field_file.inc

   1 <?php
   2 // $Id$
   3
   4 /**
   5  * @file
   6  * Common functionality for file handling CCK field modules.
   7  */
   8
   9 /**
  10  * Load a file from the database.
  11  *
  12  * @param $fid
  13  *   A numeric file id or string containing the file path.
  14  * @param $reset
  15  *   Whether to reset the internal file_load cache.
  16  * @return
  17  *   A file array.
  18  */
  19 function field_file_load($fid, $reset = NULL) {
  20   // Reset internal cache.
  21   if (isset($reset)) {
  22     _field_file_cache(NULL, TRUE);
  23   }
  24
  25   if (empty($fid)) {
  26     return array('fid' => 0, 'filepath' => '', 'filename' => '', 'filemime' => '', 'filesize' => 0);
  27   }
  28
  29   $files = _field_file_cache();
  30
  31   // Serve file from internal cache if available.
  32   if (empty($files[$fid])) {
  33     if (is_numeric($fid)) {
  34       $file = db_fetch_object(db_query('SELECT f.* FROM {files} f WHERE f.fid = %d', $fid));
  35     }
  36     else {
  37       $file = db_fetch_object(db_query("SELECT f.* FROM {files} f WHERE f.filepath = '%s'", $fid));
  38     }
  39
  40     if (!$file) {
  41       $file = array('fid' => 0, 'filepath' => '', 'filename' => '', 'filemime' => '', 'filesize' => 0);
  42     }
  43
  44     foreach (module_implements('file_load') as $module) {
  45       $function = $module .'_file_load';
  46       $function($file);
  47     }
  48
  49     // Cache the fully loaded file for later use.
  50     $files = _field_file_cache($file);
  51   }
  52
  53   // Cast to an array for the field storage.
  54   // Contrary to fields, hook_file() and core file functions expect objects.
  55   return isset($files[$fid]) ? (array) $files[$fid] : FALSE;
  56 }
  57
  58 /**
  59  * Save a file upload to a new location.
  60  * The source file is validated as a proper upload and handled as such. By
  61  * implementing hook_file($op = 'insert'), modules are able to act on the file
  62  * upload and to add their own properties to the file.
  63  *
  64  * The file will be added to the files table as a temporary file. Temporary
  65  * files are periodically cleaned. To make the file permanent file call
  66  * file_set_status() to change its status.
  67  *
  68  * @param $source
  69  *   A string specifying the name of the upload field to save.
  70  * @param $validators
  71  *   An optional, associative array of callback functions used to validate the
  72  *   file. The keys are function names and the values arrays of callback
  73  *   parameters which will be passed in after the user and file objects. The
  74  *   functions should return an array of error messages, an empty array
  75  *   indicates that the file passed validation. The functions will be called in
  76  *   the order specified.
  77  * @param $dest
  78  *   A string containing the directory $source should be copied to. If this is
  79  *   not provided or is not writable, the temporary directory will be used.
  80  * @return
  81  *   An array containing the file information, or 0 in the event of an error.
  82  */
  83 function field_file_save_upload($source, $validators = array(), $dest = FALSE) {
  84   if (!$file = file_save_upload($source, $validators, $dest, FILE_EXISTS_RENAME)) {
  85     return 0;
  86   }
  87   if (!@chmod($file->filepath, 0664)) {
  88     watchdog('filefield', 'Could not set permissions on destination file: %file', array('%file' => $file->filepath));
  89   }
  90
  91   // Let modules add additional properties to the yet barebone file object.
  92   foreach (module_implements('file_insert') as $module) {
  93     $function =  $module .'_file_insert';
  94     $function($file);
  95   }
  96   _field_file_cache($file); // cache the file in order to minimize load queries
  97   return (array)$file;
  98 }
  99
 100 /**
 101  * Save a file into a file node after running all the associated validators.
 102  *
 103  * This function is usually used to move a file from the temporary file
 104  * directory to a permanent location. It may be used by import scripts or other
 105  * modules that want to save an existing file into the database.
 106  *
 107  * @param $filepath
 108  *   The local file path of the file to be saved.
 109  * @param $validators
 110  *   An optional, associative array of callback functions used to validate the
 111  *   file. The keys are function names and the values arrays of callback
 112  *   parameters which will be passed in after the user and file objects. The
 113  *   functions should return an array of error messages, an empty array
 114  *   indicates that the file passed validation. The functions will be called in
 115  *   the order specified.
 116  * @param $dest
 117  *   A string containing the directory $source should be copied to. If this is
 118  *   not provided or is not writable, the temporary directory will be used.
 119  * @param $account
 120  *   The user account object that should associated with the uploaded file.
 121  * @return
 122  *   An array containing the file information, or 0 in the event of an error.
 123  */
 124 function field_file_save_file($filepath, $validators = array(), $dest = FALSE, $account = NULL) {
 125   if (!isset($account)) {
 126     $account = $GLOBALS['user'];
 127   }
 128
 129   // Add in our check of the the file name length.
