/*
** Copyright (c) 2010 D. Richard Hipp
**
** This program is free software; you can redistribute it and/or
** modify it under the terms of the Simplified BSD License (also
** known as the "2-Clause License" or "FreeBSD License".)
** This program is distributed in the hope that it will be useful,
** but without any warranty; without even the implied warranty of
** merchantability or fitness for a particular purpose.
**
** Author contact information:
** drh@hwaci.com
** http://www.hwaci.com/drh/
**
*******************************************************************************
**
** This file contains code for dealing with attachments.
*/
#include "config.h"
#include "attach.h"
#include <assert.h>
/*
** WEBPAGE: attachlist
**
** tkt=TICKETUUID
** page=WIKIPAGE
**
** List attachments.
** Either one of tkt= or page= are supplied or neither. If neither
** are given, all attachments are listed. If one is given, only
** attachments for the designated ticket or wiki page are shown.
** TICKETUUID must be complete
*/
void attachlist_page(void){
const char *zPage = P("page");
const char *zTkt = P("tkt");
Blob sql;
Stmt q;
if( zPage && zTkt ) zTkt = 0;
login_check_credentials();
blob_zero(&sql);
blob_appendf(&sql,
"SELECT datetime(mtime%s), src, target, filename,"
" comment, user,"
" (SELECT uuid FROM blob WHERE rid=attachid), attachid"
" FROM attachment",
timeline_utc()
);
if( zPage ){
if( g.perm.RdWiki==0 ) login_needed();
style_header("Attachments To %h", zPage);
blob_appendf(&sql, " WHERE target=%Q", zPage);
}else if( zTkt ){
if( g.perm.RdTkt==0 ) login_needed();
style_header("Attachments To Ticket %S", zTkt);
blob_appendf(&sql, " WHERE target GLOB '%q*'", zTkt);
}else{
if( g.perm.RdTkt==0 && g.perm.RdWiki==0 ) login_needed();
style_header("All Attachments");
}
blob_appendf(&sql, " ORDER BY mtime DESC");
db_prepare(&q, "%s", blob_str(&sql));
@ <ol>
while( db_step(&q)==SQLITE_ROW ){
const char *zDate = db_column_text(&q, 0);
const char *zSrc = db_column_text(&q, 1);
const char *zTarget = db_column_text(&q, 2);
const char *zFilename = db_column_text(&q, 3);
const char *zComment = db_column_text(&q, 4);
const char *zUser = db_column_text(&q, 5);
const char *zUuid = db_column_text(&q, 6);
int attachid = db_column_int(&q, 7);
const char *zDispUser = zUser && zUser[0] ? zUser : "anonymous";
int i;
char *zUrlTail;
for(i=0; zFilename[i]; i++){
if( zFilename[i]=='/' && zFilename[i+1]!=0 ){
zFilename = &zFilename[i+1];
i = -1;
}
}
if( strlen(zTarget)==UUID_SIZE && validate16(zTarget,UUID_SIZE) ){
zUrlTail = mprintf("tkt=%s&file=%t", zTarget, zFilename);
}else{
zUrlTail = mprintf("page=%t&file=%t", zTarget, zFilename);
}
@ <li><p>
@ Attachment %z(href("%R/ainfo/%s",zUuid))%S(zUuid)</a>
if( moderation_pending(attachid) ){
@ <span class="modpending">*** Awaiting Moderator Approval ***</span>
}
@ <br><a href="/attachview?%s(zUrlTail)">%h(zFilename)</a>
@ [<a href="/attachdownload/%t(zFilename)?%s(zUrlTail)">download</a>]<br />
if( zComment ) while( fossil_isspace(zComment[0]) ) zComment++;
if( zComment && zComment[0] ){
@ %!w(zComment)<br />
}
if( zPage==0 && zTkt==0 ){
if( zSrc==0 || zSrc[0]==0 ){
zSrc = "Deleted from";
}else {
zSrc = "Added to";
}
if( strlen(zTarget)==UUID_SIZE && validate16(zTarget, UUID_SIZE) ){
@ %s(zSrc) ticket <a href="%s(g.zTop)/tktview?name=%s(zTarget)">
@ %S(zTarget)</a>
}else{
@ %s(zSrc) wiki page <a href="%s(g.zTop)/wiki?name=%t(zTarget)">
@ %h(zTarget)</a>
}
}else{
if( zSrc==0 || zSrc[0]==0 ){
@ Deleted
}else {
@ Added
}
}
@ by %h(zDispUser) on
hyperlink_to_date(zDate, ".");
free(zUrlTail);
}
db_finalize(&q);
@ </ol>
style_footer();
return;
