? .cache ? .project ? .projectOptions ? files ? misc/Thumbs.db ? misc/farbtastic/Thumbs.db ? sites/all/modules ? sites/default/settings.php Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.651 diff -u -r1.651 common.inc --- includes/common.inc 4 Jun 2007 07:22:16 -0000 1.651 +++ includes/common.inc 4 Jun 2007 15:55:29 -0000 @@ -1621,7 +1621,7 @@ >x', '\1', $data); // Create the CSS file. - file_save_data($data, $csspath .'/'. $filename, FILE_EXISTS_REPLACE); + _file_save_data($data, $csspath .'/'. $filename, FILE_EXISTS_REPLACE); } return $csspath .'/'. $filename; } @@ -1630,7 +1630,7 @@ * Delete all cached CSS files. */ function drupal_clear_css_cache() { - file_scan_directory(file_create_path('css'), '.*', array('.', '..', 'CVS'), 'file_delete', TRUE); + file_scan_directory(file_create_path('css'), '.*', array('.', '..', 'CVS'), '_file_delete', TRUE); } /** @@ -1827,7 +1827,7 @@ } // Create the JS file. - file_save_data($contents, $jspath .'/'. $filename, FILE_EXISTS_REPLACE); + _file_save_data($contents, $jspath .'/'. $filename, FILE_EXISTS_REPLACE); } return $jspath .'/'. $filename; @@ -2061,7 +2061,7 @@ * Delete all cached JS files. */ function drupal_clear_js_cache() { - file_scan_directory(file_create_path('js'), '.*', array('.', '..', 'CVS'), 'file_delete', TRUE); + file_scan_directory(file_create_path('js'), '.*', array('.', '..', 'CVS'), '_file_delete', TRUE); } /** Index: includes/file.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/file.inc,v retrieving revision 1.100 diff -u -r1.100 file.inc --- includes/file.inc 4 Jun 2007 07:31:59 -0000 1.100 +++ includes/file.inc 4 Jun 2007 16:00:39 -0000 @@ -66,11 +66,13 @@ if (!$dest) { return $file_path; } - // file_check_location() checks whether the destination is inside the Drupal files directory. + // file_check_location() checks whether the destination is inside the Drupal + // files directory. if (file_check_location($dest, $file_path)) { return $dest; } - // check if the destination is instead inside the Drupal temporary files directory. + // Check if the destination is instead inside the Drupal temporary files + // directory. else if (file_check_location($dest, file_directory_temp())) { return $dest; } @@ -195,6 +197,42 @@ } /** + * Copies a file to a new location. This is a powerful function that in many + * ways performs like an advanced version of copy(). + * - Checks if $source and $dest are valid and readable/writable. + * - Performs a file copy if $source is not equal to $dest. + * - If file already exists in $dest either the call will error out, replace the + * file or rename the file based on the $replace parameter. + * - Adds thew new file to the files database. + * + * @param $source A file object location of the original file. + * @param $dest A string containing the directory $source should be copied to. + * If this value is omitted, Drupal's 'files' directory will be used. + * @param $replace Replace behavior when the destination file already exists. + * - FILE_EXISTS_REPLACE - Replace the existing file + * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique + * - FILE_EXISTS_ERROR - Do nothing and return FALSE. + * @return File object if the copy is successful, or FALSE in the event of an + * error. + */ +// TODO test this +function file_copy($source, $dest = 0, $replace = FILE_EXISTS_RENAME) { + $copy_function = variable_get('file_backend', '_file') .'_copy'; + + if ($result = $copy_function($source, $dest, $replace)) { + $file = drupal_clone($source); + $file->fid = NULL; + $file->filename = basename($result); + $file->filepath = $result; + if ($file = file_save($file)) { + module_invoke_all('file', 'copy', $file, $source); + return $file; + } + } + return FALSE; +} + +/** * Copies a file to a new location. This is a powerful function that in many ways * performs like an advanced version of copy(). * - Checks if $source and $dest are valid and readable/writable. @@ -203,17 +241,21 @@ * file or rename the file based on the $replace parameter. * * @param $source A string specifying