diff --git a/ktapi/KTAPIDocument.inc.php b/ktapi/KTAPIDocument.inc.php index d3285b1..ec8cd3a 100644 --- a/ktapi/KTAPIDocument.inc.php +++ b/ktapi/KTAPIDocument.inc.php @@ -35,6 +35,8 @@ * */ +//require_once(KT_DIR . '/ktwebservice/KTUploadManager.inc.php'); + class KTAPI_Document extends KTAPI_FolderItem { /** @@ -175,14 +177,7 @@ class KTAPI_Document extends KTAPI_FolderItem } DBUtil::commit(); - $tempfilename=addslashes($tempfilename); - $sql = "DELETE FROM uploaded_files WHERE tempfilename='$tempfilename'"; - $result = DBUtil::runQuery($sql); - if (PEAR::isError($result)) - { - return $result; - } - + KTUploadManager::temporary_file_imported($tempfilename); } /** diff --git a/ktapi/KTAPIFolder.inc.php b/ktapi/KTAPIFolder.inc.php index 1e88164..100667b 100644 --- a/ktapi/KTAPIFolder.inc.php +++ b/ktapi/KTAPIFolder.inc.php @@ -35,6 +35,8 @@ * */ +require_once(KT_DIR . '/ktwebservice/KTUploadManager.inc.php'); + class KTAPI_Folder extends KTAPI_FolderItem { /** @@ -603,13 +605,7 @@ class KTAPI_Folder extends KTAPI_FolderItem } DBUtil::commit(); - $tempfilename=addslashes($tempfilename); - $sql = "DELETE FROM uploaded_files WHERE tempfilename='$tempfilename'"; - $result = DBUtil::runQuery($sql); - if (PEAR::isError($result)) - { - return $result; - } + KTUploadManager::temporary_file_imported($tempfilename); return new KTAPI_Document($this->ktapi, $this, $document); } diff --git a/ktwebservice/KTUploadManager.inc.php b/ktwebservice/KTUploadManager.inc.php index 2aff2ff..9888b12 100644 --- a/ktwebservice/KTUploadManager.inc.php +++ b/ktwebservice/KTUploadManager.inc.php @@ -52,7 +52,8 @@ class KTUploadManager $config = KTConfig::getSingleton(); $this->age = $config->get('webservice/uploadExpiry',60); - $this->temp_dir= $config->get('webservice/uploadDirectory'); + $this->temp_dir = $config->get('webservice/uploadDirectory'); + $this->temp_dir = str_replace('\\','/', $this->temp_dir); } /** @@ -67,6 +68,44 @@ class KTUploadManager $this->session = $session->get_session(); } + function get_temp_filename($prefix) + { + $tempfilename = tempnam($this->temp_dir,$prefix); + + return $tempfilename; + } + + function is_valid_temporary_file($tempfilename) + { + $tempdir = substr($tempfilename,0,strlen($this->temp_dir)); + $tempdir = str_replace('\\','/', $tempdir); + return ($tempdir == $this->temp_dir); + } + + function store_base64_file($base64, $prefix= 'sa_') + { + $tempfilename = $this->get_temp_filename($prefix); + if (!is_writable($tempfilename)) + { + return new PEAR_Error("Cannot write to file: $tempfilename"); + } + + if (!$this->is_valid_temporary_file($tempfilename)) + { + return new PEAR_Error("Invalid temporary file: $tempfilename. There is a problem with the temporary storage path: $this->temp_dir."); + } + + $fp=fopen($tempfilename, 'wb'); + if ($fp === false) + { + return new PEAR_Error("Cannot write content to temporary file: $tempfilename."); + } + fwrite($fp, base64_decode($base64)); + fclose($fp); + + return $tempfilename; + } + /** * This tells the manager to manage a file that has been uploaded. * @@ -81,7 +120,8 @@ class KTUploadManager $now_str=date('YmdHis'); $newtempfile = realpath($this->temp_dir) . '/' . $this->userid . '-'. $now_str; - if (DIRECTORY_SEPARATOR == '\\') { + if (OS_WINDOWS) + { $tempfile = str_replace('/','\\',$tempfile); $newtempfile = str_replace('\\','/',$newtempfile); } @@ -110,7 +150,6 @@ class KTUploadManager if ($result == false) { - DBUtil::rollback(); return new PEAR_Error($tmp); } @@ -136,11 +175,10 @@ class KTUploadManager return $result; } - function imported_file($action, $filename, $documentid) + function temporary_file_imported($tempfilename) { - DBUtil::startTransaction(); - $filename=basename($filename); - $sql = "DELETE FROM uploaded_files WHERE action='$action' AND filename='$filename'"; + $tempfilename = addslashes(str_replace('\\','/',$tempfilename)); + $sql = "DELETE FROM uploaded_files WHERE tempfilename='$tempfilename'"; $rs = DBUtil::runQuery($sql); if (PEAR::isError($rs)) { @@ -148,15 +186,7 @@ class KTUploadManager return false; } - $sql = "INSERT INTO index_files(document_id, user_id) VALUES($documentid, $this->userid)"; - DBUtil::runQuery($sql); - if (PEAR::isError($rs)) - { - DBUtil::rollback(); - return false; - } - DBUtil::commit(); return true; } diff --git a/ktwebservice/webservice.php b/ktwebservice/webservice.php index e953f92..ef8223d 100644 --- a/ktwebservice/webservice.php +++ b/ktwebservice/webservice.php @@ -1916,15 +1916,14 @@ class KTWebService // we need to add some security to ensure that people don't frig the checkin process to access restricted files. // possibly should change 'tempfilename' to be a hash or id of some sort if this is troublesome. $upload_manager = new KTUploadManager(); - $tempdir = substr($tempfilename,0,strlen($upload_manager->temp_dir)); - if ($tempdir != $upload_manager->temp_dir) + if (!$upload_manager->is_valid_temporary_file($tempfilename)) { - $response=array( - 'status_code'=>KTWS_ERR_INVALID_FOLDER, - 'message'=>'Invalid temporary file.' + $response=array( + 'status_code'=>KTWS_ERR_INVALID_DOCUMENT, + 'message'=>"Invalid temporary file: $tempfilename. Not compatible with $upload_manager->temp_dir." ); - $this->debug("add_document - $upload_manager->temp_dir != $tempdir", $session_id); + $this->debug("add_document - Invalid temporary file: $tempfilename. Not compatible with $upload_manager->temp_dir.", $session_id); return new SOAP_Value('return',"{urn:$this->namespace}kt_document_detail", $response); } @@ -2052,38 +2051,6 @@ class KTWebService return new SOAP_Value('return',"{urn:$this->namespace}kt_document_detail", $kt); } - // create a temporary file - $oConfig = KTConfig::getSingleton(); - $tmp_dir = $oConfig->get('webservice/uploadDirectory'); - - $tempfilename = tempnam($tmp_dir,'sa_'); - if (!is_writable($tempfilename)) - { - $response=array( - 'status_code'=>KTWS_ERR_INVALID_FOLDER, - 'message'=>'Cannot write to temp folder: ' + $tempfilename - ); - $this->debug("add_small_document - cannot write $tempfilename", $session_id); - - return new SOAP_Value('return',"{urn:$this->namespace}kt_document_detail", $response); - } - - // we need to add some security to ensure that people don't frig the checkin process to access restricted files. - // possibly should change 'tempfilename' to be a hash or id of some sort if this is troublesome. - $upload_manager = new KTUploadManager(); - $tempdir = substr($tempfilename,0,strlen($upload_manager->temp_dir)); - if ( $tempdir != $upload_manager->temp_dir) - { - $response=array( - 'status_code'=>KTWS_ERR_INVALID_FOLDER, - 'message'=>'Invalid temporary file.' - ); - - $this->debug("add_small_document - $upload_manager->temp_dir != $tempdir ", $session_id); - - return new SOAP_Value('return',"{urn:$this->namespace}kt_document_detail", $response); - } - $folder = &$kt->get_folder_by_id($folder_id); if (PEAR::isError($folder)) { @@ -2095,19 +2062,19 @@ class KTWebService return new SOAP_Value('return',"{urn:$this->namespace}kt_document_detail", $response); } - // write to the temporary file - $fp=fopen($tempfilename, 