Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.784
diff -u -p -r1.784 common.inc
--- includes/common.inc 14 Aug 2008 09:21:49 -0000 1.784
+++ includes/common.inc 14 Aug 2008 21:33:20 -0000
@@ -1819,7 +1819,7 @@ function drupal_build_css_cache($types,
$data = implode('', $matches[0]) . $data;
// Create the CSS file.
- file_save_data($data, $csspath . '/' . $filename, FILE_EXISTS_REPLACE);
+ file_save_data_plain($data, $csspath . '/' . $filename, FILE_EXISTS_REPLACE);
}
return $csspath . '/' . $filename;
}
@@ -1920,7 +1920,7 @@ function _drupal_load_stylesheet($matche
* Delete all cached CSS files.
*/
function drupal_clear_css_cache() {
- file_scan_directory(file_create_path('css'), '.*', array('.', '..', 'CVS'), 'file_delete', TRUE);
+ file_scan_directory(file_create_path('css'), '.*', array('.', '..', 'CVS'), 'file_delete_plain', TRUE);
}
/**
@@ -2283,7 +2283,7 @@ function drupal_build_js_cache($files, $
}
// Create the JS file.
- file_save_data($contents, $jspath . '/' . $filename, FILE_EXISTS_REPLACE);
+ file_save_data_plain($contents, $jspath . '/' . $filename, FILE_EXISTS_REPLACE);
}
return $jspath . '/' . $filename;
@@ -2294,6 +2294,7 @@ function drupal_build_js_cache($files, $
*/
function drupal_clear_js_cache() {
file_scan_directory(file_create_path('js'), '.*', array('.', '..', 'CVS'), 'file_delete', TRUE);
+ file_scan_directory(file_create_path('js'), '.*', array('.', '..', 'CVS'), 'file_delete_plain', TRUE);
variable_set('javascript_parsed', array());
}
Index: includes/file.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/file.inc,v
retrieving revision 1.128
diff -u -p -r1.128 file.inc
--- includes/file.inc 14 Aug 2008 12:10:47 -0000 1.128
+++ includes/file.inc 14 Aug 2008 21:33:21 -0000
@@ -29,17 +29,18 @@ define('FILE_DOWNLOADS_PUBLIC', 1);
define('FILE_DOWNLOADS_PRIVATE', 2);
/**
- * Flag used by file_create_directory() -- create directory if not present.
+ * Flag used by file_check_directory() -- create directory if not present.
*/
define('FILE_CREATE_DIRECTORY', 1);
/**
- * Flag used by file_create_directory() -- file permissions may be changed.
+ * Flag used by file_check_directory() -- file permissions may be changed.
*/
define('FILE_MODIFY_PERMISSIONS', 2);
/**
- * Flag for dealing with existing files: Append number until filename is unique.
+ * Flag for dealing with existing files: Append number until filename is
+ * unique.
*/
define('FILE_EXISTS_RENAME', 0);
@@ -77,7 +78,8 @@ define('FILE_STATUS_PERMANENT', 1);
* @return A string containing a URL that can be used to download the file.
*/
function file_create_url($path) {
- // Strip file_directory_path from $path. We only include relative paths in urls.
+ // Strip file_directory_path from $path. We only include relative paths in
+ // URLs.
if (strpos($path, file_directory_path() . '/') === 0) {
$path = trim(substr($path, strlen(file_directory_path())), '\\/');
}
@@ -93,28 +95,30 @@ function file_create_url($path) {
* Make sure the destination is a complete path and resides in the file system
* directory, if it is not prepend the file system directory.
*
- * @param $dest A string containing the path to verify. If this value is
+ * @param $destination A string containing the path to verify. If this value is
* omitted, Drupal's 'files' directory will be used.
* @return A string containing the path to file, with file system directory
* appended if necessary, or FALSE if the path is invalid (i.e. outside the
* configured 'files' or temp directories).
*/
-function file_create_path($dest = 0) {
+function file_create_path($destination = NULL) {
$file_path = file_directory_path();
- if (!$dest) {
+ if (!$destination) {
return $file_path;
}
- // file_check_location() checks whether the destination is inside the Drupal files directory.
- if (file_check_location($dest, $file_path)) {
- return $dest;
- }
- // check if the destination is instead inside the Drupal temporary files directory.
- else if (file_check_location($dest, file_directory_temp())) {
- return $dest;
+ // file_check_location() checks whether the destination is inside the Drupal
+ // files directory.
+ if (file_check_location($destination, $file_path)) {
+ return $destination;
+ }
+ // Check if the destination is instead inside the Drupal temporary files
+ // directory.
+ else if (file_check_location($destination, file_directory_temp())) {
+ return $destination;
}
// Not found, try again with prefixed directory path.
- else if (file_check_location($file_path . '/' . $dest, $file_path)) {
- return $file_path . '/' . $dest;
+ else if (file_check_location($file_path . '/' . $destination, $file_path)) {
+ return $file_path . '/' . $destination;
}
// File not found.
return FALSE;
@@ -133,7 +137,7 @@ function file_create_path($dest = 0) {
* work, a form error will be set preventing them from saving the settings.
* @return FALSE when directory not found, or TRUE when directory exists.
*/
-function file_check_directory(&$directory, $mode = 0, $form_item = NULL) {
+function file_check_directory(&$directory, $mode = FALSE, $form_item = NULL) {
$directory = rtrim($directory, '/\\');
// Check if directory exists.
@@ -152,9 +156,13 @@ function file_check_directory(&$director
// Check to see if the directory is writable.
if (!is_writable($directory)) {
- if (($mode & FILE_MODIFY_PERMISSIONS) && !@chmod($directory, 0775)) {
- form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory)));
- watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR);
+ // If not able to modify permissions, or if able to, but chmod
+ // fails, return false.
+ if (!$mode || (($mode & FILE_MODIFY_PERMISSIONS) && !@chmod($directory, 0775))) {
+ if ($form_item) {
+ form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory)));
+ watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR);
+ }
return FALSE;
}
}
@@ -202,7 +210,8 @@ function file_check_path(&$path) {
/**
* Check if a file is really located inside $directory. Should be used to make
* sure a file specified is really located within the directory to prevent
- * exploits.
+ * exploits. Note that the file or path being checked does not actually need
+ * to exist yet.
*
* @code
* // Returns FALSE:
@@ -211,7 +220,8 @@ function file_check_path(&$path) {
*
* @param $source A string set to the file to check.
* @param $directory A string where the file should be located.
- * @return FALSE for invalid path or the real path of the source.
+ * @return FALSE if the path does not exist in the directory;
+ * otherwise, the real path of the source.
*/
function file_check_location($source, $directory = '') {
$check = realpath($source);
@@ -219,7 +229,7 @@ function file_check_location($source, $d
$source = $check;
}
else {
- // This file does not yet exist
+ // This file does not yet exist.
