||
| 41 | } |
||
| 42 | |||
| 43 | $realdir = realpath($dir); |
||
| 44 | if ($realdir === false) { |
||
| 45 | throw new OIDplusException(_L('The attachment directory "%1" cannot be resolved (realpath).', $dir)); |
||
| 46 | } |
||
| 47 | |||
| 48 | $unlock_file = $realdir . DIRECTORY_SEPARATOR . self::DIR_UNLOCK_FILE; |
||
| 49 | if (!file_exists($unlock_file)) { |
||
| 50 | throw new OIDplusException(_L('Unlock file "%1" is not existing in attachment directory "%2".', self::DIR_UNLOCK_FILE, $dir)); |
||
| 51 | } |
||
| 52 | |||
| 53 | if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { |
||
| 54 | // Linux check 1: Check for critical directories |
||
| 55 | if (self::isCriticalLinuxDirectory($realdir)) { |
||
| 56 | throw new OIDplusException(_L('The attachment directory must not be inside a critical system directory!')); |
||
| 57 | } |
||
| 58 | |||
| 59 | // Linux check 2: Check file owner |
||
| 60 | $file_owner_a = fileowner(OIDplus::localpath().'index.php'); |
||
| 61 | if ($file_owner_a === false) { |
||
| 62 | $file_owner_a = -1; |
||
| 63 | $file_owner_a_name = '???'; |
||
| 64 | } else { |
||
| 720 | daniel-mar | 65 | $tmp = function_exists('posix_getpwuid') ? posix_getpwuid($file_owner_a) : false; |
| 635 | daniel-mar | 66 | $file_owner_a_name = $tmp !== false ? $tmp['name'] : 'UID '.$file_owner_a; |
| 67 | } |
||
| 68 | |||
| 69 | $file_owner_b = fileowner($unlock_file); |
||
| 70 | if ($file_owner_b === false) { |
||
| 71 | $file_owner_b = -1; |
||
| 72 | $file_owner_b_name = '???'; |
||
| 73 | } else { |
||
| 720 | daniel-mar | 74 | $tmp = function_exists('posix_getpwuid') ? posix_getpwuid($file_owner_b) : false; |
| 635 | daniel-mar | 75 | $file_owner_b_name = $tmp !== false ? $tmp['name'] : 'UID '.$file_owner_b; |
| 76 | } |
||
| 77 | |||
| 78 | if ($file_owner_a != $file_owner_b) { |
||
| 79 | throw new OIDplusException(_L('Owner of unlock file "%1" is wrong. It is "%2", but it should be "%3".', $unlock_file, $file_owner_b_name, $file_owner_a_name)); |
||
| 80 | } |
||
| 81 | } else { |
||
| 82 | // Windows check 1: Check for critical directories |
||
| 83 | if (self::isCriticalWindowsDirectory($realdir)) { |
||
| 84 | throw new OIDplusException(_L('The attachment directory must not be inside a critical system directory!')); |
||
| 85 | } |
||
| 86 | |||
| 87 | // Note: We will not query the file owner in Windows systems. |
||
| 88 | // It would be possible, however, on Windows systems, the file |
||
| 89 | // ownership is rather hidden to the user and the user needs |
||
| 90 | // to go into several menus and windows in order to see/change |
||
| 91 | // the owner. We don't want to over-complicate it to the Windows admin. |
||
| 92 | } |
||
| 93 | } |
||
| 94 | |||
| 1116 | daniel-mar | 95 | /** |
| 1130 | daniel-mar | 96 | * @param string $dir |
| 1116 | daniel-mar | 97 | * @return bool |
| 98 | */ |
||
| 1130 | daniel-mar | 99 | private static function isCriticalWindowsDirectory(string $dir): bool { |
| 635 | daniel-mar | 100 | $dir .= '\\'; |
| 101 | $windir = isset($_SERVER['SystemRoot']) ? $_SERVER['SystemRoot'].'\\' : 'C:\\Windows\\'; |
||
| 102 | if (stripos($dir,$windir) === 0) return true; |
||
| 103 | return false; |
||
| 104 | } |
||
| 105 | |||
| 1116 | daniel-mar | 106 | /** |
| 1130 | daniel-mar | 107 | * @param string $dir |
| 1116 | daniel-mar | 108 | * @return bool |
| 109 | */ |
||
| 1130 | daniel-mar | 110 | private static function isCriticalLinuxDirectory(string $dir): bool { |
| 635 | daniel-mar | 111 | if ($dir == '/') return true; |
| 112 | $dir .= '/'; |
||
| 113 | if (strpos($dir,'/bin/') === 0) return true; |
||
| 114 | if (strpos($dir,'/boot/') === 0) return true; |
||
| 115 | if (strpos($dir,'/dev/') === 0) return true; |
||
| 116 | if (strpos($dir,'/etc/') === 0) return true; |
||
| 117 | if (strpos($dir,'/lib') === 0) return true; |
||
| 118 | if (strpos($dir,'/opt/') === 0) return true; |
||
| 119 | if (strpos($dir,'/proc/') === 0) return true; |
||
