Code Coverage for /data/phpBB/includes/ucp/ucp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 2	CRAP	0.00% covered (danger)	0.00%	0 / 175
ucp_attachments	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 2	2550.00	0.00% covered (danger)	0.00%	0 / 171
main				0.00% covered (danger)	0.00%	0 / 1	1482.00	0.00% covered (danger)	0.00%	0 / 157
can_delete_file				0.00% covered (danger)	0.00%	0 / 1	156.00	0.00% covered (danger)	0.00%	0 / 14

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	/**
23	* ucp_attachments
24	* User attachments
25	*/
26	class ucp_attachments
27	{
28	var $u_action;
29
30	function main($id, $mode)
31	{
32	global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth;
33
34	$start = $request->variable('start', 0);
35	$sort_key = $request->variable('sk', 'a');
36	$sort_dir = $request->variable('sd', 'a');
37
38	$delete = (isset($_POST['delete'])) ? true : false;
39	$delete_ids = array_keys($request->variable('attachment', array(0)));
40
41	if ($delete && count($delete_ids))
42	{
43	// Validate $delete_ids...
44	$sql = 'SELECT a.attach_id, a.in_message, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status, pt.folder_id
45	FROM ' . ATTACHMENTS_TABLE . ' a
46	LEFT JOIN ' . POSTS_TABLE . ' p
47	ON (a.post_msg_id = p.post_id AND a.in_message = 0)
48	LEFT JOIN ' . TOPICS_TABLE . ' t
49	ON (t.topic_id = p.topic_id AND a.in_message = 0)
50	LEFT JOIN ' . FORUMS_TABLE . ' f
51	ON (f.forum_id = t.forum_id AND a.in_message = 0)
52	LEFT JOIN ' . PRIVMSGS_TABLE . ' pr
53	ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
54	LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt
55	ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)
56	WHERE a.poster_id = ' . $user->data['user_id'] . '
57	AND a.is_orphan = 0
58	AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
59	$result = $db->sql_query($sql);
60
61	$delete_ids = array();
62	while ($row = $db->sql_fetchrow($result))
63	{
64	if (!$this->can_delete_file($row))
65	{
66	continue;
67	}
68
69	$delete_ids[] = $row['attach_id'];
70	}
71	$db->sql_freeresult($result);
72	}
73
74	if ($delete && count($delete_ids))
75	{
76	$s_hidden_fields = array(
77	'delete' => 1
78	);
79
80	foreach ($delete_ids as $attachment_id)
81	{
82	$s_hidden_fields['attachment'][$attachment_id] = 1;
83	}
84
85	if (confirm_box(true))
86	{
87	/** @var \phpbb\attachment\manager $attachment_manager */
88	$attachment_manager = $phpbb_container->get('attachment.manager');
89	$attachment_manager->delete('attach', $delete_ids);
90	unset($attachment_manager);
91
92	meta_refresh(3, $this->u_action);
93	$message = ((count($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
94	trigger_error($message);
95	}
96	else
97	{
98	confirm_box(false, (count($delete_ids) == 1) ? 'DELETE_ATTACHMENT' : 'DELETE_ATTACHMENTS', build_hidden_fields($s_hidden_fields));
99	}
100	}
101
102	// Select box eventually
103	$sort_key_text = array('a' => $user->lang['SORT_FILENAME'], 'b' => $user->lang['SORT_COMMENT'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
104	$sort_key_sql = array('a' => 'a.real_filename', 'b' => 'a.attach_comment', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
105
106	$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
107
108	$s_sort_key = '';
109	foreach ($sort_key_text as $key => $value)
110	{
111	$selected = ($sort_key == $key) ? ' selected="selected"' : '';
112	$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
113	}
114
115	$s_sort_dir = '';
116	foreach ($sort_dir_text as $key => $value)
117	{
118	$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
119	$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
120	}
121
122	if (!isset($sort_key_sql[$sort_key]))
123	{
124	$sort_key = 'a';
125	}
126
127	$order_by = $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
128
129	$sql = 'SELECT COUNT(attach_id) as num_attachments
130	FROM ' . ATTACHMENTS_TABLE . '
131	WHERE poster_id = ' . $user->data['user_id'] . '
132	AND is_orphan = 0';
133	$result = $db->sql_query($sql);
134	$num_attachments = $db->sql_fetchfield('num_attachments');
135	$db->sql_freeresult($result);
136
137	// Ensure start is a valid value
138	/* @var $pagination \phpbb\pagination */
139	$pagination = $phpbb_container->get('pagination');
140	$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
141
