* $NucleusJP: MEDIA.php,v 1.5 2006/07/17 20:03:44 kimitake Exp $
*/
+define('PRIVATE_COLLECTION', 'Private Collection');
+define('READ_ONLY_MEDIA_FOLDER', '(Read Only)');
/**
* Represents the media objects for a certain member
*
* @returns array of dirname => display name
*/
- function getCollectionList() {
+ function getCollectionList($exceptReadOnly = false) {
global $member, $DIR_MEDIA;
$collections = array();
// add private directory for member
- $collections[$member->getID()] = 'Private Collection';
-
+ $collections[$member->getID()] = PRIVATE_COLLECTION;
+
// add global collections
if (!is_dir($DIR_MEDIA)) return $collections;
$dirhandle = opendir($DIR_MEDIA);
while ($dirname = readdir($dirhandle)) {
// only add non-numeric (numeric=private) dirs
- if (@is_dir($DIR_MEDIA . $dirname) && ($dirname != '.') && ($dirname != '..') && ($dirname != 'CVS') && (!is_numeric($dirname))) {
- $collections[$dirname] = $dirname;
+ if (@is_dir($DIR_MEDIA . $dirname) &&
+ ($dirname != '.') &&
+ ($dirname != '..') &&
+ ($dirname != 'CVS') &&
+ (!is_numeric($dirname))) {
+ if (@is_writable($DIR_MEDIA . $dirname))
+ $collections[$dirname] = $dirname;
+ else if ($exceptReadOnly == false)
+ $collections[$dirname] = $dirname . ' ' . READ_ONLY_MEDIA_FOLDER;
}
}
closedir($dirhandle);
* checks if a collection exists with the given name, and if it's
* allowed for the currently logged in member to upload files to it
*/
- function isValidCollection($collectionName) {\r
- global $member, $DIR_MEDIA;\r
-\r
- // allow creating new private directory\r
- if (preg_match('#^[0-9]+[/\\\\]?$#',$collectionName))\r
- return ((int)$member->getID() == (int)$collectionName);\r
-\r
- // avoid directory traversal\r
- // note that preg_replace() is requred to remove the last "/" or "\" if exists\r
- $media = realpath($DIR_MEDIA);\r
- $media = preg_replace('#[/\\\\]+$#','',$media);\r
- $collectionDir = realpath( $DIR_MEDIA . $collectionName );\r
- $collectionDir = preg_replace('#[/\\\\]+$#','',$collectionDir);\r
- if (strpos($collectionDir,$media)!==0 || $collectionDir == $media) return false;\r
-\r
- // private collections only accept uploads from their owners\r
- // The "+1" of "strlen($media)+1" corresponds to "/" or "\".\r
- $collectionName=substr($collectionDir,strlen($media)+1);\r
- if (preg_match('/^[0-9]+$/',$collectionName))\r
- return ((int)$member->getID() == (int)$collectionName);\r
-\r
- // other collections should exists and be writable\r
- return (@is_dir($collectionDir) && @is_writable($collectionDir));\r
- }\r
+ function isValidCollection($collectionName, $exceptReadOnly = false) {
+ global $member, $DIR_MEDIA;
+
+ // allow creating new private directory
+ if ($collectionName === (string)$member->getID())
+ return true;
+
+ $collections = MEDIA::getCollectionList($exceptReadOnly);
+ $dirname = $collections[$collectionName];
+ if ($dirname == NULL || $dirname === PRIVATE_COLLECTION)
+ return false;
+
+ // other collections should exist and be writable
+ $collectionDir = $DIR_MEDIA . $collectionName;
+ if ($exceptReadOnly)
+ return (@is_dir($collectionDir) && @is_writable($collectionDir));
+
+ // other collections should exist
+ return @is_dir($collectionDir);
+ }
/**
* Adds an uploaded file to the media archive
$manager->notify('PreMediaUpload',array('collection' => &$collection, 'uploadfile' => $uploadfile, 'filename' => &$filename));
// don't allow uploads to unknown or forbidden collections
- if (!MEDIA::isValidCollection($collection))
+ $exceptReadOnly = true;
+ if (!MEDIA::isValidCollection($collection,$exceptReadOnly))
return _ERROR_DISALLOWED;
// check dir permissions (try to create dir if it does not exist)
OSDN Git Service