| 120 | if (strpos($dir,'/root/') === 0) return true; |
||
| 121 | if (strpos($dir,'/run/') === 0) return true; |
||
| 122 | if (strpos($dir,'/sbin/') === 0) return true; |
||
| 123 | if (strpos($dir,'/sys/') === 0) return true; |
||
| 124 | if (strpos($dir,'/tmp/') === 0) return true; |
||
| 125 | if (strpos($dir,'/usr/bin/') === 0) return true; |
||
| 126 | if (strpos($dir,'/usr/include/') === 0) return true; |
||
| 127 | if (strpos($dir,'/usr/lib') === 0) return true; |
||
| 128 | if (strpos($dir,'/usr/sbin/') === 0) return true; |
||
| 129 | if (strpos($dir,'/usr/src/') === 0) return true; |
||
| 130 | if (strpos($dir,'/var/cache/') === 0) return true; |
||
| 131 | if (strpos($dir,'/var/lib') === 0) return true; |
||
| 132 | if (strpos($dir,'/var/lock/') === 0) return true; |
||
| 133 | if (strpos($dir,'/var/log/') === 0) return true; |
||
| 134 | if (strpos($dir,'/var/mail/') === 0) return true; |
||
| 135 | if (strpos($dir,'/var/opt/') === 0) return true; |
||
| 136 | if (strpos($dir,'/var/run/') === 0) return true; |
||
| 137 | if (strpos($dir,'/var/spool/') === 0) return true; |
||
| 138 | if (strpos($dir,'/var/tmp/') === 0) return true; |
||
| 139 | return false; |
||
| 140 | } |
||
| 141 | |||
| 1116 | daniel-mar | 142 | /** |
| 1130 | daniel-mar | 143 | * @param string|null $id |
| 1116 | daniel-mar | 144 | * @return string |
| 145 | * @throws OIDplusException |
||
| 146 | */ |
||
| 1130 | daniel-mar | 147 | public static function getUploadDir(string $id=null): string { |
| 635 | daniel-mar | 148 | // Get base path |
| 149 | $cfg = OIDplus::config()->getValue('attachment_upload_dir', ''); |
||
| 150 | $cfg = trim($cfg); |
||
| 151 | if ($cfg === '') { |
||
| 152 | $basepath = OIDplus::localpath() . 'userdata' . DIRECTORY_SEPARATOR . 'attachments'; |
||
| 153 | } else { |
||
| 154 | $basepath = $cfg; |
||
| 155 | } |
||
| 156 | |||
| 157 | try { |
||
| 158 | self::checkUploadDir($basepath); |
||
| 1050 | daniel-mar | 159 | } catch (\Exception $e) { |
| 635 | daniel-mar | 160 | $error = _L('This functionality is not available due to a misconfiguration'); |
| 161 | if (OIDplus::authUtils()->isAdminLoggedIn()) { |
||
| 162 | $error .= ': '.$e->getMessage(); |
||
| 163 | } else { |
||
| 164 | $error .= '. '._L('Please notify the system administrator. After they log-in, they can see the reason at this place.'); |
||
| 165 | } |
||
| 166 | throw new OIDplusException($error); |
||
| 167 | } |
||
| 168 | |||
| 169 | // Get object-specific path |
||
| 170 | if (!is_null($id)) { |
||
| 171 | $obj = OIDplusObject::parse($id); |
||
| 1116 | daniel-mar | 172 | if (!$obj) throw new OIDplusException(_L('Invalid object "%1"',$id)); |
| 635 | daniel-mar | 173 | |
| 174 | $path_v1 = $basepath . DIRECTORY_SEPARATOR . $obj->getLegacyDirectoryName(); |
||
| 175 | $path_v1_bug = $basepath . $obj->getLegacyDirectoryName(); |
||
| 176 | $path_v2 = $basepath . DIRECTORY_SEPARATOR . $obj->getDirectoryName(); |
||
| 177 | |||
| 178 | if (is_dir($path_v1)) return $path_v1; // backwards compatibility |
||
| 179 | if (is_dir($path_v1_bug)) return $path_v1_bug; // backwards compatibility |
||
| 180 | return $path_v2; |
||
| 181 | } else { |
||
| 182 | return $basepath; |
||
| 183 | } |
||
| 184 | } |
||
| 185 | |||
| 1116 | daniel-mar | 186 | /** |
| 187 | * @return mixed|null |
||
| 188 | * @throws OIDplusException |
||
| 189 | */ |
||
| 635 | daniel-mar | 190 | private function raMayDelete() { |
| 191 | return OIDplus::config()->getValue('attachments_allow_ra_delete', 0); |
||
| 192 | } |
||
| 193 | |||
| 1116 | daniel-mar | 194 | /** |
| 195 | * @return mixed|null |
||
| 196 | * @throws OIDplusException |
||
| 197 | */ |
||
| 635 | daniel-mar | 198 | private function raMayUpload() { |
| 199 | return OIDplus::config()->getValue('attachments_allow_ra_upload', 0); |
||
| 200 | } |
||
| 201 | |||
| 1116 | daniel-mar | 202 | /** |
| 203 | * @param string $actionID |
||
| 204 | * @param array $params |
||
| 205 | * @return int[] |
||
