diff -Naur /Users/james/Downloads/comment_upload/comment_upload.info /Users/james/Desktop/comment_upload/comment_upload.info
--- /Users/james/Downloads/comment_upload/comment_upload.info 2008-01-30 13:00:13.000000000 -0800
+++ /Users/james/Desktop/comment_upload/comment_upload.info 2008-04-04 14:41:23.000000000 -0700
@@ -1,10 +1,7 @@
-; $ID$
+; $Id: comment_upload.info,v 1.3 2008/04/04 08:48:11 jamesandres Exp $
name = Comment upload
description = Allows users to attach files to comments.
-dependencies = upload comment
-
-; Information added by drupal.org packaging script on 2008-01-30
-version = "5.x-0.1"
-project = "comment_upload"
-datestamp = "1201726813"
-
+dependencies[] = upload
+dependencies[] = comment
+version = VERSION
+core = 6.x
\ No newline at end of file
diff -Naur /Users/james/Downloads/comment_upload/comment_upload.install /Users/james/Desktop/comment_upload/comment_upload.install
--- /Users/james/Downloads/comment_upload/comment_upload.install 2007-02-06 03:38:19.000000000 -0800
+++ /Users/james/Desktop/comment_upload/comment_upload.install 2008-04-04 14:41:24.000000000 -0700
@@ -1,99 +1,67 @@
= 0),
- nid int_unsigned NOT NULL default 0,
- cid int_unsigned NOT NULL default 0,
- filename varchar(255) NOT NULL default '',
- filepath varchar(255) NOT NULL default '',
- filemime varchar(255) NOT NULL default '',
- filesize int_unsigned NOT NULL default 0,
- description varchar(255) NOT NULL default '',
- list smallint_unsigned NOT NULL default 0,
- PRIMARY KEY (fid)
- )");
- db_query("CREATE INDEX {comment_upload_files}_nid_idx ON {comment_upload_files} (nid)");
- break;
- }
-}
-
-function comment_upload_update_1() {
- $ret = array();
- $ret[] = update_sql("ALTER TABLE {comment_files} ADD nid int NOT NULL default '0'");
-
- // loop through all the comment upload records and populate the nid column
- $results = db_query("SELECT c.cid, c.nid FROM {comments} c WHERE c.cid IN (SELECT DISTINCT cf.cid FROM {comment_files} cf)");
- while ($c = db_fetch_object($results)) {
- $ret[] = update_sql("UPDATE {comment_files} SET nid = $c->nid WHERE cid = $c->cid");
- }
- return $ret;
+ drupal_install_schema('comment_upload');
}
/**
- * Move previously saved data from {files}, {file_revisions} and {comment_files}
- * into {comment_upload_files}.
- */
-function comment_upload_update_2() {
- $ret = array();
- $ret[] = update_sql("CREATE TABLE {comment_upload_files} (
- `fid` int(10) unsigned NOT NULL default '0',
- `nid` int(10) unsigned NOT NULL default '0',
- `cid` int NOT NULL default '0',
- `filename` varchar(255) NOT NULL default '',
- `filepath` varchar(255) NOT NULL default '',
- `filemime` varchar(255) NOT NULL default '',
- `filesize` int(10) unsigned NOT NULL default '0',
- description varchar(255) NOT NULL default '',
- list tinyint(1) unsigned NOT NULL default 0,
- PRIMARY KEY (`fid`)
- ) /*!40100 DEFAULT CHARACTER SET utf8 */;");
-
- $max_fid = db_result(db_query("SELECT MAX(fid) FROM {comment_files}"));
- $results = db_query("SELECT f.fid, cf.nid, cf.cid, cf.cid, f.filename, f.filepath, f.filemime, f.filesize, r.list, r.description FROM {files} f INNER JOIN {file_revisions} r ON f.fid = r.fid INNER JOIN {comment_files} cf ON f.fid = cf.fid WHERE f.nid = 0");
-
- while ($c = db_fetch_object($results)) {
- db_query("INSERT INTO {comment_upload_files} (fid, nid, cid, filename, filepath, filemime, filesize, description, list) VALUES(%d, %d, %d, '%s', '%s', '%s', %d, '%s', %d)", $c->fid, $c->nid, $c->cid, $c->filename, $c->filepath, $c->filemime, $c->filesize, $c->description, $c->list);
- db_query("DELETE FROM {files} WHERE fid = %d", $c->fid);
- db_query("DELETE FROM {file_revisions} WHERE fid = %d", $c->fid);
- }
- if ($max_fid) {
- $ret[] = update_sql("INSERT INTO {sequences} (name, id) VALUES('" . db_prefix_tables('{comment_upload_files}'). "_fid', $max_fid)");
- }
- $ret[] = update_sql("DROP TABLE {comment_files}");
- return $ret;
+ * Implementation of hook_uninstall()
+ **/
+function comment_upload_uninstall() {
+ drupal_uninstall_schema('comment_upload');
}
/**
- * Update column cid to be an unsigned int (MySQL only).
