From 93b4dd1d83cc4c2aa03f0155db9c91b1ffc19904 Mon Sep 17 00:00:00 2001 From: Paul Dale Smith Date: Fri, 7 Apr 2017 10:13:45 +0100 Subject: [PATCH] Check if files in the default system need updating. 2867311 --- file_upload_security.module | 70 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 59 insertions(+), 11 deletions(-) diff --git a/file_upload_security.module b/file_upload_security.module index 296bed8..a3ec4b5 100644 --- a/file_upload_security.module +++ b/file_upload_security.module @@ -300,28 +300,76 @@ function file_upload_security_fix_fields(&$files = array()) { * Passed by reference to collect fids that may require moving on server. */ function file_upload_security_fix_webforms(&$files = array()) { - $query = db_select('webform_component', 'c') - ->fields('c', array('cid')) - ->condition('extra', '%s:6:"scheme";s:6:"public"%', 'LIKE') - ->condition('type', 'file'); - - $query->leftJoin('webform_submitted_data', 's', 's.cid = c.cid AND s.nid = c.nid'); - $query->fields('s', array('data')); - $query->isNotNull('data'); - - $fids = $query->execute()->fetchAllKeyed(1, 1); + $fids = file_upload_security_get_webform_files(); if ($fids) { $files = $files + $fids; } - $update = db_update('webform_component') + db_update('webform_component') ->expression('extra', 'REPLACE(extra, :public_scheme, :private_scheme)', array( ':public_scheme' => 's:6:"scheme";s:6:"public"', ':private_scheme' => 's:6:"scheme";s:7:"private"', )) ->condition('type', 'file') ->execute(); + + if (variable_get('file_default_scheme', FALSE) !== 'private') { + $select = db_select('webform_component', 'c') + ->fields('c', array('cid', 'extra')) + ->condition('extra', '%s:6:"scheme";%', 'NOT LIKE') + ->condition('type', 'file'); + + $expression = 'CASE'; + $cids = array(); + + foreach ($select->execute() as $component) { + $extra = unserialize($component->extra); + $extra['scheme'] = 'private'; + $component->extra = serialize($extra); + $expression .= " WHEN cid = " . $component->cid . " THEN '" . $component->extra . "'\n"; + $cids[] = $component->cid; + } + + if ($expression !== 'CASE') { + $expression .= ' END'; + + db_update('webform_component') + ->condition('cid', $cids, 'IN') + ->expression('extra', $expression) + ->execute(); + + $fids = $fids + file_upload_security_get_webform_files($cids); + } + } +} + +/** + * Helper to return file ids of files stored in webform fields. + * + * @param array $cids + * An array of cids to return results for. Defaults to all in public storage. + * + * @return mixed + * The keyed result of a db query. + */ +function file_upload_security_get_webform_files($cids = array()) { + $query = db_select('webform_component', 'c') + ->fields('c', array('cid')) + ->condition('type', 'file'); + + if ($cids) { + $query->condition('cid', $cids, 'IN'); + } + else { + $query->condition('extra', '%s:6:"scheme";s:6:"public"%', 'LIKE'); + } + + $query->leftJoin('webform_submitted_data', 's', 's.cid = c.cid AND s.nid = c.nid'); + $query->fields('s', array('data')); + $query->isNotNull('data'); + + return $query->execute()->fetchAllKeyed(1, 1); } /** -- 2.7.4 (Apple Git-66)