Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F2889532
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Award Token
Flag For Later
Advanced/Developer...
View Handle
View Hovercard
Size
13 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/src/applications/files/controller/list/PhabricatorFileListController.php b/src/applications/files/controller/list/PhabricatorFileListController.php
index 1aef4aea2f..6cf4d8f0f4 100644
--- a/src/applications/files/controller/list/PhabricatorFileListController.php
+++ b/src/applications/files/controller/list/PhabricatorFileListController.php
@@ -1,205 +1,196 @@
<?php
/*
* Copyright 2011 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
class PhabricatorFileListController extends PhabricatorFileController {
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
$upload_panel = $this->renderUploadPanel();
$author = null;
$author_username = $request->getStr('author');
if ($author_username) {
$author = id(new PhabricatorUser())->loadOneWhere(
'userName = %s',
$author_username);
if (!$author) {
return id(new Aphront404Response());
}
$title = 'Files Uploaded by '.phutil_escape_html($author->getUsername());
} else {
$title = 'Files';
}
$pager = new AphrontPagerView();
$pager->setOffset($request->getInt('page'));
if ($author) {
$files = id(new PhabricatorFile())->loadAllWhere(
'authorPHID = %s ORDER BY id DESC LIMIT %d, %d',
$author->getPHID(),
$pager->getOffset(),
$pager->getPageSize() + 1);
} else {
$files = id(new PhabricatorFile())->loadAllWhere(
'1 = 1 ORDER BY id DESC LIMIT %d, %d',
$pager->getOffset(),
$pager->getPageSize() + 1);
}
$files = $pager->sliceResults($files);
$pager->setURI($request->getRequestURI(), 'page');
$phids = mpull($files, 'getAuthorPHID');
$handles = id(new PhabricatorObjectHandleData($phids))->loadHandles();
$highlighted = $request->getStr('h');
$highlighted = explode('-', $highlighted);
$highlighted = array_fill_keys($highlighted, true);
$rows = array();
$rowc = array();
foreach ($files as $file) {
if ($file->isViewableInBrowser()) {
$view_button = phutil_render_tag(
'a',
array(
'class' => 'small button grey',
'href' => '/file/view/'.$file->getPHID().'/',
),
'View');
} else {
$view_button = null;
}
if (isset($highlighted[$file->getID()])) {
$rowc[] = 'highlighted';
} else {
$rowc[] = '';
}
$rows[] = array(
phutil_escape_html('F'.$file->getID()),
$file->getAuthorPHID()
? $handles[$file->getAuthorPHID()]->renderLink()
: null,
phutil_render_tag(
'a',
array(
- 'href' => $file->getViewURI(),
+ 'href' => $file->getBestURI(),
),
phutil_escape_html($file->getName())),
phutil_escape_html(number_format($file->getByteSize()).' bytes'),
phutil_render_tag(
'a',
array(
'class' => 'small button grey',
'href' => '/file/info/'.$file->getPHID().'/',
),
'Info'),
$view_button,
- phutil_render_tag(
- 'a',
- array(
- 'class' => 'small button grey',
- 'href' => '/file/download/'.$file->getPHID().'/',
- ),
- 'Download'),
phabricator_date($file->getDateCreated(), $user),
phabricator_time($file->getDateCreated(), $user),
);
}
$table = new AphrontTableView($rows);
$table->setRowClasses($rowc);
$table->setHeaders(
array(
'File ID',
'Author',
'Name',
'Size',
'',
'',
- '',
'Created',
'',
));
$table->setColumnClasses(
array(
null,
'',
'wide pri',
'right',
'action',
'action',
- 'action',
'',
'right',
));
$panel = new AphrontPanelView();
$panel->appendChild($table);
$panel->setHeader($title);
$panel->appendChild($pager);
return $this->buildStandardPageResponse(
array(
$upload_panel,
$panel,
),
array(
'title' => 'Files',
'tab' => 'files',
));
}
private function renderUploadPanel() {
$request = $this->getRequest();
$user = $request->getUser();
require_celerity_resource('files-css');
$upload_id = celerity_generate_unique_node_id();
$panel_id = celerity_generate_unique_node_id();
$upload_panel = new AphrontPanelView();
$upload_panel->setHeader('Upload Files');
$upload_panel->setCreateButton(
'Basic Uploader', '/file/upload/');
$upload_panel->setWidth(AphrontPanelView::WIDTH_FULL);
$upload_panel->setID($panel_id);
$upload_panel->appendChild(
phutil_render_tag(
'div',
array(
'id' => $upload_id,
'style' => 'display: none;',
'class' => 'files-drag-and-drop',
),
''));
Javelin::initBehavior(
'files-drag-and-drop',
array(
'uri' => '/file/dropupload/',