'wb'); - if ($fp === false) - { - $response=array( + $upload_manager = new KTUploadManager(); + $tempfilename = $upload_manager->store_base64_file($base64); + if (PEAR::isError($tempfilename)) + { + $reason = $tempfilename->getMessage(); + $response=array( 'status_code'=>KTWS_ERR_INVALID_DOCUMENT, - 'message'=>'Cannot write to temp file: ' + $tempfilename + 'message'=>'Cannot write to temp file: ' + $tempfilename . ". Reason: $reason" ); - $this->debug("add_small_document - cannot get folderid $folder_id" , $session_id); + $this->debug("add_small_document - cannot write $tempfilename. Reason: $reason", $session_id); + return new SOAP_Value('return',"{urn:$this->namespace}kt_document_detail", $response); - } - fwrite($fp, base64_decode($base64)); - fclose($fp); + } // simulate the upload $upload_manager->uploaded($filename,$tempfilename, 'A'); @@ -2159,8 +2126,7 @@ class KTWebService // we need to add some security to ensure that people don't frig the checkin process to access restricted files. // possibly should change 'tempfilename' to be a hash or id of some sort if this is troublesome. $upload_manager = new KTUploadManager(); - $tempdir = substr($tempfilename,0,strlen($upload_manager->temp_dir)); - if ($tempdir != $upload_manager->temp_dir) + if (!$upload_manager->is_valid_temporary_file($tempfilename)) { $response['message'] = 'Invalid temporary file'; $this->debug("checkin_document - $upload_manager->temp_dir != $tempdir", $session_id); @@ -2282,47 +2248,19 @@ class KTWebService 'message'=>'', ); - // create a temporary file - $oConfig = KTConfig::getSingleton(); - $tmp_dir = $oConfig->get('webservice/uploadDirectory'); - - $tempfilename = tempnam($tmp_dir,'su_'); - if (!is_writable($tempfilename)) - { - $response=array( - 'status_code'=>KTWS_ERR_INVALID_FOLDER, - 'message'=>'Cannot write to temp folder: ' + $tempfilename - ); - - $this->debug("checkin_small_document - $tempfilename is not writable", $session_id); - - return new SOAP_Value('return',"{urn:$this->namespace}kt_document_detail", $response); - } - - // we need to add some security to ensure that people don't frig the checkin process to access restricted files. - // possibly should change 'tempfilename' to be a hash or id of some sort if this is troublesome. $upload_manager = new KTUploadManager(); - $tempdir = substr($tempfilename,0,strlen($upload_manager->temp_dir)); - if ($tempdir != $upload_manager->temp_dir) + $tempfilename = $upload_manager->store_base64_file($base64, 'su_'); + if (PEAR::isError($tempfilename)) { - $response['message'] = 'Invalid temporary file'; - $this->debug("checkin_small_document - $upload_manager->temp_dir != $tempdir", $session_id); - return new SOAP_Value('return',"{urn:$this->namespace}kt_document_detail", $response); - } - - // write to the temporary file - $fp=fopen($tempfilename, 'wb'); - if ($fp === false) - { - $response=array( + $reason = $tempfilename->getMessage(); + $response=array( 'status_code'=>KTWS_ERR_INVALID_DOCUMENT, - 'message'=>'Cannot write to temp file: ' + $tempfilename + 'message'=>'Cannot write to temp file: ' + $tempfilename . ". Reason: $reason" ); - $this->debug("checkin_small_document - cannot write $tempfilename", $session_id); + $this->debug("checkin_small_document - cannot write $tempfilename. Reason: $reason", $session_id); + return new SOAP_Value('return',"{urn:$this->namespace}kt_document_detail", $response); - } - fwrite($fp, base64_decode($base64)); - fclose($fp); + } // simulate the upload $upload_manager->uploaded($filename,$tempfilename, 'C');