From b0349c988f91b799b31f0fae4d5ae7c1f3b44c44 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 18 Oct 2015 03:59:47 -0400
Subject: [PATCH] Make sure there's only one attachments plugin enabled
---
plugins/database_attachments/database_attachments.php | 190 ++++++++++++++++++++++++++++-------------------
1 files changed, 113 insertions(+), 77 deletions(-)
diff --git a/plugins/database_attachments/database_attachments.php b/plugins/database_attachments/database_attachments.php
index 28ccde4..82c2b59 100644
--- a/plugins/database_attachments/database_attachments.php
+++ b/plugins/database_attachments/database_attachments.php
@@ -1,31 +1,46 @@
<?php
+
/**
- * Filesystem Attachments
- *
+ * Database Attachments
+ *
* This plugin which provides database backed storage for temporary
- * attachment file handling. The primary advantage of this plugin
+ * attachment file handling. The primary advantage of this plugin
* is its compatibility with round-robin dns multi-server roundcube
* installations.
*
* This plugin relies on the core filesystem_attachments plugin
*
* @author Ziba Scott <ziba@umich.edu>
- *
+ * @author Aleksander Machniak <alec@alec.pl>
+ * @version @package_version@
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-require_once('plugins/filesystem_attachments/filesystem_attachments.php');
+
+if (class_exists('filesystem_attachments', false)) {
+ die("Configuration issue. There can be only one enabled plugin for attachments handling");
+}
+
+require_once INSTALL_PATH . 'plugins/filesystem_attachments/filesystem_attachments.php';
+
class database_attachments extends filesystem_attachments
{
+ // Cache object
+ protected $cache;
// A prefix for the cache key used in the session and in the key field of the cache table
- private $cache_prefix = "db_attach";
-
- /**
- * Helper method to generate a unique key for the given attachment file
- */
- private function _key($filepath)
- {
- return $this->cache_prefix.md5(mktime().$filepath.$_SESSION['user_id']);
- }
+ const PREFIX = "ATTACH";
/**
* Save a newly uploaded attachment
@@ -33,24 +48,24 @@
function upload($args)
{
$args['status'] = false;
- $rcmail = rcmail::get_instance();
- $key = $this->_key($args['path']);
- $data = base64_encode(file_get_contents($args['path']));
- $status = $rcmail->db->query(
- "INSERT INTO ".get_table_name('cache')."
- (created, user_id, cache_key, data)
- VALUES (".$rcmail->db->now().", ?, ?, ?)",
- $_SESSION['user_id'],
- $key,
- $data);
-
- if ($status) {
- $args['id'] = $key;
- $args['status'] = true;
- unset($args['path']);
+ $cache = $this->get_cache();
+ $key = $this->_key($args);
+ $data = file_get_contents($args['path']);
+
+ if ($data === false) {
+ return $args;
}
-
+
+ $data = base64_encode($data);
+ $status = $cache->write($key, $data);
+
+ if ($status) {
+ $args['id'] = $key;
+ $args['status'] = true;
+ $args['path'] = null;
+ }
+
return $args;
}
@@ -60,19 +75,21 @@
function save($args)
{
$args['status'] = false;
- $rcmail = rcmail::get_instance();
- $key = $this->_key($args['name']);
- $data = base64_encode($args['data']);
+ $cache = $this->get_cache();
+ $key = $this->_key($args);
- $status = $rcmail->db->query(
- "INSERT INTO ".get_table_name('cache')."
- (created, user_id, cache_key, data)
- VALUES (".$rcmail->db->now().", ?, ?, ?)",
- $_SESSION['user_id'],
- $key,
- $data);
-
+ if ($args['path']) {
+ $args['data'] = file_get_contents($args['path']);
+
+ if ($args['data'] === false) {
+ return $args;
+ }
+ }
+
+ $data = base64_encode($args['data']);
+ $status = $cache->write($key, $data);
+
if ($status) {
$args['id'] = $key;
$args['status'] = true;
@@ -87,66 +104,85 @@
*/
function remove($args)
{
- $args['status'] = false;
- $rcmail = rcmail::get_instance();
- $status = $rcmail->db->query(
- "DELETE FROM ".get_table_name('cache')."
- WHERE user_id=?
- AND cache_key=?",
- $_SESSION['user_id'],
- $args['id']);
-
- if ($status) {
- $args['status'] = true;
- }
-
+ $cache = $this->get_cache();
+ $status = $cache->remove($args['id']);
+
+ $args['status'] = true;
+
return $args;
}
/**
* When composing an html message, image attachments may be shown
- * For this plugin, $this->get_attachment will check the file and
+ * For this plugin, $this->get() will check the file and
* return it's contents
*/
function display($args)
{
- return $this->get_attachment($args);
+ return $this->get($args);
}
/**
* When displaying or sending the attachment the file contents are fetched
- * using this method. This is also called by the display_attachment hook.
+ * using this method. This is also called by the attachment_display hook.
*/
- function get_attachment($args)
+ function get($args)
{
- $rcmail = rcmail::get_instance();
-
- $sql_result = $rcmail->db->query(
- "SELECT cache_id, data
- FROM ".get_table_name('cache')."
- WHERE user_id=?
- AND cache_key=?",
- $_SESSION['user_id'],
- $args['id']);
+ $cache = $this->get_cache();
+ $data = $cache->read($args['id']);
- if ($sql_arr = $rcmail->db->fetch_assoc($sql_result)) {
- $args['data'] = base64_decode($sql_arr['data']);
+ if ($data) {
+ $args['data'] = base64_decode($data);
$args['status'] = true;
}
-
+
return $args;
}
-
+
/**
* Delete all temp files associated with this user
*/
function cleanup($args)
{
- $rcmail = rcmail::get_instance();
- $rcmail->db->query(
- "DELETE FROM ".get_table_name('cache')."
- WHERE user_id=?
- AND cache_key like '{$this->cache_prefix}%'",
- $_SESSION['user_id']);
+ // check if cache object exist, it may be empty on session_destroy (#1489726)
+ if ($cache = $this->get_cache()) {
+ $cache->remove($args['group'], true);
+ }
+ }
+
+ /**
+ * Helper method to generate a unique key for the given attachment file
+ */
+ protected function _key($args)
+ {
+ $uname = $args['path'] ? $args['path'] : $args['name'];
+ return $args['group'] . md5(time() . $uname . $_SESSION['user_id']);
+ }
+
+ /**
+ * Initialize and return cache object
+ */
+ protected function get_cache()
+ {
+ if (!$this->cache) {
+ $this->load_config();
+
+ $rcmail = rcube::get_instance();
+ $ttl = 12 * 60 * 60; // default: 12 hours
+ $ttl = $rcmail->config->get('database_attachments_cache_ttl', $ttl);
+ $type = $rcmail->config->get('database_attachments_cache', 'db');
+ $prefix = self::PREFIX;
+
+ // Add session identifier to the prefix to prevent from removing attachments
+ // in other sessions of the same user (#1490542)
+ if ($id = session_id()) {
+ $prefix .= $id;
+ }
+
+ // Init SQL cache (disable cache data serialization)
+ $this->cache = $rcmail->get_cache($prefix, $type, $ttl, false);
+ }
+
+ return $this->cache;
}
}
--
Gitblit v1.9.1