Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 133 |
|
0.00% |
0 / 2 |
CRAP | |
0.00% |
0 / 1 |
| ucp_attachments | |
0.00% |
0 / 131 |
|
0.00% |
0 / 2 |
2450 | |
0.00% |
0 / 1 |
| main | |
0.00% |
0 / 124 |
|
0.00% |
0 / 1 |
1406 | |||
| can_delete_file | |
0.00% |
0 / 7 |
|
0.00% |
0 / 1 |
156 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * |
| 4 | * This file is part of the phpBB Forum Software package. |
| 5 | * |
| 6 | * @copyright (c) phpBB Limited <https://www.phpbb.com> |
| 7 | * @license GNU General Public License, version 2 (GPL-2.0) |
| 8 | * |
| 9 | * For full copyright and license information, please see |
| 10 | * the docs/CREDITS.txt file. |
| 11 | * |
| 12 | */ |
| 13 | |
| 14 | /** |
| 15 | * @ignore |
| 16 | */ |
| 17 | |
| 18 | use phpbb\controller\helper; |
| 19 | |
| 20 | if (!defined('IN_PHPBB')) |
| 21 | { |
| 22 | exit; |
| 23 | } |
| 24 | |
| 25 | /** |
| 26 | * ucp_attachments |
| 27 | * User attachments |
| 28 | */ |
| 29 | class ucp_attachments |
| 30 | { |
| 31 | var $u_action; |
| 32 | |
| 33 | function main($id, $mode) |
| 34 | { |
| 35 | global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth; |
| 36 | |
| 37 | /** @var helper $controller_helper */ |
| 38 | $controller_helper = $phpbb_container->get('controller.helper'); |
| 39 | |
| 40 | $start = $request->variable('start', 0); |
| 41 | $sort_key = $request->variable('sk', 'a'); |
| 42 | $sort_dir = $request->variable('sd', 'a'); |
| 43 | |
| 44 | $delete = (isset($_POST['delete'])) ? true : false; |
| 45 | $delete_ids = array_keys($request->variable('attachment', array(0))); |
| 46 | |
| 47 | if ($delete && count($delete_ids)) |
| 48 | { |
| 49 | // Validate $delete_ids... |
| 50 | $sql = 'SELECT a.attach_id, a.in_message, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status, pt.folder_id |
| 51 | FROM ' . ATTACHMENTS_TABLE . ' a |
| 52 | LEFT JOIN ' . POSTS_TABLE . ' p |
| 53 | ON (a.post_msg_id = p.post_id AND a.in_message = 0) |
| 54 | LEFT JOIN ' . TOPICS_TABLE . ' t |
| 55 | ON (t.topic_id = p.topic_id AND a.in_message = 0) |
| 56 | LEFT JOIN ' . FORUMS_TABLE . ' f |
| 57 | ON (f.forum_id = t.forum_id AND a.in_message = 0) |
| 58 | LEFT JOIN ' . PRIVMSGS_TABLE . ' pr |
| 59 | ON (a.post_msg_id = pr.msg_id AND a.in_message = 1) |
| 60 | LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt |
| 61 | ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1) |
| 62 | WHERE a.poster_id = ' . $user->data['user_id'] . ' |
| 63 | AND a.is_orphan = 0 |
| 64 | AND ' . $db->sql_in_set('a.attach_id', $delete_ids); |
| 65 | $result = $db->sql_query($sql); |
| 66 | |
| 67 | $delete_ids = array(); |
| 68 | while ($row = $db->sql_fetchrow($result)) |
| 69 | { |
| 70 | if (!$this->can_delete_file($row)) |
| 71 | { |
| 72 | continue; |
| 73 | } |
| 74 | |
| 75 | $delete_ids[] = $row['attach_id']; |
| 76 | } |
| 77 | $db->sql_freeresult($result); |
| 78 | } |
| 79 | |
| 80 | if ($delete && count($delete_ids)) |
| 81 | { |
| 82 | $s_hidden_fields = array( |
| 83 | 'delete' => 1 |
| 84 | ); |
| 85 | |
| 86 | foreach ($delete_ids as $attachment_id) |
| 87 | { |
| 88 | $s_hidden_fields['attachment'][$attachment_id] = 1; |
| 89 | } |
| 90 | |
| 91 | if (confirm_box(true)) |
| 92 | { |
| 93 | /** @var \phpbb\attachment\manager $attachment_manager */ |
| 94 | $attachment_manager = $phpbb_container->get('attachment.manager'); |
| 95 | $attachment_manager->delete('attach', $delete_ids); |
| 96 | unset($attachment_manager); |
| 97 | |
| 98 | meta_refresh(3, $this->u_action); |