- * Add index on nid.
- */
-function comment_upload_update_3() {
- $ret = array();
- switch ($GLOBALS['db_type']) {
- case 'mysql':
- case 'mysqli':
- $ret[] = update_sql("ALTER TABLE {comment_upload_files} CHANGE COLUMN cid cid int unsigned NOT NULL default '0'");
- $ret[] = update_sql("ALTER TABLE {comment_upload_files} ADD INDEX(nid)");
- break;
- }
- return $ret;
+ * Implementation of hook_schema()
+ **/
+function comment_upload_schema() {
+ $schema['comment_upload'] = array(
+ 'description' => t('Stores associations between comments and files.'),
+ 'fields' => array(
+ 'fid' => array(
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'description' => t('Primary Key: The {files}.fid.'),
+ ),
+ 'cid' => array(
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'description' => t('Primary Key: The {comments}.cid.'),
+ ),
+ 'description' => array(
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'not null' => TRUE,
+ 'default' => '',
+ 'description' => t('Description of the uploaded file.'),
+ ),
+ 'list' => array(
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'size' => 'tiny',
+ 'description' => t('Whether the file should be visibly listed on the node: yes(1) or no(0).'),
+ ),
+ 'weight' => array(
+ 'type' => 'int',
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'size' => 'tiny',
+ 'description' => t('Weight of this upload in relation to other uploads in this node.'),
+ ),
+ ),
+ 'primary key' => array('fid', 'cid'),
+ 'indexes' => array('fid' => array('fid'), 'cid' => array('cid')),
+ );
+
+ return $schema;
}
\ No newline at end of file
diff -Naur /Users/james/Downloads/comment_upload/comment_upload.module /Users/james/Desktop/comment_upload/comment_upload.module
--- /Users/james/Downloads/comment_upload/comment_upload.module 2008-01-30 12:51:22.000000000 -0800
+++ /Users/james/Desktop/comment_upload/comment_upload.module 2008-04-04 14:41:24.000000000 -0700
@@ -1,5 +1,5 @@
cid : $comment['cid'];
$cid = is_array($cid) ? $cid['#value'] : $cid;
- switch ($op) {
+ switch ($op) {
case 'form':
+ // drupal_set_message('$_SESSION: ' . var_export($_SESSION, 1) . '
');
$node = node_load($comment['nid']['#value']);
- if (!user_access('upload files') || !variable_get('comment_upload_'. $node->type, 1)) {
+
+ if (!user_access('upload files') || !variable_get('comment_upload_'. $node->type, 0)) {
break;
}
- $cobj->cid = $cid;
- $cobj->files = _comment_upload_load_files($cid);
- _upload_prepare($cobj);
+
+ // CHANGED: jamesandres; (object) array( ... ) syntax is more correct since we're properly setting the variable's type. Avoids PHP notices too.
+ $cobj = (object) array(
+ 'cid' => $cid,
+ 'files' => _comment_upload_load_files($cid),
+ );
+
$form = array('#attributes' => array('enctype' => 'multipart/form-data'));
+
if (variable_get('comment_upload_single', 0)) {
$form['upload'] = array(
- '#type' => 'file',
+ '#type' => 'file',
'#title' => t('Attachment'),
'#size' => 50,
'#description' => !empty($cobj->files) ? t('You already have a file uploaded, if you upload another it will overwrite the current one.') :''
);
}
else {
- drupal_add_js('misc/progress.js');
- drupal_add_js('misc/upload.js');
+ // drupal_add_js('misc/progress.js');
+ // drupal_add_js('misc/upload.js');
// Attachments fieldset
$form['attachments'] = array(
@@ -54,7 +61,7 @@
_upload_preview_node_form($form['attachments']['wrapper']['files'], 0);
}
- $form['attachments']['wrapper']['attach-url']['#value'] = url('comment_upload/js', NULL, NULL, TRUE);
+ // $form['attachments']['wrapper']['attach-url']['#value'] = url('comment_upload/js', array('absolute' => TRUE));
$form['current']['cid'] = array('#type' => 'hidden', '#value' => $cid);
unset($form['attachments']['wrapper']['current']['vid']);
}
@@ -68,8 +75,10 @@
// Failure to implement the cast led to a security issue, see
// "SA-2008-015 - Comment Upload - Arbitrary file upload" for details.
