$permsql = " WHERE $perm";
}
- $cond = array(
- 'and' => $directorysql
- );
- serendipity_ACL_SQL($cond, false, 'directory');
-
- $basequery = "FROM {$serendipity['dbPrefix']}images AS i
- LEFT OUTER JOIN {$serendipity['dbPrefix']}authors AS a
- ON i.authorid = a.authorid
- {$cond['joins']}
-
- {$cond['and']}";
-
- $query = "SELECT i.*,
- a.realname AS authorname
- $basequery
- ORDER BY $order $ordermode $limitsql";
-
+ $query = "SELECT i.*, a.realname AS authorname FROM {$serendipity['dbPrefix']}images AS i LEFT OUTER JOIN {$serendipity['dbPrefix']}authors AS a ON i.authorid = a.authorid $directorysql ORDER BY $order $ordermode $limitsql";
$rs = serendipity_db_query($query, false, 'assoc');
if (!is_array($rs)) {
return array();
}
- $total_query = "SELECT count(i.id)
- $basequery";
+ $total_query = "SELECT count(i.id) FROM {$serendipity['dbPrefix']}images AS i LEFT OUTER JOIN {$serendipity['dbPrefix']}authors AS a on i.authorid = a.authorid $permsql";
$total_rs = serendipity_db_query($total_query, true, 'num');
if (is_array($total_rs)) {
$total = $total_rs[0];
*/
function serendipity_fetchImageFromDatabase($id) {
global $serendipity;
-
- $cond = array(
- 'and' => "WHERE id = " . (int)$id
- );
- serendipity_ACL_SQL($cond, false, 'directory');
-
- $rs = serendipity_db_query("SELECT i.*
- FROM {$serendipity['dbPrefix']}images AS i
- {$cond['joins']}
- {$cond['and']}", true, 'assoc');
+ $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images WHERE id = ". (int)$id, true, 'assoc');
return $rs;
}
$dThumb = array();
$file = serendipity_fetchImageFromDatabase($id);
-
- if (!is_array($file) || !isset($file['path'])) {
- printf(FILE_NOT_FOUND . '<br />', $id);
- return false;
- }
-
$dFile = $file['path'] . $file['name'] . '.' . $file['extension'];
$dThumb = array(array(
serendipity_plugin_api::hook_event('backend_media_delete', $dThumb);
foreach($dThumb as $thumb) {
- $dfnThumb = $file['path'] . $file['name'] . (!empty($dThumb['fthumb']) ? '.' . $dThumb['fthumb'] : '') . '.' . $file['extension'];
+ $dfnThumb = $file['path'] . $file['name'] . (!empty($thumb['fthumb']) ? '.' . $thumb['fthumb'] : '') . '.' . $file['extension'];
$dfThumb = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $dfnThumb;
if (@unlink($dfThumb)) {
global $serendipity;
$file = serendipity_fetchImageFromDatabase($id);
- if (!is_array($file)) {
- return false;
- }
$admin = '';
if (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
global $serendipity;
$file = serendipity_fetchImageFromDatabase($id);
- if (!is_array($file)) {
- return false;
- }
$admin = '';
if (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
$ft_mime = serendipity_guessMime($f[1]);
$fdim = serendipity_getimagesize($ffull, $ft_mime);
- $cond = array(
- 'and' => "WHERE name = '" . serendipity_db_escape_string($fbase) . "'
- " . ($fdir != '' ? "AND path = '" . serendipity_db_escape_string($fdir) . "'" : '') . "
- AND mime = '" . serendipity_db_escape_string($fdim['mime']) . "'"
- );
- serendipity_ACL_SQL($cond, false, 'directory');
-
- $rs = serendipity_db_query("SELECT *
- FROM {$serendipity['dbPrefix']}images AS i
- {$cond['joins']}
-
- {$cond['and']}", true, 'assoc');
+ $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images
+ WHERE name = '" . serendipity_db_escape_string($fbase) . "'
+ " . ($fdir != '' ? "AND path = '" . serendipity_db_escape_string($fdir) . "'" : '') . "
+ AND mime = '" . serendipity_db_escape_string($fdim['mime']) . "'", true, 'assoc');
if (is_array($rs)) {
$update = array();
$checkfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $rs['path'] . $rs['name'] . '.' . $rs['thumbnail_name'] . '.' . $rs['extension'];
$linkPrevious = '?' . $extraParems . 'serendipity[page]=' . ($page-1);
$linkNext = '?' . $extraParems . 'serendipity[page]=' . ($page+1);
$sort_order = serendipity_getImageFields();
- $paths = serendipity_traversePath(
- $serendipity['serendipityPath'] . $serendipity['uploadPath']. $limit_path,
- '',
- true,
- NULL,
- 1,
- NULL,
- 'read'
- );
+ $paths = serendipity_traversePath($serendipity['serendipityPath'] . $serendipity['uploadPath']. $limit_path);
if (is_null($lineBreak)) {
$lineBreak = floor(750 / ($serendipity['thumbSize'] + 20));
/**
* Recursively walk a directory tree
*
- *
* @access public
* @param string The core directory
* @param string The subdirectory
* @param string A regexp patter to include files
* @param int Level of nesting (recursive use)
* @param int The maximum level of nesting (recursive use)
- * @param mixed Toggle whether to apply serendipity_directoryACL (false / 'read' / 'write')
* @return array Array of files/directories
*/
-function serendipity_traversePath($basedir, $dir='', $onlyDirs = true, $pattern = NULL, $depth = 1, $max_depth = null, $apply_ACL = false) {
