modules/filefield/field_file.inc

<?php
// $Id: field_file.inc,v 1.32 2009/04/12 21:22:17 quicksketch Exp $

/**
 * @file
 * Common functionality for file handling CCK field modules.
 */

/**
 * Load a file from the database.
 *
 * @param $fid
 *   A numeric file id or string containing the file path.
 * @param $reset
 *   Whether to reset the internal file_load cache.
 * @return
 *   A file array.
 */
function field_file_load($fid, $reset = NULL) {
  // Reset internal cache.
  if (isset($reset)) {
    _field_file_cache(NULL, TRUE);
  }

  if (empty($fid)) {
    return array('fid' => 0, 'filepath' => '', 'filename' => '', 'filemime' => '', 'filesize' => 0);
  }

  $files = _field_file_cache();

  // Serve file from internal cache if available.
  if (empty($files[$fid])) {
    if (is_numeric($fid)) {
      $file = db_fetch_object(db_query('SELECT f.* FROM {files} f WHERE f.fid = %d', $fid));
    }
    else {
      $file = db_fetch_object(db_query("SELECT f.* FROM {files} f WHERE f.filepath = '%s'", $fid));
    }

    if (!$file) {
      $file = array('fid' => 0, 'filepath' => '', 'filename' => '', 'filemime' => '', 'filesize' => 0);
    }

    foreach (module_implements('file_load') as $module) {
      $function =  $module .'_file_load';
      $function($file);
    }

    // Cache the fully loaded file for later use.
    $files = _field_file_cache($file);
  }

  // Cast to an array for the field storage.
  // Contrary to fields, hook_file() and core file functions expect objects.
  return (array)$files[$fid];
}

/**
 * Save a file upload to a new location.
 * The source file is validated as a proper upload and handled as such. By
 * implementing hook_file($op = 'insert'), modules are able to act on the file
 * upload and to add their own properties to the file.
 *
 * The file will be added to the files table as a temporary file. Temporary
 * files are periodically cleaned. To make the file permanent file call
 * file_set_status() to change its status.
 *
 * @param $source
 *   A string specifying the name of the upload field to save.
 * @param $validators
 *   An optional, associative array of callback functions used to validate the
 *   file. The keys are function names and the values arrays of callback
 *   parameters which will be passed in after the user and file objects. The
 *   functions should return an array of error messages, an empty array
 *   indicates that the file passed validation. The functions will be called in
 *   the order specified.
 * @param $dest
 *   A string containing the directory $source should be copied to. If this is
 *   not provided or is not writable, the temporary directory will be used.
 * @return
 *   An array containing the file information, or 0 in the event of an error.
 */
function field_file_save_upload($source, $validators = array(), $dest = FALSE) {
  if (!$file = file_save_upload($source, $validators, $dest, FILE_EXISTS_RENAME)) {
    return 0;
  }
  if (!@chmod($file->filepath, 0664)) {
    watchdog('filefield', 'Could not set permissons on destination file: %file', array('%file' => $file->filepath));
  }

  // Let modules add additional properties to the yet barebone file object.
  foreach (module_implements('file_insert') as $module) {
    $function =  $module .'_file_insert';
    $function($file);
  }
  _field_file_cache($file); // cache the file in order to minimize load queries
  return (array)$file;
}

/**
 * Save a file into a file node after running all the associated validators.
 *
 * This function is usually used to move a file from the temporary file
 * directory to a permanent location. It may be used by import scripts or other
 * modules that want to save an existing file into the database.
 *
 * @param $filepath
 *   The local file path of the file to be saved.
 * @param $validators
 *   An optional, associative array of callback functions used to validate the
 *   file. The keys are function names and the values arrays of callback
 *   parameters which will be passed in after the user and file objects. The
 *   functions should return an array of error messages, an empty array
 *   indicates that the file passed validation. The functions will be called in
 *   the order specified.
 * @param $dest
 *   A string containing the directory $source should be copied to. If this is
 *   not provided or is not writable, the temporary directory will be used.
 * @param $account
 *   The user account object that should associated with the uploaded file.
 * @return
 *   An array containing the file information, or 0 in the event of an error.
 */
function field_file_save_file($filepath, $validators = array(), $dest = FALSE, $account = NULL) {
  if (!isset($account)) {
    $account = $GLOBALS['user'];
  }

  // Add in our check of the the file name length.
  $validators['file_validate_name_length'] = array();