| 99 | $message = ((count($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); |
| 100 | trigger_error($message); |
| 101 | } |
| 102 | else |
| 103 | { |
| 104 | confirm_box(false, (count($delete_ids) == 1) ? 'DELETE_ATTACHMENT' : 'DELETE_ATTACHMENTS', build_hidden_fields($s_hidden_fields)); |
| 105 | } |
| 106 | } |
| 107 | |
| 108 | // Select box eventually |
| 109 | $sort_key_text = array('a' => $user->lang['SORT_FILENAME'], 'b' => $user->lang['SORT_COMMENT'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']); |
| 110 | $sort_key_sql = array('a' => 'a.real_filename', 'b' => 'a.attach_comment', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title'); |
| 111 | |
| 112 | $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); |
| 113 | |
| 114 | $s_sort_key = ''; |
| 115 | foreach ($sort_key_text as $key => $value) |
| 116 | { |
| 117 | $selected = ($sort_key == $key) ? ' selected="selected"' : ''; |
| 118 | $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; |
| 119 | } |
| 120 | |
| 121 | $s_sort_dir = ''; |
| 122 | foreach ($sort_dir_text as $key => $value) |
| 123 | { |
| 124 | $selected = ($sort_dir == $key) ? ' selected="selected"' : ''; |
| 125 | $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; |
| 126 | } |
| 127 | |
| 128 | if (!isset($sort_key_sql[$sort_key])) |
| 129 | { |
| 130 | $sort_key = 'a'; |
| 131 | } |
| 132 | |
| 133 | $order_by = $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC'); |
| 134 | |
| 135 | $sql = 'SELECT COUNT(attach_id) as num_attachments |
| 136 | FROM ' . ATTACHMENTS_TABLE . ' |
| 137 | WHERE poster_id = ' . $user->data['user_id'] . ' |
| 138 | AND is_orphan = 0'; |
| 139 | $result = $db->sql_query($sql); |
| 140 | $num_attachments = $db->sql_fetchfield('num_attachments'); |
| 141 | $db->sql_freeresult($result); |
| 142 | |
| 143 | // Ensure start is a valid value |
| 144 | /* @var $pagination \phpbb\pagination */ |
| 145 | $pagination = $phpbb_container->get('pagination'); |
| 146 | $start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments); |
| 147 | |
| 148 | $sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, pr.message_time as message_time, pt.folder_id, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status |
| 149 | FROM ' . ATTACHMENTS_TABLE . ' a |
| 150 | LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0) |
| 151 | LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0) |
| 152 | LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0) |
| 153 | LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1) |
| 154 | LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1) |
| 155 | WHERE a.poster_id = ' . $user->data['user_id'] . " |
| 156 | AND a.is_orphan = 0 |
| 157 | ORDER BY $order_by"; |
| 158 | $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); |
| 159 | |
| 160 | $row_count = 0; |
| 161 | if ($row = $db->sql_fetchrow($result)) |
| 162 | { |
| 163 | $template->assign_var('S_ATTACHMENT_ROWS', true); |
| 164 | |
| 165 | do |
| 166 | { |
| 167 | if ($row['in_message']) |
| 168 | { |
| 169 | $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}"); |
| 170 | } |
| 171 | else |
| 172 | { |
| 173 | $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}"; |
| 174 | } |
| 175 | |
| 176 | $template->assign_block_vars('attachrow', array( |
| 177 | 'ROW_NUMBER' => $row_count + ($start + 1), |
| 178 | 'FILENAME' => $row['real_filename'], |
| 179 | 'COMMENT' => bbcode_nl2br($row['attach_comment']), |
| 180 | 'EXTENSION' => $row['extension'], |
| 181 | 'SIZE' => get_formatted_filesize($row['filesize']), |