+function serendipity_traversePath($basedir, $dir='', $onlyDirs=true, $pattern = NULL, $depth = 1, $max_depth = null) {
+
- $odir = serendipity_dirSlash('end', $basedir) . serendipity_dirSlash('end', $dir);
- $dh = @opendir($odir);
- if (!$dh) {
+ $dh = @opendir($basedir . '/' . $dir);
+ if ( !$dh ) {
return array();
}
$files = array();
while (($file = @readdir($dh)) !== false) {
if ( $file != '.' && $file != '..' ) {
- if ( $onlyDirs === false || ($onlyDirs === true && is_dir($odir . $file)) ) {
+ if ( $onlyDirs === false || ($onlyDirs === true && is_dir($basedir . '/' . $dir . '/' . $file)) ) {
if ( is_null($pattern) || preg_match($pattern, $file) ) {
$files[] = array(
'name' => $file,
'depth' => $depth,
- 'relpath' => ltrim(str_replace('\\', '/', serendipity_dirSlash('end', $dir)) . basename($file) . '/', '/')
+ 'relpath' => ltrim(str_replace('\\', '/', $dir) . basename($file) . '/', '/')
);
}
}
-
- if (is_dir($odir . $file) && ($max_depth === null || $depth < $max_depth)) {
- $next_dir = serendipity_dirSlash('end', $dir) . basename($file);
- $files = array_merge($files, serendipity_traversePath($basedir, $next_dir, $onlyDirs, $pattern, ($depth+1), $max_depth));
+ if ( is_dir($basedir . '/' . $dir . '/' . $file) && ($max_depth === null || $depth < $max_depth)) {
+ $files = array_merge($files, serendipity_traversePath($basedir, $dir . '/' . basename($file) . '/', $onlyDirs, $pattern, ($depth+1), $max_depth));
}
}
}
@closedir($dh);
-
- if ($depth == 1 && $apply_ACL !== FALSE) {
- serendipity_directoryACL($files, $apply_ACL);
- }
-
return $files;
}
function serendipity_escapeshellarg($string) {
return escapeshellarg(str_replace('%', '', $string));
}
-
-/**
- * Rename a media directory
- *
- * @access public
- * @param string Old directory name
- * @param string New directory name
- */
-function serendipity_renameDir($old, $new) {
-}
-
-/**
- * Makes sure a directory begins with or ends with a "/"
- *
- * @access public
- * @param string Type of where to append/prepend slash ('end', 'start', 'both')
- * @param string Directory name
- * @return string Output argument
- */
-function serendipity_dirSlash($type, $dir) {
-
- if ($dir == '') {
- return $dir;
- }
-
- if ($type == 'start' || $type == 'both') {
- if (substr($dir, 0, 1) != '/') {
- $dir = '/' . $dir;
- }
- }
-
- if ($type == 'end' || $type == 'both') {
- if (substr($dir, -1) != '/') {
- $dir .= '/';
- }
- }
-
- return $dir;
-}
-
-/**
- * Cycle a serendipity_traversePath resultset and apply read/write ACLs.
- *
- * @access public
- * @param array serendipity_traversePath result array
- * @param string ACL type ('read', 'write')
- */
-function serendipity_directoryACL(&$paths, $type = 'read') {
- global $serendipity;
- static $debug = true;
-
- if ($debug) {
- echo "Applying ACL for mode '$type'.<br />\n";
- }
-
- if (serendipity_userLoggedIn() && (!isset($serendipity['enableACL']) || $serendipity['enableACL'] == true)) {
- // Check if we are a cool superuser. Bail out if we are.
- if (serendipity_checkPermission('adminImagesMaintainOthers') && serendipity_checkPermission('adminImagesDirectories')) {
- if (!$debug) {
- return true;
- }
- }
-
- // Get list of all ACLs for directories.
- $q = "SELECT a.artifact_index AS directory,
- a.groupid
- FROM {$serendipity['dbPrefix']}access AS a
- WHERE a.artifact_type = 'directory'
- AND a.artifact_mode = '" . serendipity_db_escape_string($type) . "'";
- $allowed = serendipity_db_query($q);
- if (!is_array($allowed)) {
- return false;
- }
-
- // Get a list of all the groups for this user. Pipe it into a usable array.
- $my_groups =& serendipity_getGroups($serendipity['authorid']);
- $acl_allowed_groups = array();
- foreach($my_groups AS $my_group) {
- $acl_allowed_groups[$my_group['id']] = true;
- }
-
- // Iterate every ACL and check if we are allowed to use it.
- $acl_allowed = array();
- foreach($allowed AS $row) {
- $acl_allowed[$row['directory']][$row['groupid']] = true;
- }
-
- // Iterate the input path array and check it against ACL.
- foreach($paths AS $idx => $info) {
- if (!isset($acl_allowed[$info['relpath']])) {
- // ACL for directory not set. Assume we are allowed to access.
- continue;
- }
-
- $granted = false;
- foreach($acl_allowed[$info['relpath']] AS $groupid => $set) {
- if (isset($acl_allowed_groups[$groupid])) {
- // We are allowed to access this element
- $granted = true;
- break;
- }
- }
-
- if ($granted === false) {
- // We are not allowed to access this element
- if ($debug) {
- echo "ACL for " . $info['relpath'] . " DENIED.<br />\n";
- }
- unset($paths[$idx]);
- } else {
- if ($debug) {
- echo "ACL for " . $info['relpath'] . " granted.<br />\n";
- }
- }
- }
-
- if (count($paths) < 1) {
- return false;
- }
- }
-
- return true;
-}
\ No newline at end of file
projects / s9y.git / commitdiff