  // Begin building file object.
  $file = new stdClass();
  $file->uid = $account->uid;
  $file->filename = basename($filepath);
  $file->filepath = $filepath;
  $file->filemime = module_exists('mimedetect') ? mimedetect_mime($file) : file_get_mimetype($file->filename);

  // Rename potentially executable files, to help prevent exploits.
  if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
    $file->filemime = 'text/plain';
    $file->filepath .= '.txt';
    $file->filename .= '.txt';
  }

  // If the destination is not provided, or is not writable, then use the
  // temporary directory.
  if (empty($dest) || file_check_path($dest) === FALSE) {
    $dest = file_directory_temp();
  }

  $file->source = 'field_file_save_file';
  $file->destination = file_destination(file_create_path($dest .'/'. $file->filename), FILE_EXISTS_RENAME);
  $file->filesize = filesize($filepath);

  // Call the validation functions.
  $errors = array();
  foreach ($validators as $function => $args) {
    array_unshift($args, $file);
    $errors = array_merge($errors, call_user_func_array($function, $args));
  }

  // Check for validation errors.
  if (!empty($errors)) {
    $message = t('The selected file %name could not be saved.', array('%name' => $file->filename));
    if (count($errors) > 1) {
      $message .= '<ul><li>'. implode('</li><li>', $errors) .'</li></ul>';
    }
    else {
      $message .= ' '. array_pop($errors);
    }
    form_set_error($file->source, $message);
    return 0;
  }

  if (!file_copy($file, $file->destination, FILE_EXISTS_RENAME)) {
    form_set_error($file->source, t('File upload error. Could not move uploaded file.'));
    watchdog('file', 'Upload error. Could not move file %file to destination %destination.', array('%file' => $file->filename, '%destination' => $file->destination));
    return 0;
  }

  // If we made it this far it's safe to record this file in the database.
  $file->status = FILE_STATUS_TEMPORARY;
  $file->timestamp = time();
  // Insert new record to the database.
  drupal_write_record('files', $file);

  // Let modules add additional properties to the yet barebone file object.
  foreach (module_implements('file_insert') as $module) {
    $function =  $module .'_file_insert';
    $function($file);
  }
  _field_file_cache($file); // cache the file in order to minimize load queries
  return (array)$file;
}

/**
 * Save a node file. Delete items if necessary and set new items as permanent.
 *
 * @param $node
 *    Node object this file is be associated with.
 * @param $file
 *    File to be inserted, passed by reference since fid should be attached.
 * @return array
 */
function field_file_save($node, &$file) {
  // If this item is marked for deletion.
  if (!empty($file['delete']) || !empty($file['_remove'])) {
    // If we're creating a new revision, return an empty array so CCK will
    // remove the item.
    if (!empty($node->old_vid)) {
      return array();
    }
    // Otherwise delete the file and return an empty array.
    if (field_file_delete($file)) {
      return array();
    }
  }

  // Cast to object since core functions use objects.
  $file = (object)$file;

  // Set permanent status on files if unset.
  if (empty($file->status)) {
    file_set_status($file, FILE_STATUS_PERMANENT);
  }

  // Let modules update their additional file properties too.
  foreach (module_implements('file_update') as $module) {
    $function =  $module .'_file_update';
    $function($file);
  }
  _field_file_cache($file); // update the cache, in case the file has changed

  $file = (array)$file;
  return $file;
}

/**
 * Delete a field file and its database record.
 *
 * @param $path
 *   A file object.
 * @param $force
 *   Force File Deletion ignoring reference counting.
 * @return mixed
 *   TRUE for success, Array for reference count block, or FALSE in the event of an error.
 */
function field_file_delete($file, $force = FALSE) {
  $file = (object)$file;
  // If any module returns a value from the reference hook, the
  // file will not be deleted from Drupal, but file_delete will
  // return a populated array that tests as TRUE.
  if (!$force && $references = module_invoke_all('file_references', $file)) {
    $references = array_filter($references); // only keep positive values
    if (!empty($references)) {
      return $references;
    }
  }

  // Let other modules clean up on delete.
  module_invoke_all('file_delete', $file);

  // Make sure the file is deleted before removing its row from the
  // database, so UIs can still find the file in the database.
  if (file_delete($file->filepath)) {
    db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
    _field_file_cache(NULL, $file); // delete the file from the cache
    return TRUE;
  }
  return FALSE;
}

/**
 * Internal cache, in order to minimize database queries for loading files.
 */
function _field_file_cache($file = NULL, $reset = FALSE) {
  static $files = array();

