Mercurial > hg > fapweb
changeset 864:16bc6c1029ee
Handle file upload errors more nicely.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Wed, 26 Nov 2014 11:34:48 +0200 |
parents | 1a2ec2f85a97 |
children | 80f6f31d3711 |
files | msite.inc.php |
diffstat | 1 files changed, 45 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/msite.inc.php Wed Nov 26 11:08:40 2014 +0200 +++ b/msite.inc.php Wed Nov 26 11:34:48 2014 +0200 @@ -1101,6 +1101,14 @@ // // File upload handling // +function stFileError($userID, $adminMsg, $userMsg) +{ + stErrorLog($adminMsg); + stError(($userID === 0) ? $adminMsg : $userMsg); + return FALSE; +} + + function stHandleGenericFileUpload($userID) { global $errorSet; @@ -1116,20 +1124,47 @@ // Check entry existence if (($entry = stFetchSQL("SELECT * FROM entries WHERE id=".$entryID)) === false) - return stError("Entry ID #".$entryID." does not exist??"); + return stFileError($userID, + "Entry ID #".$entryID." does not exist in the entries table?", + "Entry does not exist??"); if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$entry["compo_id"])) === false) - return stError("Compo ID does not exist??"); + return stFileError($userID, + "Compo ID #".$entry["compo_id"]." in entry ID #".$entryID." does not exist!", + "Compo does not exist??"); + + // Check target path existence / writability + $dstPath = stMakePath(FALSE, array(stGetSetting("entryPath"), $compo["cpath"])); + if (!file_exists($dstPath)) + return stFileError($userID, + "Path '".$dstPath."' for compo ID #".$entry["compo_id"]." does not exist.", + "The directory for entry's compo does not exist!"); + + $dstPerms = fileperm($dstPath); + if (($dstPerms & 0x4000) === 0) + return stFileError($userID, + "Path for entry's compo '".$dstPath."' is not a directory.", + "Path for entry's compo is not a directory?"); + + $needPerms = 0x0100 | 0x0080 | 0x0040; + if (($dstPerms & $needPerms) !== $needPerms) + return stFileError($userID, + "Path for entry's compo '".$dstPath."' does not have sufficient permissions.", + "Path for entry's compo has no sufficient permissions."); // Check permissions for non-admins if ($userID != 0) { // Check if the user even exists, just in case if (($user = stFetchSQL("SELECT * FROM attendees WHERE id=".$userID)) === false) - return stError("User ID #".$userID." does not exist??"); + return stFileError($userID, + "User ID #".$userID." does not exist??", + "You do not exist. Go away."); if ($entry["owner_id"] != $userID) - return stError("Attempted to upload file to entry not owned by user."); + return stFileError($userID, + "User ID #".$userID." attempted to upload file to an entry that is not owned by him (@ ".$_SERVER["REMOTE_ADDR"].")", + "Attempted to upload file to entry not owned by user."); } // Check file status data @@ -1201,18 +1236,16 @@ // Set permissions before moving the file if (chmod($tmpFilename, stGetSetting($uploadType."PathPerms")) === false) - { - stErrorLog("Could not set permissions for uploaded file '".$tmpFilename."'."); - return stError("Could not set permissions for uploaded file."); - } + return stFileError($userID, + "Could not set permissions for uploaded file '".$tmpFilename."'.", + "Internal error. Could not set permissions for uploaded file. Contact site admins."); // Move file to its destination $dstFilename = stMakePath(FALSE, array(stGetSetting("entryPath"), $compo["cpath"], $fentry["filename"])); if (@move_uploaded_file($tmpFilename, $dstFilename) === false) - { - stErrorLog("Could not move uploaded file '".$tmpFilename."' to '".$dstFilename."'."); - return stError("Deploying uploaded file failed!"); - } + return stFileError($userID, + "Could not move uploaded file '".$tmpFilename."' to '".$dstFilename."'.", + "Internal error. Deploying uploaded file failed! Contact site admins."); return TRUE; }