$source = realpath(dirname($source)) . '/' . basename($source);
}
$directory = realpath($directory);
@@ -230,67 +240,107 @@ function file_check_location($source, $d
}
/**
- * Copies a file to a new location. This is a powerful function that in many ways
+ * Copy a file to a new location and adds a file record to the database.
+ *
+ * This function should be used when manipulating files that have records
+ * stored in the database. This is a powerful function that in many ways
* performs like an advanced version of copy().
- * - Checks if $source and $dest are valid and readable/writable.
- * - Performs a file copy if $source is not equal to $dest.
- * - If file already exists in $dest either the call will error out, replace the
- * file or rename the file based on the $replace parameter.
- *
- * @param $source A string specifying the file location of the original file.
- * This parameter will contain the resulting destination filename in case of
- * success.
- * @param $dest A string containing the directory $source should be copied to.
- * If this value is omitted, Drupal's 'files' directory will be used.
- * @param $replace Replace behavior when the destination file already exists.
- * - FILE_EXISTS_REPLACE - Replace the existing file
- * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique
+ * - Checks if $source and $destination are valid and readable/writable.
+ * - Performs a file copy if $source is not equal to $destination.
+ * - If file already exists in $destination either the call will error out,
+ * replace the file or rename the file based on the $replace parameter.
+ * - Adds the new file to the files database. If the source file is a
+ * temporary file, the resulting file will also be a temporary file.
+ * @see file_save_upload about temporary files.
+ *
+ * @param $source
+ * A file object.
+ * @param $destination
+ * A string containing the directory $source should be copied to. If this
+ * value is omitted, Drupal's 'files' directory will be used.
+ * @param $replace
+ * Replace behavior when the destination file already exists:
+ * - FILE_EXISTS_REPLACE - Replace the existing file.
+ * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
+ * unique.
* - FILE_EXISTS_ERROR - Do nothing and return FALSE.
- * @return True for success, FALSE for failure.
+ * @return
+ * File object if the copy is successful, or FALSE in the event of an error.
+ *
+ * @see file_copy_plain()
*/
-function file_copy(&$source, $dest = 0, $replace = FILE_EXISTS_RENAME) {
- $dest = file_create_path($dest);
-
- $directory = $dest;
- $basename = file_check_path($directory);
-
- // Make sure we at least have a valid directory.
- if ($basename === FALSE) {
- $source = is_object($source) ? $source->filepath : $source;
- drupal_set_message(t('The selected file %file could not be uploaded, because the destination %directory is not properly configured.', array('%file' => $source, '%directory' => $dest)), 'error');
- watchdog('file system', 'The selected file %file could not be uploaded, because the destination %directory could not be found, or because its permissions do not allow the file to be written.', array('%file' => $source, '%directory' => $dest), WATCHDOG_ERROR);
- return FALSE;
- }
-
- // Process a file upload object.
- if (is_object($source)) {
- $file = $source;
- $source = $file->filepath;
- if (!$basename) {
- $basename = $file->filename;
+function file_copy($source, $destination = NULL, $replace = FILE_EXISTS_RENAME) {
+ if ($result = file_copy_plain($source->filepath, $destination, $replace)) {
+ $file = clone $source;
+ $file->fid = NULL;
+ $file->filename = basename($result);
+ $file->filepath = $result;
+ if ($file = file_save($file)) {
+ module_invoke_all('file_copy', $file, $source);
+ return $file;
}
}
+ return FALSE;
+}
+/**
+ * Copy a file to a new location without saving a record in the database.
+ *
+ * This is a powerful function that in many ways performs like an advanced
+ * version of copy().
+ * - Checks if $source and $destination are valid and readable/writable.
+ * - Performs a file copy if $source is not equal to $destination.
+ * - If file already exists in $destination either the call will error out,
+ * replace the file or rename the file based on the $replace parameter.
+ *
+ * @param $source
+ * A string specifying the file location of the original file.
+ * @param $destination
+ * A string containing the directory $source should be copied to. If this
+ * value is omitted, Drupal's 'files' directory will be used.
+ * @param $replace
+ * Replace behavior when the destination file already exists:
+ * - FILE_EXISTS_REPLACE - Replace the existing file.
+ * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
+ * unique.
+ * - FILE_EXISTS_ERROR - Do nothing and return FALSE.
+ * @return
+ * The path to the new file, or FALSE in the event of an error.
+ *
+ * @see file_copy()
+ */
+function file_copy_plain($source, $destination = NULL, $replace = FILE_EXISTS_RENAME) {
$source = realpath($source);
if (!file_exists($source)) {
drupal_set_message(t('The selected file %file could not be copied, because no file by that name exists. Please check that you supplied the correct filename.', array('%file' => $source)), 'error');
return FALSE;
}
- // If the destination file is not specified then use the filename of the source file.
+ $destination = file_create_path($destination);
+ $directory = $destination;
+ $basename = file_check_path($directory);
+
+ // Make sure we at least have a valid directory.
+ if ($basename === FALSE) {
+ drupal_set_message(t('The selected file %file could not be copied, because the destination %directory is not properly configured.', array('%file' => $source, '%directory' => $destination)), 'error');
+ return FALSE;
+ }
+
+ // If the destination file is not specified then use the filename of the
+ // source file.
$basename = $basename ? $basename : basename($source);
- $dest = $directory . '/' . $basename;
+ $destination = $directory . '/' . $basename;
- // Make sure source and destination filenames are not the same, makes no sense
- // to copy it if they are. In fact copying the file will most likely result in
- // a 0 byte file. Which is bad. Real bad.
- if ($source != realpath($dest)) {
- if (!$dest = file_destination($dest, $replace)) {
+ // Make sure source and destination filenames are not the same, makes no
+ // sense to copy it if they are. In fact copying the file will most likely
+ // result in a 0 byte file. Which is bad. Real bad.
+ if ($source != realpath($destination)) {
+ if (!$destination = file_destination($destination, $replace)) {
drupal_set_message(t('The selected file %file could not be copied, because a file by that name already exists in the destination.', array('%file' => $source)), 'error');
return FALSE;
}
- if (!@copy($source, $dest)) {
+ if (!@copy($source, $destination)) {
drupal_set_message(t('The selected file %file could not be copied.', array('%file' => $source)), 'error');
return FALSE;
}
@@ -299,19 +349,10 @@ function file_copy(&$source, $dest = 0,
// non-webserver users can see/read these files,
// and give group write permissions so group members
// can alter files uploaded by the webserver.
- @chmod($dest, 0664);
+ @chmod($destination, 0664);
}
- if (isset($file) && is_object($file)) {
- $file->filename = $basename;
- $file->filepath = $dest;
- $source = $file;
- }
- else {
- $source = $dest;
- }
-
- return TRUE; // Everything went ok.
