Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge branch 'fix-ajaxupload-and-refactor' into doryphore
  • Loading branch information
J9rem committed Feb 9, 2022
2 parents ef0d9a9 + 9655ae5 commit aa060a6
Show file tree
Hide file tree
Showing 10 changed files with 223 additions and 113 deletions.
8 changes: 5 additions & 3 deletions composer.json
Expand Up @@ -8,19 +8,21 @@
"scripts": {
"test": "phpunit --do-not-cache-result --stderr tests",
"post-install-cmd": [
"@composer install --working-dir ./tools/autoupdate/"
"@composer install --working-dir ./tools/autoupdate/",
"@php -r \"array_map('unlink', glob('vendor/enshrined/svg-sanitize/tests/data/*.svg'));\""
],
"post-update-cmd": [
"@composer update --working-dir ./tools/autoupdate/"
]
},
"require": {
"php": "^7.3 || ^8.0",
"ext-json": "*",
"ext-mysqli": "*",
"caxy/php-htmldiff": "^0.1.13",
"doctrine/annotations": "^1.11",
"doctrine/cache": "^1.10",
"ext-json": "*",
"ext-mysqli": "*",
"enshrined/svg-sanitize": "^0.14.1",
"oomphinc/composer-installers-extender": "^2.0",
"phpmailer/phpmailer": "^6.2",
"symfony/config": "^5.1",
Expand Down
68 changes: 57 additions & 11 deletions composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 18 additions & 0 deletions tools/attach/config.yaml
Expand Up @@ -12,6 +12,7 @@ parameters:
png: 'PNG'
gif: 'GIF'
jpeg: 'JPEG'
webp: 'WEBP'
# Autres images (peuvent utiliser le tag <img>)
bmp: 'BMP'
tif: 'TIFF'
Expand Down Expand Up @@ -66,6 +67,7 @@ parameters:
h: 'C header'
kml: 'Keyhole Markup Language'
kmz: 'Google Earth Placemark File'
md: 'Markdown'
mm: 'Mindmap'
pas: 'Pascal'
pdf: 'PDF'
Expand Down Expand Up @@ -93,7 +95,9 @@ parameters:
xspf: 'XSPF'
xls: 'Excel'
xlsx: 'Excel'
xlsm: 'Excel'
xml: 'XML'
yaml: 'YAML'
zip: 'Zip'
# Open Document
odt: 'opendocument text'
Expand All @@ -109,6 +113,20 @@ parameters:
ots: 'opendocument spreadsheet-template'
otp: 'opendocument presentation-template'
otg: 'opendocument graphics-template'
attach_config:
ext_images: "gif|jpeg|png|jpg|svg|webp"
ext_audio: "mp3|aac"
ext_video: "mp4|webm|ogg"
ext_wma: "wma"
ext_pdf: "pdf"
ext_freemind: "mm"
ext_flashvideo: "flv"
ext_script: "php|php3|asp|asx|vb|vbs|js"
upload_path: "files"
update_symbole: ""
fmDelete_symbole: "Supr"
fmRestore_symbole: "Rest"
fmTrash_symbole: "Corbeille"
attach-video-config:
default_video_service: 'peertube'
default_peertube_instance: 'https://framatube.org/'
Expand Down
89 changes: 89 additions & 0 deletions tools/attach/handlers/AjaxUploadHandler.php
@@ -0,0 +1,89 @@
<?php

namespace YesWiki\Attach;

use Attach;
use qqFileUploader;
use YesWiki\Core\Service\AclService;
use YesWiki\Core\Service\DbService;
use YesWiki\Core\Service\PageManager;
use YesWiki\Core\YesWikiHandler;
use YesWiki\Security\Controller\SecurityController;

class AjaxUploadHandler extends YesWikiHandler
{
private $hasTempTag;

public function run()
{
if ($this->getService(SecurityController::class)->isWikiHibernated()) {
throw new \Exception(_t('WIKI_IN_HIBERNATION'));
};

if (!$this->hasAccesUpload($_GET)) {
return $this->formatOuput(['error' => _t('NO_RIGHT_TO_WRITE_IN_THIS_PAGE')]);
}

// load classes
require_once 'tools/attach/libs/qq.lib.php';

if (!class_exists('attach')) {
include_once 'tools/attach/libs/attach.lib.php';
}
$errorsMessage = '';
ob_start();
try {
$att = new attach($this->wiki);

// list of valid extensions, ex. array("jpeg", "xml", "bmp")
$allowedExtensions = array_keys($this->params->get('authorized-extensions'));

// max file size in bytes
$sizeLimit = $att->attachConfig['max_file_size'];

$uploader = new qqFileUploader($allowedExtensions, $sizeLimit, $this->hasTempTag);
$result = $uploader->handleUpload($att->attachConfig['upload_path']);
} catch (\Throwable $th) {
$errorsMessage .= "{$th->getMessage()} in {$th->getFile()}, line {$th->getLine()}";
}
$errorsMessage .= ob_get_contents();
ob_end_clean();
if (!empty($errorsMessage)) {
$result['error'] = ($result['error'] ?? '').$errorsMessage;
}
return $this->formatOuput($result);
}

private function hasAccesUpload(array $get): bool
{
$tag = $this->wiki->getPageTag();
if (empty(trim($tag))) {
return false;
}

$this->hasTempTag = (
isset($get['tempTag'])
&& preg_match("/^{$this->params->get('temp_tag_for_entry_creation')}_[A-Fa-f0-9]+$/m", $get['tempTag'])
);
$page = $this->getService(PageManager::class)->getOne($tag);
$aclService = $this->getService(AclService::class);

return ((
empty($page) // new page
&& $aclService->hasAccess('write', $tag) // default rights to write
) || (
!empty($page) // existing page
&& $aclService->hasAccess('write', $tag)
) || (
!empty($page) // existing page
&& $aclService->hasAccess('read', $tag) // page with cration of entries
&& $this->hasTempTag
)
);
}

private function formatOuput(array $ouput): string
{
return htmlspecialchars(json_encode($ouput), ENT_NOQUOTES, YW_CHARSET);
}
}
11 changes: 10 additions & 1 deletion tools/attach/handlers/page/__edit.php
@@ -1,2 +1,11 @@
<?php
$this->AddJavascriptFile('tools/attach/libs/fileuploader.js');

use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
use YesWiki\Core\Service\AssetsManager;

$this->services->get(AssetsManager::class)->AddJavascript(
"var fileUploaderConfig = {attach_config:{ext_images:"
.json_encode(explode("|", $this->services->get(ParameterBagInterface::class)->get("attach_config")["ext_images"]))
."}};"
);
$this->services->get(AssetsManager::class)->AddJavascriptFile('tools/attach/libs/fileuploader.js');

0 comments on commit aa060a6

Please sign in to comment.