the file location of the original file. - * This parameter will contain the resulting destination filename in case of - * success. * @param $dest A string containing the directory $source should be copied to. * If this value is omitted, Drupal's 'files' directory will be used. * @param $replace Replace behavior when the destination file already exists. * - FILE_EXISTS_REPLACE - Replace the existing file * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique * - FILE_EXISTS_ERROR - Do nothing and return FALSE. - * @return True for success, FALSE for failure. + * @return The name of the new file, or FALSE in the event of an error. */ -function file_copy(&$source, $dest = 0, $replace = FILE_EXISTS_RENAME) { +function _file_copy($source, $dest = 0, $replace = FILE_EXISTS_RENAME) { + $source = realpath($source); + if (!file_exists($source)) { + drupal_set_message(t('The selected file %file could not be copied, because no file by that name exists. Please check that you supplied the correct filename.', array('%file' => $source)), 'error'); + return FALSE; + } + $dest = file_create_path($dest); $directory = $dest; @@ -221,25 +263,8 @@ // Make sure we at least have a valid directory. if ($basename === FALSE) { - $source = is_object($source) ? $source->filepath : $source; - drupal_set_message(t('The selected file %file could not be uploaded, because the destination %directory is not properly configured.', array('%file' => $source, '%directory' => $dest)), 'error'); - watchdog('file system', 'The selected file %file could not be uploaded, because the destination %directory could not be found, or because its permissions do not allow the file to be written.', array('%file' => $source, '%directory' => $dest), WATCHDOG_ERROR); - return 0; - } - - // Process a file upload object. - if (is_object($source)) { - $file = $source; - $source = $file->filepath; - if (!$basename) { - $basename = $file->filename; - } - } - - $source = realpath($source); - if (!file_exists($source)) { - drupal_set_message(t('The selected file %file could not be copied, because no file by that name exists. Please check that you supplied the correct filename.', array('%file' => $source)), 'error'); - return 0; + drupal_set_message(t('The selected file %file could not be copied, because the destination %directory is not properly configured.', array('%file' => $source, '%directory' => $dest)), 'error'); + return FALSE; } // If the destination file is not specified then use the filename of the source file. @@ -257,26 +282,16 @@ if (!@copy($source, $dest)) { drupal_set_message(t('The selected file %file could not be copied.', array('%file' => $source)), 'error'); - return 0; + return FALSE; } - // Give everyone read access so that FTP'd users or - // non-webserver users can see/read these files, - // and give group write permissions so group memebers + // Give everyone read access so that FTP'd users or non-webserver users can + // see/read these files, and give group write permissions so group memebers // can alter files uploaded by the webserver. @chmod($dest, 0664); } - if (isset($file) && is_object($file)) { - $file->filename = $basename; - $file->filepath = $dest; - $source = $file; - } - else { - $source = $dest; - } - - return 1; // Everything went ok. + return $dest; } /** @@ -316,29 +331,33 @@ * - If file already exists in $dest either the call will error out, replace the * file or rename the file based on the $replace parameter. * - * @param $source A string specifying the file location of the original file. - * This parameter will contain the resulting destination filename in case of - * success. + * @param $source A file object for the original file. * @param $dest A string containing the directory $source should be copied to. * If this value is omitted, Drupal's 'files' directory will be used. * @param $replace Replace behavior when the destination file already exists. * - FILE_EXISTS_REPLACE - Replace the existing file * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique * - FILE_EXISTS_ERROR - Do nothing and return FALSE. - * @return True for success, FALSE for failure. + * @return Resulting file object for success, or FALSE in the event of an error. */ -function file_move(&$source, $dest = 0, $replace = FILE_EXISTS_RENAME) { - $path_original = is_object($source) ? $source->filepath : $source; - - if (file_copy($source, $dest, $replace)) { - $path_current = is_object($source) ? $source->filepath : $source; - - if ($path_original == $path_current || file_delete($path_original)) { - return 1; +// TODO test this +function file_move($source, $dest = 0, $replace = FILE_EXISTS_RENAME) { + $copy_function = variable_get('file_backend', '_file') .'_copy'; + $delete_function = variable_get('file_backend', '_file') .'_delete'; + + if ($result = $copy_function($source->filepath, $dest, $replace)) { + if ($source->filepath == $result || $delete_function($source->filepath)) { + $file = drupal_clone($source); + $file->filename = basename($result); + $file->filepath = $result; + if ($file = file_save($file)) { + module_invoke_all('file', 'move', $file, $source); + return $file; + } } - drupal_set_message(t('The removal of the original file %file has failed.', array('%file' => $path_original)), 'error'); + drupal_set_message(t('The removal of the original file %file has failed.', array('%file' => $source->filepath)), 'error'); } - return 0; + return FALSE; } /** @@ -425,12 +444,33 @@ } /** + * Delete a file and its database record. + * + * @param $path A file object. + * @return TRUE for success, or FALSE in the event of an error. + */ +// TODO test this +function file_delete($file) { + $delete_function = variable_get('file_backend', '_file') .'_delete'; + + if ($delete_function($file->filepath)) { + module_invoke_all('file', 'delete', $file); + + db_query('DELETE FROM {files} WHERE fid = %d', $file->fid); + + return TRUE; + } + + return FALSE; +} + +/** * Delete a file. * * @param $path A string containing a file path. - * @return TRUE for success, FALSE for failure. + * @return TRUE for success, or FALSE in the event of an error. */ -function file_delete($path) { +function _file_delete($path) { if (is_file($path)) { return unlink($path); } @@ -475,7 +515,8 @@ * destination directory should overwritten. A false value will generate a * new, unique filename in the destination directory. * @return - * An object containing the file information, or 0 in the event of an error. + * An object containing the file information, or FALSE in the event of an + * error. */ function file_save_upload($source, $validators = array(), $dest = FALSE, $replace = FILE_EXISTS_RENAME) { global $user; @@ -492,8 +533,8 @@ // If a file was uploaded, process it. if (isset($_FILES['files']) && $_FILES['files']['name'][$source] && is_uploaded_file($_FILES['files']['tmp_name'][$source])) { - // Check for file upload errors and return FALSE if a - // lower level system error occurred. + // Check for file upload errors and return FALSE if a lower level system + // error occurred. switch ($_FILES['files']['error'][$source]) { // @see http://php.net/manual/en/features.file-upload.errors.php case UPLOAD_ERR_OK: @@ -502,17 +543,17 @@ case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: drupal_set_message(t('The file %file could not be saved, because it exceeds %maxsize, the maximum allowed size for uploads.', array('%file' => $source, '%maxsize' => format_size(file_upload_max_size()))), 'error'); - return 0; + return FALSE; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: drupal_set_message(t('The file %file could not be saved, because the upload did not complete.', array('%file' => $source)), 'error'); - return 0; + return FALSE; // Unknown error default: drupal_set_message(t('The file %file could not be saved. An unknown error has occurred.', array('%file' => $source)), 'error'); - return 0; + return FALSE; } // Build the list of non-munged extensions. @@ -525,9 +566,12 @@ // Begin building file object. $file = new stdClass(); + $file->uid = $user->uid; + $file->status = FILE_STATUS_TEMPORARY; $file->filename = file_munge_filename(trim(basename($_FILES['files']['name'][$source]), '.'), $extensions); $file->filepath = $_FILES['files']['tmp_name'][$source]; $file->filemime = $_FILES['files']['type'][$source]; + $file->filesize = $_FILES['files']['size'][$source]; // Rename potentially executable files, to help prevent exploits. if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { @@ -542,16 +586,18 @@ } $file->source = $source; $file->destination = $dest; - $file->filesize = $_FILES['files']['size'][$source]; - // Call the validation functions. + // Call the validation functions specified by this function's caller. $errors = array(); foreach ($validators as $function => $args) { array_unshift($args, $file); $errors = array_merge($errors, call_user_func_array($function, $args)); } - // Check for validation errors. + // Let other modules perform validation on the new file. + $errors = array_merge($errors, module_invoke_all('file', 'validate', $file)); + + // Check for errors. if (!empty($errors)) { $message = t('The selected file %name could not be uploaded. ', array('%name' => $file->filename)); if (count($errors) > 1) { @@ -561,27 +607,27 @@ $message .= array_pop($errors); } form_set_error($source, $message); - return 0; + return FALSE; } - // Move uploaded files from PHP's upload_tmp_dir to Drupal's temporary directory. - // This overcomes open_basedir restrictions for future file operations. + // Move uploaded files from PHP's upload_tmp_dir to Drupal's temporary + // directory. This overcomes open_basedir restrictions for future file + // operations. $file->filepath = $file->destination; if (!move_uploaded_file($_FILES['files']['tmp_name'][$source], $file->filepath)) { form_set_error($source, t('File upload error. Could not move uploaded file.')); watchdog('file', t('Upload error. Could not move uploaded file %file to destination %destination.', array('%file' => $file->filename, '%destination', $file->filepath))); - return 0; + return FALSE; } - // If we made it this far it's safe to record this file in the database. - $file->fid = db_next_id('{files}_fid'); - db_query("INSERT INTO {files} (fid, uid, filename, filepath, filemime, filesize, status, timestamp) VALUES (%d, %d, '%s', '%s', '%s', %d, %d, %d)", $file->fid, $user->uid, $file->filename, $file->filepath, $file->filemime, $file->filesize, FILE_STATUS_TEMPORARY, time()); + if ($file = file_save($file)) { + // Add file to the cache. + $upload_cache[$source] = $file; - // Add file to the cache. - $upload_cache[$source] = $file; - return $file; + return $file; + } } - return 0; + return FALSE; } /** @@ -735,7 +781,8 @@ } /** - * Save a string to the specified destination. + * Save a string to the specified destination. The file will be added to the + * database as a permanent file. * * @param $data A string containing the contents of the file. * @param $dest A string containing the destination location. @@ -744,23 +791,55 @@ * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique * - FILE_EXISTS_ERROR - Do nothing and return FALSE. * - * @return A string containing the resulting filename or 0 on error + * @return A file object for the resulting file, or FALSE in the event of an + * error. */ function file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME) { - $temp = file_directory_temp(); - $file = tempnam($temp, 'file'); - if (!$fp = fopen($file, 'wb')) { + global $user; + + $save_function = variable_get('file_backend', '_file') .'_save_data'; + + if ($filename = $save_function($data, $dest, $replace)) { + // Create a file object. + $file = new stdClass(); + $file->filepath = $filename; + $file->filename = basename($file->filepath); + $file->filemime = 'text/plain'; + $file->uid = $user->uid; + $file->status = FILE_STATUS_PERMANENT; + + return file_save($file); + } + return FALSE; +} + +/** + * Save a string to the specified destination. + * + * @param $data A string containing the contents of the file. + * @param $dest A string containing the destination location. + * @param $replace Replace behavior when the destination file already exists. + * - FILE_EXISTS_REPLACE - Replace the existing file + * - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique + * - FILE_EXISTS_ERROR - Do nothing and return FALSE. + * + * @return A string with the path of the resulting file, or FALSE in the event + * of an error. + */ +function _file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME) { + global $user; + + // Write the data to a temporary file. + $temp_name = tempnam(file_directory_temp(), 'file'); + if (!