 130   $validators['file_validate_name_length'] = array();
 131
 132   // Begin building file object.
 133   $file = new stdClass();
 134   $file->uid = $account->uid;
 135   $file->filename = basename($filepath);
 136   $file->filepath = $filepath;
 137   $file->filemime = module_exists('mimedetect') ? mimedetect_mime($file) : file_get_mimetype($file->filename);
 138
 139   // Rename potentially executable files, to help prevent exploits.
 140   if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
 141     $file->filemime = 'text/plain';
 142     $file->filepath .= '.txt';
 143     $file->filename .= '.txt';
 144   }
 145
 146   // If the destination is not provided, or is not writable, then use the
 147   // temporary directory.
 148   if (empty($dest) || file_check_path($dest) === FALSE) {
 149     $dest = file_directory_temp();
 150   }
 151
 152   $file->source = 'field_file_save_file';
 153   $file->destination = file_destination(file_create_path($dest .'/'. $file->filename), FILE_EXISTS_RENAME);
 154   $file->filesize = filesize($filepath);
 155
 156   // Call the validation functions.
 157   $errors = array();
 158   foreach ($validators as $function => $args) {
 159     array_unshift($args, $file);
 160     $errors = array_merge($errors, call_user_func_array($function, $args));
 161   }
 162
 163   // Check for validation errors.
 164   if (!empty($errors)) {
 165     $message = t('The selected file %name could not be saved.', array('%name' => $file->filename));
 166     if (count($errors) > 1) {
 167       $message .= '<ul><li>'. implode('</li><li>', $errors) .'</li></ul>';
 168     }
 169     else {
 170       $message .= ' '. array_pop($errors);
 171     }
 172     form_set_error($file->source, $message);
 173     return 0;
 174   }
 175
 176   if (!file_copy($file, $file->destination, FILE_EXISTS_RENAME)) {
 177     form_set_error($file->source, t('File upload error. Could not move uploaded file.'));
 178     watchdog('file', 'Upload error. Could not move file %file to destination %destination.', array('%file' => $file->filename, '%destination' => $file->destination));
 179     return 0;
 180   }
 181
 182   // If we made it this far it's safe to record this file in the database.
 183   $file->status = FILE_STATUS_TEMPORARY;
 184   $file->timestamp = time();
 185   // Insert new record to the database.
 186   drupal_write_record('files', $file);
 187
 188   // Let modules add additional properties to the yet barebone file object.
 189   foreach (module_implements('file_insert') as $module) {
 190     $function =  $module .'_file_insert';
 191     $function($file);
 192   }
 193   _field_file_cache($file); // cache the file in order to minimize load queries
 194   return (array)$file;
 195 }
 196
 197 /**
 198  * Save a node file. Delete items if necessary and set new items as permanent.
 199  *
 200  * @param $node
 201  *    Node object this file is be associated with.
 202  * @param $file
 203  *    File to be inserted, passed by reference since fid should be attached.
 204  * @return array
 205  */
 206 function field_file_save($node, &$file) {
 207   // If this item is marked for deletion.
 208   if (!empty($file['delete']) || !empty($file['_remove'])) {
 209     // If we're creating a new revision, return an empty array so CCK will
 210     // remove the item.
 211     if (!empty($node->old_vid)) {
 212       return array();
 213     }
 214     // Otherwise delete the file and return an empty array.
 215     if (field_file_delete($file)) {
 216       return array();
 217     }
 218   }
 219
 220   // Cast to object since core functions use objects.
 221   $file = (object)$file;
 222
 223   // Set permanent status on files if unset.
 224   if (empty($file->status)) {
 225     file_set_status($file, FILE_STATUS_PERMANENT);
 226   }
 227
 228   // Let modules update their additional file properties too.
 229   foreach (module_implements('file_update') as $module) {
 230     $function =  $module .'_file_update';
 231     $function($file);
 232   }
 233   _field_file_cache($file); // update the cache, in case the file has changed
 234
 235   $file = (array)$file;
 236   return $file;
 237 }
 238
 239 /**
 240  * Delete a field file and its database record.
 241  *
 242  * @param $path
 243  *   A file object.
 244  * @param $force
 245  *   Force File Deletion ignoring reference counting.
 246  * @return mixed
 247  *   TRUE for success, Array for reference count block, or FALSE in the event of an error.
 248  */
 249 function field_file_delete($file, $force = FALSE) {
 250   $file = (object)$file;
 251   // If any module returns a value from the reference hook, the
 252   // file will not be deleted from Drupal, but file_delete will
 253   // return a populated array that tests as TRUE.
 254   if (!$force && $references = module_invoke_all('file_references', $file)) {
 255     $references = array_filter($references); // only keep positive values
 256     if (!empty($references)) {
 257       return $references;
 258     }
 259   }
 260
 261   // Let other modules clean up on delete.