+ return $destination;
}
/**
@@ -320,9 +361,9 @@ function file_copy(&$source, $dest = 0,
*
* @param $destination A string specifying the desired path.
* @param $replace Replace behavior when the destination file already exists.
- * - FILE_EXISTS_REPLACE - Replace the existing file
+ * - FILE_EXISTS_REPLACE - Replace the existing file.
* - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
- * unique
+ * unique.
* - FILE_EXISTS_ERROR - Do nothing and return FALSE.
* @return The destination file path or FALSE if the file already exists and
* FILE_EXISTS_ERROR was specified.
@@ -330,6 +371,10 @@ function file_copy(&$source, $dest = 0,
function file_destination($destination, $replace) {
if (file_exists($destination)) {
switch ($replace) {
+ case FILE_EXISTS_REPLACE:
+ // Do nothing here, we want to overwrite the existing file.
+ break;
+
case FILE_EXISTS_RENAME:
$basename = basename($destination);
$directory = dirname($destination);
@@ -345,38 +390,75 @@ function file_destination($destination,
}
/**
- * Moves a file to a new location.
- * - Checks if $source and $dest are valid and readable/writable.
- * - Performs a file move if $source is not equal to $dest.
- * - If file already exists in $dest either the call will error out, replace the
- * file or rename the file based on the $replace parameter.
- *
- * @param $source A string specifying the file location of the original file.
- * This parameter will contain the resulting destination filename in case of
- * success.
- * @param $dest A string containing the directory $source should be copied to.
- * If this value is omitted, Drupal's 'files' directory will be used.
- * @param $replace Replace behavior when the destination file already exists.
- * - FILE_EXISTS_REPLACE - Replace the existing file
- * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique
+ * Move a file to a new location and update the file's database entry.
+ *
+ * Moving a file is performed by copying the file to the new location and then
+ * deleting the original.
+ * - Checks if $source and $destination are valid and readable/writable.
+ * - Performs a file move if $source is not equal to $destination.
+ * - If file already exists in $destination either the call will error out,
+ * replace the file or rename the file based on the $replace parameter.
+ * - Adds the new file to the files database.
+ *
+ * @param $source
+ * A file object.
+ * @param $destination
+ * A string containing the directory $source should be copied to. If this
+ * value is omitted, Drupal's 'files' directory will be used.
+ * @param $replace
+ * Replace behavior when the destination file already exists:
+ * - FILE_EXISTS_REPLACE - Replace the existing file.
+ * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
+ * unique.
* - FILE_EXISTS_ERROR - Do nothing and return FALSE.
- * @return TRUE for success, FALSE for failure.
+ * @return
+ * Resulting file object for success, or FALSE in the event of an error.
+ *
+ * @see file_move_plain()
*/
-function file_move(&$source, $dest = 0, $replace = FILE_EXISTS_RENAME) {
- $path_original = is_object($source) ? $source->filepath : $source;
-
- if (file_copy($source, $dest, $replace)) {
- $path_current = is_object($source) ? $source->filepath : $source;
-
- if ($path_original == $path_current || file_delete($path_original)) {
- return TRUE;
+function file_move($source, $destination = NULL, $replace = FILE_EXISTS_RENAME) {
+ if ($result = file_move_plain($source->filepath, $destination, $replace)) {
+ $file = clone $source;
+ $file->filename = basename($result);
+ $file->filepath = $result;
+ if ($file = file_save($file)) {
+ module_invoke_all('file_move', $file, $source);
+ return $file;
}
- drupal_set_message(t('The removal of the original file %file has failed.', array('%file' => $path_original)), 'error');
+ drupal_set_message(t('The removal of the original file %file has failed.', array('%file' => $source->filepath)), 'error');
}
return FALSE;
}
/**
+ * Move a file to a new location.
+ *
+ * @param $source
+ * A string specifying the file location of the original file.
+ * @param $destination
+ * A string containing the directory $source should be copied to. If this
+ * value is omitted, Drupal's 'files' directory will be used.
+ * @param $replace
+ * Replace behavior when the destination file already exists:
+ * - FILE_EXISTS_REPLACE - Replace the existing file.
+ * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
+ * unique.
+ * - FILE_EXISTS_ERROR - Do nothing and return FALSE.
+ * @return
+ * The filepath of the moved file, or FALSE in the event of an error.
+ *
+ * @see file_move()
+ */
+function file_move_plain($source, $destination = NULL, $replace = FILE_EXISTS_RENAME) {
+ if ($result = file_copy_plain($source, $destination, $replace)) {
+ if (!file_delete_plain($source)) {
+ $result = FALSE;
+ }
+ }
+ return $result;
+}
+
+/**
* Munge the filename as needed for security purposes. For instance the file
* name "exploit.php.pps" would become "exploit.php_.pps".
*
@@ -438,9 +520,9 @@ function file_unmunge_filename($filename
* @return
*/
function file_create_filename($basename, $directory) {
- $dest = $directory . '/' . $basename;
+ $destination = $directory . '/' . $basename;
- if (file_exists($dest)) {
+ if (file_exists($destination)) {
// Destination file already exists, generate an alternative.
if ($pos = strrpos($basename, '.')) {
$name = substr($basename, 0, $pos);
@@ -452,45 +534,106 @@ function file_create_filename($basename,
$counter = 0;
do {
- $dest = $directory . '/' . $name . '_' . $counter++ . $ext;
- } while (file_exists($dest));
+ $destination = $directory . '/' . $name . '_' . $counter++ . $ext;
+ } while (file_exists($destination));
}
- return $dest;
+ return $destination;
+}
+
+/**
+ * Delete a file and its database record.
+ *
+ * @param $path
+ * A file object.
+ * @param $force
+ * Boolean indicating that the file should be deleted even if
+ * hook_file_references() reports that the file is in use.
+ * @return mixed
+ * TRUE for success, Array for reference count block, or FALSE in the event
+ * of an error.
+ *
+ * @see hook_file_references()
+ * @see file_delete_plain()
+ */
+function file_delete($file, $force = FALSE) {
+ // If any module returns a value from the reference hook, the
+ // file will not be deleted from Drupal, but file_delete will
+ // return a populated array that tests as TRUE.
+ if (!$force && ($references = module_invoke_all('file_references', $file))) {
+ return $references;
+ }
+
+ // Let other modules clean up on delete.
+ module_invoke_all('file_delete', $file);
+
+ // Make sure the file is deleted before removing its row from the
+ // database, so UIs can still find the file in the database.
+ if (file_delete_plain($file->filepath)) {
+ db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
+ return TRUE;
+ }
+ return FALSE;
}
/**
* Delete a file.
*
- * @param $path A string containing a file path.
- * @return TRUE for success, FALSE for failure.
+ * This function should be used when the file to be deleted does not have an
+ * entry recorded in the files table.
+ *
+ * @param $path
+ * A string containing a file path.
