return $arFiles;
}
- public function getFileByName($name)
+ public function getFileByName($name, $bHasToExist = true)
{
$base = basename($name);
if ($base != $name) {
throw new Exception_Input('Empty file name given');
}
$path = $this->repoDir . '/' . $base;
- if (!is_readable($path)) {
+ if ($bHasToExist && !is_readable($path)) {
throw new Exception_Input('File does not exist');
}
return new File($path, $this);
--- /dev/null
+<?php
+namespace Phorkie;
+
+class Repository_Post
+{
+ public $repo;
+
+ public function __construct(Repository $repo = null)
+ {
+ $this->repo = $repo;
+ }
+
+ /**
+ * Processes the POST data, changes description and files
+ *
+ * @return boolean True if the post was successful
+ */
+ public function process($postData)
+ {
+ if (!isset($postData['files'])) {
+ return false;
+ }
+
+ if (!$this->repo) {
+ $this->repo = $this->createRepo();
+ }
+
+ $vc = $this->repo->getVc();
+ $this->repo->setDescription($postData['description']);
+
+ $bChanged = false;
+ foreach ($postData['files'] as $num => $arFile) {
+ $orignalName = $this->sanitizeFilename($arFile['original_name']);
+ $name = $this->sanitizeFilename($arFile['name']);
+
+ if ($name == '') {
+ $name = $this->getNextNumberedFile('phork')
+ . '.' . $arFile['type'];
+ }
+
+ $bNew = false;
+ if (!isset($orignalName) || $orignalName == '') {
+ //new file
+ $bNew = true;
+ } else if (!$this->repo->hasFile($orignalName)) {
+ //unknown file
+ //FIXME: Show error message
+ continue;
+ } else if ($orignalName != $name) {
+ //FIXME: what to do with overwrites?
+ $vc->getCommand('mv')
+ ->addArgument($orignalName)
+ ->addArgument($name)
+ ->execute();
+ $bChanged = true;
+ }
+
+ $file = $this->repo->getFileByName($name, false);
+ if ($bNew || $file->getContent() != $arFile['content']) {
+ file_put_contents($file->getPath(), $arFile['content']);
+ $command = $vc->getCommand('add')
+ ->addArgument($file->getFilename())
+ ->execute();
+ $bChanged = true;
+ }
+ }
+
+ if ($bChanged) {
+ $vc->getCommand('commit')
+ ->setOption('message', '')
+ ->setOption('allow-empty-message')
+ ->setOption('author', 'Anonymous <anonymous@phorkie>')
+ ->execute();
+ }
+
+ return true;
+ }
+
+ public function createRepo()
+ {
+ $rs = new Repositories();
+ $repo = $rs->createNew();
+ $vc = $repo->getVc();
+ $vc->initRepository();
+ foreach (glob($repo->repoDir . '/.git/hooks/*') as $hookfile) {
+ unlink($hookfile);
+ }
+ return $repo;
+ }
+
+ public function getNextNumberedFile($prefix)
+ {
+ $num = -1;
+ do {
+ ++$num;
+ $files = glob($this->repo->repoDir . '/' . $prefix . $num . '.*');
+ } while (count($files));
+
+ return $prefix . $num;
+ }
+
+ /**
+ * Removes malicious parts from a file name
+ *
+ * @param string $file File name from the user
+ *
+ * @return string Fixed and probably secure filename
+ */
+ public function sanitizeFilename($file)
+ {
+ $file = trim($file);
+ $file = str_replace(array('\\', '//'), '/', $file);
+ $file = str_replace('/../', '/', $file);
+ if (substr($file, 0, 3) == '../') {
+ $file = substr($file, 3);
+ }
+ if (substr($file, 0, 1) == '../') {
+ $file = substr($file, 1);
+ }
+
+ return $file;
+ }
+}
+
+?>
$repo = new Repository();
$repo->loadFromRequest();
-if (isset($_POST['files'])) {
- $vc = $repo->getVc();
- $repo->setDescription($_POST['description']);
-
- $bChanged = false;
- foreach ($_POST['files'] as $num => $arFile) {
- if (!isset($arFile['original_name'])
- || !$repo->hasFile($arFile['original_name'])
- ) {
- //FIXME: Show error message
- continue;
- }
- //FIXME: fix file names from .. and ./
- if ($arFile['original_name'] != $arFile['name']) {
- //FIXME: what to do with overwrites?
- $vc->getCommand('mv')
- ->addArgument($arFile['original_name'])
- ->addArgument($arFile['name'])
- ->execute();
- $bChanged = true;
- }
- $file = $repo->getFileByName($arFile['name']);
- if ($file->getContent() != $arFile['content']) {
- file_put_contents($file->getPath(), $arFile['content']);
- $command = $vc->getCommand('add')
- ->addArgument($file->getFilename())
- ->execute();
- $bChanged = true;
- }
- }
-
- if ($bChanged) {
- $vc->getCommand('commit')
- ->setOption('message', '')
- ->setOption('allow-empty-message')
- ->setOption('author', 'Anonymous <anonymous@phorkie>')
- ->execute();
- }
-
+$repopo = new Repository_Post($repo);
+if ($repopo->process($_POST)) {
redirect($repo->getLink('display'));
}
*/
require_once 'www-header.php';
-if (isset($_POST['files'])) {
- //save
- $rs = new Repositories();
- $repo = $rs->createNew();
- $vc = $repo->getVc();
- $vc->initRepository();
- foreach (glob($repo->repoDir . '/.git/hooks/*') as $hookfile) {
- unlink($hookfile);
- }
- $repo->setDescription($_POST['description']);
-
- foreach ($_POST['files'] as $num => $arFile) {
- if ($arFile['name'] != '') {
- //FIXME: fix file name from ..
- $fname = $arFile['name'];
- } else {
- $fname = 'phork' . $num . '.' . $arFile['type'];
- }
- $fpath = $repo->repoDir . $fname;
- file_put_contents($fpath, $arFile['content']);
- //fixme: let the class do that when it is able to
- $command = $vc->getCommand('add')
- ->addArgument($fname)
- ->execute();
- }
- $command = $vc->getCommand('commit')
- ->setOption('message', 'initial paste')
- ->setOption('author', 'Anonymous <anonymous@phorkie>')
- ->execute();
- //redirect to phork
- redirect($repo->getLink('display'));
+$repopo = new Repository_Post();
+if ($repopo->process($_POST)) {
+ redirect($repopo->repo->getLink('display'));
}
$phork = array(