Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Add many is_readable() checks wherever we send data.
Add the logged user id as target for reload_bookmarks and reload_shared_elements messages, otherwise they trigger reload on other users
MsObserver: ignore refresh if no repoId change.
NotificationLoader: fix comma typo
  • Loading branch information
cdujeu committed Oct 5, 2015
1 parent 19b2277 commit 8cb20ec
Show file tree
Hide file tree
Showing 13 changed files with 60 additions and 22 deletions.
10 changes: 6 additions & 4 deletions core/src/plugins/access.fs/class.fsAccessDriver.php
Expand Up @@ -418,6 +418,9 @@ public function switchAction($action, $httpVars, $fileVars)

$node = $selection->getUniqueNode();
$dlFile = $node->getUrl();
if(!is_readable($dlFile)){
throw new Exception("Cannot access file!");
}
$this->logInfo("Get_content", array("files"=>$this->addSlugToPath($selection)));
if (AJXP_Utils::getStreamingMimeType(basename($dlFile))!==false) {
$this->readFile($node->getUrl(), "stream_content");
Expand All @@ -432,15 +435,14 @@ public function switchAction($action, $httpVars, $fileVars)
if(!isset($httpVars["content"])) break;
// Load "code" variable directly from POST array, do not "securePath" or "sanitize"...
$code = $httpVars["content"];
$file = $selection->getUniqueFile();
$this->logInfo("Online Edition", array("file"=>$this->addSlugToPath($file)));
$currentNode = $selection->getUniqueNode();
$fileName = $currentNode->getUrl();
$this->logInfo("Online Edition", array("file"=>$fileName));
if (isSet($httpVars["encode"]) && $httpVars["encode"] == "base64") {
$code = base64_decode($code);
} else {
$code=str_replace("&lt;","<",SystemTextEncoding::magicDequote($code));
}
$fileName = $this->urlBase.$file;
$currentNode = new AJXP_Node($fileName);
try {
AJXP_Controller::applyHook("node.before_change", array(&$currentNode, strlen($code)));
} catch (Exception $e) {
Expand Down
Expand Up @@ -44,7 +44,7 @@ public function switchAction($action, $httpVars, $fileVars)
if (!$selection->isEmpty()) {
//$this->filterUserSelectionToHidden($selection->getFiles());
}
$urlBase = "ajxp.fs://". ConfService::getRepository()->getId();
$urlBase = "pydio://". ConfService::getRepository()->getId();
$mess = ConfService::getMessages();
switch ($action) {

Expand Down
15 changes: 14 additions & 1 deletion core/src/plugins/core.conf/class.AbstractConfDriver.php
Expand Up @@ -302,6 +302,16 @@ abstract public function updateRole($role);
*/
abstract public function deleteRole($role);

/**
* Compute the most recent date where one of these roles where updated.
*
* @param $rolesIdsList
* @return int
*/
public function rolesLastUpdated($rolesIdsList){
return 0;
}

/**
* Specific queries
*/
Expand Down Expand Up @@ -682,7 +692,10 @@ public function switchAction($action, $httpVars, $fileVars)
$title = AJXP_Utils::decodeSecureMagic($httpVars["bm_title"]);
$bmUser->renameBookmark($bmPath, $title);
}
AJXP_Controller::applyHook("msg.instant", array("<reload_bookmarks/>", ConfService::getRepository()->getId()));
AJXP_Controller::applyHook("msg.instant", array("<reload_bookmarks/>",
ConfService::getRepository()->getId(),
AuthService::getLoggedUser()->getId())
);

if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) {
$bmUser->save("user");
Expand Down
10 changes: 8 additions & 2 deletions core/src/plugins/core.mq/class.AjxpMqObserver.js
Expand Up @@ -42,8 +42,14 @@ Class.create("AjxpMqObserver", {

var repoId;
var data = event.memo;
if(data.active) repoId = data.active;
else if(ajaxplorer.repositoryId) repoId = ajaxplorer.repositoryId;
if(data.active) {
repoId = data.active;
} else if(pydio.repositoryId) {
repoId = pydio.repositoryId;
}
if(this.currentRepo && this.currentRepo == repoId){ // Ignore, repoId did not change!
return;
}
this.initForRepoId(repoId);

}.bind(this));
Expand Down
Expand Up @@ -347,7 +347,7 @@ Class.create("NotificationLoader", {

},

loaderTimer: null,
loaderTimer: null

});

