public/gallery3-contrib
Archived
1
0
Fork 0
Code Releases Activity

Clean up style and whitespace to conform to Gallery 3 conventions. No

Browse Source 
major structural changes.  Added some missing security.
This commit is contained in:
Bharat Mediratta 2010-12-17 13:25:40 -08:00
parent 0f6fbf7bb2
commit 2609cae190
1 changed files with 297 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

573
3.0/modules/webdav/controllers/webdav.php
View File

@ -1,301 +1,322 @@
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2010 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
require_once(MODPATH . "webdav/libraries/Sabre/autoload.php");
set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/../libraries/');
include 'Sabre/autoload.php';
class WebDAV_Controller extends Controller {
public function index() {
$root = new Gallery3_Album("");
$tree = new Gallery3_DAV_Tree($root);
class webdav_Controller extends Controller {
public function gallery() {
$root = new Gallery3Album('');
$tree = new Gallery3DAVTree($root);
// Skip the lock plugin for now, we don't want Finder to get write support for the time being.
//$lock_backend = new Sabre_DAV_Locks_Backend_FS(TMPPATH . 'sabredav');
//$lock = new Sabre_DAV_Locks_Plugin($lock_backend);
$filter = new Sabre_DAV_TemporaryFileFilterPlugin(TMPPATH . 'sabredav');
// $lock_backend = new Sabre_DAV_Locks_Backend_FS(TMPPATH . "sabredav");
// $lock = new Sabre_DAV_Locks_Plugin($lock_backend);
$filter = new Sabre_DAV_TemporaryFileFilterPlugin(TMPPATH . "sabredav");
$server = new Sabre_DAV_Server($tree);
#$server = new Gallery3DAV($tree);
$server->setBaseUri(url::site('webdav/gallery'));
//$server->addPlugin($lock);
$server->addPlugin($filter);
$this->doAuthenticate();
$server->exec();
$server->setBaseUri(url::site("/"));
// $server->addPlugin($lock);
$server->addPlugin($filter);
if ($this->_authenticate()) {
$server->exec();
}
}
private function doAuthenticate() {
$auth = new Sabre_HTTP_BasicAuth();
$auth->setRealm('Gallery3');
$authResult = $auth->getUserPass();
list($username, $password) = $authResult;
if ($username == '' || $password == '') {
$auth->requireLogin();
die;
}
$user = identity::lookup_user_by_name($username);
if (empty($user) || !identity::is_correct_password($user, $password)) {
$auth->requireLogin();
die;
}
identity::set_active_user($user);
return $user;
private function _authenticate() {
$auth = new Sabre_HTTP_BasicAuth();
$auth->setRealm(item::root()->title);
$authResult = $auth->getUserPass();
list($username, $password) = $authResult;
if (!$username || !$password) {
$auth->requireLogin();
return false;
}
$user = identity::lookup_user_by_name($username);
if (empty($user) || !identity::is_correct_password($user, $password)) {
$auth->requireLogin();
return false;
}
identity::set_active_user($user);
return true;
}
}
class Gallery3DAVCache {
protected static $cache;
private static $instance;
private function __construct() {
$this->cache = array();
}
class Gallery3_DAV_Cache {
private static $cache;
private static $instance;
private function encodePath($path)
{
$path = trim($path, '/');
$encodedArray = array();
foreach (split('/', $path) as $part)
{
$encodedArray[] = rawurlencode($part);
}
$path = join('/', $encodedArray);
return $path;
}
private function __construct() {
self::$cache = array();
}
public function getAlbumOf($path) {
$path = substr($path, 0, strrpos($path, '/'));
return $this->getItemAt($path);
public static function instance() {
if (!isset(self::$instance)) {
self::$instance = new Gallery3_DAV_Cache();
}
public function getItemAt($path)
{
$path = trim($path, '/');
$path = $this->encodePath($path);
if (isset($this->cache[$path])) {
return $this->cache[$path];
}
$item = ORM::factory("item")
return self::$instance;
}
private function encode_path($path) {
$path = trim($path, "/");
$encoded_array = array();
foreach (explode("/", $path) as $part) {
$encoded_array[] = rawurlencode($part);
}
return join("/", $encoded_array);
}
public function to_album($path) {
$path = substr($path, 0, strrpos($path, "/"));
return $this->to_item($path);
}
public function to_item($path) {
$path = trim($path, "/");
$path = $this->encode_path($path);
if (!isset(self::$cache[$path])) {
self::$cache[$path] = ORM::factory("item")
->viewable()
->where("relative_path_cache", "=", $path)
->find();
$this->cache[$path] = $item;
return $item;
}
public static function singleton() {
if (!isset(self::$instance)) {
$c = __CLASS__;
self::$instance = new $c;
}
return self::$instance;