 262   module_invoke_all('file_delete', $file);
 263
 264   // Make sure the file is deleted before removing its row from the
 265   // database, so UIs can still find the file in the database.
 266   if (file_delete($file->filepath)) {
 267     db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
 268     _field_file_cache(NULL, $file); // delete the file from the cache
 269     return TRUE;
 270   }
 271   return FALSE;
 272 }
 273
 274 /**
 275  * Internal cache, in order to minimize database queries for loading files.
 276  */
 277 function _field_file_cache($file = NULL, $reset = FALSE) {
 278   static $files = array();
 279
 280   // Reset internal cache.
 281   if (is_object($reset)) { // file object, uncache just that one
 282     unset($files[$reset->fid]);
 283     unset($files[$reset->filepath]);
 284   }
 285   else if ($reset) { // TRUE, delete the whole cache
 286     $files = array();
 287   }
 288
 289   // Cache the file by both fid and filepath.
 290   // Use non-copying objects to save memory.
 291   if (!empty($file->fid)) {
 292     $files[$file->fid] = $file;
 293     $files[$file->filepath] = $file;
 294   }
 295   return $files;
 296 }
 297
 298 /**
 299  * A silent version of file.inc's file_check_directory().
 300  *
 301  * This function differs from file_check_directory in that it checks for
 302  * files when doing the directory check and it does not use drupal_set_message()
 303  * when creating directories. This function may be removed in Drupal 7.
 304  *
 305  * Check that the directory exists and is writable. Directories need to
 306  * have execute permissions to be considered a directory by FTP servers, etc.
 307  *
 308  * @param $directory A string containing the name of a directory path.
 309  * @param $mode A Boolean value to indicate if the directory should be created
 310  *   if it does not exist or made writable if it is read-only.
 311  * @param $form_item An optional string containing the name of a form item that
 312  *   any errors will be attached to. This is useful for settings forms that
 313  *   require the user to specify a writable directory. If it can't be made to
 314  *   work, a form error will be set preventing them from saving the settings.
 315  * @return FALSE when directory not found, or TRUE when directory exists.
 316  */
 317 function field_file_check_directory(&$directory, $mode = 0, $form_item = NULL) {
 318   $directory = rtrim($directory, '/\\');
 319
 320   // Error if the directory is a file.
 321   if (is_file($directory)) {
 322     watchdog('file system', 'The path %directory was checked as a directory, but it is a file.',  array('%directory' => $directory), WATCHDOG_ERROR);
 323     if ($form_item) {
 324       form_set_error($form_item, t('The directory %directory is a file and cannot be overwritten.', array('%directory' => $directory)));
 325     }
 326     return FALSE;
 327   }
 328
 329   // Create the directory if it is missing.
 330   if (!is_dir($directory) && $mode & FILE_CREATE_DIRECTORY && !@mkdir($directory, 0775, TRUE)) {
 331     watchdog('file system', 'The directory %directory does not exist.', array('%directory' => $directory), WATCHDOG_ERROR);
 332     if ($form_item) {
 333       form_set_error($form_item, t('The directory %directory does not exist.', array('%directory' => $directory)));
 334     }
 335     return FALSE;
 336   }
 337
 338   // Check to see if the directory is writable.
 339   if (!is_writable($directory) && $mode & FILE_MODIFY_PERMISSIONS && !@chmod($directory, 0775)) {
 340     watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR);
 341     if ($form_item) {
 342       form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory)));
 343     }
 344     return FALSE;
 345   }
 346
 347   if ((file_directory_path() == $directory || file_directory_temp() == $directory) && !is_file("$directory/.htaccess")) {
 348     $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
 349     if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) {
 350       fclose($fp);
 351       chmod($directory .'/.htaccess', 0664);
 352     }
 353     else {
 354       $repl = array('%directory' => $directory, '!htaccess' => nl2br(check_plain($htaccess_lines)));
 355       form_set_error($form_item, t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:<br /><code>!htaccess</code>", $repl));
 356       watchdog('security', "Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:<br /><code>!htaccess</code>", $repl, WATCHDOG_ERROR);
 357     }
 358   }
 359
 360   return TRUE;
 361 }
 362
 363 /**
 364  * Remove a possible leading file directory path from the given path.
 365  */
 366 function field_file_strip_path($path) {
 367   $dirpath = file_directory_path();
 368   $dirlen = drupal_strlen($dirpath);
 369   if (drupal_substr($path, 0, $dirlen + 1) == $dirpath .'/') {
 370     $path = drupal_substr($path, $dirlen + 1);
 371   }
 372   return $path;
 373 }
 374
 375 /**
 376  * Return a count of the references to a file by all modules.
 377  */
 378 function field_file_references($file) {
 379   $references = (array) module_invoke_all('file_references', $file);
 380   $reference_count = 0;
 381   foreach ($references as $module => $count) {
 382     $reference_count += $count;
 383   }
 384   return $reference_count;
 385 }