Expand Down
4 changes: 3 additions & 1 deletion core/src/plugins/editor.audio/class.AudioPreviewer.php
Expand Up @@ -59,7 +59,9 @@ public function switchAction($action, $httpVars, $postProcessData)
$node = new AJXP_Node($destStreamURL.$file);
}
}

if(!is_readable($node->getUrl())){
throw new Exception("Cannot find file!");
}

$fileUrl = $node->getUrl();
$localName = basename($fileUrl);
Expand Down
2 changes: 1 addition & 1 deletion core/src/plugins/editor.browser/class.FileMimeSender.php
Expand Up @@ -54,7 +54,7 @@ public function switchAction($action, $httpVars, $filesVars)
$selectedNode = $selection->getUniqueNode();
$selectedNodeUrl = $selectedNode->getUrl();

if (!file_exists($selectedNodeUrl)) {
if (!file_exists($selectedNodeUrl) || !is_readable($selectedNodeUrl)) {
echo("File does not exist");
return false;
}
Expand Down
4 changes: 1 addition & 3 deletions core/src/plugins/editor.diaporama/class.ImagePreviewer.php
Expand Up @@ -44,7 +44,7 @@ public function switchAction($action, $httpVars, $filesVars)

if ($action == "preview_data_proxy") {
$file = $selection->getUniqueFile();
if (!file_exists($destStreamURL.$file)) {
if (!file_exists($destStreamURL.$file) || !is_readable($destStreamURL.$file)) {
header("Content-Type: ".AJXP_Utils::getImageMimeType(basename($file))."; name=\"".basename($file)."\"");
header("Content-Length: 0");
return;
Expand Down Expand Up @@ -81,9 +81,7 @@ public function switchAction($action, $httpVars, $filesVars)
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()-10000) . " GMT");
header("Expires: " . gmdate("D, d M Y H:i:s", time()+5*24*3600) . " GMT");

$class = $streamData["classname"];
$stream = fopen("php://output", "a");
//call_user_func(array($streamData["classname"], "copyFileInStream"), $destStreamURL.$file, $stream);
AJXP_MetaStreamWrapper::copyFileInStream($destStreamURL.$file, $stream);
fflush($stream);
fclose($stream);
Expand Down
15 changes: 9 additions & 6 deletions core/src/plugins/editor.imagick/class.IMagickPreviewer.php
Expand Up @@ -62,38 +62,41 @@ public function switchAction($action, $httpVars, $filesVars)

if ($action == "imagick_data_proxy") {
$this->extractAll = false;
$file = $selection->getUniqueFile();
$file = $selection->getUniqueNode()->getUrl();
if(!file_exists($file) || !is_readable($file)){
throw new Exception("Cannot find file");
}
if(isSet($httpVars["all"])) {
$this->logInfo('Preview', 'Preview content of '.$file);
$this->extractAll = true;
}

if (($size = filesize($destStreamURL.$file)) === false) {
if (($size = filesize($file)) === false) {
return false;
} else {
if($size > $flyThreshold) $this->useOnTheFly = true;
else $this->useOnTheFly = false;
}

if ($this->extractAll) {
$node = new AJXP_Node($destStreamURL.$file);
$node = new AJXP_Node($file);
AJXP_Controller::applyHook("node.read", array($node));
}

$cache = AJXP_Cache::getItem("imagick_".($this->extractAll?"full":"thumb"), $destStreamURL.$file, array($this, "generateJpegsCallback"));
$cache = AJXP_Cache::getItem("imagick_".($this->extractAll?"full":"thumb"), $file, array($this, "generateJpegsCallback"));
$cacheData = $cache->getData();

if (!$this->useOnTheFly && $this->extractAll) { // extract all on first view
$ext = pathinfo($file, PATHINFO_EXTENSION);
$prefix = str_replace(".$ext", "", $cache->getId());
$files = $this->listExtractedJpg($destStreamURL.$file, $prefix);
$files = $this->listExtractedJpg($file, $prefix);
header("Content-Type: application/json");
print(json_encode($files));
return false;
} else if ($this->extractAll) { // on the fly extract mode
$ext = pathinfo($file, PATHINFO_EXTENSION);
$prefix = str_replace(".$ext", "", $cache->getId());
$files = $this->listPreviewFiles($destStreamURL.$file, $prefix);
$files = $this->listPreviewFiles($file, $prefix);
header("Content-Type: application/json");
print(json_encode($files));
return false;
Expand Down
3 changes: 3 additions & 0 deletions core/src/plugins/editor.video/class.VideoReader.php
Expand Up @@ -39,6 +39,9 @@ public function switchAction($action, $httpVars, $filesVars)
$node = $selection->getUniqueNode();