  // Reset internal cache.
  if (is_object($reset)) { // file object, uncache just that one
    unset($files[$reset->fid]);
    unset($files[$reset->filepath]);
  }
  else if ($reset) { // TRUE, delete the whole cache
    $files = array();
  }

  // Cache the file by both fid and filepath.
  // Use non-copying objects to save memory.
  if (!empty($file->fid)) {
    $files[$file->fid] = $file;
    $files[$file->filepath] = $file;
  }
  return $files;
}

/**
 * A silent version of file.inc's file_check_directory().
 *
 * This function differs from file_check_directory in that it checks for
 * files when doing the directory check and it does not use drupal_set_message()
 * when creating directories. This function may be removed in Drupal 7.
 *
 * Check that the directory exists and is writable. Directories need to
 * have execute permissions to be considered a directory by FTP servers, etc.
 *
 * @param $directory A string containing the name of a directory path.
 * @param $mode A Boolean value to indicate if the directory should be created
 *   if it does not exist or made writable if it is read-only.
 * @param $form_item An optional string containing the name of a form item that
 *   any errors will be attached to. This is useful for settings forms that
 *   require the user to specify a writable directory. If it can't be made to
 *   work, a form error will be set preventing them from saving the settings.
 * @return FALSE when directory not found, or TRUE when directory exists.
 */
function field_file_check_directory(&$directory, $mode = 0, $form_item = NULL) {
  $directory = rtrim($directory, '/\\');

  // Error if the directory is a file.
  if (is_file($directory)) {
    watchdog('file system', 'The path %directory was checked as a directory, but it is a file.',  array('%directory' => $directory), WATCHDOG_ERROR);
    if ($form_item) {
      form_set_error($form_item, t('The directory %directory is a file and cannot be overwritten.', array('%directory' => $directory)));
    }
    return FALSE;
  }

  // Create the directory if it is missing.
  if (!is_dir($directory) && $mode & FILE_CREATE_DIRECTORY && !@mkdir($directory, 0775, TRUE)) {
    watchdog('file system', 'The directory %directory does not exist.', array('%directory' => $directory), WATCHDOG_ERROR);
    if ($form_item) {
      form_set_error($form_item, t('The directory %directory does not exist.', array('%directory' => $directory)));
    }
    return FALSE;
  }

  // Check to see if the directory is writable.
  if (!is_writable($directory) && $mode & FILE_MODIFY_PERMISSIONS && !@chmod($directory, 0775)) {
    watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR);
    if ($form_item) {
      form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory)));
    }
    return FALSE;
  }

  if ((file_directory_path() == $directory || file_directory_temp() == $directory) && !is_file("$directory/.htaccess")) {
    $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
    if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) {
      fclose($fp);
      chmod($directory .'/.htaccess', 0664);
    }
    else {
      $repl = array('%directory' => $directory, '!htaccess' => nl2br(check_plain($htaccess_lines)));
      form_set_error($form_item, t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:<br /><code>!htaccess</code>", $repl));
      watchdog('security', "Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:<br /><code>!htaccess</code>", $repl, WATCHDOG_ERROR);
    }
  }

  return TRUE;
}

/**
 * Remove a possible leading file directory path from the given path.
 */
function field_file_strip_path($path) {
  $dirpath = file_directory_path();
  $dirlen = drupal_strlen($dirpath);
  if (drupal_substr($path, 0, $dirlen + 1) == $dirpath .'/') {
    $path = drupal_substr($path, $dirlen + 1);
  }
  return $path;
}