+ * @return
+ * TRUE for success or path does not exist, or FALSE in the event of an
+ * error.
+ *
+ * @see file_delete()
*/
-function file_delete($path) {
+function file_delete_plain($path) {
+ if (is_dir($path)) {
+ watchdog('file', t('%path is a directory and cannot be removed with file_delete_plain.', array('%path' => $path)), WATCHDOG_ERROR);
+ return FALSE;
+ }
if (is_file($path)) {
return unlink($path);
}
+ // Return TRUE for non-existant file, but log that nothing was actually
+ // deleted, as the intended result of file_delete_plain is in fact the
+ // current state.
+ if (!file_exists($path)) {
+ watchdog('file', t('The file %path was not deleted, because it does not exist.', array('%path' => $path)), WATCHDOG_NOTICE);
+ return TRUE;
+ }
+ // Catch all for everything else: sockets, symbolic links, etc.
+ return FALSE;
}
/**
* Determine total disk space used by a single user or the whole filesystem.
*
* @param $uid
- * An optional user id. A NULL value returns the total space used
- * by all files.
+ * Optional. A user id, specifying NULL returns the total space used by all
+ * non-temporary files.
+ * @param $status
+ * Optional. File Status to return. Combine with a bitwise OR(|) to return
+ * multiple statuses. The default status is FILE_STATUS_PERMANENT.
+ * @return
+ * An integer containing the number of bytes used.
*/
-function file_space_used($uid = NULL) {
+function file_space_used($uid = NULL, $status = FILE_STATUS_PERMANENT) {
if (isset($uid)) {
- return (int) db_result(db_query('SELECT SUM(filesize) FROM {files} WHERE uid = %d', $uid));
+ return (int)db_result(db_query('SELECT SUM(filesize) FROM {files} WHERE uid = %d AND status & %d', $uid, $status));
}
- return (int) db_result(db_query('SELECT SUM(filesize) FROM {files}'));
+ return (int)db_result(db_query('SELECT SUM(filesize) FROM {files} WHERE status & %d', $status));
}
/**
* Saves a file upload to a new location. The source file is validated as a
* proper upload and handled as such.
*
- * The file will be added to the files table as a temporary file. Temporary files
- * are periodically cleaned. To make the file permanent file call
+ * The file will be added to the files table as a temporary file. Temporary
+ * files are periodically cleaned. To make the file permanent file call
* file_set_status() to change its status.
*
* @param $source
@@ -502,7 +645,7 @@ function file_space_used($uid = NULL) {
* functions should return an array of error messages, an empty array
* indicates that the file passed validation. The functions will be called in
* the order specified.
- * @param $dest
+ * @param $destination
* A string containing the directory $source should be copied to. If this is
* not provided or is not writable, the temporary directory will be used.
* @param $replace
@@ -510,25 +653,27 @@ function file_space_used($uid = NULL) {
* destination directory should overwritten. A false value will generate a
* new, unique filename in the destination directory.
* @return
- * An object containing the file information, or FALSE in the event of an error.
+ * An object containing the file information, or FALSE in the event of an
+ * error.
*/
-function file_save_upload($source, $validators = array(), $dest = FALSE, $replace = FILE_EXISTS_RENAME) {
+function file_save_upload($source, $validators = array(), $destination = FALSE, $replace = FILE_EXISTS_RENAME) {
global $user;
static $upload_cache;
- // Add in our check of the the file name length.
- $validators['file_validate_name_length'] = array();
-
// Return cached objects without processing since the file will have
// already been processed and the paths in _FILES will be invalid.
if (isset($upload_cache[$source])) {
return $upload_cache[$source];
}
+ // Add in our check of the the file name length.
+ $validators['file_validate_name_length'] = array();
+
+
// If a file was uploaded, process it.
if (isset($_FILES['files']) && $_FILES['files']['name'][$source] && is_uploaded_file($_FILES['files']['tmp_name'][$source])) {
- // Check for file upload errors and return FALSE if a
- // lower level system error occurred.
+ // Check for file upload errors and return FALSE if a lower level system
+ // error occurred.
switch ($_FILES['files']['error'][$source]) {
// @see http://php.net/manual/en/features.file-upload.errors.php
case UPLOAD_ERR_OK:
@@ -560,9 +705,12 @@ function file_save_upload($source, $vali
// Begin building file object.
$file = new stdClass();
+ $file->uid = $user->uid;
+ $file->status = FILE_STATUS_TEMPORARY;
$file->filename = file_munge_filename(trim(basename($_FILES['files']['name'][$source]), '.'), $extensions);
$file->filepath = $_FILES['files']['tmp_name'][$source];
$file->filemime = file_get_mimetype($file->filename);
+ $file->filesize = $_FILES['files']['size'][$source];
// Rename potentially executable files, to help prevent exploits.
if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
@@ -573,26 +721,28 @@ function file_save_upload($source, $vali
// If the destination is not provided, or is not writable, then use the
// temporary directory.
- if (empty($dest) || file_check_path($dest) === FALSE) {
- $dest = file_directory_temp();
+ if (empty($destination) || file_check_path($destination) === FALSE) {
+ $destination = file_directory_temp();
}
$file->source = $source;
- $file->destination = file_destination(file_create_path($dest . '/' . $file->filename), $replace);
- $file->filesize = $_FILES['files']['size'][$source];
+ $file->destination = file_destination(file_create_path($destination . '/' . $file->filename), $replace);
- // Call the validation functions.
+ // Call the validation functions specified by this function's caller.
$errors = array();
foreach ($validators as $function => $args) {
array_unshift($args, $file);
$errors = array_merge($errors, call_user_func_array($function, $args));
}
- // Check for validation errors.
+ // Let other modules perform validation on the new file.
+ $errors = array_merge($errors, module_invoke_all('file_validate', $file));
+
+ // Check for errors.
if (!empty($errors)) {
$message = t('The selected file %name could not be uploaded.', array('%name' => $file->filename));
if (count($errors) > 1) {
- $message .= '- ' . implode('
- ', $errors) . '
';
+ $message .= theme('item_list', $errors);
}
else {
$message .= ' ' . array_pop($errors);
@@ -601,8 +751,9 @@ function file_save_upload($source, $vali
return FALSE;
}
- // Move uploaded files from PHP's upload_tmp_dir to Drupal's temporary directory.
- // This overcomes open_basedir restrictions for future file operations.
+ // Move uploaded files from PHP's upload_tmp_dir to Drupal's temporary
+ // directory. This overcomes open_basedir restrictions for future file
+ // operations.
$file->filepath = $file->destination;
if (!move_uploaded_file($_FILES['files']['tmp_name'][$source], $file->filepath)) {
form_set_error($source, t('File upload error. Could not move uploaded file.'));
@@ -610,15 +761,11 @@ function file_save_upload($source, $vali
return FALSE;
}
- // If we made it this far it's safe to record this file in the database.