| 206 | * @throws OIDplusException |
||
| 207 | */ |
||
| 208 | public function action(string $actionID, array $params): array { |
||
| 635 | daniel-mar | 209 | |
| 210 | if ($actionID == 'deleteAttachment') { |
||
| 211 | _CheckParamExists($params, 'id'); |
||
| 212 | $id = $params['id']; |
||
| 213 | $obj = OIDplusObject::parse($id); |
||
| 1116 | daniel-mar | 214 | if (!$obj) throw new OIDplusException(_L('Invalid object "%1"',$id)); |
| 635 | daniel-mar | 215 | if (!$obj->userHasWriteRights()) throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA of "%1" to upload an attachment.',$id)); |
| 216 | |||
| 217 | if (!OIDplus::authUtils()->isAdminLoggedIn() && !$this->raMayDelete()) { |
||
| 218 | throw new OIDplusException(_L('The administrator has disabled deleting attachments by RAs.')); |
||
| 219 | } |
||
| 220 | |||
| 221 | _CheckParamExists($params, 'filename'); |
||
| 222 | $req_filename = $params['filename']; |
||
| 223 | if (strpos($req_filename, '/') !== false) throw new OIDplusException(_L('Illegal file name')); |
||
| 224 | if (strpos($req_filename, '\\') !== false) throw new OIDplusException(_L('Illegal file name')); |
||
| 225 | if (strpos($req_filename, '..') !== false) throw new OIDplusException(_L('Illegal file name')); |
||
| 226 | if (strpos($req_filename, chr(0)) !== false) throw new OIDplusException(_L('Illegal file name')); |
||
| 227 | |||
| 228 | $uploaddir = self::getUploadDir($id); |
||
| 229 | $uploadfile = $uploaddir . DIRECTORY_SEPARATOR . basename($req_filename); |
||
| 230 | |||
| 231 | if (!file_exists($uploadfile)) throw new OIDplusException(_L('File does not exist')); |
||
| 232 | @unlink($uploadfile); |
||
| 233 | if (file_exists($uploadfile)) { |
||
| 234 | OIDplus::logger()->log("[ERR]OID($id)+[ERR]A!", "Attachment file '".basename($uploadfile)."' could not be deleted from object '$id' (problem with permissions?)"); |
||
| 235 | $msg = _L('Attachment file "%1" could not be deleted from object "%2" (problem with permissions?)',basename($uploadfile),$id); |
||
| 236 | if (OIDplus::authUtils()->isAdminLoggedIn()) { |
||
| 237 | throw new OIDplusException($msg); |
||
| 238 | } else { |
||
| 239 | throw new OIDplusException($msg.'. '._L('Please contact the system administrator.')); |
||
| 240 | } |
||
| 241 | } else { |
||
| 242 | // If it was the last file, delete the empty directory |
||
| 719 | daniel-mar | 243 | $ary = @glob($uploaddir . DIRECTORY_SEPARATOR . '*'); |
| 244 | if (is_array($ary) && (count($ary) == 0)) @rmdir($uploaddir); |
||
| 635 | daniel-mar | 245 | } |
| 246 | |||
| 247 | OIDplus::logger()->log("[OK]OID($id)+[?INFO/!OK]OIDRA($id)?/[?INFO/!OK]A?", "Deleted attachment '".basename($uploadfile)."' from object '$id'"); |
||
| 248 | |||
| 249 | return array("status" => 0); |
||
| 250 | |||
| 251 | } else if ($actionID == 'uploadAttachment') { |
||
| 252 | _CheckParamExists($params, 'id'); |
||
| 253 | $id = $params['id']; |
||
| 254 | $obj = OIDplusObject::parse($id); |
||
| 1116 | daniel-mar | 255 | if (!$obj) throw new OIDplusException(_L('Invalid object "%1"',$id)); |
| 635 | daniel-mar | 256 | if (!$obj->userHasWriteRights()) throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA of "%1" to upload an attachment.',$id)); |
| 257 | |||
| 258 | if (!OIDplus::authUtils()->isAdminLoggedIn() && !$this->raMayUpload()) { |
||
| 259 | throw new OIDplusException(_L('The administrator has disabled uploading attachments by RAs.')); |
||
| 260 | } |
||
| 261 | |||
| 262 | if (!isset($_FILES['userfile'])) { |
||
| 263 | throw new OIDplusException(_L('Please choose a file.')); |
||
| 264 | } |
||
| 265 | |||
| 266 | if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
||
| 836 | daniel-mar | 267 | $fname = basename($_FILES['userfile']['name']); |
| 268 | |||
| 834 | daniel-mar | 269 | // 1. If something is on the blacklist, we always block it, even if it is on the whitelist, too |
| 635 | daniel-mar | 270 | $banned = explode(',', OIDplus::config()->getValue('attachments_block_extensions', '')); |