/**
 * Return a count of the references to a file by all modules.
 */
function field_file_references($file) {
  $references = (array) module_invoke_all('file_references', $file);
  $reference_count = 0;
  foreach ($references as $module => $count) {
    $reference_count += $count;
  }
  return $reference_count;
}
1	<?php
2	// $Id: field_file.inc,v 1.32 2009/04/12 21:22:17 quicksketch Exp $
3
4	/**
5	* @file
6	* Common functionality for file handling CCK field modules.
7	*/
8
9	/**
10	* Load a file from the database.
11	*
12	* @param $fid
13	* A numeric file id or string containing the file path.
14	* @param $reset
15	* Whether to reset the internal file_load cache.
16	* @return
17	* A file array.
18	*/
19	function field_file_load($fid, $reset = NULL) {
20	// Reset internal cache.
21	if (isset($reset)) {
22	_field_file_cache(NULL, TRUE);
23	}
24
25	if (empty($fid)) {
26	return array('fid' => 0, 'filepath' => '', 'filename' => '', 'filemime' => '', 'filesize' => 0);
27	}
28
29	$files = _field_file_cache();
30
31	// Serve file from internal cache if available.
32	if (empty($files[$fid])) {
33	if (is_numeric($fid)) {
34	$file = db_fetch_object(db_query('SELECT f.* FROM {files} f WHERE f.fid = %d', $fid));
35	}
36	else {
37	$file = db_fetch_object(db_query("SELECT f.* FROM {files} f WHERE f.filepath = '%s'", $fid));
38	}
39
40	if (!$file) {
41	$file = array('fid' => 0, 'filepath' => '', 'filename' => '', 'filemime' => '', 'filesize' => 0);
42	}
43
44	foreach (module_implements('file_load') as $module) {
45	$function = $module .'_file_load';
46	$function($file);
47	}
48
49	// Cache the fully loaded file for later use.
50	$files = _field_file_cache($file);
51	}
52
53	// Cast to an array for the field storage.
54	// Contrary to fields, hook_file() and core file functions expect objects.
55	return (array)$files[$fid];
56	}
57
58	/**
59	* Save a file upload to a new location.
60	* The source file is validated as a proper upload and handled as such. By
61	* implementing hook_file($op = 'insert'), modules are able to act on the file
62	* upload and to add their own properties to the file.
63	*
64	* The file will be added to the files table as a temporary file. Temporary
65	* files are periodically cleaned. To make the file permanent file call
66	* file_set_status() to change its status.
67	*
68	* @param $source
69	* A string specifying the name of the upload field to save.
70	* @param $validators
71	* An optional, associative array of callback functions used to validate the
72	* file. The keys are function names and the values arrays of callback
73	* parameters which will be passed in after the user and file objects. The
74	* functions should return an array of error messages, an empty array
75	* indicates that the file passed validation. The functions will be called in
76	* the order specified.
77	* @param $dest
78	* A string containing the directory $source should be copied to. If this is
79	* not provided or is not writable, the temporary directory will be used.
80	* @return
81	* An array containing the file information, or 0 in the event of an error.
82	*/
83	function field_file_save_upload($source, $validators = array(), $dest = FALSE) {
84	if (!$file = file_save_upload($source, $validators, $dest, FILE_EXISTS_RENAME)) {
85	return 0;
86	}
87	if (!@chmod($file->filepath, 0664)) {
88	watchdog('filefield', 'Could not set permissons on destination file: %file', array('%file' => $file->filepath));
89	}
90
91	// Let modules add additional properties to the yet barebone file object.
92	foreach (module_implements('file_insert') as $module) {
93	$function = $module .'_file_insert';
94	$function($file);
95	}
96	_field_file_cache($file); // cache the file in order to minimize load queries
97	return (array)$file;
98	}
99
100	/**
101	* Save a file into a file node after running all the associated validators.
102	*
103	* This function is usually used to move a file from the temporary file
104	* directory to a permanent location. It may be used by import scripts or other
105	* modules that want to save an existing file into the database.
106	*
107	* @param $filepath
108	* The local file path of the file to be saved.
109	* @param $validators
110	* An optional, associative array of callback functions used to validate the
111	* file. The keys are function names and the values arrays of callback
112	* parameters which will be passed in after the user and file objects. The
113	* functions should return an array of error messages, an empty array
114	* indicates that the file passed validation. The functions will be called in
115	* the order specified.
116	* @param $dest
117	* A string containing the directory $source should be copied to. If this is
118	* not provided or is not writable, the temporary directory will be used.
119	* @param $account
120	* The user account object that should associated with the uploaded file.
121	* @return
122	* An array containing the file information, or 0 in the event of an error.