$fp = fopen($temp_name, 'wb')) { drupal_set_message(t('The file could not be created.'), 'error'); - return 0; + return FALSE; } fwrite($fp, $data); fclose($fp); - if (!file_move($file, $dest, $replace)) { - return 0; - } - - return $file; + // Move the file to its final destination. + return _file_move($temp_name, $dest, $replace); } /** @@ -768,12 +847,13 @@ * * @param file A Drupal file object * @param status A status value to set the file to. - * @return FALSE on failure, TRUE on success and $file->status will contain the - * status. + * @return TRUE on success and $file->status will contain the status, or FALSE + * in the event of an error. */ function file_set_status(&$file, $status) { if (db_query('UPDATE {files} SET status = %d WHERE fid = %d', $status, $file->fid)) { $file->status = $status; + module_invoke_all('file', 'status', $file); return TRUE; } return FALSE; @@ -972,3 +1052,50 @@ } return $max_size; } + +/** + * Load a file object from the database. + * + * @param $file_id + * A numeric file id or string containg the file path. + */ +function file_load($file_id) { + if (is_numeric($file_id)) { + $file = db_fetch_object(db_query('SELECT f.* FROM {files} f WHERE f.fid = %d', $file_id)); + } + else { + $file = db_fetch_object(db_query("SELECT f.* FROM {files} f WHERE f.filepath = '%s'", $file_id)); + } + + module_invoke_all('file', 'load', $file); + + return $file; +} + +/** + * Save a file object to the database. If the $file->fid is not set a new record + * will be added. Re-saving an existing file will not change its status. + * + * @param $file + * A file object. + * @return + * The updated file object. + */ +function file_save($file) { + $file->timestamp = time(); + $file->filesize = filesize($file->filepath); + + if (empty($file->fid)) { + $file->fid = db_next_id('{files}_fid'); + db_query("INSERT INTO {files} (fid, uid, filename, filepath, filemime, filesize, status, timestamp) VALUES (%d, %d, '%s', '%s', '%s', %d, %d, %d)", $file->fid, $file->uid, $file->filename, $file->filepath, $file->filemime, $file->filesize, $file->status, $file->timestamp); + + module_invoke_all('file', 'insert', $file); + } + else { + db_query("UPDATE {files} SET uid = %d, filename = '%s', filepath = '%s', filemime = '%s', filesize = %d, timestamp = %d WHERE fid = %d", $file->uid, $file->filename, $file->filepath, $file->filemime, $file->filesize, $file->timestamp, $file->fid); + + module_invoke_all('file', 'update', $file); + } + + return $file; +} Index: modules/blogapi/blogapi.module =================================================================== RCS file: /cvs/drupal/drupal/modules/blogapi/blogapi.module,v retrieving revision 1.106 diff -u -r1.106 blogapi.module --- modules/blogapi/blogapi.module 30 Apr 2007 17:03:23 -0000 1.106 +++ modules/blogapi/blogapi.module 4 Jun 2007 15:57:35 -0000 @@ -362,12 +362,12 @@ return blogapi_error(t('No file sent.')); } - if (!$file = file_save_data($data, $name)) { + if (!