| 271 | foreach ($banned as $ext) { |
||
| 272 | $ext = trim($ext); |
||
| 273 | if ($ext == '') continue; |
||
| 836 | daniel-mar | 274 | if (strtolower(substr($fname, -strlen($ext)-1)) == strtolower('.'.$ext)) { |
| 635 | daniel-mar | 275 | throw new OIDplusException(_L('The file extension "%1" is banned by the administrator (it can be uploaded by the administrator though)',$ext)); |
| 276 | } |
||
| 277 | } |
||
| 834 | daniel-mar | 278 | |
| 279 | // 2. Something on the whitelist is always OK |
||
| 280 | $allowed = explode(',', OIDplus::config()->getValue('attachments_allow_extensions', '')); |
||
| 281 | $is_whitelisted = false; |
||
| 282 | foreach ($allowed as $ext) { |
||
| 283 | $ext = trim($ext); |
||
| 284 | if ($ext == '') continue; |
||
| 836 | daniel-mar | 285 | if (strtolower(substr($fname, -strlen($ext)-1)) == strtolower('.'.$ext)) { |
| 834 | daniel-mar | 286 | $is_whitelisted = true; |
| 287 | break; |
||
| 288 | } |
||
| 289 | } |
||
| 290 | |||
| 291 | // 3. For everything that is neither whitelisted, nor blacklisted, the admin can decide if these grey zone is allowed or blocked |
||
| 292 | if (!$is_whitelisted) { |
||
| 293 | if (!OIDplus::config()->getValue('attachments_allow_grey_extensions', '1')) { |
||
| 836 | daniel-mar | 294 | $tmp = explode('.', $fname); |
| 295 | $ext = array_pop($tmp); |
||
| 834 | daniel-mar | 296 | throw new OIDplusException(_L('The file extension "%1" is not on the whitelist (it can be uploaded by the administrator though)',$ext)); |
| 297 | } |
||
| 298 | } |
||
| 635 | daniel-mar | 299 | } |
| 300 | |||
| 301 | $req_filename = $_FILES['userfile']['name']; |
||
| 302 | if (strpos($req_filename, '/') !== false) throw new OIDplusException(_L('Illegal file name')); |
||
| 303 | if (strpos($req_filename, '\\') !== false) throw new OIDplusException(_L('Illegal file name')); |
||
| 304 | if (strpos($req_filename, '..') !== false) throw new OIDplusException(_L('Illegal file name')); |
||
| 305 | if (strpos($req_filename, chr(0)) !== false) throw new OIDplusException(_L('Illegal file name')); |
||
| 306 | |||
| 307 | $uploaddir = self::getUploadDir($id); |
||
| 308 | $uploadfile = $uploaddir . DIRECTORY_SEPARATOR . basename($req_filename); |
||
| 309 | |||
| 310 | if (!is_dir($uploaddir)) { |
||
| 311 | @mkdir($uploaddir, 0777, true); |
||
| 312 | if (!is_dir($uploaddir)) { |
||
| 313 | OIDplus::logger()->log("[ERR]OID($id)+[ERR]A!", "Upload attachment '".basename($uploadfile)."' to object '$id' failed: Cannot create directory '".basename($uploaddir)."' (problem with permissions?)"); |
||
| 314 | $msg = _L('Upload attachment "%1" to object "%2" failed',basename($uploadfile),$id).': '._L('Cannot create directory "%1" (problem with permissions?)',basename($uploaddir)); |
||
| 315 | if (OIDplus::authUtils()->isAdminLoggedIn()) { |
||
| 316 | throw new OIDplusException($msg); |
||
| 317 | } else { |
||
| 318 | throw new OIDplusException($msg.'. '._L('Please contact the system administrator.')); |
||
| 319 | } |
||
| 320 | } |
||
| 321 | } |
||
| 322 | |||
| 323 | if (!@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { |
||
| 324 | OIDplus::logger()->log("[ERR]OID($id)+[ERR]A!", "Upload attachment '".basename($uploadfile)."' to object '$id' failed: Cannot move uploaded file into directory (problem with permissions?)"); |
||
| 325 | $msg = _L('Upload attachment "%1" to object "%2" failed',basename($uploadfile),$id).': '._L('Cannot move uploaded file into directory (problem with permissions?)'); |
||
| 326 | if (OIDplus::authUtils()->isAdminLoggedIn()) { |
||
| 327 | throw new OIDplusException($msg); |
||
| 328 | } else { |
||
| 329 | throw new OIDplusException($msg.'. '._L('Please contact the system administrator.')); |
||
| 330 | } |
||
| 331 | } |
||
| 332 | |||
| 333 | OIDplus::logger()->log("[OK]OID($id)+[?INFO/!OK]OIDRA($id)?/[?INFO/!OK]A?", "Uploaded attachment '".basename($uploadfile)."' to object '$id'"); |
||
| 334 | |||