| 182 | 'DOWNLOAD_COUNT' => $row['download_count'], |
| 183 | 'POST_TIME' => $user->format_date($row['filetime']), |
| 184 | 'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'], |
| 185 | |
| 186 | 'ATTACH_ID' => $row['attach_id'], |
| 187 | 'POST_ID' => $row['post_msg_id'], |
| 188 | 'TOPIC_ID' => $row['topic_id'], |
| 189 | |
| 190 | 'S_IN_MESSAGE' => $row['in_message'], |
| 191 | 'S_LOCKED' => !$this->can_delete_file($row), |
| 192 | |
| 193 | 'U_VIEW_ATTACHMENT' => $controller_helper->route( |
| 194 | 'phpbb_storage_attachment', |
| 195 | [ |
| 196 | 'id' => (int) $row['attach_id'], |
| 197 | 'filename' => $row['real_filename'], |
| 198 | ] |
| 199 | ), |
| 200 | 'U_VIEW_TOPIC' => $view_topic) |
| 201 | ); |
| 202 | |
| 203 | $row_count++; |
| 204 | } |
| 205 | while ($row = $db->sql_fetchrow($result)); |
| 206 | } |
| 207 | $db->sql_freeresult($result); |
| 208 | |
| 209 | $base_url = $this->u_action . "&sk=$sort_key&sd=$sort_dir"; |
| 210 | $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start); |
| 211 | |
| 212 | $template->assign_vars(array( |
| 213 | 'TOTAL_ATTACHMENTS' => $num_attachments, |
| 214 | 'NUM_ATTACHMENTS' => $user->lang('NUM_ATTACHMENTS', (int) $num_attachments), |
| 215 | |
| 216 | 'L_TITLE' => $user->lang['UCP_ATTACHMENTS'], |
| 217 | |
| 218 | 'U_SORT_FILENAME' => $this->u_action . "&sk=a&sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), |
| 219 | 'U_SORT_FILE_COMMENT' => $this->u_action . "&sk=b&sd=" . (($sort_key == 'b' && $sort_dir == 'a') ? 'd' : 'a'), |
| 220 | 'U_SORT_EXTENSION' => $this->u_action . "&sk=c&sd=" . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'), |
| 221 | 'U_SORT_FILESIZE' => $this->u_action . "&sk=d&sd=" . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'), |
| 222 | 'U_SORT_DOWNLOADS' => $this->u_action . "&sk=e&sd=" . (($sort_key == 'e' && $sort_dir == 'a') ? 'd' : 'a'), |
| 223 | 'U_SORT_POST_TIME' => $this->u_action . "&sk=f&sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), |
| 224 | 'U_SORT_TOPIC_TITLE' => $this->u_action . "&sk=g&sd=" . (($sort_key == 'g' && $sort_dir == 'a') ? 'd' : 'a'), |
| 225 | |
| 226 | 'S_DISPLAY_MARK_ALL' => ($num_attachments) ? true : false, |
| 227 | 'S_DISPLAY_PAGINATION' => ($num_attachments) ? true : false, |
| 228 | 'S_UCP_ACTION' => $this->u_action, |
| 229 | 'S_SORT_OPTIONS' => $s_sort_key, |
| 230 | 'S_ORDER_SELECT' => $s_sort_dir) |
| 231 | ); |
| 232 | |
| 233 | $this->tpl_name = 'ucp_attachments'; |
| 234 | $this->page_title = 'UCP_ATTACHMENTS'; |
| 235 | } |
| 236 | |
| 237 | /** |
| 238 | * Check if the user can delete the file |
| 239 | * |
| 240 | * @param array $row |
| 241 | * |
| 242 | * @return bool True if user can delete the file, false if not |
| 243 | */ |
| 244 | private function can_delete_file(array $row): bool |
| 245 | { |
| 246 | global $auth, $config; |
| 247 | |
| 248 | if ($row['in_message']) |
| 249 | { |
| 250 | return ($row['message_time'] > (time() - ($config['pm_edit_time'] * 60)) || !$config['pm_edit_time']) && $row['folder_id'] == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit'); |
| 251 | } |
| 252 | else |
| 253 | { |
| 254 | $can_edit_time = !$config['edit_time'] || $row['post_time'] > (time() - ($config['edit_time'] * 60)); |
| 255 | $can_delete_time = !$config['delete_time'] || $row['post_time'] > (time() - ($config['delete_time'] * 60)); |
| 256 | $item_locked = !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']); |
| 257 | |
| 258 | return !$item_locked && $can_edit_time && $can_delete_time; |
| 259 | } |
| 260 | } |
| 261 | } |