142	$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, pr.message_time as message_time, pt.folder_id, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status
143	FROM ' . ATTACHMENTS_TABLE . ' a
144	LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
145	LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
146	LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
147	LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
148	LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)
149	WHERE a.poster_id = ' . $user->data['user_id'] . "
150	AND a.is_orphan = 0
151	ORDER BY $order_by";
152	$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
153
154	$row_count = 0;
155	if ($row = $db->sql_fetchrow($result))
156	{
157	$template->assign_var('S_ATTACHMENT_ROWS', true);
158
159	do
160	{
161	if ($row['in_message'])
162	{
163	$view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}");
164	}
165	else
166	{
167	$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}";
168	}
169
170	$template->assign_block_vars('attachrow', array(
171	'ROW_NUMBER' => $row_count + ($start + 1),
172	'FILENAME' => $row['real_filename'],
173	'COMMENT' => bbcode_nl2br($row['attach_comment']),
174	'EXTENSION' => $row['extension'],
175	'SIZE' => get_formatted_filesize($row['filesize']),
176	'DOWNLOAD_COUNT' => $row['download_count'],
177	'POST_TIME' => $user->format_date($row['filetime']),
178	'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
179
180	'ATTACH_ID' => $row['attach_id'],
181	'POST_ID' => $row['post_msg_id'],
182	'TOPIC_ID' => $row['topic_id'],
183
184	'S_IN_MESSAGE' => $row['in_message'],
185	'S_LOCKED' => !$this->can_delete_file($row),
186
187	'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
188	'U_VIEW_TOPIC' => $view_topic)
189	);
190
191	$row_count++;
192	}
193	while ($row = $db->sql_fetchrow($result));
194	}
195	$db->sql_freeresult($result);
196
197	$base_url = $this->u_action . "&sk=$sort_key&sd=$sort_dir";
198	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start);
199
200	$template->assign_vars(array(
201	'TOTAL_ATTACHMENTS' => $num_attachments,
202	'NUM_ATTACHMENTS' => $user->lang('NUM_ATTACHMENTS', (int) $num_attachments),
203
204	'L_TITLE' => $user->lang['UCP_ATTACHMENTS'],
205
206	'U_SORT_FILENAME' => $this->u_action . "&sk=a&sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'),
207	'U_SORT_FILE_COMMENT' => $this->u_action . "&sk=b&sd=" . (($sort_key == 'b' && $sort_dir == 'a') ? 'd' : 'a'),
208	'U_SORT_EXTENSION' => $this->u_action . "&sk=c&sd=" . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'),
209	'U_SORT_FILESIZE' => $this->u_action . "&sk=d&sd=" . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'),
210	'U_SORT_DOWNLOADS' => $this->u_action . "&sk=e&sd=" . (($sort_key == 'e' && $sort_dir == 'a') ? 'd' : 'a'),
211	'U_SORT_POST_TIME' => $this->u_action . "&sk=f&sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'),
212	'U_SORT_TOPIC_TITLE' => $this->u_action . "&sk=g&sd=" . (($sort_key == 'g' && $sort_dir == 'a') ? 'd' : 'a'),
213
214	'S_DISPLAY_MARK_ALL' => ($num_attachments) ? true : false,
215	'S_DISPLAY_PAGINATION' => ($num_attachments) ? true : false,
216	'S_UCP_ACTION' => $this->u_action,
217	'S_SORT_OPTIONS' => $s_sort_key,
218	'S_ORDER_SELECT' => $s_sort_dir)
219	);
220
221	$this->tpl_name = 'ucp_attachments';
222	$this->page_title = 'UCP_ATTACHMENTS';
223	}
224
225	/**
226	* Check if the user can delete the file
227	*
228	* @param array $row
229	*
230	* @return bool True if user can delete the file, false if not
231	*/
232	private function can_delete_file(array $row): bool
233	{
234	global $auth, $config;
235
236	if ($row['in_message'])
237	{
238	return ($row['message_time'] > (time() - ($config['pm_edit_time'] * 60)) \|\| !$config['pm_edit_time']) && $row['folder_id'] == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit');
239	}
240	else
241	{
242	$can_edit_time = !$config['edit_time'] \|\| $row['post_time'] > (time() - ($config['edit_time'] * 60));
243	$can_delete_time = !$config['delete_time'] \|\| $row['post_time'] > (time() - ($config['delete_time'] * 60));
244	$item_locked = !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED \|\| $row['topic_status'] == ITEM_LOCKED \|\| $row['post_edit_locked']);
245
246	return !$item_locked && $can_edit_time && $can_delete_time;
247	}
248	}
249	}