}
/*
** WEBPAGE: attachdownload
** WEBPAGE: attachimage
** WEBPAGE: attachview
**
** tkt=TICKETUUID
** page=WIKIPAGE
** file=FILENAME
** attachid=ID
**
** List attachments.
*/
void attachview_page(void){
const char *zPage = P("page");
const char *zTkt = P("tkt");
const char *zFile = P("file");
const char *zTarget = 0;
int attachid = atoi(PD("attachid","0"));
char *zUUID;
if( zPage && zTkt ) zTkt = 0;
if( zFile==0 ) fossil_redirect_home();
login_check_credentials();
if( zPage ){
if( g.perm.RdWiki==0 ) login_needed();
zTarget = zPage;
}else if( zTkt ){
if( g.perm.RdTkt==0 ) login_needed();
zTarget = zTkt;
}else{
fossil_redirect_home();
}
if( attachid>0 ){
zUUID = db_text(0,
"SELECT coalesce(src,'x') FROM attachment"
" WHERE target=%Q AND attachid=%d",
zTarget, attachid
);
}else{
zUUID = db_text(0,
"SELECT coalesce(src,'x') FROM attachment"
" WHERE target=%Q AND filename=%Q"
" ORDER BY mtime DESC LIMIT 1",
zTarget, zFile
);
}
if( zUUID==0 || zUUID[0]==0 ){
style_header("No Such Attachment");
@ No such attachment....
style_footer();
return;
}else if( zUUID[0]=='x' ){
style_header("Missing");
@ Attachment has been deleted
style_footer();
return;
}
g.perm.Read = 1;
cgi_replace_parameter("name",zUUID);
if( fossil_strcmp(g.zPath,"attachview")==0 ){
artifact_page();
}else{
cgi_replace_parameter("m", mimetype_from_name(zFile));
rawartifact_page();
}
}
/*
** Save an attachment control artifact into the repository
*/
static void attach_put(
Blob *pAttach, /* Text of the Attachment record */
int attachRid, /* RID for the file that is being attached */
int needMod /* True if the attachment is subject to moderation */
){
int rid;
if( needMod ){
rid = content_put_ex(pAttach, 0, 0, 0, 1);
moderation_table_create();
db_multi_exec(
"INSERT INTO modreq(objid,attachRid) VALUES(%d,%d);",
rid, attachRid
);
}else{
rid = content_put(pAttach);
db_multi_exec("INSERT OR IGNORE INTO unsent VALUES(%d);", rid);
db_multi_exec("INSERT OR IGNORE INTO unclustered VALUES(%d);", rid);
}
manifest_crosslink(rid, pAttach, MC_NONE);
