<?php
-// $Id$
+
/**
* @file
* Common functionality for file handling CCK field modules.
*/
/**
- * Load a file object from the database.
+ * Load a file from the database.
*
* @param $fid
* A numeric file id or string containing the file path.
- *
* @param $reset
* Whether to reset the internal file_load cache.
+ * @return
+ * A file array.
*/
function field_file_load($fid, $reset = NULL) {
// Reset internal cache.
}
if (empty($fid)) {
- return array();
+ return array('fid' => 0, 'filepath' => '', 'filename' => '', 'filemime' => '', 'filesize' => 0);
}
+
$files = _field_file_cache();
// Serve file from internal cache if available.
}
if (!$file) {
- return array();
+ $file = (object) array('fid' => 0, 'filepath' => '', 'filename' => '', 'filemime' => '', 'filesize' => 0);
}
- foreach (module_implements('file') as $module) {
- $function = $module .'_file';
- $function('load', $file);
+ foreach (module_implements('file_load') as $module) {
+ if ($module != 'field') {
+ $function = $module .'_file_load';
+ $function($file);
+ }
}
- // Cache the fully loaded file for later reusability.
+ // Cache the fully loaded file for later use.
$files = _field_file_cache($file);
}
- // Cast to array for field. hook_file() expects objects as well as
- // core file functions.
- return (array)$files[$fid];
+ // Cast to an array for the field storage.
+ // Contrary to fields, hook_file() and core file functions expect objects.
+ return isset($files[$fid]) ? (array) $files[$fid] : FALSE;
}
/**
- * Save a file upload to a new location. The source file is validated as a
- * proper upload and handled as such. By implementing hook_file($op = 'insert'),
- * modules are able to act on the file upload and to add their own properties
- * to the file.
+ * Save a file upload to a new location.
+ * The source file is validated as a proper upload and handled as such. By
+ * implementing hook_file($op = 'insert'), modules are able to act on the file
+ * upload and to add their own properties to the file.
*
- * The file will be added to the files table as a temporary file. Temporary files
- * are periodically cleaned. To make the file permanent file call
+ * The file will be added to the files table as a temporary file. Temporary
+ * files are periodically cleaned. To make the file permanent file call
* file_set_status() to change its status.
*
* @param $source
* @param $dest
* A string containing the directory $source should be copied to. If this is
* not provided or is not writable, the temporary directory will be used.
- * @param $replace
- * A boolean indicating whether an existing file of the same name in the
- * destination directory should overwritten. A false value will generate a
- * new, unique filename in the destination directory.
* @return
* An array containing the file information, or 0 in the event of an error.
*/
-function field_file_save_upload($source, $validators = array(), $dest = FALSE, $replace = FILE_EXISTS_RENAME) {
- if (!$file = file_save_upload($source, $validators, $dest, $replace)) {
+function field_file_save_upload($source, $validators = array(), $dest = FALSE) {
+ if (!$file = file_save_upload($source, $validators, $dest, FILE_EXISTS_RENAME)) {
return 0;
}
+ if (!@chmod($file->filepath, 0664)) {
+ watchdog('filefield', 'Could not set permissions on destination file: %file', array('%file' => $file->filepath));
+ }
+
// Let modules add additional properties to the yet barebone file object.
- foreach (module_implements('file') as $module) {
- $function = $module .'_file';
- $function('insert', $file);
+ foreach (module_implements('file_insert') as $module) {
+ $function = $module .'_file_insert';
+ $function($file);
}
_field_file_cache($file); // cache the file in order to minimize load queries
return (array)$file;
}
/**
- * Update an field item file. Delete marked items if neccessary and set new items as permamant.
+ * Save a file into a file node after running all the associated validators.
+ *
+ * This function is usually used to move a file from the temporary file
+ * directory to a permanent location. It may be used by import scripts or other
+ * modules that want to save an existing file into the database.
+ *
+ * @param $filepath
+ * The local file path of the file to be saved.
+ * @param $validators
+ * An optional, associative array of callback functions used to validate the
+ * file. The keys are function names and the values arrays of callback
+ * parameters which will be passed in after the user and file objects. The
+ * functions should return an array of error messages, an empty array
+ * indicates that the file passed validation. The functions will be called in
+ * the order specified.
+ * @param $dest
+ * A string containing the directory $source should be copied to. If this is
+ * not provided or is not writable, the temporary directory will be used.
+ * @param $account
+ * The user account object that should associated with the uploaded file.
+ * @return
+ * An array containing the file information, or 0 in the event of an error.