- $file->uid = $user->uid;
- $file->status = FILE_STATUS_TEMPORARY;
- $file->timestamp = time();
- drupal_write_record('files', $file);
-
- // Add file to the cache.
- $upload_cache[$source] = $file;
- return $file;
+ if ($file = file_save($file)) {
+ // Add file to the cache.
+ $upload_cache[$source] = $file;
+ return $file;
+ }
}
return FALSE;
}
@@ -634,6 +781,9 @@ function file_save_upload($source, $vali
function file_validate_name_length($file) {
$errors = array();
+ if (empty($file->filename)) {
+ $errors[] = t('Its name is empty. Please give a name to the file.');
+ }
if (strlen($file->filename) > 255) {
$errors[] = t('Its name exceeds the 255 characters limit. Please rename the file and try again.');
}
@@ -649,7 +799,8 @@ function file_validate_name_length($file
* @param $extensions
* A string with a space separated
* @return
- * An array. If the file extension is not allowed, it will contain an error message.
+ * An array. If the file extension is not allowed, it will contain an error
+ * message.
*/
function file_validate_extensions($file, $extensions) {
global $user;
@@ -676,10 +827,11 @@ function file_validate_extensions($file,
* An integer specifying the maximum file size in bytes. Zero indicates that
* no limit should be enforced.
* @param $$user_limit
- * An integer specifying the maximum number of bytes the user is allowed. Zero
- * indicates that no limit should be enforced.
+ * An integer specifying the maximum number of bytes the user is allowed.
+ * Zero indicates that no limit should be enforced.
* @return
- * An array. If the file size exceeds limits, it will contain an error message.
+ * An array. If the file size exceeds limits, it will contain an error
+ * message.
*/
function file_validate_size($file, $file_limit = 0, $user_limit = 0) {
global $user;
@@ -724,15 +876,16 @@ function file_validate_is_image(&$file)
* maximum and minimum dimensions. Non-image files will be ignored.
*
* @param $file
- * A Drupal file object. This function may resize the file affecting its size.
+ * A Drupal file object. This function may resize the file affecting its
+ * size.
* @param $maximum_dimensions
* An optional string in the form WIDTHxHEIGHT e.g. '640x480' or '85x85'. If
* an image toolkit is installed the image will be resized down to these
* dimensions. A value of 0 indicates no restriction on size, so resizing
* will be attempted.
* @param $minimum_dimensions
- * An optional string in the form WIDTHxHEIGHT. This will check that the image
- * meets a minimum size. A value of 0 indicates no restriction.
+ * An optional string in the form WIDTHxHEIGHT. This will check that the
+ * image meets a minimum size. A value of 0 indicates no restriction.
* @return
* An array. If the file is an image and did not meet the requirements, it
* will contain an error message.
@@ -774,47 +927,102 @@ function file_validate_image_resolution(
}
/**
- * Save a string to the specified destination.
+ * Save a string to the specified destination and create a database file entry.
*
- * @param $data A string containing the contents of the file.
- * @param $dest A string containing the destination location.
- * @param $replace Replace behavior when the destination file already exists.
- * - FILE_EXISTS_REPLACE - Replace the existing file
- * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique
+ * @param $data
+ * A string containing the contents of the file.
+ * @param $destination
+ * A string containing the destination location. If no value is provided
+ * then a randomly name will be generated and the file saved in Drupal's
+ * files directory.
+ * @param $replace
+ * Replace behavior when the destination file already exists:
+ * - FILE_EXISTS_REPLACE - Replace the existing file.
+ * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
+ * unique.
* - FILE_EXISTS_ERROR - Do nothing and return FALSE.
+ * @return
+ * A string containing the resulting filename or FALSE on error
*
- * @return A string containing the resulting filename or FALSE on error
+ * @see file_save_data_plain()
*/
-function file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME) {
- $temp = file_directory_temp();
- // On Windows, tempnam() requires an absolute path, so we use realpath().
- $file = tempnam(realpath($temp), 'file');
- if (!$fp = fopen($file, 'wb')) {
- drupal_set_message(t('The file could not be created.'), 'error');
- return FALSE;
+function file_save_data($data, $destination = NULL, $replace = FILE_EXISTS_RENAME) {
+ global $user;
+
+ if ($filepath = file_save_data_plain($data, $destination, $replace)) {
+ // Create a file object.
+ $file = new stdClass();
+ $file->filepath = $filepath;
+ $file->filename = basename($file->filepath);
+ $file->filemime = 'text/plain';
+ $file->uid = $user->uid;
+ $file->status = FILE_STATUS_PERMANENT;
+ return file_save($file);
}
- fwrite($fp, $data);
- fclose($fp);
+ return FALSE;
+}
+
+/**
+ * Save a string to the specified destination.
+ *
+ * This function is identical to file_save_data() except the file will not be
+ * saved to the files table.
+ *
+ * @param $data
+ * A string containing the contents of the file.
+ * @param $destination
+ * A string containing the destination location. If no value is provided
+ * then a randomly name will be generated and the file saved in Drupal's
+ * files directory.
+ * @param $replace
+ * Replace behavior when the destination file already exists:
+ * - FILE_EXISTS_REPLACE - Replace the existing file.
+ * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
+ * unique.
+ * - FILE_EXISTS_ERROR - Do nothing and return FALSE.
+ * @return
+ * A string with the path of the resulting file, or FALSE on error.
+ *
+ * @see file_save_data()
+ */
+function file_save_data_plain($data, $destination = NULL, $replace = FILE_EXISTS_RENAME) {
+ global $user;
+
+ // TODO: we should get the new name and then call file_put_contents() on the
+ // renamed filename.
+
+ // Write the data to a temporary file.
+ $temp_name = tempnam(file_directory_temp(), 'file');
- if (!file_move($file, $dest, $replace)) {
+ if (file_put_contents($temp_name, $data) === FALSE) {
+ drupal_set_message(t('The file could not be created.'), 'error');
return FALSE;
}
- return $file;
+ // Move the file to its final destination.
+ return file_move_plain($temp_name, $destination, $replace);
}
/**
* Set the status of a file.
*
- * @param file A Drupal file object
- * @param status A status value to set the file to.
- * @return FALSE on failure, TRUE on success and $file->status will contain the
- * status.
+ * @param $file
+ * A Drupal file object.
+ * @param $status
+ * A status value to set the file to.
+ * - FILE_STATUS_TEMPORARY - A temporary file that Drupal's garbage
+ * collection will remove.
+ * - FILE_STATUS_PERMANENT - A permanent file that Drupal's garbage
+ * collection will not remove.
+ * @return
+ * File object if the change is successful, or FALSE in the event of an
+ * error.