}
/*
** WEBPAGE: attachadd
**
** tkt=TICKETUUID
** page=WIKIPAGE
** from=URL
**
** Add a new attachment.
*/
void attachadd_page(void){
const char *zPage = P("page");
const char *zTkt = P("tkt");
const char *zFrom = P("from");
const char *aContent = P("f");
const char *zName = PD("f:filename","unknown");
const char *zTarget;
const char *zTargetType;
int szContent = atoi(PD("f:bytes","0"));
int goodCaptcha = 1;
if( P("cancel") ) cgi_redirect(zFrom);
if( zPage && zTkt ) fossil_redirect_home();
if( zPage==0 && zTkt==0 ) fossil_redirect_home();
login_check_credentials();
if( zPage ){
if( g.perm.ApndWiki==0 || g.perm.Attach==0 ) login_needed();
if( !db_exists("SELECT 1 FROM tag WHERE tagname='wiki-%q'", zPage) ){
fossil_redirect_home();
}
zTarget = zPage;
zTargetType = mprintf("Wiki Page <a href=\"%s/wiki?name=%h\">%h</a>",
g.zTop, zPage, zPage);
}else{
if( g.perm.ApndTkt==0 || g.perm.Attach==0 ) login_needed();
if( !db_exists("SELECT 1 FROM tag WHERE tagname='tkt-%q'", zTkt) ){
zTkt = db_text(0, "SELECT substr(tagname,5) FROM tag"
" WHERE tagname GLOB 'tkt-%q*'", zTkt);
if( zTkt==0 ) fossil_redirect_home();
}
zTarget = zTkt;
zTargetType = mprintf("Ticket <a href=\"%s/tktview/%s\">%S</a>",
g.zTop, zTkt, zTkt);
}
if( zFrom==0 ) zFrom = mprintf("%s/home", g.zTop);
if( P("cancel") ){
cgi_redirect(zFrom);
}
if( P("ok") && szContent>0 && (goodCaptcha = captcha_is_correct()) ){
Blob content;
Blob manifest;
Blob cksum;
char *zUUID;
const char *zComment;
char *zDate;
int rid;
int i, n;
int addCompress = 0;
Manifest *pManifest;
int needModerator;
db_begin_transaction();
blob_init(&content, aContent, szContent);
pManifest = manifest_parse(&content, 0, 0);
manifest_destroy(pManifest);
blob_init(&content, aContent, szContent);
if( pManifest ){
blob_compress(&content, &content);
addCompress = 1;
}
needModerator =
(zTkt!=0 && ticket_need_moderation(0)) ||
(zPage!=0 && wiki_need_moderation(0));
rid = content_put_ex(&content, 0, 0, 0, needModerator);
zUUID = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid);
blob_zero(&manifest);
for(i=n=0; zName[i]; i++){
if( zName[i]=='/' || zName[i]=='\\' ) n = i;
}
zName += n;
if( zName[0]==0 ) zName = "unknown";
blob_appendf(&manifest, "A %F%s %F %s\n",
zName, addCompress ? ".gz" : "", zTarget, zUUID);
zComment = PD("comment", "");
while( fossil_isspace(zComment[0]) ) zComment++;
n = strlen(zComment);
while( n>0 && fossil_isspace(zComment[n-1]) ){ n--; }
if( n>0 ){
blob_appendf(&manifest, "C %#F\n", n, zComment);
}
zDate = date_in_standard_format("now");
blob_appendf(&manifest, "D %s\n", zDate);
blob_appendf(&manifest, "U %F\n", login_name());
md5sum_blob(&manifest, &cksum);
blob_appendf(&manifest, "Z %b\n", &cksum);
attach_put(&manifest, rid, needModerator);
assert( blob_is_reset(&manifest) );
db_end_transaction(0);
cgi_redirect(zFrom);
}
style_header("Add Attachment");
if( !goodCaptcha ){
@ <p class="generalError">Error: Incorrect security code.</p>
}
@ <h2>Add Attachment To %s(zTargetType)</h2>
form_begin("enctype='multipart/form-data'", "%R/attachadd");
@ <div>
@ File to Attach:
@ <input type="file" name="f" size="60" /><br />
@ Description:<br />
@ <textarea name="comment" cols="80" rows="5" wrap="virtual"></textarea><br />
if( zTkt ){
@ <input type="hidden" name="tkt" value="%h(zTkt)" />
}else{
@ <input type="hidden" name="page" value="%h(zPage)" />
}
@ <input type="hidden" name="from" value="%h(zFrom)" />
@ <input type="submit" name="ok" value="Add Attachment" />
@ <input type="submit" name="cancel" value="Cancel" />
@ </div>
captcha_generate(0);
@ </form>
style_footer();