+ */
+function field_file_save_file($filepath, $validators = array(), $dest = FALSE, $account = NULL) {
+ if (!isset($account)) {
+ $account = $GLOBALS['user'];
+ }
+
+ // Add in our check of the the file name length.
+ $validators['file_validate_name_length'] = array();
+
+ // Begin building file object.
+ $file = new stdClass();
+ $file->uid = $account->uid;
+ $file->filename = basename($filepath);
+ $file->filepath = $filepath;
+ $file->filemime = module_exists('mimedetect') ? mimedetect_mime($file) : file_get_mimetype($file->filename);
+
+ // Rename potentially executable files, to help prevent exploits.
+ if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
+ $file->filemime = 'text/plain';
+ $file->filepath .= '.txt';
+ $file->filename .= '.txt';
+ }
+
+ // If the destination is not provided, or is not writable, then use the
+ // temporary directory.
+ if (empty($dest) || file_check_path($dest) === FALSE) {
+ $dest = file_directory_temp();
+ }
+
+ $file->source = 'field_file_save_file';
+ $file->destination = file_destination(file_create_path($dest .'/'. $file->filename), FILE_EXISTS_RENAME);
+ $file->filesize = filesize($filepath);
+
+ // Call the validation functions.
+ $errors = array();
+ foreach ($validators as $function => $args) {
+ // Add the $file variable to the list of arguments and pass it by
+ // reference (required for PHP 5.3 and higher).
+ array_unshift($args, NULL);
+ $args[0] = &$file;
+ $errors = array_merge($errors, call_user_func_array($function, $args));
+ }
+
+ // Check for validation errors.
+ if (!empty($errors)) {
+ $message = t('The selected file %name could not be saved.', array('%name' => $file->filename));
+ if (count($errors) > 1) {
+ $message .= '<ul><li>'. implode('</li><li>', $errors) .'</li></ul>';
+ }
+ else {
+ $message .= ' '. array_pop($errors);
+ }
+ form_set_error($file->source, $message);
+ return 0;
+ }
+
+ if (!file_copy($file, $file->destination, FILE_EXISTS_RENAME)) {
+ form_set_error($file->source, t('File upload error. Could not move uploaded file.'));
+ watchdog('file', 'Upload error. Could not move file %file to destination %destination.', array('%file' => $file->filename, '%destination' => $file->destination));
+ return 0;
+ }
+
+ // If we made it this far it's safe to record this file in the database.
+ $file->status = FILE_STATUS_TEMPORARY;
+ $file->timestamp = time();
+ // Insert new record to the database.
+ drupal_write_record('files', $file);
+
+ // Let modules add additional properties to the yet barebone file object.
+ foreach (module_implements('file_insert') as $module) {
+ $function = $module .'_file_insert';
+ $function($file);
+ }
+ _field_file_cache($file); // cache the file in order to minimize load queries
+ return (array)$file;
+}
+
+/**
+ * Save a node file. Delete items if necessary and set new items as permanent.
*
* @param $node
* Node object this file is be associated with.
*/
function field_file_save($node, &$file) {
// If this item is marked for deletion.
- if (!empty($file['delete'])) {
+ if (!empty($file['delete']) || !empty($file['_remove'])) {
// If we're creating a new revision, return an empty array so CCK will
// remove the item.
if (!empty($node->old_vid)) {
}
// Let modules update their additional file properties too.
- foreach (module_implements('file') as $module) {
- $function = $module .'_file';
- $function('update', $file);
+ foreach (module_implements('file_update') as $module) {
+ $function = $module .'_file_update';
+ $function($file);
}
_field_file_cache($file); // update the cache, in case the file has changed
// If any module returns a value from the reference hook, the
// file will not be deleted from Drupal, but file_delete will
// return a populated array that tests as TRUE.
- if (!$force && $references = module_invoke_all('file', 'references', $file)) {
+ if (!$force && $references = module_invoke_all('file_references', $file)) {
$references = array_filter($references); // only keep positive values
if (!empty($references)) {
return $references;
}
// Let other modules clean up on delete.
- module_invoke_all('file', 'delete', $file);
+ module_invoke_all('file_delete', $file);
// Make sure the file is deleted before removing its row from the
// database, so UIs can still find the file in the database.
// Cache the file by both fid and filepath.
// Use non-copying objects to save memory.
- if (isset($file)) {
+ if (!empty($file->fid)) {
$files[$file->fid] = $file;
$files[$file->filepath] = $file;
}
}
/**
- * A silent version of file.inc:file_check_directory it's only talkative
- * on errors.