*/
-function file_set_status(&$file, $status) {
+function file_set_status($file, $status = FILE_STATUS_PERMANENT) {
if (db_query('UPDATE {files} SET status = %d WHERE fid = %d', $status, $file->fid)) {
$file->status = $status;
- return TRUE;
+ module_invoke_all('file_status', $file);
+ return $file;
}
return FALSE;
}
@@ -823,8 +1031,10 @@ function file_set_status(&$file, $status
* Transfer file using http to client. Pipes a file through Drupal to the
* client.
*
- * @param $source File to transfer.
- * @param $headers An array of http headers to send along with file.
+ * @param $source
+ * String specifying the file path to transfer.
+ * @param $headers
+ * An array of http headers to send along with file.
*/
function file_transfer($source, $headers) {
ob_end_clean();
@@ -907,7 +1117,8 @@ function file_download() {
* @param $min_depth
* Minimum depth of directories to return files from.
* @param $depth
- * Current depth of recursion. This parameter is only used internally and should not be passed.
+ * Current depth of recursion. This parameter is only used internally and
+ * should not be passed.
*
* @return
* An associative array (keyed on the provided key) of objects with
@@ -926,7 +1137,8 @@ function file_scan_directory($dir, $mask
$files = array_merge(file_scan_directory("$dir/$file", $mask, $nomask, $callback, $recurse, $key, $min_depth, $depth + 1), $files);
}
elseif ($depth >= $min_depth && ereg($mask, $file)) {
- // Always use this match over anything already set in $files with the same $$key.
+ // Always use this match over anything already set in $files with the
+ // same $$key.
$filename = "$dir/$file";
$basename = basename($file);
$name = substr($basename, 0, strrpos($basename, '.'));
@@ -965,13 +1177,11 @@ function file_directory_temp() {
// Operating system specific dirs.
if (substr(PHP_OS, 0, 3) == 'WIN') {
- $directories[] = 'c:\\windows\\temp';
- $directories[] = 'c:\\winnt\\temp';
- $path_delimiter = '\\';
+ $directories[] = 'c:/windows/temp';
+ $directories[] = 'c:/winnt/temp';
}
else {
$directories[] = '/tmp';
- $path_delimiter = '/';
}
foreach ($directories as $directory) {
@@ -980,8 +1190,8 @@ function file_directory_temp() {
}
}
- // if a directory has been found, use it, otherwise default to 'files/tmp' or 'files\\tmp';
- $temporary_directory = $temporary_directory ? $temporary_directory : file_directory_path() . $path_delimiter . 'tmp';
+ // if a directory has been found, use it, otherwise default to 'files/tmp'
+ $temporary_directory = $temporary_directory ? $temporary_directory : file_directory_path() . '/tmp';
variable_set('file_directory_temp', $temporary_directory);
}
@@ -1001,7 +1211,8 @@ function file_directory_path() {
* Determine the maximum file upload size by querying the PHP settings.
*
* @return
- * A file size limit in bytes based on the PHP upload_max_filesize and post_max_size
+ * A file size limit in bytes based on the PHP upload_max_filesize and
+ * post_max_size
*/
function file_upload_max_size() {
static $max_size = -1;
@@ -1387,5 +1598,69 @@ function file_get_mimetype($filename, $m
}
/**
+ * Load a file object from the database.
+ *
+ * @param $file_id
+ * A numeric file id or string containing the file path.
+ * @param $reset
+ * Whether to reset the internal file_load cache.
+ * @return
+ * A file object.
+ */
+function file_load($file_id, $reset = NULL) {
+ static $files = array();
+
+ if ($reset) {
+ $files = array();
+ }
+
+ if (is_numeric($file_id)) {
+ if (isset($files[(string) $file_id])) {
+ return clone $files[$file_id];
+ }
+ $file = db_fetch_object(db_query('SELECT f.* FROM {files} f WHERE f.fid = %d', $file_id));
+ }
+ else {
+ $file = db_fetch_object(db_query("SELECT f.* FROM {files} f WHERE f.filepath = '%s'", $file_id));
+ }
+
+ if ($file && $file->fid) {
+ module_invoke_all('file_load', $file);
+
+ // Cache the fully loaded value.
+ $files[(string) $file->fid] = clone $file;
+ }
+
+ return $file;
+}
+
+/**
+ * Save a file object to the database.
+ *
+ * If the $file->fid is not set a new record will be added. Re-saving an
+ * existing file will not change its status.
+ *
+ * @param $file
+ * A file object returned by file_load().
+ * @return
+ * The updated file object.
+ */
+function file_save($file) {
+ $file->timestamp = time();
+ $file->filesize = filesize($file->filepath);
+
+ if (empty($file->fid)) {
+ drupal_write_record('files', $file);
+ module_invoke_all('file_insert', $file);
+ }
+ else {
+ drupal_write_record('files', $file, 'fid');
+ module_invoke_all('file_update', $file);
+ }
+
+ return $file;
+}
+
+/**
* @} End of "defgroup file".
*/
Index: modules/blogapi/blogapi.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/blogapi/blogapi.module,v
retrieving revision 1.120
diff -u -p -r1.120 blogapi.module
--- modules/blogapi/blogapi.module 23 Jul 2008 07:42:08 -0000 1.120
+++ modules/blogapi/blogapi.module 14 Aug 2008 21:33:21 -0000
@@ -379,12 +379,12 @@ function blogapi_metaweblog_new_media_ob
return blogapi_error(t('No file sent.'));
}
- if (!$file = file_save_data($data, $name)) {
+ if (!$filepath = file_save_data_plain($data, $name)) {
return blogapi_error(t('Error storing file.'));
}
// Return the successful result.
- return array('url' => file_create_url($file), 'struct');
+ return array('url' => file_create_url($filepath), 'struct');
}
/**
* Blogging API callback. Returns a list of the taxonomy terms that can be
Index: modules/simpletest/simpletest.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/simpletest.install,v
retrieving revision 1.6
diff -u -p -r1.6 simpletest.install
--- modules/simpletest/simpletest.install 13 Aug 2008 06:42:04 -0000 1.6
+++ modules/simpletest/simpletest.install 14 Aug 2008 21:33:21 -0000
@@ -33,7 +33,7 @@ function simpletest_install() {
$original = drupal_get_path('module', 'simpletest') . '/files';
$files = file_scan_directory($original, '(html|image|javascript|php|sql)-.*');
foreach ($files as $file) {
- file_copy($file->filename, $path . '/' . $file->basename);
+ file_copy($file->filepath, $path . '/' . $file->filename);
}
$generated = TRUE;
}
Index: modules/simpletest/simpletest.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/simpletest.module,v
retrieving revision 1.10
diff -u -p -r1.10 simpletest.module
--- modules/simpletest/simpletest.module 13 Aug 2008 06:42:04 -0000 1.10
+++ modules/simpletest/simpletest.module 14 Aug 2008 21:33:21 -0000
@@ -556,7 +556,7 @@ function simpletest_clean_temporary_dire
simpletest_clean_temporary_directory($file_path);
}
else {
- file_delete($file_path);
+ file_delete_plain($file_path);
}
}
}
Index: modules/system/system.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.admin.inc,v
retrieving revision 1.84
diff -u -p -r1.84 system.admin.inc
--- modules/system/system.admin.inc 9 Aug 2008 12:41:23 -0000 1.84
+++ modules/system/system.admin.inc 14 Aug 2008 21:33:21 -0000
@@ -338,9 +338,9 @@ function system_theme_settings(&$form_st
// The image was saved using file_save_upload() and was added to the
// files table as a temporary file. We'll make a copy and let the garbage
// collector delete the original upload.
