use warnings;
use Sesse::pr0n::Common qw(error dberror);
-use Digest::SHA1;
+use Digest::SHA;
use MIME::Base64;
use Apache2::Request;
use Apache2::Upload;
sub handler {
my $r = shift;
my $dbh = Sesse::pr0n::Common::get_dbh();
-
+
$r->headers_out->{'DAV'} = "1,2";
# We only handle depth=0, depth=1 (cf. the RFC)
EOF
return Apache2::Const::OK;
- } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/([a-zA-Z0-9._-]+)$#) {
+ } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/([a-zA-Z0-9._()-]+)$#) {
# stat a single file
my ($event, $filename) = ($1, $2);
my ($fname, $size, $mtime);
} else {
# check if we have a "shadow file" for this
if (defined($autorename) && $autorename eq "autorename/") {
- my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE host=? AND event=? AND filename=? AND expires_at > now()',
+ my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE vhost=? AND event=? AND filename=? AND expires_at > now()',
undef, $r->get_server_name, $event, $filename);
if (defined($ref)) {
($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image_from_id($r, $ref->{'id'});
my ($event, $autorename, $filename) = ($1, $2, $3);
my $size = $r->headers_in->{'content-length'};
+ if (!defined($size)) {
+ $size = $r->headers_in->{'x-expected-entity-length'};
+ }
my $orig_filename = $filename;
# Remove evil characters
- if ($filename =~ /[^a-zA-Z0-9._-]/) {
+ if ($filename =~ /[^a-zA-Z0-9._()-]/) {
if (defined($autorename) && $autorename eq "autorename/") {
- $filename =~ tr/a-zA-Z0-9.-/_/c;
+ $filename =~ tr/a-zA-Z0-9.()-/_/c;
} else {
$r->status(403);
$r->content_type('text/plain; charset=utf-8');
# gnome-vfs and mac os x love to make zero-byte files,
# make them happy
#
- if ($r->headers_in->{'content-length'} == 0) {
+ if ($size == 0 || $filename =~ /^\.(_|DS_Store)/) {
$dbh->do('DELETE FROM fake_files WHERE expires_at <= now() OR (event=? AND vhost=? AND filename=?);',
undef, $event, $r->get_server_name, $filename)
or dberror($r, "Couldn't prune fake_files");
- $dbh->do('INSERT INTO fake_files (vhost,event,filename,expires_at) VALUES (?,?,?,now() + interval \'30 seconds\');',
+ $dbh->do('INSERT INTO fake_files (vhost,event,filename,expires_at) VALUES (?,?,?,now() + interval \'1 day\');',
undef, $r->get_server_name, $event, $filename)
or dberror($r, "Couldn't add file");
$r->content_type('text/plain; charset="utf-8"');
$r->log->info("Fake upload of $event/$filename");
return Apache2::Const::OK;
}
-
+
# Get the new ID
my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;");
my $newid = $ref->{'id'};
}
# Autorename if we need to
- if (defined($autorename) && $autorename eq "autorename/") {
- my $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?",
- undef, $r->get_server_name, $event, $filename)
- or dberror($r, "Couldn't check for existing files");
- if ($ref->{'numfiles'} > 0) {
+ $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?",
+ undef, $r->get_server_name, $event, $filename)
+ or dberror($r, "Couldn't check for existing files");
+ if ($ref->{'numfiles'} > 0) {
+ if (defined($autorename) && $autorename eq "autorename/") {
$r->log->info("Renaming $filename to $newid.jpeg");
$filename = "$newid.jpeg";
+ } else {
+ $r->status(403);
+ $r->content_type('text/plain; charset=utf-8');
+ $r->print("File $filename already exists in event $event, cannot overwrite");
+ return Apache2::Const::OK;
}
}
$dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)',
undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename);
- $dbh->do('UPDATE events SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
- undef, $r->get_server_name, $event);
+ Sesse::pr0n::Common::purge_cache($r, "/$event/");
# Now save the file to disk
+ Sesse::pr0n::Common::ensure_disk_location_exists($r, $newid);
$fname = Sesse::pr0n::Common::get_disk_location($r, $newid);
open NEWFILE, ">$fname"
or die "$fname: $!";
my $buf;
- my $content_length = $r->headers_in->{'content-length'};
- if ($r->read($buf, $content_length)) {
+ if ($r->read($buf, $size)) {
print NEWFILE $buf or die "write($fname): $!";
}
# Make cache while we're at it.
# Don't do it for the resource forks Mac OS X loves to upload :-(
- if ($filename !~ /^\._/) {
- Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, -1, -1, 1, 80, 64, 320, 256, -1, -1);
+ if ($filename !~ /^\.(_|DS_Store)/) {
+ # FIXME: Ideally we'd want to ensure cache of -1x-1 here as well (for NEFs), but that would
+ # preclude mipmapping in its current form.
+ Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, undef, undef, "nobox", 1, 80, 64, 320, 256);
}
# OK, we got this far, commit
}
}
- # Insert a `shadow file' we can stat the next 30 secs
+ # Insert a `shadow file' we can stat the next day or so
if (defined($autorename) && $autorename eq "autorename/") {
$dbh->do('DELETE FROM shadow_files WHERE expires_at <= now() OR (vhost=? AND event=? AND filename=?);',
undef, $r->get_server_name, $event, $filename)
or dberror($r, "Couldn't prune shadow_files");
- $dbh->do('INSERT INTO shadow_files (vhost,event,filename,id,expires_at) VALUES (?,?,?,?,now() + interval \'30 seconds\');',
+ $dbh->do('INSERT INTO shadow_files (vhost,event,filename,id,expires_at) VALUES (?,?,?,?,now() + interval \'1 day\');',
undef, $r->get_server_name, $event, $orig_filename, $newid)
or dberror($r, "Couldn't add shadow file");
$r->log->info("Added shadow entry for $event/$filename");
return Apache2::Const::OK;
}
- # Used by the XP publishing wizard -- largely the same as the code above
- # but vastly simplified. Should we refactor?