| 335 | return array("status" => 0); |
||
| 336 | } else { |
||
| 1116 | daniel-mar | 337 | return parent::action($actionID, $params); |
| 635 | daniel-mar | 338 | } |
| 339 | } |
||
| 340 | |||
| 1116 | daniel-mar | 341 | /** |
| 342 | * @param bool $html |
||
| 343 | * @return void |
||
| 344 | * @throws OIDplusException |
||
| 345 | */ |
||
| 346 | public function init(bool $html=true) { |
||
| 635 | daniel-mar | 347 | OIDplus::config()->prepareConfigKey('attachments_block_extensions', 'Block file name extensions being used in file attachments (comma separated)', 'exe,scr,pif,bat,com,vbs,cmd', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
| 834 | daniel-mar | 348 | // TODO: check if a blacklist entry is also on the whitelist (which is not allowed) |
| 635 | daniel-mar | 349 | }); |
| 834 | daniel-mar | 350 | OIDplus::config()->prepareConfigKey('attachments_allow_extensions', 'Allow (whitelist) file name extensions being used in file attachments (comma separated)', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
| 351 | // TODO: check if a whitelist entry is also on the blacklist (which is not allowed) |
||
| 352 | }); |
||
| 353 | OIDplus::config()->prepareConfigKey('attachments_allow_grey_extensions', 'Should file-extensions which are neither be on the whitelist, nor be at the blacklist, be allowed? (1=Yes, 0=No)', '1', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
||
| 354 | if (!is_numeric($value) || ($value < 0) || ($value > 1)) { |
||
| 355 | throw new OIDplusException(_L('Please enter a valid value (0=no, 1=yes).')); |
||
| 356 | } |
||
| 357 | }); |
||
| 635 | daniel-mar | 358 | OIDplus::config()->prepareConfigKey('attachments_allow_ra_delete', 'Allow that RAs delete file attachments? (0=no, 1=yes)', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
| 359 | if (!is_numeric($value) || ($value < 0) || ($value > 1)) { |
||
| 360 | throw new OIDplusException(_L('Please enter a valid value (0=no, 1=yes).')); |
||
| 361 | } |
||
| 362 | }); |
||
| 363 | OIDplus::config()->prepareConfigKey('attachments_allow_ra_upload', 'Allow that RAs upload file attachments? (0=no, 1=yes)', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
||
| 364 | if (!is_numeric($value) || ($value < 0) || ($value > 1)) { |
||
| 365 | throw new OIDplusException(_L('Please enter a valid value (0=no, 1=yes).')); |
||
| 366 | } |
||
| 367 | }); |
||
| 368 | |||
| 369 | $info_txt = 'Alternative directory for attachments. It must contain a file named "'; |
||
| 370 | $info_txt .= self::DIR_UNLOCK_FILE; |
||
| 371 | $info_txt .= '"'; |
||
| 372 | if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { |
||
| 373 | $info_txt .= ' with the same owner as index.php'; |
||
| 374 | } |
||
| 375 | $info_txt .= '. If this setting is empty, then the userdata directory is used.'; |
||
| 376 | OIDplus::config()->prepareConfigKey('attachment_upload_dir', $info_txt, '', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
||
| 377 | if (trim($value) !== '') { |
||
| 378 | self::checkUploadDir($value); |
||
| 379 | } |
||
| 380 | }); |
||
| 381 | } |
||
| 382 | |||
| 1116 | daniel-mar | 383 | /** |
| 384 | * @param string $id |
||
| 385 | * @param array $out |
||
| 386 | * @param bool $handled |
||
| 387 | * @return void |
||
| 388 | */ |
||
| 389 | public function gui(string $id, array &$out, bool &$handled) { |
||
| 635 | daniel-mar | 390 | // Nothing |
| 391 | } |
||
| 392 | |||
| 1116 | daniel-mar | 393 | /** |
| 394 | * @param array $out |
||
| 395 | * @return void |
||
| 396 | */ |
||
| 397 | public function publicSitemap(array &$out) { |
||
| 635 | daniel-mar | 398 | // Nothing |
| 399 | } |
||
| 400 | |||
| 1116 | daniel-mar | 401 | /** |
| 402 | * @param array $json |
||
| 403 | * @param string|null $ra_email |
||
| 404 | * @param bool $nonjs |
||
| 405 | * @param string $req_goto |
||
| 406 | * @return bool |
||
| 407 | */ |
||
| 408 | public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool { |
||