+ * A silent version of file.inc's file_check_directory().
+ *
+ * This function differs from file_check_directory in that it checks for
+ * files when doing the directory check and it does not use drupal_set_message()
+ * when creating directories. This function may be removed in Drupal 7.
*
* Check that the directory exists and is writable. Directories need to
* have execute permissions to be considered a directory by FTP servers, etc.
function field_file_check_directory(&$directory, $mode = 0, $form_item = NULL) {
$directory = rtrim($directory, '/\\');
- // Check if the directory exists.
- if (!is_dir($directory)) {
- if (($mode & FILE_CREATE_DIRECTORY) && @mkdir($directory)) {
- @chmod($directory, 0775); // Necessary for non-webserver users.
+ // Error if the directory is a file.
+ if (is_file($directory)) {
+ watchdog('file system', 'The path %directory was checked as a directory, but it is a file.', array('%directory' => $directory), WATCHDOG_ERROR);
+ if ($form_item) {
+ form_set_error($form_item, t('The directory %directory is a file and cannot be overwritten.', array('%directory' => $directory)));
}
- else {
- if ($form_item) {
- form_set_error($form_item, t('The directory %directory does not exist.', array('%directory' => $directory)));
- }
- watchdog('file system', 'The directory %directory does not exist.', array('%directory' => $directory), WATCHDOG_ERROR);
- return FALSE;
+ return FALSE;
+ }
+
+ // Create the directory if it is missing.
+ if (!is_dir($directory) && $mode & FILE_CREATE_DIRECTORY && !@mkdir($directory, 0775, TRUE)) {
+ watchdog('file system', 'The directory %directory does not exist.', array('%directory' => $directory), WATCHDOG_ERROR);
+ if ($form_item) {
+ form_set_error($form_item, t('The directory %directory does not exist.', array('%directory' => $directory)));
}
+ return FALSE;
}
// Check to see if the directory is writable.
- if (!is_writable($directory)) {
- if (($mode & FILE_MODIFY_PERMISSIONS) && !@chmod($directory, 0775)) {
- if ($form_item) {
- form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory)));
- }
- watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR);
- return FALSE;
+ if (!is_writable($directory) && $mode & FILE_MODIFY_PERMISSIONS && !@chmod($directory, 0775)) {
+ watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR);
+ if ($form_item) {
+ form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory)));
}
+ return FALSE;
}
if ((file_directory_path() == $directory || file_directory_temp() == $directory) && !is_file("$directory/.htaccess")) {
chmod($directory .'/.htaccess', 0664);
}
else {
- $message = "Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>";
- $repl = array('%directory' => $directory, '!htaccess' => '<br />'. nl2br(check_plain($htaccess_lines)));
- form_set_error($form_item, t($message, $repl));
- watchdog('security', $message, $repl, WATCHDOG_ERROR);
+ $repl = array('%directory' => $directory, '!htaccess' => nl2br(check_plain($htaccess_lines)));
+ form_set_error($form_item, t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:<br /><code>!htaccess</code>", $repl));
+ watchdog('security', "Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:<br /><code>!htaccess</code>", $repl, WATCHDOG_ERROR);
}
}
}
return $path;
}
+
+/**
+ * Encode a file path in a way that is compatible with file_create_url().
+ *
+ * This function should be used on the $file->filepath property before any call
+ * to file_create_url(). This ensures that the file directory path prefix is
+ * unmodified, but the actual path to the file will be properly URL encoded.
+ */
+function field_file_urlencode_path($path) {
+ // Encode the parts of the path to ensure URLs operate within href attributes.
+ // Private file paths are urlencoded for us inside of file_create_url().
+ if (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) == FILE_DOWNLOADS_PUBLIC) {
+ $file_directory_path = file_directory_path();
+ if (strpos($path, $file_directory_path . '/') === 0) {
+ $path = trim(substr($path, strlen($file_directory_path)), '\\/');
+ }
+
+ $parts = explode('/', $path);
+ foreach ($parts as $index => $part) {
+ $parts[$index] = rawurlencode($part);
+ }
+ $path = implode('/', $parts);
+
+ // Add the file directory path again (not encoded).
+ $path = $file_directory_path . '/' . $path;
+ }
+ return $path;
+}
+
+/**
+ * Return a count of the references to a file by all modules.
+ */
+function field_file_references($file) {
+ $references = (array) module_invoke_all('file_references', $file);
+ $reference_count = 0;
+ foreach ($references as $module => $count) {
+ $reference_count += $count;
+ }
+ return $reference_count;
+}
projects / project/filefield.git / blobdiff