- if (file_copy($file, $filename, FILE_EXISTS_REPLACE)) {
+ if ($filepath = file_copy_plain($file->filepath, $filename, FILE_EXISTS_REPLACE)) {
$_POST['default_logo'] = 0;
- $_POST['logo_path'] = $file->filepath;
+ $_POST['logo_path'] = $filepath;
$_POST['toggle_logo'] = 1;
}
}
@@ -353,9 +353,9 @@ function system_theme_settings(&$form_st
// The image was saved using file_save_upload() and was added to the
// files table as a temporary file. We'll make a copy and let the garbage
// collector delete the original upload.
- if (file_copy($file, $filename)) {
+ if ($filepath = file_copy_plain($file->filepath, $filename, FILE_EXISTS_REPLACE)) {
$_POST['default_favicon'] = 0;
- $_POST['favicon_path'] = $file->filepath;
+ $_POST['favicon_path'] = $filepath;
$_POST['toggle_favicon'] = 1;
}
}
Index: modules/system/system.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.module,v
retrieving revision 1.612
diff -u -p -r1.612 system.module
--- modules/system/system.module 2 Aug 2008 19:01:02 -0000 1.612
+++ modules/system/system.module 14 Aug 2008 21:33:21 -0000
@@ -1401,12 +1401,14 @@ function system_cron() {
if (file_exists($file->filepath)) {
// If files that exist cannot be deleted, continue so the database remains
// consistent.
- if (!file_delete($file->filepath)) {
- watchdog('file system', 'Could not delete temporary file "%path" during garbage collection', array('%path' => $file->filepath), 'error');
+ if (!file_delete($file)) {
+ watchdog('file system', t('Could not delete temporary file "%path" during garbage collection', array('%path' => $file->filepath)), 'error');
continue;
}
}
- db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
+ else {
+ db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
+ }
}
}
Index: modules/upload/upload.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/upload/upload.admin.inc,v
retrieving revision 1.10
diff -u -p -r1.10 upload.admin.inc
--- modules/upload/upload.admin.inc 16 Jul 2008 21:59:28 -0000 1.10
+++ modules/upload/upload.admin.inc 14 Aug 2008 21:33:21 -0000
@@ -74,11 +74,10 @@ function upload_admin_settings() {
'#field_suffix' => '' . t('WIDTHxHEIGHT') . ''
);
$form['settings_general']['upload_list_default'] = array(
- '#type' => 'select',
+ '#type' => 'checkbox',
'#title' => t('List files by default'),
'#default_value' => variable_get('upload_list_default', 1),
- '#options' => array(0 => t('No'), 1 => t('Yes')),
- '#description' => t('Display attached files when viewing a post.'),
+ '#description' => t('Determines whether attached files are shown to users by default.'),
);
$form['settings_general']['upload_extensions_default'] = array(
Index: modules/upload/upload.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/upload/upload.module,v
retrieving revision 1.205
diff -u -p -r1.205 upload.module
--- modules/upload/upload.module 24 Jul 2008 16:25:19 -0000 1.205
+++ modules/upload/upload.module 14 Aug 2008 21:33:21 -0000
@@ -263,6 +263,38 @@ function upload_form_alter(&$form, $form
}
/**
+ * Implementation of hook_file_load().
+ */
+function upload_file_load(&$file, $source = NULL) {
+ // Add the upload specific data into the file object.
+ $values = db_fetch_array(db_query('SELECT * FROM {upload} u WHERE u.fid = %d', $file->fid));
+ foreach ((array)$values as $key => $value) {
+ $file->{$key} = $value;
+ }
+}
+
+/**
+ * Implementation of hook_file_references().
+ */
+function upload_file_references(&$file, $source = NULL) {
+ // If upload.module is still using a file, do not let other modules delete it.
+ $count = db_result(db_query('SELECT count(*) FROM {upload} WHERE fid = %d', $file->fid));
+ if ($count) {
+ // return the name of the module and how many references it has to the file.
+ return array('upload' => $count);
+ }
+}
+
+/**
+ * Implementation of hook_file_delete().
+ */
+function upload_file_delete(&$file, $source = NULL) {
+ // Delete all information associated with the file.
+ db_query('DELETE FROM {upload} WHERE fid = %d', $file->fid);
+}
+
+
+/**
* Implementation of hook_nodeapi().
*/
function upload_nodeapi(&$node, $op, $teaser) {
@@ -406,13 +438,15 @@ function upload_save(&$node) {
// If the file isn't used by any other revisions delete it.
$count = db_result(db_query('SELECT COUNT(fid) FROM {upload} WHERE fid = %d', $fid));
if ($count < 1) {
- file_delete($file->filepath);
+ file_delete($file);
db_query('DELETE FROM {files} WHERE fid = %d', $fid);
}
// Remove it from the session in the case of new uploads,
// that you want to disassociate before node submission.
unset($_SESSION['upload_files'][$fid]);
+ // Try to clean up a file that is no longer in use.
+ file_delete($file);
// Move on, so the removed file won't be added to new revisions.
continue;
}
@@ -420,13 +454,12 @@ function upload_save(&$node) {
// Create a new revision, or associate a new file needed.
if (!empty($node->old_vid) || isset($_SESSION['upload_files'][$fid])) {
db_query("INSERT INTO {upload} (fid, nid, vid, list, description, weight) VALUES (%d, %d, %d, %d, '%s', %d)", $file->fid, $node->nid, $node->vid, $file->list, $file->description, $file->weight);
- file_set_status($file, FILE_STATUS_PERMANENT);
}
// Update existing revision.
else {
db_query("UPDATE {upload} SET list = %d, description = '%s', weight = %d WHERE fid = %d AND vid = %d", $file->list, $file->description, $file->weight, $file->fid, $node->vid);
- file_set_status($file, FILE_STATUS_PERMANENT);
}
+ file_set_status($file, FILE_STATUS_PERMANENT);
}
// Empty the session storage after save. We use this variable to track files
// that haven't been related to the node yet.