- $comment_copy = (object) $comment;
- _upload_validate($comment_copy);
+ // $comment_copy = (object) $comment;
+
+ // TODO: Update the file_save_upload() call to set a validator.
+ // _upload_validate($comment_copy);
break;
case 'insert':
@@ -110,8 +119,8 @@
/**
* Hook into node type and upload settings forms.
*/
-function comment_upload_form_alter($form_id, &$form) {
- if ($form_id == 'node_type_form') {
+function comment_upload_form_alter(&$form, $form_state, $form_id) {
+ if ($form_id == 'node_type_form' && isset($form['identity']['type'])) {
$form['workflow']['comment_upload'] = array(
'#type' => 'radios',
'#title' => t('Attachments on comments'),
@@ -134,19 +143,22 @@
'#options' => array(t('Normal attachment'), t('Inline display')),
'#description' => t('Show uploaded image with comment or use a normal attachment link (single attachment mode only)'),
);
+ } else if ($form_id == 'comment_form') {
+ // HACK: Abuse of the comment hook for a short while until this module is properly upgraded to Drupal 6.x
+ $form_additions = comment_upload_comment($form, 'form');
+ $form = array_merge($form, $form_additions);
}
}
-function comment_upload_menu($may_cache) {
- $items = array();
- if ($may_cache) {
- $items[] = array(
- 'path' => 'comment_upload/js',
- 'callback' => 'comment_upload_js',
- 'access' => user_access('upload files'),
- 'type' => MENU_CALLBACK
- );
- }
+/**
+ * Implementation of hook_menu()
+ **/
+function comment_upload_menu() {
+ $items['comment_upload/js'] = array(
+ 'callback' => 'comment_upload_js',
+ 'access' => user_access('upload files'),
+ 'type' => MENU_CALLBACK
+ );
return $items;
}
@@ -161,8 +173,8 @@
$comment->files = _comment_upload_load_files($comment->cid);
// Handle new uploads, and merge tmp files into node-files.
- _upload_prepare($comment);
- _upload_validate($comment);
+ // _upload_prepare($comment);
+ // _upload_validate($comment);
$form = _upload_form($comment);
@@ -196,7 +208,15 @@
// Cache all for this node to avoid one query per comment
if (!isset($cache[$nid])) {
$cache[$nid] = array();
- $result = db_query('SELECT * FROM {comment_upload_files} f WHERE f.nid = %d ORDER BY f.fid DESC', $nid);
+ $result = db_query(
+ 'SELECT cu.*, f.*
+ FROM {comments} c
+ INNER JOIN {comment_upload} cu ON c.cid = cu.fid
+ INNER JOIN {files} f ON cu.fid = f.fid
+ WHERE c.nid = %d
+ ORDER BY cu.weight ASC',
+ $nid
+ );
while ($file = db_fetch_object($result)) {
$cache[$nid][$file->cid][] = $file;
}
@@ -204,9 +224,9 @@
return $cache[$nid][$cid];
}
else if ($cid) {
- $result = db_query('SELECT * FROM {comment_upload_files} f WHERE f.cid = %d ORDER BY f.fid DESC', $cid);
+ $result = db_query('SELECT cu.*, f.* FROM {comment_upload} cu INNER JOIN {files} f ON cu.fid = f.fid WHERE cu.cid = %d ORDER BY cu.weight ASC', $cid);
while ($file = db_fetch_object($result)) {
- $files[] = $file;
+ $files[$file->fid] = $file;
}
return $files;
}
@@ -217,41 +237,46 @@
return;
}
+ $weight = 0;
foreach ($comment['files'] as $file) {
$file = (object)$file;
// Remove file. Process removals first since no further processing will be required.
if ($file->remove) {
- // Remove file previews...
- if (strpos($file->fid, 'upload') !== false) {
- file_delete($file->filepath);
- }
+ // Remove the file from disk
+ file_delete($file->filepath);
- // Remove managed files.
- else {
- file_delete($file->filepath);
- db_query('DELETE FROM {comment_upload_files} WHERE fid = %d', $file->fid);
+ // Remove orphaned record
+ if (strpos($file->fid, 'upload')) {
+ db_query('DELETE FROM {comment_upload} WHERE fid = %d', $file->fid);
}
}
- // New file upload
- elseif (strpos($file->fid, 'upload') !== false) {
- if ($file = file_save_upload($file, $file->filename)) {
- // Overwrite existing in single-attachment mode
- if (variable_get('comment_upload_single', 0) && isset($comment['files'][0])) {
- db_query("UPDATE {comment_upload_files} SET filename = '%s', filepath = '%s', filemime = '%s', filesize = %d WHERE fid = %d", $file->filename, $file->filepath, $file->filemime, $file->filesize, $comment['files'][0]['fid']);
- }
- else {
- $file->fid = db_next_id('{comment_upload_files}_fid');
- db_query("INSERT INTO {comment_upload_files} (fid, nid, cid, filename, filepath, filemime, filesize, description, list) VALUES (%d, %d, %d, '%s', '%s', '%s', %d, '%s', %d)", $file->fid, $comment['nid'], $comment['cid'], $file->filename, $file->filepath, $file->filemime, $file->filesize, $file->description, $file->list);
- }
- }
- unset($_SESSION['file_previews'][$fid]);
- }
+ // NOTE: This is obslete, AFAIK, because the core handles this.
