Changeset 1159

Timestamp:

12/07/11 17:51:00 (6 months ago)

Author:

adrian.budau

Message:

Fix more errors that occured durring the deployment of the avatar optimisation

Fixes to the attachments control. Users can't upload an attachment called avatar.
Now the avatar can be deleted.
Fixes to the image resize script regarding gif files (it used to enter an infinite loop)

REVIEW URL ​http://reviewboard.infoarena.ro/r/181/

Location:

trunk

Files:

• common/attachment.php (modified) (1 diff)
• common/avatar.php (modified) (2 diffs)
• common/common.php (modified) (1 diff)
• common/security.php (modified) (2 diffs)
• scripts/setup (modified) (2 diffs)
• www/controllers/account.php (modified) (3 diffs)
• www/controllers/attachment.php (modified) (14 diffs)
• www/index.php (modified) (1 diff)
• www/views/account.php (modified) (1 diff)
• www/views/listattach.php (modified) (2 diffs)

trunk/common/attachment.php

@@ -178 +178 @@
             $trans_col = imagecolortransparent($image);
             imagepalettecopy($image_resized, $image);
-            imagefill($image_resized, 0, 0, $trans_col);
+            if ($trans_col != -1) {
+                imagefill($image_resized, 0, 0, $trans_col);
+            }
             imagecolortransparent($image_resized, $trans_col);
             imagecopyresampled($image_resized, $image, 0, 0, 0, 0,

trunk/common/avatar.php

@@ -7 +7 @@
 require_once(IA_ROOT_DIR.'www/controllers/account_validator.php');
 require_once(IA_ROOT_DIR.'common/common.php');
+require_once(IA_ROOT_DIR.'www/config.php');
 require_once(IA_ROOT_DIR.'common/attachment.php');
+
+/**
+ * Returns whether the attachment of the given page is an avatar attachment
+ * @param  string  $attachment_name
+ * @param  string  $page_name
+ * @return bool
+ */
+function is_avatar_attachment($attachment_name, $page_name) {
+    $matches = get_page_user_name($page_name);
+
+    if ($attachment_name === 'avatar' && $matches) {
+        return true;
+    }
+
+    return false;
+}
+
+/**
+ * Resizes a newly uploaded avatar and returns errors if any
+ * @param  string  $temporary_name
+ * @param  string  $filepath          The filepath where to copy the attachment
+ * @param  string  $username
+ * @return mixed   Error message or null on success
+ */
+function avatar_update($temporary_name, $filepath, $username) {
+    // resize the avatar if it has a correct mime-type
+    $avatar_mime_types = array('image/gif', 'image/jpeg', 'image/png');
+    $image_info = getimagesize($temporary_name);
+    if (!in_array($image_info['mime'], $avatar_mime_types)) {
+        return 'Fisierul nu este o imagine acceptata pe site. ' .
+                'Utilizati doar imagini GIF, JPEG sau PNG.';
+    }
+
+    // write the file on disk.
+    if (!move_uploaded_file($temporary_name, $filepath)) {
+        return 'Fisierul nu a putut fi incarcat pe server.';
+    }
+    // resize the avatar
+    avatar_cache_resized($filepath, $image_info, "a".$username);
+    return null;
+}
 
 /**
@@ -45 +87 @@
 }
 
+/**
+ * Delete's an user avatar, the rest is done from the attachment page
+ *
+ * @param  string  $username
+ */
+function avatar_delete($username) {
+    $resize_folders = array('tiny/', 'small/', 'normal/', 'forum/', 'big/');
+
+    // Unlink the hardlinked full-sized image
+    $filepath = IA_AVATAR_FOLDER . 'full/a' . $username;
+    if (is_file($filepath) || is_link($filepath)) {
+        unlink($filepath);
+    }
+
+    // Delete the resized ones
+    foreach ($resize_folders as $resize_folder) {
+        $filepath = IA_AVATAR_FOLDER . $resize_folder . 'a'
+                . $username;
+        if (is_file($filepath) || is_link($filepath)) {
+            unlink($filepath);
+        }
+    }
+}
 ?>