}
public function __clone() {}
return self::$cache[$path];
}
public function __clone() {
}
}
class Gallery3DAVTree extends Sabre_DAV_Tree {
protected $rootNode;
public function __construct(Sabre_DAV_ICollection $rootNode) {
$this->cache = Gallery3DAVCache::singleton();
$this->rootNode = $rootNode;
class Gallery3_DAV_Tree extends Sabre_DAV_Tree {
protected $root_node;
public function __construct(Sabre_DAV_ICollection $root_node) {
$this->cache = Gallery3_DAV_Cache::instance();
$this->root_node = $root_node;
}
public function move($source, $target) {
$source_item = $this->cache->to_item($source);
$target_item = $this->cache->to_album($target);
try {
access::required("view", $sourceItem);
access::required("edit", $sourceItem);
access::required("view", $targetItem);
access::required("edit", $targetItem);
} catch (Kohana_404_Exception $e) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
}
public function move($source, $target) {
$sourceItem = $this->cache->getItemAt($source);
$targetItem = $this->cache->getAlbumOf($target);
if (! access::can('view', $sourceItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
if (! access::can('edit', $sourceItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
if (! access::can('view', $targetItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
if (! access::can('edit', $targetItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
$sourceItem->parent_id = $targetItem->id;
$sourceItem->save();
$source_item->parent_id = $targetItem->id;
$source_item->save();
return true;
}
public function getNodeForPath($path) {
$path = trim($path,"/");
$item = $this->cache->to_item($path);
if (!$item->loaded()) {
throw new Sabre_DAV_Exception_FileNotFound("Could not find node at path: $path");
}
if ($item->is_album()) {
return new Gallery3_Album($path);
} else {
return new Gallery3_File($path);
}
}
}
class Gallery3_Album extends Sabre_DAV_Directory {
private $item;
private $stat;
private $path;
function __construct($path) {
$this->cache = Gallery3_DAV_Cache::instance();
$this->path = $path;
$this->item = $this->cache->to_item($path);
}
function getName() {
return $this->item->name;
}
function getChildren() {
$return = array();
foreach ($this->item->viewable()->children() as $child) {
$return[] = $this->getChild($child->name);
}
return $return;
}
function getChild($name) {
$rp = "{$this->path}/$name";
$child = $this->cache->to_item($rp);
if (!access::can("view", $child)) {
throw new Sabre_DAV_Exception_FileNotFound("Access denied");
}
if ($child->is_album()) {
return new Gallery3_Album($rp);
} else {
return new Gallery3_File($rp);
}
}
public function createFile($name, $data=null) {
try {
access::required("view", $this->item);
access::required("add", $this->item);
} catch (Kohana_404_Exception $e) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
}
if (substr($name, 0, 1) == ".") {
return true;
};
try {
$tempfile = tempnam(TMPPATH, "dav");
$target = fopen($tempfile, "wb");
stream_copy_to_stream($data, $target);
fclose($target);
$item = ORM::factory("item");
$item->name = $name;
$item->title = item::convert_filename_to_title($item->name);
$item->description = "";
$item->parent_id = $this->item->id;
$item->set_data_file($tempfile);
$item->type = "photo";
$item->save();
} catch (Exception $e) {
unlink($tempfile);
throw $e;
}
public function getNodeForPath($path) {
$path = trim($path,'/');
$currentNode = $this->rootNode;
$item = $this->cache->getItemAt($path);
if (! $item->id) {
throw new Sabre_DAV_Exception_FileNotFound('Could not find node at path: ' . $path);
}
if ($item->type == 'album') { $currentNode = new Gallery3Album($path); }
else { $currentNode = new Gallery3File($path); }
return $currentNode;
}
public function createDirectory($name) {
try {
access::required("view", $this->item);
access::required("add", $this->item);
} catch (Kohana_404_Exception $e) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
}
$album = ORM::factory("item");
$album->type = "album";
$album->parent_id = $this->item->id;
$album->name = $name;
$album->title = $name;
$album->description = "";
$album->save();
// Refresh MPTT pointers
$this->item->reload();
}
function getLastModified() {
return $this->item->updated;
}
function setName($name) {
if (!access::can("edit", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
$this->item->name = $name;
$this->item->save();
}
public function delete() {
if (!access::can("edit", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
$this->item->delete();
}