+ // // New file upload
+ // elseif (strpos($file->fid, 'upload') !== false) {
+ // if ($file = file_save_upload($file, $file->filename)) {
+ // // Overwrite existing in single-attachment mode
+ // if (variable_get('comment_upload_single', 0) && isset($comment['files'][0])) {
+ // // db_query("UPDATE {comment_upload} SET filename = '%s', filepath = '%s', filemime = '%s', filesize = %d WHERE fid = %d", $file->filename, $file->filepath, $file->filemime, $file->filesize, $comment['files'][0]['fid']);
+ // }
+ // else {
+ // // $file->fid = db_next_id('{comment_upload}_fid');
+ // // db_query("INSERT INTO {comment_upload} (fid, nid, cid, filename, filepath, filemime, filesize, description, list) VALUES (%d, %d, %d, '%s', '%s', '%s', %d, '%s', %d)", $file->fid, $comment['nid'], $comment['cid'], $file->filename, $file->filepath, $file->filemime, $file->filesize, $file->description, $file->list);
+ // }
+ // }
+ // unset($_SESSION['upload_files'][$fid]);
+ // }
- // Update existing description.
+ // Update the link from files table to comments table.
else {
- db_query("UPDATE {comment_upload_files} SET list = %d, description = '%s' WHERE fid = %d", $file->list, $file->description, $file->fid);
+ db_query("REPLACE INTO {comment_upload} (fid, cid, description, list, weight) VALUES (%d, %d, '%s', %d, %d)", $file->fid, $comment['cid'], $file->description, $file->list, $weight);
+ $weight += 1;
+
+ file_set_status($file, FILE_STATUS_PERMANENT);
+ unset($_SESSION['upload_files'][$file->fid]);
+
+ drupal_set_message("File #{$file->fid} linked to comment #{$comment['cid']}");
}
}
}
@@ -266,7 +291,7 @@
if (!empty($files)) {
foreach ($files as $file) {
file_delete($file->filepath);
- db_query('DELETE FROM {comment_upload_files} WHERE fid = %d', $file->fid);
+ db_query('DELETE FROM {comment_upload} WHERE fid = %d', $file->fid);
}
}
}
@@ -278,12 +303,25 @@
*/
function comment_upload_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
if ($op == 'delete') {
- $result = db_query("SELECT * FROM {comment_upload_files} WHERE nid = %d", $node->nid);
+ // Get all files, attached to comments, that belong to $node.
+ $result = db_query(
+ "SELECT cu.*, f.*
+ FROM {comment_upload} cu
+ INNER JOIN {files} f ON cu.fid = f.fid
+ INNER JOIN {comments} c ON cu.cid = c.cid
+ WHERE c.nid = %d",
+ $node->nid
+ );
+ $fids = array();
while ($file = db_fetch_object($result)) {
- file_delete($file->filepath);
+ $fids[] = $file->fid;
+ file_delete($file->filepath);
+ }
+
+ if (count($fids)) {
+ // Delete all comments, might as well do a single query for efficiency.
+ db_query("DELETE FROM {comment_upload} WHERE fid IN ('%s')", implode("', '", $fids));
}
- // Delete all comments
- db_query("DELETE FROM {comment_upload_files} WHERE nid = %d", $node->nid);
}
}
@@ -306,7 +344,7 @@
if (preg_match($regex, $file->filename)) {
unset($files[$key]);
$href = check_url(strpos($file->fid, 'upload') === false ? file_create_url($file->filepath) : url(file_create_filename($file->filename, file_create_path())));
- $html .= '
';
+ $html .= '
';
}
}
}
@@ -325,7 +363,7 @@
*/
function comment_upload_file_download($file) {
$file = file_create_path($file);
- $result = db_query("SELECT f.* FROM {comment_upload_files} f WHERE filepath = '%s'", $file);
+ $result = db_query("SELECT f.* FROM {comment_upload} f WHERE filepath = '%s'", $file);
if ($file = db_fetch_object($result)) {
if (user_access('view uploaded files')) {
$node = node_load($file->nid);