123	*/
124	function field_file_save_file($filepath, $validators = array(), $dest = FALSE, $account = NULL) {
125	if (!isset($account)) {
126	$account = $GLOBALS['user'];
127	}
128
129	// Add in our check of the the file name length.
130	$validators['file_validate_name_length'] = array();
131
132	// Begin building file object.
133	$file = new stdClass();
134	$file->uid = $account->uid;
135	$file->filename = basename($filepath);
136	$file->filepath = $filepath;
137	$file->filemime = module_exists('mimedetect') ? mimedetect_mime($file) : file_get_mimetype($file->filename);
138
139	// Rename potentially executable files, to help prevent exploits.
140	if (preg_match('/\.(php\|pl\|py\|cgi\|asp\|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
141	$file->filemime = 'text/plain';
142	$file->filepath .= '.txt';
143	$file->filename .= '.txt';
144	}
145
146	// If the destination is not provided, or is not writable, then use the
147	// temporary directory.
148	if (empty($dest) \|\| file_check_path($dest) === FALSE) {
149	$dest = file_directory_temp();
150	}
151
152	$file->source = 'field_file_save_file';
153	$file->destination = file_destination(file_create_path($dest .'/'. $file->filename), FILE_EXISTS_RENAME);
154	$file->filesize = filesize($filepath);
155
156	// Call the validation functions.
157	$errors = array();
158	foreach ($validators as $function => $args) {
159	array_unshift($args, $file);
160	$errors = array_merge($errors, call_user_func_array($function, $args));
161	}
162
163	// Check for validation errors.
164	if (!empty($errors)) {
165	$message = t('The selected file %name could not be saved.', array('%name' => $file->filename));
166	if (count($errors) > 1) {
167	$message .= '<ul><li>'. implode('</li><li>', $errors) .'</li></ul>';
168	}
169	else {
170	$message .= ' '. array_pop($errors);
171	}
172	form_set_error($file->source, $message);
173	return 0;
174	}
175
176	if (!file_copy($file, $file->destination, FILE_EXISTS_RENAME)) {
177	form_set_error($file->source, t('File upload error. Could not move uploaded file.'));
178	watchdog('file', 'Upload error. Could not move file %file to destination %destination.', array('%file' => $file->filename, '%destination' => $file->destination));
179	return 0;
180	}
181
182	// If we made it this far it's safe to record this file in the database.
183	$file->status = FILE_STATUS_TEMPORARY;
184	$file->timestamp = time();
185	// Insert new record to the database.
186	drupal_write_record('files', $file);
187
188	// Let modules add additional properties to the yet barebone file object.
189	foreach (module_implements('file_insert') as $module) {
190	$function = $module .'_file_insert';
191	$function($file);
192	}
193	_field_file_cache($file); // cache the file in order to minimize load queries
194	return (array)$file;
195	}
196
197	/**
198	* Save a node file. Delete items if necessary and set new items as permanent.
199	*
200	* @param $node
201	* Node object this file is be associated with.
202	* @param $file
203	* File to be inserted, passed by reference since fid should be attached.
204	* @return array
205	*/
206	function field_file_save($node, &$file) {
207	// If this item is marked for deletion.
208	if (!empty($file['delete']) \|\| !empty($file['_remove'])) {
209	// If we're creating a new revision, return an empty array so CCK will
210	// remove the item.
211	if (!empty($node->old_vid)) {
212	return array();
213	}
214	// Otherwise delete the file and return an empty array.
215	if (field_file_delete($file)) {
216	return array();
217	}
218	}
219
220	// Cast to object since core functions use objects.
221	$file = (object)$file;
222
223	// Set permanent status on files if unset.
224	if (empty($file->status)) {
225	file_set_status($file, FILE_STATUS_PERMANENT);
226	}
227
228	// Let modules update their additional file properties too.
229	foreach (module_implements('file_update') as $module) {
230	$function = $module .'_file_update';
231	$function($file);
232	}
233	_field_file_cache($file); // update the cache, in case the file has changed
234
235	$file = (array)$file;
236	return $file;
237	}
238
239	/**
240	* Delete a field file and its database record.
241	*
242	* @param $path
243	* A file object.
244	* @param $force
245	* Force File Deletion ignoring reference counting.
246	* @return mixed
247	* TRUE for success, Array for reference count block, or FALSE in the event of an error.
248	*/
249	function field_file_delete($file, $force = FALSE) {
250	$file = (object)$file;
251	// If any module returns a value from the reference hook, the
252	// file will not be deleted from Drupal, but file_delete will
253	// return a populated array that tests as TRUE.
254	if (!$force && $references = module_invoke_all('file_references', $file)) {
255	$references = array_filter($references); // only keep positive values
256	if (!empty($references)) {
257	return $references;
258	}
259	}
260
261	// Let other modules clean up on delete.