| 635 | daniel-mar | 409 | return false; |
| 410 | } |
||
| 411 | |||
| 1116 | daniel-mar | 412 | /** |
| 413 | * Convert amount of bytes to human-friendly name |
||
| 414 | * @param int $bytes |
||
| 415 | * @param int $decimals |
||
| 416 | * @return string |
||
| 417 | */ |
||
| 418 | private static function convert_filesize(int $bytes, int $decimals = 2): string { |
||
| 635 | daniel-mar | 419 | $size = array(_L('Bytes'),_L('KiB'),_L('MiB'),_L('GiB'),_L('TiB'),_L('PiB'),_L('EiB'),_L('ZiB'),_L('YiB')); |
| 1116 | daniel-mar | 420 | $factor = floor((strlen("$bytes") - 1) / 3); |
| 635 | daniel-mar | 421 | return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . ' ' . @$size[$factor]; |
| 422 | } |
||
| 423 | |||
| 1116 | daniel-mar | 424 | /** |
| 425 | * @param string $id |
||
| 426 | * @return bool |
||
| 427 | */ |
||
| 428 | public function implementsFeature(string $id): bool { |
||
| 635 | daniel-mar | 429 | if (strtolower($id) == '1.3.6.1.4.1.37476.2.5.2.3.2') return true; // modifyContent |
| 430 | if (strtolower($id) == '1.3.6.1.4.1.37476.2.5.2.3.3') return true; // beforeObject*, afterObject* |
||
| 431 | if (strtolower($id) == '1.3.6.1.4.1.37476.2.5.2.3.4') return true; // whois*Attributes |
||
| 432 | return false; |
||
| 433 | } |
||
| 434 | |||
| 1116 | daniel-mar | 435 | /** |
| 436 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.2 |
||
| 437 | * @param string $id |
||
| 438 | * @param string $title |
||
| 439 | * @param string $icon |
||
| 440 | * @param string $text |
||
| 441 | * @return void |
||
| 442 | */ |
||
| 443 | public function modifyContent(string $id, string &$title, string &$icon, string &$text) { |
||
| 635 | daniel-mar | 444 | $output = ''; |
| 445 | $doshow = false; |
||
| 446 | |||
| 447 | try { |
||
| 448 | $upload_dir = self::getUploadDir($id); |
||
| 719 | daniel-mar | 449 | $files = @glob($upload_dir . DIRECTORY_SEPARATOR . '*'); |
| 635 | daniel-mar | 450 | $found_files = false; |
| 451 | |||
| 452 | $obj = OIDplusObject::parse($id); |
||
| 1116 | daniel-mar | 453 | if (!$obj) throw new OIDplusException(_L('Invalid object "%1"',$id)); |
| 635 | daniel-mar | 454 | $can_upload = OIDplus::authUtils()->isAdminLoggedIn() || ($this->raMayUpload() && $obj->userHasWriteRights()); |
| 455 | $can_delete = OIDplus::authUtils()->isAdminLoggedIn() || ($this->raMayDelete() && $obj->userHasWriteRights()); |
||
| 456 | |||
| 457 | if (OIDplus::authUtils()->isAdminLoggedIn()) { |
||
| 458 | $output .= '<p>'._L('Admin info: The directory is %1','<b>'.htmlentities($upload_dir).'</b>').'</p>'; |
||
| 459 | $doshow = true; |
||
| 460 | } |
||
| 461 | |||
| 462 | $output .= '<div id="fileattachments_table" class="table-responsive">'; |
||
| 463 | $output .= '<table class="table table-bordered table-striped">'; |
||
| 464 | $output .= '<tr>'; |
||
| 465 | $output .= '<th>'._L('Filename').'</th>'; |
||
| 466 | $output .= '<th>'._L('Size').'</th>'; |
||
| 467 | $output .= '<th>'._L('File type').'</th>'; |
||
| 468 | $output .= '<th>'._L('Download').'</th>'; |
||
| 469 | if ($can_delete) $output .= '<th>'._L('Delete').'</th>'; |
||
| 470 | $output .= '</tr>'; |
||
| 719 | daniel-mar | 471 | if ($files) foreach ($files as $file) { |
| 635 | daniel-mar | 472 | if (is_dir($file)) continue; |
| 473 | |||
| 474 | $output .= '<tr>'; |
||
| 475 | $output .= '<td>'.htmlentities(basename($file)).'</td>'; |
||
| 476 | $output .= '<td>'.htmlentities(self::convert_filesize(filesize($file), 0)).'</td>'; |
||
| 477 | $lookup_files = array( |
||
| 478 | OIDplus::localpath().'userdata/attachments/filetypes$'.OIDplus::getCurrentLang().'.conf', |
||
| 479 | OIDplus::localpath().'userdata/attachments/filetypes.conf', |
||
| 480 | OIDplus::localpath().'vendor/danielmarschall/fileformats/filetypes$'.OIDplus::getCurrentLang().'.local', // not recommended |
||
| 481 | OIDplus::localpath().'vendor/danielmarschall/fileformats/filetypes.local', // not recommended |
||
| 482 | OIDplus::localpath().'vendor/danielmarschall/fileformats/filetypes$'.OIDplus::getCurrentLang().'.conf', |