trunk/common/common.php

@@ -154 +154 @@
 function is_page_name($page_name) {
     return preg_match('/^'.IA_RE_PAGE_NAME.'$/xi', $page_name);
+}
+
+/**
+ * Validates user page name
+ *
+ * @param  string  $page_name
+ * @return array                returns an array containing the matched user
+ */
+function get_page_user_name($page_name) {
+    preg_match("/^ ".
+                preg_quote(IA_USER_TEXTBLOCK_PREFIX, '/').
+                '('.IA_RE_USER_NAME.") (\/?.*) $/xi",
+                $page_name, $matches);
+    return $matches;
 }
 

trunk/common/security.php

@@ -193 +193 @@
     // HACK: Forward security to user.
     // HACK: based on name
-    if (preg_match("/^ ".
-                preg_quote(IA_USER_TEXTBLOCK_PREFIX, '/').
-                '('.IA_RE_USER_NAME.") (\/?.*) $/xi",
-                $textblock['name'], $matches)) {
+    if (count($matches = get_page_user_name($textblock['name'])) > 0) {
         require_once(IA_ROOT_DIR . "common/db/user.php");
         $ouser = user_get_by_username($matches[1]);
@@ -205 +202 @@
         // This is a horrible hack to prevent deleting or moving an user page.
         // This is pure evil.
-        if ($matches[2] != '') {
-            return false;
-        }
         if ($action == 'textblock-delete' || $action == 'textblock-move') {
             $action = 'simple-critical';

trunk/scripts/setup

@@ -230 +230 @@
     system("chmod g+ws {$ia_root}attach");
     system("chmod g+ws {$ia_root}cache");
-    system("chmod g+ws {$ia_root}www/static/images/avatar");
     system("chmod g+ws {$ia_root}www/static/images/tmp");
     system("chmod g+ws {$ia_root}www/static/images/latex");
@@ -269 +268 @@
 }
 
+// Running scripts to keep things simple for new developers
+system("./{$ia_root}scripts/make-avatar-folder");
 // FIXME: configure forum
 if (read_bool("Should I try to configure the forum (ugly db stuff)?", true)) {

trunk/www/controllers/account.php

@@ -7 +7 @@
 require_once(IA_ROOT_DIR."www/controllers/account_validator.php");
 require_once(IA_ROOT_DIR."www/config.php");
+require_once(IA_ROOT_DIR."common/avatar.php");
 
 // identify target user and check permission to edit profile
@@ -129 +130 @@
                 if (!$errors) {
                     $disk_name = attachment_get_filepath($attach);
-                    if (!move_uploaded_file($_FILES['avatar']['tmp_name'],
-                                            $disk_name)) {
-                        $errors['avatar'] = 'Fisierul nu a putut fi incarcat '
-                                            .'pe server.';
-                    } else {
-                        // resize the avatar if it is a correct mime-type
-                        global $IA_SAFE_MIME_TYPES;
-                        $img_info = getimagesize($disk_name);
-                        // check if mime-type is from accepted ones
-                        if (in_array($img_info['mime'], $IA_SAFE_MIME_TYPES)) {
-                            avatar_cache_resized($disk_name, $img_info,
-                                    "a".$user['username']);
-                        }
-                    }
+                    $errors['avatar'] = avatar_update(
+                            $_FILES['avatar']['tmp_name'], $disk_name,
+                            $user['username']);
                 }
             }
@@ -212 +202 @@
     $view['form_values'] = $data;
     $view['action'] = url_account($user['username']);
+    $view['avatar_exists'] = attachment_get('avatar', IA_USER_TEXTBLOCK_PREFIX .
+            $user['username']);
     if ($ownprofile) {
         $view['topnav_select'] = 'profile';

trunk/www/controllers/attachment.php

@@ -6 +6 @@
 require_once(IA_ROOT_DIR.'www/controllers/zip_attachment.php');
 require_once(IA_ROOT_DIR."common/external_libs/zipfile.php");
+require_once(IA_ROOT_DIR."common/avatar.php");
 