262	module_invoke_all('file_delete', $file);
263
264	// Make sure the file is deleted before removing its row from the
265	// database, so UIs can still find the file in the database.
266	if (file_delete($file->filepath)) {
267	db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
268	_field_file_cache(NULL, $file); // delete the file from the cache
269	return TRUE;
270	}
271	return FALSE;
272	}
273
274	/**
275	* Internal cache, in order to minimize database queries for loading files.
276	*/
277	function _field_file_cache($file = NULL, $reset = FALSE) {
278	static $files = array();
279
280	// Reset internal cache.
281	if (is_object($reset)) { // file object, uncache just that one
282	unset($files[$reset->fid]);
283	unset($files[$reset->filepath]);
284	}
285	else if ($reset) { // TRUE, delete the whole cache
286	$files = array();
287	}
288
289	// Cache the file by both fid and filepath.
290	// Use non-copying objects to save memory.
291	if (!empty($file->fid)) {
292	$files[$file->fid] = $file;
293	$files[$file->filepath] = $file;
294	}
295	return $files;
296	}
297
298	/**
299	* A silent version of file.inc's file_check_directory().
300	*
301	* This function differs from file_check_directory in that it checks for
302	* files when doing the directory check and it does not use drupal_set_message()
303	* when creating directories. This function may be removed in Drupal 7.
304	*
305	* Check that the directory exists and is writable. Directories need to
306	* have execute permissions to be considered a directory by FTP servers, etc.
307	*
308	* @param $directory A string containing the name of a directory path.
309	* @param $mode A Boolean value to indicate if the directory should be created
310	* if it does not exist or made writable if it is read-only.
311	* @param $form_item An optional string containing the name of a form item that
312	* any errors will be attached to. This is useful for settings forms that
313	* require the user to specify a writable directory. If it can't be made to
314	* work, a form error will be set preventing them from saving the settings.
315	* @return FALSE when directory not found, or TRUE when directory exists.
316	*/
317	function field_file_check_directory(&$directory, $mode = 0, $form_item = NULL) {
318	$directory = rtrim($directory, '/\\');
319
320	// Error if the directory is a file.
321	if (is_file($directory)) {
322	watchdog('file system', 'The path %directory was checked as a directory, but it is a file.', array('%directory' => $directory), WATCHDOG_ERROR);
323	if ($form_item) {
324	form_set_error($form_item, t('The directory %directory is a file and cannot be overwritten.', array('%directory' => $directory)));
325	}
326	return FALSE;
327	}
328
329	// Create the directory if it is missing.
330	if (!is_dir($directory) && $mode & FILE_CREATE_DIRECTORY && !@mkdir($directory, 0775, TRUE)) {
331	watchdog('file system', 'The directory %directory does not exist.', array('%directory' => $directory), WATCHDOG_ERROR);
332	if ($form_item) {
333	form_set_error($form_item, t('The directory %directory does not exist.', array('%directory' => $directory)));
334	}
335	return FALSE;
336	}
337
338	// Check to see if the directory is writable.
339	if (!is_writable($directory) && $mode & FILE_MODIFY_PERMISSIONS && !@chmod($directory, 0775)) {
340	watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR);
341	if ($form_item) {
342	form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory)));
343	}
344	return FALSE;
345	}
346
347	if ((file_directory_path() == $directory \|\| file_directory_temp() == $directory) && !is_file("$directory/.htaccess")) {
348	$htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
349	if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) {
350	fclose($fp);
351	chmod($directory .'/.htaccess', 0664);
352	}
353	else {
354	$repl = array('%directory' => $directory, '!htaccess' => nl2br(check_plain($htaccess_lines)));
355	form_set_error($form_item, t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:<br /><code>!htaccess</code>", $repl));
356	watchdog('security', "Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:<br /><code>!htaccess</code>", $repl, WATCHDOG_ERROR);
357	}
358	}
359
360	return TRUE;
361	}
362
363	/**
364	* Remove a possible leading file directory path from the given path.
365	*/
366	function field_file_strip_path($path) {
367	$dirpath = file_directory_path();
368	$dirlen = drupal_strlen($dirpath);
369	if (drupal_substr($path, 0, $dirlen + 1) == $dirpath .'/') {
370	$path = drupal_substr($path, $dirlen + 1);
371	}
372	return $path;
373	}
374
375	/**
376	* Return a count of the references to a file by all modules.
377	*/
378	function field_file_references($file) {
379	$references = (array) module_invoke_all('file_references', $file);
380	$reference_count = 0;
381	foreach ($references as $module => $count) {
382	$reference_count += $count;
383	}
384	return $reference_count;
385	}