||
| 483 | OIDplus::localpath().'vendor/danielmarschall/fileformats/filetypes.conf' |
||
| 484 | ); |
||
| 1050 | daniel-mar | 485 | $output .= '<td>'.htmlentities(\VtsFileTypeDetect::getDescription($file, $lookup_files)).'</td>'; |
| 635 | daniel-mar | 486 | |
| 801 | daniel-mar | 487 | $output .= ' <td><button type="button" name="download_'.md5($file).'" id="download_'.md5($file).'" class="btn btn-success btn-xs download" onclick="OIDplusPagePublicAttachments.downloadAttachment('.js_escape(OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE)).', current_node,'.js_escape(basename($file)).')">'._L('Download').'</button></td>'; |
| 635 | daniel-mar | 488 | if ($can_delete) { |
| 489 | $output .= ' <td><button type="button" name="delete_'.md5($file).'" id="delete_'.md5($file).'" class="btn btn-danger btn-xs delete" onclick="OIDplusPagePublicAttachments.deleteAttachment(current_node,'.js_escape(basename($file)).')">'._L('Delete').'</button></td>'; |
||
| 490 | } |
||
| 491 | |||
| 492 | $output .= '</tr>'; |
||
| 493 | $doshow = true; |
||
| 494 | $found_files = true; |
||
| 495 | } |
||
| 496 | |||
| 497 | if (!$found_files) $output .= '<tr><td colspan="'.($can_delete ? 5 : 4).'"><i>'._L('No attachments').'</i></td></tr>'; |
||
| 498 | |||
| 499 | $output .= '</table></div>'; |
||
| 500 | |||
| 501 | if ($can_upload) { |
||
| 502 | $output .= '<form action="javascript:void(0);" onsubmit="return OIDplusPagePublicAttachments.uploadAttachmentOnSubmit(this);" enctype="multipart/form-data" id="uploadAttachmentForm">'; |
||
| 503 | $output .= '<input type="hidden" name="id" value="'.htmlentities($id).'">'; |
||
| 504 | $output .= '<div>'._L('Add a file attachment').':<input type="file" name="userfile" value="" id="fileAttachment">'; |
||
| 505 | $output .= '<br><input type="submit" value="'._L('Upload').'"></div>'; |
||
| 506 | $output .= '</form>'; |
||
| 507 | $doshow = true; |
||
| 508 | } |
||
| 1050 | daniel-mar | 509 | } catch (\Exception $e) { |
| 635 | daniel-mar | 510 | $doshow = true; |
| 511 | $output = '<p>'.$e->getMessage().'</p>'; |
||
| 512 | } |
||
| 513 | |||
| 514 | $output = '<h2>'._L('File attachments').'</h2>' . |
||
| 515 | '<div class="container box">' . |
||
| 516 | $output . |
||
| 517 | '</div>'; |
||
| 518 | if ($doshow) $text .= $output; |
||
| 519 | } |
||
| 520 | |||
| 1116 | daniel-mar | 521 | /** |
| 522 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.3 |
||
| 1130 | daniel-mar | 523 | * @param string $id |
| 1116 | daniel-mar | 524 | * @return void |
| 525 | */ |
||
| 1130 | daniel-mar | 526 | public function beforeObjectDelete(string $id) {} |
| 1116 | daniel-mar | 527 | |
| 528 | /** |
||
| 529 | * Delete the attachment folder including all files in it (note: Subfolders are not possible) |
||
| 530 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.3 |
||
| 1130 | daniel-mar | 531 | * @param string $id |
| 1116 | daniel-mar | 532 | * @return void |
| 533 | * @throws OIDplusException |
||
| 534 | */ |
||
| 1130 | daniel-mar | 535 | public function afterObjectDelete(string $id) { |
| 635 | daniel-mar | 536 | $uploaddir = self::getUploadDir($id); |
| 537 | if ($uploaddir != '') { |
||
| 719 | daniel-mar | 538 | $ary = @glob($uploaddir . DIRECTORY_SEPARATOR . '*'); |
| 539 | if ($ary) foreach ($ary as $a) @unlink($a); |
||
| 635 | daniel-mar | 540 | @rmdir($uploaddir); |
| 541 | if (is_dir($uploaddir)) { |
||
| 542 | OIDplus::logger()->log("[WARN]OID($id)+[WARN]A!", "Attachment directory '$uploaddir' could not be deleted during the deletion of the OID"); |
||
| 543 | } |
||
| 544 | } |
||
| 545 | } |
||
| 546 | |||
| 1116 | daniel-mar | 547 | /** |
| 548 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.3 |
||
| 1130 | daniel-mar | 549 | * @param string $id |
| 550 | * @param array $params |
||
| 1116 | daniel-mar | 551 | * @return void |
| 552 | */ |
||
| 1130 | daniel-mar | 553 | public function beforeObjectUpdateSuperior(string $id, array &$params) {} |