if ($action == "read_video_data") {
if(!file_exists($node->getUrl()) || !is_readable($node->getUrl())){
throw new Exception("Cannot find file!");
}
$this->logDebug("Reading video");
session_write_close();
$filesize = filesize($node->getUrl());
Expand Down
4 changes: 4 additions & 0 deletions core/src/plugins/editor.zoho/class.ZohoEditor.php
Expand Up @@ -114,6 +114,10 @@ public function switchAction($action, $httpVars, $filesVars)
}else{
$file = $selection->getUniqueFile();
}
if(!is_readable($destStreamURL.$file)){
throw new Exception("Cannot find file!");
}

$target = base64_decode($httpVars["parent_url"]);
$tmp = AJXP_MetaStreamWrapper::getRealFSReference($destStreamURL.$file);
$tmp = SystemTextEncoding::fromUTF8($tmp);
Expand Down
7 changes: 7 additions & 0 deletions core/src/plugins/index.lucene/class.AjxpLuceneIndexer.php
Expand Up @@ -189,6 +189,8 @@ public function applyAction($actionName, $httpVars, $fileVars)
$limit = intval($httpVars['limit']);
}
foreach ($hits as $hit) {
// Backward compatibility
$hit->node_url = preg_replace("#ajxp\.[a-z_]+://#", "pydio://", $hit->node_url);
if ($hit->serialized_metadata!=null) {
$meta = unserialize(base64_decode($hit->serialized_metadata));
$tmpNode = new AJXP_Node(SystemTextEncoding::fromUTF8($hit->node_url), $meta);
Expand Down Expand Up @@ -267,6 +269,8 @@ public function applyAction($actionName, $httpVars, $fileVars)
AJXP_XMLWriter::header();
}
foreach ($hits as $hit) {
// Backward compat with old protocols
$hit->node_url = preg_replace("#ajxp\.[a-z_]+://#", "pydio://", $hit->node_url);
if ($hit->serialized_metadata!=null) {
$meta = unserialize(base64_decode($hit->serialized_metadata));
$tmpNode = new AJXP_Node(SystemTextEncoding::fromUTF8($hit->node_url), $meta);
Expand All @@ -279,6 +283,9 @@ public function applyAction($actionName, $httpVars, $fileVars)
$commitIndex = true;
continue;
}
if (!is_readable($tmpNode->getUrl())){
continue;
}
$tmpNode->search_score = sprintf("%0.2f", $hit->score);
if (isSet($returnNodes)) {
$returnNodes[] = $tmpNode;
Expand Down
4 changes: 2 additions & 2 deletions core/src/plugins/meta.syncable/manifest.xml
Expand Up @@ -10,8 +10,8 @@
<server_settings>
<global_param type="button" name="INSTALL_SQL" choices="run_plugin_action:meta.syncable:installSQLTables" label="CONF_MESSAGE[SQL Tables]" description="CONF_MESSAGE[Install SQL Tables]" mandatory="false"/>
<param name="REPO_SYNCABLE" type="boolean" label="CONF_MESSAGE[Syncable Workspace]" description="CONF_MESSAGE[Workspace is syncable]" default="true" scope="repository" expose="true"/>
<param name="OBSERVE_STORAGE_CHANGES" type="boolean" label="Observe storage changes [Experimental]" description="Continuously monitor underlying storage changes. This is experimental. Can be used if the storage content is modified OUTSIDE of Pydio." default="false" scope="repository" expose="false"/>
<param name="OBSERVE_STORAGE_EVERY" type="integer" label="Observe storage changes every..." description="If previous option is set to Yes, this will trigger a storage indexation every X minutes. This can be heavy in memory, so it can be a good practice to use something between 5 and 60 minutes." default="5" scope="repository" expose="false"/>
<param name="OBSERVE_STORAGE_CHANGES" type="boolean" label="Observe storage changes [Experimental]" description="Continuously monitor underlying storage changes. This is experimental. Can be used if the storage content is modified OUTSIDE of Pydio." default="false" expose="false"/>
<param name="OBSERVE_STORAGE_EVERY" type="integer" label="Observe storage changes every..." description="If previous option is set to Yes, this will trigger a storage indexation every X minutes. This can be heavy in memory, so it can be a good practice to use something between 5 and 60 minutes." default="5" expose="false"/>
</server_settings>
<registry_contributions>
<actions>
Expand Down

0 comments on commit 8cb20ec

Please sign in to comment.