$filepath = _file_save_data($data, $name)) { return blogapi_error(t('Error storing file.')); } // Return the successful result. - return array('url' => file_create_url($file), 'struct'); + return array('url' => _file_create_url($filepath), 'struct'); } /** * Blogging API callback. Returns a list of the taxonomy terms that can be Index: modules/system/system.module =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.module,v retrieving revision 1.488 diff -u -r1.488 system.module --- modules/system/system.module 4 Jun 2007 07:22:22 -0000 1.488 +++ modules/system/system.module 4 Jun 2007 15:52:33 -0000 @@ -2199,9 +2199,9 @@ // The image was saved using file_save_upload() and was added to the // files table as a temorary file. We'll make a copy and let the garbage // collector delete the original upload. - if (file_copy($file, $filename, FILE_EXISTS_REPLACE)) { + if ($filepath = _file_copy($file['filepath'], $filename, FILE_EXISTS_REPLACE)) { $_POST['default_logo'] = 0; - $_POST['logo_path'] = $file->filepath; + $_POST['logo_path'] = $filepath; $_POST['toggle_logo'] = 1; } } @@ -2214,9 +2214,9 @@ // The image was saved using file_save_upload() and was added to the // files table as a temorary file. We'll make a copy and let the garbage // collector delete the original upload. - if (file_copy($file, $filename)) { + if ($filepath = _file_copy($file['filepath'], $filename, FILE_EXISTS_REPLACE)) { $_POST['default_favicon'] = 0; - $_POST['favicon_path'] = $file->filepath; + $_POST['favicon_path'] = $filepath; $_POST['toggle_favicon'] = 1; } } @@ -2672,12 +2672,14 @@ if (file_exists($file->filepath)) { // If files that exist cannot be deleted, continue so the database remains // consistant. - if (!file_delete($file->filepath)) { + if (!file_delete($file)) { watchdog('file system', t('Could not delete temporary file "%path" during garbage collection', array('%path' => $file->filepath)), 'error'); continue; } } - db_query('DELETE FROM {files} WHERE fid = %d', $file->fid); + else { + db_query('DELETE FROM {files} WHERE fid = %d', $file->fid); + } } } Index: modules/upload/upload.module =================================================================== RCS file: /cvs/drupal/drupal/modules/upload/upload.module,v retrieving revision 1.164 diff -u -r1.164 upload.module --- modules/upload/upload.module 4 Jun 2007 07:22:22 -0000 1.164 +++ modules/upload/upload.module 4 Jun 2007 15:52:33 -0000 @@ -291,12 +291,12 @@ /** * Implementation of hook_file_download(). */ -function upload_file_download($file) { +function upload_file_download($filepath) { if (!user_access('view uploaded files')) { return -1; } - $file = file_create_path($file); - $result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.uid WHERE filepath = '%s'", $file); + $filepath = file_create_path($filepath); + $result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.uid WHERE filepath = '%s'", $filepath); if ($file = db_fetch_object($result)) { return array( 'Content-Type: '. $file->filemime, @@ -575,8 +575,7 @@ foreach ($files as $fid => $file) { // Delete all files associated with the node - db_query('DELETE FROM {files} WHERE fid = %d', $fid); - file_delete($file->filepath); + file_delete($file); } // Delete all file revision information associated with the node @@ -591,8 +590,7 @@ // if the file won't be used, delete it if ($count < 2) { - db_query('DELETE FROM {files} WHERE fid = %d', $file->fid); - file_delete($file->filepath); + file_delete($file); } } } Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.791 diff -u -r1.791 user.module --- modules/user/user.module 4 Jun 2007 07:24:53 -0000 1.791 +++ modules/user/user.module 4 Jun 2007 15:53:43 -0000 @@ -331,8 +331,8 @@ // collector delete the original upload. $info = image_get_info($file->filepath); $destination = variable_get('user_picture_path', 'pictures') .'/picture-'. $form['#uid'] .'.'. $info['extension']; - if (file_copy($file, $destination, FILE_EXISTS_REPLACE)) { - $form_state['values']['picture'] = $file->filepath; + if ($filepath = _file_copy($file->filepath, $destination, FILE_EXISTS_REPLACE)) { + $form_state['values']['picture'] = $filepath; } else { form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist or is not writable.", array('%directory' => variable_get('user_picture_path', 'pictures')))); @@ -1529,7 +1529,7 @@ // Delete picture if requested, and if no replacement picture was given. if (!empty($edit['picture_delete'])) { if ($user->picture && file_exists($user->picture)) { - file_delete($user->picture); + _file_delete($user->picture); } $edit['picture'] = ''; }