| 1116 | daniel-mar | 554 | |
| 555 | /** |
||
| 556 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.3 |
||
| 1130 | daniel-mar | 557 | * @param string $id |
| 558 | * @param array $params |
||
| 1116 | daniel-mar | 559 | * @return void |
| 560 | */ |
||
| 1130 | daniel-mar | 561 | public function afterObjectUpdateSuperior(string $id, array &$params) {} |
| 1116 | daniel-mar | 562 | |
| 563 | /** |
||
| 564 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.3 |
||
| 1130 | daniel-mar | 565 | * @param string $id |
| 566 | * @param array $params |
||
| 1116 | daniel-mar | 567 | * @return void |
| 568 | */ |
||
| 1130 | daniel-mar | 569 | public function beforeObjectUpdateSelf(string $id, array &$params) {} |
| 1116 | daniel-mar | 570 | |
| 571 | /** |
||
| 572 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.3 |
||
| 1130 | daniel-mar | 573 | * @param string $id |
| 574 | * @param array $params |
||
| 1116 | daniel-mar | 575 | * @return void |
| 576 | */ |
||
| 1130 | daniel-mar | 577 | public function afterObjectUpdateSelf(string $id, array &$params) {} |
| 1116 | daniel-mar | 578 | |
| 579 | /** |
||
| 580 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.3 |
||
| 1130 | daniel-mar | 581 | * @param string $id |
| 582 | * @param array $params |
||
| 1116 | daniel-mar | 583 | * @return void |
| 584 | */ |
||
| 1130 | daniel-mar | 585 | public function beforeObjectInsert(string $id, array &$params) {} |
| 1116 | daniel-mar | 586 | |
| 587 | /** |
||
| 588 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.3 |
||
| 1130 | daniel-mar | 589 | * @param string $id |
| 590 | * @param array $params |
||
| 1116 | daniel-mar | 591 | * @return void |
| 592 | */ |
||
| 1130 | daniel-mar | 593 | public function afterObjectInsert(string $id, array &$params) {} |
| 1116 | daniel-mar | 594 | |
| 595 | /** |
||
| 596 | * @param string $request |
||
| 597 | * @return array|false |
||
| 598 | */ |
||
| 599 | public function tree_search(string $request) { |
||
| 635 | daniel-mar | 600 | return false; |
| 601 | } |
||
| 602 | |||
| 1116 | daniel-mar | 603 | /** |
| 604 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.4 |
||
| 1130 | daniel-mar | 605 | * @param string $id |
| 606 | * @param array $out |
||
| 1116 | daniel-mar | 607 | * @return void |
| 608 | * @throws OIDplusException |
||
| 609 | */ |
||
| 1130 | daniel-mar | 610 | public function whoisObjectAttributes(string $id, array &$out) { |
| 899 | daniel-mar | 611 | $xmlns = 'oidplus-attachment-plugin'; |
| 612 | $xmlschema = 'urn:oid:1.3.6.1.4.1.37476.2.5.2.4.1.95.1'; |
||
| 613 | $xmlschemauri = OIDplus::webpath(__DIR__.'/attachments.xsd',OIDplus::PATH_ABSOLUTE); |
||
| 614 | |||
| 719 | daniel-mar | 615 | $files = @glob(self::getUploadDir($id) . DIRECTORY_SEPARATOR . '*'); |
| 616 | if ($files) foreach ($files as $file) { |
||
| 899 | daniel-mar | 617 | $url = OIDplus::webpath(__DIR__,OIDplus::PATH_ABSOLUTE).'download.php?id='.urlencode($id).'&filename='.urlencode(basename($file)); |
| 618 | |||
| 619 | $out[] = array( |
||
| 620 | 'xmlns' => $xmlns, |
||
| 621 | 'xmlschema' => $xmlschema, |
||
| 622 | 'xmlschemauri' => $xmlschemauri, |
||
| 623 | 'name' => 'attachment-name', |
||
| 624 | 'value' => basename($file) |
||
| 625 | ); |
||
| 626 | |||
| 627 | $out[] = array( |
||
| 628 | 'xmlns' => $xmlns, |
||
| 629 | 'xmlschema' => $xmlschema, |
||
| 630 | 'xmlschemauri' => $xmlschemauri, |
||
| 631 | 'name' => 'attachment-url', |
||
| 632 | 'value' => $url |
||
| 633 | ); |
||
| 635 | daniel-mar | 634 | } |
| 635 | |||
| 636 | } |
||
| 1116 | daniel-mar | 637 | |
| 638 | /** |
||
| 639 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.4 |
||
| 1130 | daniel-mar | 640 | * @param string $email |
| 641 | * @param array $out |
||
| 1116 | daniel-mar | 642 | * @return void |
| 643 | */ |
||
| 1130 | daniel-mar | 644 | public function whoisRaAttributes(string $email, array &$out) {} |
| 635 | daniel-mar | 645 | } |