 // Try to get the textblock model for a certain page.
@@ -109 +110 @@
     if (!$form_errors) {
         if ($autoextract) {
-            $zip_files = get_zipped_attachments($_FILES['file_name']['tmp_name']);
+            $zip_files = get_zipped_attachments(
+                    $_FILES['file_name']['tmp_name']);
 
             if (false === $zip_files) {
-                $form_errors['file_name'] = 'Arhiva ZIP este invalida sau nu poate fi recunoscuta';
+                $form_errors['file_name'] = 'Arhiva ZIP este invalida sau nu '
+                        . 'poate fi recunoscuta';
             } else {
                 $attachments = $zip_files['attachments'];
-                $skipped_files = $zip_files['total_files'] - count($attachments);
+                $skipped_files = $zip_files['total_files'] -
+                        count($attachments);
             }
         }
@@ -121 +125 @@
             // simple (single) file attachment
             $attachments = array(
-                array('name' => $form_values['file_name'], 'size' => $form_values['file_size'],
-                      'disk_name' => $_FILES['file_name']['tmp_name'])
-            );
+                array('name' => $form_values['file_name'],
+                        'size' => $form_values['file_size'],
+                        'disk_name' => $_FILES['file_name']['tmp_name']));
         }
     }
@@ -141 +145 @@
             $tmpname = tempnam(IA_ROOT_DIR . 'attach/', 'iatmp');
             log_assert($tmpname);
-            $res = extract_zipped_attachment($ziparchive, $att['zipindex'], $tmpname);
+            $res = extract_zipped_attachment($ziparchive, $att['zipindex'],
+                    $tmpname);
             if ($res) {
                 $att['disk_name'] = $tmpname;
@@ -165 +170 @@
     $rewrite_count = 0;
     $attach_okcount = 0;
+    $extra_errors = '';
     if (!$form_errors) {
         for ($i = 0; $i < count($attachments); $i++) {
@@ -180 +186 @@
                 }
                 $file_att['size'] = filesize($file_att['disk_name']);
+            }
+
+            if (is_avatar_attachment($file_att['name'], $page_name)) {
+                if (isset($skipped_files)) {
+                    $skipped_files++;
+                }
+                $extra_errors .= ' A fost intalnit un fisier cu numele avatar' .
+                        '. Pentru a va modifica imaginea de profil va rugam ' .
+                        'folositi pagina "Contul meu".';
+                 continue;
             }
 
@@ -216 +232 @@
             $disk_name = attachment_get_filepath($file_att['attach_obj']);
             if (is_uploaded_file($file_att['disk_name'])) {
-                $move_ok = move_uploaded_file($file_att['disk_name'], $disk_name);
+                $move_ok = move_uploaded_file($file_att['disk_name'],
+                        $disk_name);
             } else {
                 $move_ok = @rename($file_att['disk_name'], $disk_name);
@@ -232 +249 @@
 
     // custom error message for simple (single) file uploads
-    if (!$form_errors && !$autoextract && 0 >= $attach_okcount) {
-        $form_errors['file_name'] = 'Fisierul nu a putut fi atasat! Eroare necunoscuta ...';
+    if (!$form_errors && !$autoextract && 0 >= $attach_okcount &&
+                !$extra_errors) {
+        $form_errors['file_name'] = 'Fisierul nu a putut fi atasat! Eroare ' .
+                'necunoscuta ...';
     }
 
@@ -240 +259 @@
         if ($autoextract) {
             if ($attach_okcount == 1) {
-                $msg = "Am extras si incarcat un fisier.";
+                $msg = 'Am extras si incarcat un fisier.';
             } else {
                 $msg = "Am extras si incarcat {$attach_okcount} fisiere.";
@@ -246 +265 @@
 
             if ($rewrite_count == 1) {
-                $msg .= " Un fisier mai vechi a fost rescris.";
+                $msg .= ' Un fisier mai vechi a fost rescris.';
             } else if ($rewrite_count > 1) {
                 $msg .= " {$rewrite_count} fisiere mai vechi au fost rescrise.";
@@ -252 +271 @@
 
