[Openupload-svn-update] SF.net SVN: openupload:[250] trunk

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 250
          http://openupload.svn.sourceforge.net/openupload/?rev=250&view=rev
Author:   tsdogs
Date:     2009-02-07 13:03:28 +0000 (Sat, 07 Feb 2009)

Log Message:
-----------
Set same security as download to file removal.
Should an option/preference be set for this?

Modified Paths:
--------------
    trunk/lib/modules/default/files.inc.php
    trunk/plugins/captcha.inc.php
    trunk/plugins/password.inc.php
    trunk/templates/default/modules/files/removeRequest.tpl

Added Paths:
-----------
    trunk/templates/default/modules/files/removeConfirm.tpl
    trunk/templates/default/plugins/captcha/removeRequest.tpl

Modified: trunk/lib/modules/default/files.inc.php
===================================================================

--- trunk/lib/modules/default/files.inc.php	2009-02-07 12:03:31 UTC (rev 249)
+++ trunk/lib/modules/default/files.inc.php	2009-02-07 13:03:28 UTC (rev 250)
@@ -419,13 +419,14 @@
     $id = '';
     if (isset($_GET['id']) or isset($_GET['i'])) {
        $id = isset($_GET['id'])?$_GET['id']:$_GET['i'];
+       $r = isset($_GET['removeid'])?$_GET['removeid']:$_GET['r'];
     } else if (isset($_SESSION['user']['r'][0]['id'])) {
        $id = $_SESSION['user']['r'][0]['id'];
+       $r = $_SESSION['user']['r'][0]['remove'];
     }
-    /* check if download exists, and what are the properties */
+    /* check if file exists, and what are the properties */
     if ($id != '') {
       $finfo = $this->loadFile($id);
-      $r = isset($_GET['removeid'])?$_GET['removeid']:$_GET['r'];
       if ($finfo[0]['id']!=$id or isset($finfo[0]['group'])) {
         app()->error(tr('Wrong file id!'));
         redirect();
@@ -437,8 +438,10 @@
         $this->tpl->assign('files',$finfo);
         $this->tpl->assign('finfo',$finfo[0]);
         $result = app()->pluginAction('removeRequest',$finfo,false);
-        if (!$result) {
-          redirect();
+        if ($result) {
+          app()->log('info','removeRequest','','ALLOW',$id);
+          $_SESSION['user']['r'][0]['canremove']='ok'; /* file has no protection */
+          $this->nextStep();
         }
       }
     } else {
@@ -450,9 +453,14 @@
   function removeConfirm() {
     $finfo = $_SESSION['user']['r'];
 
-    /* here we do the actual download of the file */
+    /* here we do the actual remove of the file */
     if (!isset($_SESSION['user']['r'])) {
        redirect();
+    } else if ($_SESSION['user']['r'][0]['canremove']=='ok') {
+      $finfo = $_SESSION['user']['r'];
+      $this->tpl->assign('finfo',$finfo[0]);
+      $this->tpl->assign('files',$finfo);
+      /* removal is allowed */
     } else {
       $finfo = $_SESSION['user']['r'];
       /* check wether the plugins are ok */
@@ -460,27 +468,34 @@
       if (!$result)
         $this->prevStep();
       /* now we can remove the file */
-     foreach ($finfo as $f) {
-        app()->db->delete('files',array('id' => $f['id']));
-        app()->db->delete('file_options',array('file_id' => $f['id']));
-        $file = app()->config['DATA_PATH'].'/'.$f['id'];
-        unlink($file);
-      }
-      app()->log('notice','removeConfirm','','ALLOW',$finfo[0]['id']);
-      /* display removal confirmation */
-      $this->nextStep();
+      $_SESSION['user']['r'][0]['canremove']='ok';
+      $this->tpl->assign('finfo',$finfo[0]);
+      $this->tpl->assign('files',$finfo);
     }
   }
 
   function removeResult() {
+    global $_POST;
+
     if (!isset($_SESSION['user']['r'])) {
        redirect();
-    } else  {
+    } else  if (isset($_POST['confirmremove']) and ($_SESSION['user']['r'][0]['canremove']=='ok')) {
       $finfo = $_SESSION['user']['r'];
       $result = app()->pluginAction('removeResult',$finfo,false);
+      if (!$result)
+        $this->prevStep();
+      foreach ($finfo as $f) {
+         app()->db->delete('files',array('id' => $f['id']));
+         app()->db->delete('file_options',array('file_id' => $f['id']));
+         $file = app()->config['DATA_PATH'].'/'.$f['id'];
+         @unlink($file);
+      }
+      app()->log('notice','removeResult','','ALLOW',$finfo[0]['id']);
+      unset($_SESSION['user']['r']); /* remove any file reference */
       $this->tpl->assign('files',$finfo);
       $this->tpl->assign('finfo',$finfo[0]);
-      unset($_SESSION['user']['r']); /* remove any file reference */
+    } else {
+      $this->prevStep();
     }
   }
 

Modified: trunk/plugins/captcha.inc.php
===================================================================
--- trunk/plugins/captcha.inc.php	2009-02-07 12:03:31 UTC (rev 249)
+++ trunk/plugins/captcha.inc.php	2009-02-07 13:03:28 UTC (rev 250)
@@ -59,6 +59,19 @@
     return $result;
   }
 