}
/*
** WEBPAGE: ainfo
** URL: /ainfo?name=ARTIFACTID
**
** Show the details of an attachment artifact.
*/
void ainfo_page(void){
int rid; /* RID for the control artifact */
int ridSrc; /* RID for the attached file */
char *zDate; /* Date attached */
const char *zUuid; /* UUID of the control artifact */
Manifest *pAttach; /* Parse of the control artifact */
const char *zTarget; /* Wiki or ticket attached to */
const char *zSrc; /* UUID of the attached file */
const char *zName; /* Name of the attached file */
const char *zDesc; /* Description of the attached file */
const char *zWikiName = 0; /* Wiki page name when attached to Wiki */
const char *zTktUuid = 0; /* Ticket ID when attached to a ticket */
int modPending; /* True if awaiting moderation */
const char *zModAction; /* Moderation action or NULL */
int isModerator; /* TRUE if user is the moderator */
const char *zMime; /* MIME Type */
Blob attach; /* Content of the attachment */
int fShowContent = 0;
const char *zLn = P("ln");
login_check_credentials();
if( !g.perm.RdTkt && !g.perm.RdWiki ){ login_needed(); return; }
rid = name_to_rid_www("name");
if( rid==0 ){ fossil_redirect_home(); }
zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
#if 0
/* Shunning here needs to get both the attachment control artifact and
** the object that is attached. */
if( g.perm.Admin ){
if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
g.zTop, zUuid);
}else{
style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
g.zTop, zUuid);
}
}
#endif
pAttach = manifest_get(rid, CFTYPE_ATTACHMENT, 0);
if( pAttach==0 ) fossil_redirect_home();
zTarget = pAttach->zAttachTarget;
zSrc = pAttach->zAttachSrc;
ridSrc = db_int(0,"SELECT rid FROM blob WHERE uuid='%s'", zSrc);
zName = pAttach->zAttachName;
zDesc = pAttach->zComment;
zMime = mimetype_from_name(zName);
fShowContent = zMime ? strncmp(zMime,"text/", 5)==0 : 0;
if( validate16(zTarget, strlen(zTarget))
&& db_exists("SELECT 1 FROM ticket WHERE tkt_uuid='%s'", zTarget)
){
zTktUuid = zTarget;
if( !g.perm.RdTkt ){ login_needed(); return; }
if( g.perm.WrTkt ){
style_submenu_element("Delete","Delete","%R/ainfo/%s?del", zUuid);
}
}else if( db_exists("SELECT 1 FROM tag WHERE tagname='wiki-%q'",zTarget) ){
zWikiName = zTarget;
if( !g.perm.RdWiki ){ login_needed(); return; }
if( g.perm.WrWiki ){
style_submenu_element("Delete","Delete","%R/ainfo/%s?del", zUuid);
}
}
zDate = db_text(0, "SELECT datetime(%.12f)", pAttach->rDate);
if( P("confirm")
&& ((zTktUuid && g.perm.WrTkt) || (zWikiName && g.perm.WrWiki))
){
int i, n, rid;
char *zDate;
Blob manifest;
Blob cksum;
const char *zFile = zName;
db_begin_transaction();
blob_zero(&manifest);
for(i=n=0; zFile[i]; i++){
if( zFile[i]=='/' || zFile[i]=='\\' ) n = i;
}
zFile += n;
if( zFile[0]==0 ) zFile = "unknown";
blob_appendf(&manifest, "A %F %F\n", zFile, zTarget);
zDate = date_in_standard_format("now");
blob_appendf(&manifest, "D %s\n", zDate);
blob_appendf(&manifest, "U %F\n", login_name());
md5sum_blob(&manifest, &cksum);
blob_appendf(&manifest, "Z %b\n", &cksum);
rid = content_put(&manifest);
manifest_crosslink(rid, &manifest, MC_NONE);
db_end_transaction(0);
@ <p>The attachment below has been deleted.</p>
}
if( P("del")
&& ((zTktUuid && g.perm.WrTkt) || (zWikiName && g.perm.WrWiki))
){
form_begin(0, "%R/ainfo/%s", zUuid);
@ <p>Confirm you want to delete the attachment shown below.