@@ -434,38 +467,23 @@ function upload_save(&$node) {
}
function upload_delete($node) {
- $files = array();
- $result = db_query('SELECT DISTINCT f.* FROM {upload} u INNER JOIN {files} f ON u.fid = f.fid WHERE u.nid = %d', $node->nid);
- while ($file = db_fetch_object($result)) {
- $files[$file->fid] = $file;
+ db_query('DELETE FROM {upload} WHERE nid = %d', $node->nid);
+ if (!is_array($node->files)) {
+ return;
}
-
- foreach ($files as $fid => $file) {
- // Delete all files associated with the node
- db_query('DELETE FROM {files} WHERE fid = %d', $fid);
- file_delete($file->filepath);
+ foreach($node->files as $file) {
+ file_delete($file);
}
-
- // Delete all file revision information associated with the node
- db_query('DELETE FROM {upload} WHERE nid = %d', $node->nid);
}
function upload_delete_revision($node) {
- if (is_array($node->files)) {
- foreach ($node->files as $file) {
- // Check if the file will be used after this revision is deleted
- $count = db_result(db_query('SELECT COUNT(fid) FROM {upload} WHERE fid = %d', $file->fid));
-
- // if the file won't be used, delete it
- if ($count < 2) {
- db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
- file_delete($file->filepath);
- }
- }
- }
-
- // delete the revision
db_query('DELETE FROM {upload} WHERE vid = %d', $node->vid);
+ if (!is_array($node->files)) {
+ return;
+ }
+ foreach ($node->files as $file) {
+ file_delete($file);
+ }
}
function _upload_form($node) {
@@ -479,11 +497,11 @@ function _upload_form($node) {
if (!empty($node->files) && is_array($node->files)) {
$form['files']['#theme'] = 'upload_form_current';
$form['files']['#tree'] = TRUE;
- foreach ($node->files as $key => $file) {
+ foreach ($node->files as $file) {
$file = (object)$file;
- $description = file_create_url($file->filepath);
- $description = "" . check_plain($description) . "";
- $form['files'][$key]['description'] = array('#type' => 'textfield', '#default_value' => !empty($file->description) ? $file->description : $file->filename, '#maxlength' => 256, '#description' => $description );
+ $key = $file->fid;
+
+ $form['files'][$key]['description'] = array('#type' => 'textfield', '#default_value' => !empty($file->description) ? $file->description : $file->filename, '#maxlength' => 256, '#description' => '' . file_create_url($file->filepath) . '');
$form['files'][$key]['size'] = array('#markup' => format_size($file->filesize));
$form['files'][$key]['remove'] = array('#type' => 'checkbox', '#default_value' => !empty($file->remove));
$form['files'][$key]['list'] = array('#type' => 'checkbox', '#default_value' => $file->list);
@@ -498,12 +516,26 @@ function _upload_form($node) {
if (user_access('upload files')) {
$limits = _upload_file_limits($user);
+
+ $limit_description = t('The maximum size of file uploads is %filesize. ', array('%filesize' => format_size($limits['file_size'])));
+ if (!empty($limits['resolution'])) {
+ if (image_get_toolkit()) {
+ $limit_description .= t('Images larger than %resolution will be resized. ', array('%resolution' => $limits['resolution']));
+ }
+ else {
+ $limit_description .= t('Images may not be larger than %resolution. ', array('%resolution' => $limits['resolution']));
+ }
+ }
+ if ($user->uid != 1) {
+ $limit_description .= t('Only files with the following extensions may be uploaded: %extensions. ', array('%extensions' => $limits['extensions']));
+ }
+
$form['new']['#weight'] = 10;
$form['new']['upload'] = array(
'#type' => 'file',
'#title' => t('Attach new file'),
'#size' => 40,
- '#description' => ($limits['resolution'] ? t('Images are larger than %resolution will be resized. ', array('%resolution' => $limits['resolution'])) : '') . t('The maximum upload size is %filesize. Only files with the following extensions may be uploaded: %extensions. ', array('%extensions' => $limits['extensions'], '%filesize' => format_size($limits['file_size']))),
+ '#description' => $limit_description,
);
$form['new']['attach'] = array(
'#type' => 'submit',
@@ -565,9 +597,9 @@ function upload_load($node) {
$files = array();
if ($node->vid) {
- $result = db_query('SELECT * FROM {files} f INNER JOIN {upload} r ON f.fid = r.fid WHERE r.vid = %d ORDER BY r.weight, f.fid', $node->vid);
+ $result = db_query('SELECT u.fid FROM {upload} u WHERE u.vid = %d ORDER BY u.fid', $node->vid);
while ($file = db_fetch_object($result)) {
- $files[$file->fid] = $file;
+ $files[$file->fid] = file_load($file->fid);
}
}
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.915
diff -u -p -r1.915 user.module
--- modules/user/user.module 14 Aug 2008 19:37:22 -0000 1.915
+++ modules/user/user.module 14 Aug 2008 21:33:21 -0000
@@ -406,8 +406,8 @@ function user_validate_picture(&$form, &
);
if ($file = file_save_upload('picture_upload', $validators)) {
// Remove the old picture.
- if (isset($form_state['values']['_account']->picture) && file_exists($form_state['values']['_account']->picture)) {
- file_delete($form_state['values']['_account']->picture);
+ if (isset($form_state['values']['_account']->picture)) {
+ file_delete_plain($form_state['values']['_account']->picture);
}
// The image was saved using file_save_upload() and was added to the
@@ -415,8 +415,8 @@ function user_validate_picture(&$form, &
// collector delete the original upload.
$info = image_get_info($file->filepath);
$destination = variable_get('user_picture_path', 'pictures') . '/picture-' . $form['#uid'] . '.' . $info['extension'];
- if (file_copy($file, $destination, FILE_EXISTS_REPLACE)) {
- $form_state['values']['picture'] = $file->filepath;
+ if (file_copy_plain($file->filepath, $destination, FILE_EXISTS_REPLACE)) {
+ $form_state['values']['picture'] = $destination;
}
else {
form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist or is not writable.", array('%directory' => variable_get('user_picture_path', 'pictures'))));
@@ -839,7 +839,7 @@ function template_preprocess_user_pictur
$variables['picture'] = '';
if (variable_get('user_pictures', 0)) {
$account = $variables['account'];
- if (!empty($account->picture) && file_exists($account->picture)) {
+ if (!empty($account->picture) && file_exists(file_create_path($account->picture))) {
$picture = file_create_url($account->picture);
}
else if (variable_get('user_picture_default', '')) {
@@ -1535,8 +1535,8 @@ function _user_edit_submit($uid, &$edit)
$user = user_load(array('uid' => $uid));
// Delete picture if requested, and if no replacement picture was given.
if (!empty($edit['picture_delete'])) {
- if ($user->picture && file_exists($user->picture)) {
- file_delete($user->picture);
+ if ($user->picture) {
+ file_delete_plain($user->picture);
}
$edit['picture'] = '';
}