             if ($skipped_files == 1) {
-                $msg .= " Un fisier nu a fost dezarhivat deoarece era prea mare sau era invalid.";
+                $msg .= ' Un fisier nu a fost dezarhivat deoarece era prea ' .
+                        'mare sau era invalid.';
             } else if ($skipped_files > 1) {
-                $msg .= " {$skipped_files} fisiere nu au fost dezarhivate deoarece erau prea mari sau erau invalide.";
-            }
+                $msg .= " {$skipped_files} fisiere nu au fost dezarhivate " .
+                        'deoarece erau prea mari sau erau invalide.';
+            }
+            $msg .= $extra_errors;
         }
         else {
-            if ($rewrite_count) {
-                $msg = "Fisierul trimis a fost atasat cu succes. Un atasamant mai vechi a fost rescris.";
-            }
-            else {
-                $msg = "Fisierul trimis a fost atasat cu succes.";
+            if ($extra_errors) {
+                $msg = $extra_errors;
+            } else if($rewrite_count) {
+                $msg = 'Fisierul trimis a fost atasat cu succes. Un atasament' .
+                        'mai vechi a fost rescris.';
+            } else {
+                $msg = 'Fisierul trimis a fost atasat cu succes.';
             }
         }
@@ -270 +294 @@
     }
 
+    $form_errors['file_name'] .= $extra_errors;
     // Errors, print view template.
     $view['form_errors'] = $form_errors;
@@ -301 +326 @@
     }
 
+    // Delete the resizedimages in case the page is an avatar
+    $matches = get_page_user_name($page_name);
+    if (is_avatar_attachment($file_name, $page_name)) {
+        avatar_delete($matches[1]);
+    }
     // We've got big balls.
 
@@ -342 +372 @@
     if ($old_name == $new_name) {
         redirect(url_attachment_list($page_name));
+    }
+
+    if (is_avatar_attachment($old_name, $page_name)) {
+        flash_error('Atasamentul "avatar" nu poate fi redenumit.');
+        redirect(url_textblock($page_name));
+    }
+
+    if (is_avatar_attachment($new_name, $page_name)) {
+        flash_error('Nu puteti numi un atasament "avatar". Pentru '
+                . 'a va modifica imaginea de profil va rugam folositi '
+                . 'pagina "Contul meu".');
+        redirect(url_textblock($page_name));
     }
 

trunk/www/index.php

@@ -280 +280 @@
     }
 }
-else if ($action == 'download-zip') {
+else if ($action == 'attach-bulk-action') {
     require_once(IA_ROOT_DIR.'www/controllers/attachment.php');
     if(request('download')) {

trunk/www/views/account.php

@@ -97 +97 @@
         </li>
         <li>
+            <?php
+                if ($view['avatar_exists']) {
+                    echo format_post_link(url_attachment_delete(
+                                IA_USER_TEXTBLOCK_PREFIX . $user['username'],
+                                'avatar'), "Sterge Avatar", array(), true,
+                                array('onclick' => "return confirm('Aceasta " .
+                                        'actiune este ireversibila! Doresti ' .
+                                        "sa continui?')"));
+                }
+            ?>
             <label for="form_avatar">Avatar nou</label>
             <?= ferr_span('avatar') ?>

trunk/www/views/listattach.php

@@ -37 +37 @@
 function format_attach_name($row) {
     global $page_name;
-    
+
     $attachurl = '<span id="rename_'.$row['id'].'" style="display: none">';
     $attachurl .= '<form action="'.url_attachment_rename($page_name).'" method="post">';
@@ -126 +126 @@
 );
 ?>
-    <form method = 'post' action = ''> 
-    <input type = 'hidden' name = 'action' value = 'download-zip'>
+    <form method = 'post' action = ''>
+    <input type = 'hidden' name = 'action' value = 'attach-bulk-action'>
     <h1>Atasamente pentru pagina <?= format_link(url_textblock($view['page_name']), $view['page_name']) ?></h1>
     <?php