+  function removeRequest($finfo,$acl) {
+    if ($finfo[0]['captcha']==1) {
+      $this->assign('captcha_img',app()->config['WWW_ROOT'].'/plugins/captcha.php');
+      $this->display('removeRequest');
+      return false;
+    }
+    return true;
+  }
+
+  function removeConfirm($finfo,$acl) {
+    return $this->downloadConfirm($finfo,$acl);
+  }
+
   function fileDetail(&$finfo,$acl) {
      if ($finfo[0]['captcha']!='')
       $this->display('fileDetail');

Modified: trunk/plugins/password.inc.php
===================================================================
--- trunk/plugins/password.inc.php	2009-02-07 12:03:31 UTC (rev 249)
+++ trunk/plugins/password.inc.php	2009-02-07 13:03:28 UTC (rev 250)
@@ -56,6 +56,15 @@
       return true;
     }
   }
+
+  function removeRequest($finfo,$acl) {
+    return $this->downloadRequest($finfo,$acl);
+  }
+
+  function removeConfirm($finfo,$acl) {
+    return $this->downloadConfirm($finfo,$acl);
+  }
+
   function fileDetail(&$finfo,$acl) {
     if (($finfo[0]['password']!='') and ($finfo[0]['password']!=crypt("",$finfo[0]['password'])) )
       $this->display('fileDetail');

Added: trunk/templates/default/modules/files/removeConfirm.tpl
===================================================================
--- trunk/templates/default/modules/files/removeConfirm.tpl	                        (rev 0)
+++ trunk/templates/default/modules/files/removeConfirm.tpl	2009-02-07 13:03:28 UTC (rev 250)
@@ -0,0 +1,15 @@
+{tr}You requested to remove the following file{/tr}:<br />
+<form method="POST" action={$script}>
+<input type="hidden" name="action" value="{$action}">
+<input type="hidden" name="step" value="{$nextstep}">
+<table border="0">
+<tr><td>{tr}File description{/tr}:</td><td><b>{$finfo.description}</b></td></tr>
+{foreach from=$files item=f}
+<tr><td>{tr}File name{/tr}:</td><td><b>{$f.name}</b></td></tr>
+<tr><td>{tr}File size{/tr}:</td><td>{$f.size|fsize_format}</td></tr>
+{/foreach}
+<tr><td>{tr}Uploaded on{/tr}:</td><td><b>{$finfo.upload_date}</b></td></tr>
+{$plugins}
+<tr><td colspan="2" align="right"><input class="submit" type="submit" name="confirmremove" value="{tr}Confirm removal{/tr}">
+</table>
+</form>
\ No newline at end of file

Modified: trunk/templates/default/modules/files/removeRequest.tpl
===================================================================
--- trunk/templates/default/modules/files/removeRequest.tpl	2009-02-07 12:03:31 UTC (rev 249)
+++ trunk/templates/default/modules/files/removeRequest.tpl	2009-02-07 13:03:28 UTC (rev 250)
@@ -1,15 +1,9 @@
-{tr}You requested to remove the following file{/tr}:<br />
-<form method="POST" action={$script}>
+The file you requested the removal needs some input before you can proceed: 
+<form action="{$script}" method="POST" name="removeform">
 <input type="hidden" name="action" value="{$action}">
 <input type="hidden" name="step" value="{$nextstep}">
 <table border="0">
-<tr><td>{tr}File description{/tr}:</td><td><b>{$finfo.description}</b></td></tr>
-{foreach from=$files item=f}
-<tr><td>{tr}File name{/tr}:</td><td><b>{$f.name}</b></td></tr>
-<tr><td>{tr}File size{/tr}:</td><td>{$f.size|fsize_format}</td></tr>
-{/foreach}
-<tr><td>{tr}Uploaded on{/tr}:</td><td><b>{$finfo.upload_date}</b></td></tr>
 {$plugins}
-<tr><td colspan="2" align="right"><input class="submit" type="submit" value="{tr}Confirm removal{/tr}">
+<tr><td colspan="2" align="right"><input type="submit" class="submit" value="{tr}Proceed{/tr}">
 </table>
-</form>
\ No newline at end of file
+</form>

Added: trunk/templates/default/plugins/captcha/removeRequest.tpl
===================================================================
--- trunk/templates/default/plugins/captcha/removeRequest.tpl	                        (rev 0)
+++ trunk/templates/default/plugins/captcha/removeRequest.tpl	2009-02-07 13:03:28 UTC (rev 250)
@@ -0,0 +1,6 @@
+<tr><td colspan="2">{tr}Please enter the following captcha to proceed for the removal{/tr}:</td></tr>
+<tr><td rowspan="2"><img id="captcha" src="{$captcha_img}"></td><td>
+<a href="#" onclick="document.getElementById('captcha').src ='{$captcha_img}?' + Math.random(); return false">
+{tr}Reload Image{/tr}</a></td></tr>
+<tr><td><input type="text" size="20" name="captcha_code"></td></tr>
+


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