- if ($r->method eq "POST") {
- my $apr = Apache2::Request->new($r);
- my $client_size = $apr->param('size');
- my $event = $apr->param('event');
-
- my $file = $apr->upload('image');
- my $filename = $file->filename();
- if ($client_size != $file->size()) {
- $r->content_type('text/plain; charset="utf-8"');
- $r->status(403);
- $r->print("Client-size resizing detected; refusing automatically");
-
- $r->log->info("Client-size resized upload of $event/$filename detected");
- return Apache2::Const::OK;
- }
-
- # Ugh, Windows XP seems to be sending this in... something that's not UTF-8, at least
- my $takenby_given = Sesse::pr0n::Common::guess_charset($apr->param('takenby'));
-
- if (defined($takenby_given) && $takenby_given !~ /^\s*$/ && $takenby_given !~ /[<>&]/ && length($takenby_given) <= 100) {
- $takenby = $takenby_given;
- }
-
- my $ne_id = Sesse::pr0n::Common::guess_charset($apr->param('neweventid'));
- my $ne_date = Sesse::pr0n::Common::guess_charset($apr->param('neweventdate'));
- my $ne_desc = Sesse::pr0n::Common::guess_charset($apr->param('neweventdesc'));
- if (defined($ne_id)) {
- # Trying to add a new event, let's see if it already exists
- my $q = $dbh->prepare('SELECT COUNT(*) AS cnt FROM events WHERE event=? AND vhost=?')
- or dberror($r, "Couldn't prepare event count");
- $q->execute($ne_id, $r->get_server_name)
- or dberror($r, "Couldn't execute event count");
- my $ref = $q->fetchrow_hashref;
-
- if ($ref->{'cnt'} == 0) {
- my @errors = Sesse::pr0n::Common::add_new_event($dbh, $ne_id, $ne_date, $ne_desc, $r->get_server_name);
- if (scalar @errors > 0) {
- die "Couldn't add new event $ne_id: " . join(', ', @errors);
- }
- }
-
- $event = $ne_id;
- }
-
- # Remove evil characters
- if ($filename =~ /[^a-zA-Z0-9._-]/) {
- $filename =~ tr/a-zA-Z0-9.-/_/c;
- }
-
- # Get the new ID
- my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;");
- my $newid = $ref->{'id'};
- if (!defined($newid)) {
- dberror($r, "Couldn't get new ID");
- }
-
- # Autorename if we need to
- {
- my $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?",
- undef, $r->get_server_name, $event, $filename)
- or dberror($r, "Couldn't check for existing files");
- if ($ref->{'numfiles'} > 0) {
- $r->log->info("Renaming $filename to $newid.jpeg");
- $filename = "$newid.jpeg";
- }
- }
-
- {
- # Enable transactions and error raising temporarily
- local $dbh->{AutoCommit} = 0;
- local $dbh->{RaiseError} = 1;
- my $fname;
-
- # Try to insert this new file
- eval {
- $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?);',
- undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename);
- $dbh->do('UPDATE events SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
- undef, $r->get_server_name, $event);
-
- # Now save the file to disk
- $fname = Sesse::pr0n::Common::get_disk_location($r, $newid);
- open NEWFILE, ">$fname"
- or die "$fname: $!";
-
- my $buf;
- $file->slurp($buf);
- print NEWFILE $buf or die "write($fname): $!";
- close NEWFILE or die "close($fname): $!";
-
- # Orient stuff correctly
- system("/usr/bin/exifautotran", $fname) == 0
- or die "/usr/bin/exifautotran: $!";
-
- # Make cache while we're at it.
- Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, -1, -1, 1, 80, 64, 320, 256, -1, -1);
-
- # OK, we got this far, commit
- $dbh->commit;
-
- $r->log->notice("Successfully wrote $event/$filename to $fname");
- };
- if ($@) {
- # Some error occurred, rollback and bomb out
- $dbh->rollback;
- error($r, "Transaction aborted because $@");
- unlink($fname);
-
- $r->content_type('text/plain; charset="utf-8"');
- $r->status(500);
- $r->print("Error: $@");
- }
- }
-
- $r->content_type('text/plain; charset="utf-8"');
- $r->status(201);
- $r->print("OK");
-
- return Apache2::Const::OK;
- }
-
# Yes, we fake locks. :-)
if ($r->method eq "LOCK") {
if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?([a-zA-Z0-9._-]+)$#) {
}
my ($event, $autorename, $filename) = ($1, $2, $3);
- my $sha1 = Digest::SHA1::sha1_base64("/$event/$autorename/$filename");
+ $autorename = '' if (!defined($autorename));
+ my $sha1 = Digest::SHA::sha1_base64("/$event/$autorename$filename");
$r->status(200);
$r->content_type('text/xml; charset=utf-8');
$dbh->do('DELETE FROM images WHERE vhost=? AND event=? AND filename=?',
undef, $r->get_server_name, $event, $filename)
or dberror($r, "Couldn't remove file");
- $dbh->do('UPDATE events SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
+ $dbh->do('UPDATE last_picture_cache SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
undef, $r->get_server_name, $event)
or dberror($r, "Couldn't invalidate cache");
$r->status(200);
projects / pr0n / blobdiff