Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-3086: When uploading a file to /tmp filename collisions can occur 

- mktemp is used to generate temp name within /tmp dir
- it generate temp file when the file gets uploade to /tmp and then copy to
organize folder as original file name
This commit is contained in:
James 2011-11-23 14:12:14 -05:00
parent 37da2bf0c5
commit ab0dc64ba9
4 changed files with 28 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
airtime_mvc/application/controllers/ApiController.php
View File

@ -397,9 +397,11 @@ class ApiController extends Zend_Controller_Action
}
$upload_dir = ini_get("upload_tmp_dir");
Application_Model_StoredFile::uploadFile($upload_dir);
$tempFilePath = Application_Model_StoredFile::uploadFile($upload_dir);
$tempFileName = basename($tempFilePath);
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
Application_Model_StoredFile::copyFileToStor($upload_dir, $fileName);
Application_Model_StoredFile::copyFileToStor($upload_dir, $fileName, $tempFileName);
}
public function uploadRecordedAction()

8
airtime_mvc/application/controllers/PluploadController.php
View File

@ -26,15 +26,17 @@ class PluploadController extends Zend_Controller_Action
public function uploadAction()
{
$upload_dir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
Application_Model_StoredFile::uploadFile($upload_dir);
$tempFilePath = Application_Model_StoredFile::uploadFile($upload_dir);
$tempFileName = basename($tempFilePath);
die('{"jsonrpc" : "2.0"}');
die('{"jsonrpc" : "2.0", "tempfilepath" : "'.$tempFileName.'" }');
}
public function copyfileAction(){
$upload_dir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
$filename = $this->_getParam('name');
Application_Model_StoredFile::copyFileToStor($upload_dir, $filename);
$tempname = $this->_getParam('tempname');
Application_Model_StoredFile::copyFileToStor($upload_dir, $filename, $tempname);
die('{"jsonrpc" : "2.0"}');
}

44
airtime_mvc/application/models/StoredFile.php
View File

@ -809,10 +809,18 @@ class Application_Model_StoredFile {
if (isset($_SERVER["CONTENT_TYPE"]))
$contentType = $_SERVER["CONTENT_TYPE"];
// create temp file name (CC-3086)
$command = "mktemp --tmpdir=".$p_targetDir;
$tempFilePath= exec($command);
if($tempFilePath == ""){
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Unable to create tmp file."}, "id" : "id"}');
}
if (strpos($contentType, "multipart") !== false) {
if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
// Open temp file
$out = fopen($p_targetDir . DIRECTORY_SEPARATOR . $fileName, $chunk == 0 ? "wb" : "ab");
$out = fopen($tempFilePath, $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = fopen($_FILES['file']['tmp_name'], "rb");
@ -831,7 +839,7 @@ class Application_Model_StoredFile {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
} else {
// Open temp file
$out = fopen($p_targetDir . DIRECTORY_SEPARATOR . $fileName, $chunk == 0 ? "wb" : "ab");
$out = fopen($tempFilePath, $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = fopen("php://input", "rb");
@ -846,34 +854,12 @@ class Application_Model_StoredFile {
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
/*$audio_file = $p_targetDir . DIRECTORY_SEPARATOR . $fileName;
$md5 = md5_file($audio_file);
$duplicate = Application_Model_StoredFile::RecallByMd5($md5);
if ($duplicate) {
if (PEAR::isError($duplicate)) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": ' . $duplicate->getMessage() .'}}');
}
if (file_exists($duplicate->getFilePath())) {
$duplicateName = $duplicate->getMetadataValue('MDATA_KEY_TITLE');
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "An identical audioclip named ' . $duplicateName . ' already exists in the storage server."}}');
}
}
$storDir = Application_Model_MusicDir::getStorDir();
$stor = $storDir->getDirectory();
$stor .= "/organize";
$audio_stor = $stor . DIRECTORY_SEPARATOR . $fileName;
$r = @copy($audio_file, $audio_stor);*/
return $tempFilePath;
}
public static function copyFileToStor($p_targetDir, $fileName){
$audio_file = $p_targetDir . DIRECTORY_SEPARATOR . $fileName;
public static function copyFileToStor($p_targetDir, $fileName, $tempname){
$audio_file = $p_targetDir . DIRECTORY_SEPARATOR . $tempname;
Logging::log('copyFileToStor: moving file '.$audio_file);
$md5 = md5_file($audio_file);
$duplicate = Application_Model_StoredFile::RecallByMd5($md5);
@ -895,7 +881,7 @@ class Application_Model_StoredFile {
$audio_stor = $stor . DIRECTORY_SEPARATOR . $fileName;
$r = @copy($audio_file, $audio_stor);
//$r = @unlink($audio_file);
$r = @unlink($audio_file);
}
public static function getFileCount()

8
airtime_mvc/public/js/airtime/library/plupload.js
View File

@ -16,16 +16,16 @@ $(document).ready(function() {
uploader.bind('FileUploaded', function(up, file, json) {
var j = jQuery.parseJSON(json.response);
if(j.error !== undefined) {
if(j.error !== undefined) {
var row = $("<tr/>")
.append('<td>' + file.name +'</td>')
.append('<td>' + j.error.message + '</td>');
$("#plupload_error").find("table").append(row);
}else{
$.get('/Plupload/copyfile/format/json/name/'+encodeURIComponent(file.name), function(json){
var tempFileName = j.tempfilepath;
$.get('/Plupload/copyfile/format/json/name/'+encodeURIComponent(file.name)+'/tempname/'+encodeURIComponent(tempFileName), function(json){
var jr = jQuery.parseJSON(json);
if(jr.error !== undefined) {
var row = $("<tr/>")