X-Git-Url: https://git.cweiske.de/phorkie.git/blobdiff_plain/e17fddb087b19ee3656fb821e8db8ce82bfee37f..3bc2092b7732a33db738e12afde32645e49d5c47:/src/phorkie/Repository/Post.php

diff --git a/src/phorkie/Repository/Post.php b/src/phorkie/Repository/Post.php
index f138491..633fb27 100644
--- a/src/phorkie/Repository/Post.php
+++ b/src/phorkie/Repository/Post.php
@@ -26,9 +26,15 @@ class Repository_Post
         }
 
         $vc = $this->repo->getVc();
-        $this->repo->setDescription($postData['description']);
+
 
         $bChanged = false;
+        $bCommit  = false;
+        if ($postData['description'] != $this->repo->getDescription()) {
+            $this->repo->setDescription($postData['description']);
+            $bChanged = true;
+        }
+
         foreach ($postData['files'] as $num => $arFile) {
             $bUpload = false;
             if ($_FILES['files']['error'][$num]['upload'] == 0) {
@@ -39,12 +45,12 @@ class Repository_Post
                 continue;
             }
 
-            $orignalName = $this->sanitizeFilename($arFile['original_name']);
-            $name        = $this->sanitizeFilename($arFile['name']);
+            $orignalName = Tools::sanitizeFilename($arFile['original_name']);
+            $name        = Tools::sanitizeFilename($arFile['name']);
 
             if ($name == '') {
                 if ($bUpload) {
-                    $name = $this->sanitizeFilename($_FILES['files']['name'][$num]['upload']);
+                    $name = Tools::sanitizeFilename($_FILES['files']['name'][$num]['upload']);
                 } else {
                     $name = $this->getNextNumberedFile('phork')
                         . '.' . $arFile['type'];
@@ -67,12 +73,17 @@ class Repository_Post
             } else if (isset($arFile['delete']) && $arFile['delete'] == 1) {
                 $bDelete = true;
             } else if ($orignalName != $name) {
-                //FIXME: what to do with overwrites?
-                $vc->getCommand('mv')
-                    ->addArgument($orignalName)
-                    ->addArgument($name)
-                    ->execute();
-                $bChanged = true;
+                if (strpos($name, '/') === false) {
+                    //ignore names with a slash in it, would be new directory
+                    //FIXME: what to do with overwrites?
+                    $vc->getCommand('mv')
+                        ->addArgument($orignalName)
+                        ->addArgument($name)
+                        ->execute();
+                    $bCommit = true;
+                } else {
+                    $name = $orignalName;
+                }
             }
 
             $file = $this->repo->getFileByName($name, false);
@@ -80,30 +91,38 @@ class Repository_Post
                 $command = $vc->getCommand('rm')
                     ->addArgument($file->getFilename())
                     ->execute();
-                $bChanged = true;
+                $bCommit = true;
             } else if ($bUpload) {
                 move_uploaded_file(
-                    $_FILES['files']['tmp_name'][$num]['upload'], $file->getPath()
+                    $_FILES['files']['tmp_name'][$num]['upload'], $file->getFullPath()
                 );
                 $command = $vc->getCommand('add')
                     ->addArgument($file->getFilename())
                     ->execute();
-                $bChanged = true;
-            } else if ($bNew || $file->getContent() != $arFile['content']) {
-                file_put_contents($file->getPath(), $arFile['content']);
+                $bCommit = true;
+            } else if ($bNew || (isset($arFile['content']) && $file->getContent() != $arFile['content'])) {
+                file_put_contents($file->getFullPath(), $arFile['content']);
                 $command = $vc->getCommand('add')
                     ->addArgument($file->getFilename())
                     ->execute();
-                $bChanged = true;
+                $bCommit = true;
             }
         }
 
-        if ($bChanged) {
+        if ($bCommit) {
             $vc->getCommand('commit')
                 ->setOption('message', '')
                 ->setOption('allow-empty-message')
                 ->setOption('author', 'Anonymous <anonymous@phorkie>')
                 ->execute();
+            $bChanged = true;
+        }
+
+        if ($bChanged) {
+            //FIXME: index changed files only
+            //also handle file deletions
+            $db = new Database();
+            $db->getIndexer()->updateRepo($this->repo);
         }
 
         return true;
@@ -118,7 +137,7 @@ class Repository_Post
             //this should be setOption, but it fails with a = between name and value
             ->addArgument('--separate-git-dir')
             ->addArgument($GLOBALS['phorkie']['cfg']['gitdir'] . '/' . $repo->id . '.git')
-            ->addArgument($repo->workDir);
+            ->addArgument($repo->workDir)
             ->execute();
 
         foreach (glob($repo->gitDir . '/hooks/*') as $hookfile) {
@@ -140,28 +159,6 @@ class Repository_Post
 
         return $prefix . $num;
     }
-
-    /**
-     * Removes malicious parts from a file name
-     *
-     * @param string $file File name from the user
-     *
-     * @return string Fixed and probably secure filename
-     */
-    public function sanitizeFilename($file)
-    {
-        $file = trim($file);
-        $file = str_replace(array('\\', '//'), '/', $file);
-        $file = str_replace('/../', '/', $file);
-        if (substr($file, 0, 3) == '../') {
-            $file = substr($file, 3);
-        }
-        if (substr($file, 0, 1) == '../') {
-            $file = substr($file, 1);
-        }
-
-        return $file;
-    }
 }
 
 ?>