@ <input type="submit" name="confirm" value="Confirm">
@ </form>
}
isModerator = g.perm.Admin ||
(zTktUuid && g.perm.ModTkt) ||
(zWikiName && g.perm.ModWiki);
if( isModerator && (zModAction = P("modaction"))!=0 ){
if( strcmp(zModAction,"delete")==0 ){
moderation_disapprove(rid);
if( zTktUuid ){
cgi_redirectf("%R/tktview/%s", zTktUuid);
}else{
cgi_redirectf("%R/wiki?name=%t", zWikiName);
}
return;
}
if( strcmp(zModAction,"approve")==0 ){
moderation_approve(rid);
}
}
style_header("Attachment Details");
style_submenu_element("Raw", "Raw", "%R/artifact/%s", zUuid);
if(fShowContent){
style_submenu_element("Line Numbers", "Line Numbers",
"%R/ainfo/%s%s",zUuid,
((zLn&&*zLn) ? "" : "?ln=0"));
}
@ <div class="section">Overview</div>
@ <p><table class="label-value">
@ <tr><th>Artifact ID:</th>
@ <td>%z(href("%R/artifact/%s",zUuid))%s(zUuid)</a>
if( g.perm.Setup ){
@ (%d(rid))
}
modPending = moderation_pending(rid);
if( modPending ){
@ <span class="modpending">*** Awaiting Moderator Approval ***</span>
}
if( zTktUuid ){
@ <tr><th>Ticket:</th>
@ <td>%z(href("%R/tktview/%s",zTktUuid))%s(zTktUuid)</a></td></tr>
}
if( zWikiName ){
@ <tr><th>Wiki Page:</th>
@ <td>%z(href("%R/wiki?name=%t",zWikiName))%h(zWikiName)</a></td></tr>
}
@ <tr><th>Date:</th><td>
hyperlink_to_date(zDate, "</td></tr>");
@ <tr><th>User:</th><td>
hyperlink_to_user(pAttach->zUser, zDate, "</td></tr>");
@ <tr><th>Artifact Attached:</th>
@ <td>%z(href("%R/artifact/%s",zSrc))%s(zSrc)</a>
if( g.perm.Setup ){
@ (%d(ridSrc))
}
@ <tr><th>Filename:</th><td>%h(zName)</td></tr>
if( g.perm.Setup ){
@ <tr><th>MIME-Type:</th><td>%h(zMime)</td></tr>
}
@ <tr><th valign="top">Description:</th><td valign="top">%h(zDesc)</td></tr>
@ </table>
if( isModerator && modPending ){
@ <div class="section">Moderation</div>
@ <blockquote>
form_begin(0, "%R/ainfo/%s", zUuid);
@ <label><input type="radio" name="modaction" value="delete">
@ Delete this change</label><br />
@ <label><input type="radio" name="modaction" value="approve">
@ Approve this change</label><br />
@ <input type="submit" value="Submit">
@ </form>
@ </blockquote>
}
@ <div class="section">Content Appended</div>
@ <blockquote>
blob_zero(&attach);
if( fShowContent ){
const char *z;
content_get(ridSrc, &attach);
blob_to_utf8_no_bom(&attach, 0);
z = blob_str(&attach);
if( zLn ){
output_text_with_line_numbers(z, zLn);
}else{
@ <pre>
@ %h(z)
@ </pre>
}
}else if( strncmp(zMime, "image/", 6)==0 ){
@ <img src="%R/raw/%s(zSrc)?m=%s(zMime)"></img>
style_submenu_element("Image", "Image", "%R/raw/%s?m=%s", zSrc, zMime);
}else{
int sz = db_int(0, "SELECT size FROM blob WHERE rid=%d", ridSrc);
@ <i>(file is %d(sz) bytes of binary data)</i>
}
@ </blockquote>
manifest_destroy(pAttach);
blob_reset(&attach);
style_footer();
}
/*
** Output HTML to show a list of attachments.
*/
void attachment_list(
const char *zTarget, /* Object that things are attached to */
const char *zHeader /* Header to display with attachments */
){
int cnt = 0;
Stmt q;
db_prepare(&q,
"SELECT datetime(mtime%s), filename, user,"
" (SELECT uuid FROM blob WHERE rid=attachid), src"
" FROM attachment"
" WHERE isLatest AND src!='' AND target=%Q"
" ORDER BY mtime DESC",
timeline_utc(), zTarget
);
while( db_step(&q)==SQLITE_ROW ){
const char *zDate = db_column_text(&q, 0);
const char *zFile = db_column_text(&q, 1);
const char *zUser = db_column_text(&q, 2);
const char *zUuid = db_column_text(&q, 3);
const char *zSrc = db_column_text(&q, 4);
const char *zDispUser = zUser && zUser[0] ? zUser : "anonymous";
if( cnt==0 ){
@ %s(zHeader)
}
cnt++;
@ <li>
@ %z(href("%R/artifact/%s",zSrc))%h(zFile)</a>
@ added by %h(zDispUser) on
hyperlink_to_date(zDate, ".");
@ [%z(href("%R/ainfo/%s",zUuid))details</a>]
@ </li>
}
if( cnt ){
@ </ul>
}
db_finalize(&q);
}