}
class Gallery3Album extends Sabre_DAV_Directory {
private $item;
private $stat;
private $path;
function __construct($path) {
$this->cache = Gallery3DAVCache::singleton();
$this->path = $path;
$this->item = $this->cache->getItemAt($path);
}
function getName() {
return $this->item->name;
}
function getChildren() {
$return = array();
foreach ($this->item->children() as $child) {
$item = $this->getChild($child->name);
if ($item != false) {
$return[] = $item;
}
}
return $return;
}
function getChild($name) {
$rp = $this->path . '/' . $name;
$child = $this->cache->getItemAt($rp);
if (! $child->id) {
throw new Sabre_DAV_Exception_FileNotFound('Access denied');
}
if (! access::can('view', $child)) {
return false;
};
if ($child->type == 'album') {
return new Gallery3Album($rp);
} else {
return new Gallery3File($rp);
}
}
public function createFile($name, $data = null) {
if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
if (! access::can('add', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
if (substr($name, 0, 1) == '.') { return true; };
$tempfile = tempnam(TMPPATH, 'dav');
$target = fopen($tempfile, 'wb');
stream_copy_to_stream($data, $target);
fclose($target);
$parent_id = $this->item->__get('id');
$item = ORM::factory("item");
$item->name = $name;
$item->title = item::convert_filename_to_title($item->name);
$item->description = '';
$item->parent_id = $parent_id;
$item->set_data_file($tempfile);
$item->type = "photo";
$item->save();
}
public function createDirectory($name) {
if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
if (! access::can('add', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
$parent_id = $this->item->__get('id');
$album = ORM::factory("item");
$album->type = "album";
$album->parent_id = $parent_id;
$album->name = $name;
$album->title = $name;
$album->description = '';
$album->save();
$this->item = ORM::factory("item")->where('id', '=', $parent_id);
}
function getLastModified() {
return $this->item->updated;
}
function setName($name) {
if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
$this->item->name = $name;
$this->item->save();
}
public function delete() {
if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
$this->item->delete();
}
}
class Gallery3_File extends Sabre_DAV_File {
private $item;
private $stat;
private $path;
class Gallery3File extends Sabre_DAV_File {
private $item;
private $stat;
private $path;
function __construct($path) {
$this->cache = Gallery3DAVCache::singleton();
$this->item = $this->cache->getItemAt($path);
if (access::can('view_full', $this->item)) {
$this->stat = stat($this->item->file_path());
$this->path = $this->item->file_path();
} else {
$this->stat = stat($this->item->resize_path());
$this->path = $this->item->resize_path();
}
}
public function delete() {
if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
$this->item->delete();
}
function setName($name) {
if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
$this->item->name = $name;
$this->item->save();
}
public function getLastModified() {
return $this->item->updated;
}
function get() {
if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
return fopen($this->path,'r');
}
function getSize() {
return $this->stat[7];
}
function getName() {
return $this->item->name;
}
function getETag() {
if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); };
return '"' . md5($this->item->file_path()) . '"';
}
}
function __construct($path) {
$this->cache = Gallery3_DAV_Cache::instance();
$this->item = $this->cache->to_item($path);
?>
if (access::can("view_full", $this->item)) {
$this->stat = stat($this->item->file_path());
$this->path = $this->item->file_path();
} else {
$this->stat = stat($this->item->resize_path());
$this->path = $this->item->resize_path();
}
}
public function delete() {
if (!access::can("edit", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
$this->item->delete();
}
function setName($name) {
if (!access::can("edit", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
$this->item->name = $name;
$this->item->save();
}
public function getLastModified() {
return $this->item->updated;
}
function get() {
if (!access::can("view", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
return fopen($this->path, "r");
}
function getSize() {
return $this->stat[7];
}
function getName() {
return $this->item->name;
}
function getETag() {
if (!access::can("view", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
return "'" . md5($this->item->file_path()) . "'";
}
}