'browseURI' => '/file/?author='.$user->getUsername(),
'control' => $upload_id,
'target' => $panel_id,
'activatedClass' => 'aphront-panel-view-drag-and-drop',
));
return $upload_panel;
}
}
diff --git a/src/applications/files/controller/view/PhabricatorFileViewController.php b/src/applications/files/controller/view/PhabricatorFileViewController.php
index 47a9e57df3..a5dc977037 100644
--- a/src/applications/files/controller/view/PhabricatorFileViewController.php
+++ b/src/applications/files/controller/view/PhabricatorFileViewController.php
@@ -1,196 +1,206 @@
<?php
/*
* Copyright 2011 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
class PhabricatorFileViewController extends PhabricatorFileController {
private $phid;
private $view;
public function willProcessRequest(array $data) {
$this->phid = $data['phid'];
$this->view = $data['view'];
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
$file = id(new PhabricatorFile())->loadOneWhere(
'phid = %s',
$this->phid);
if (!$file) {
return new Aphront404Response();
}
switch ($this->view) {
case 'download':
case 'view':
$data = $file->loadFileData();
$response = new AphrontFileResponse();
$response->setContent($data);
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
if ($this->view == 'view') {
if (!$file->isViewableInBrowser()) {
return new Aphront400Response();
}
$download = false;
} else {
$download = true;
}
+ if ($download) {
+ if (!$request->isFormPost()) {
+ // Require a POST to download files to hinder attacks where you
+ // <applet src="http://phabricator.example.com/file/..." /> on some
+ // other domain.
+ return id(new AphrontRedirectResponse())
+ ->setURI($file->getInfoURI());
+ }
+ }
+
if ($download) {
$mime_type = $file->getMimeType();
} else {
$mime_type = $file->getViewableMimeType();
}
$response->setMimeType($mime_type);
if ($download) {
$response->setDownload($file->getName());
}
return $response;
default:
break;
}
$author_child = null;
if ($file->getAuthorPHID()) {
$author = id(new PhabricatorUser())->loadOneWhere(
'phid = %s',
$file->getAuthorPHID());
if ($author) {
$author_child = id(new AphrontFormStaticControl())
->setLabel('Author')
->setName('author')
->setValue($author->getUserName());
}
}
$form = new AphrontFormView();
if ($file->isViewableInBrowser()) {
$form->setAction('/file/view/'.$file->getPHID().'/');
$button_name = 'View File';
} else {
$form->setAction('/file/download/'.$file->getPHID().'/');
$button_name = 'Download File';
}
$file_id = 'F'.$file->getID();
$form->setUser($user);
$form
->appendChild(
id(new AphrontFormStaticControl())
->setLabel('Name')
->setName('name')
->setValue($file->getName()))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel('ID')
->setName('id')
->setValue($file_id)
->setCaption(
'Download this file with: <tt>arc download '.
phutil_escape_html($file_id).'</tt>'))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel('PHID')
->setName('phid')
->setValue($file->getPHID()))
->appendChild($author_child)
->appendChild(
id(new AphrontFormStaticControl())
->setLabel('Created')
->setName('created')
->setValue(phabricator_datetime($file->getDateCreated(), $user)))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel('Mime Type')
->setName('mime')
->setValue($file->getMimeType()))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel('Size')
->setName('size')
->setValue($file->getByteSize().' bytes'))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel('Engine')
->setName('storageEngine')
->setValue($file->getStorageEngine()))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel('Format')
->setName('storageFormat')
->setValue($file->getStorageFormat()))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel('Handle')
->setName('storageHandle')
->setValue($file->getStorageHandle()))
->appendChild(
id(new AphrontFormSubmitControl())
->setValue($button_name));
$panel = new AphrontPanelView();
$panel->setHeader('File Info - '.$file->getName());
$panel->appendChild($form);
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$transformations = id(new PhabricatorTransformedFile())->loadAllWhere(
'originalPHID = %s',
$file->getPHID());
$rows = array();
foreach ($transformations as $transformed) {
$phid = $transformed->getTransformedPHID();
$rows[] = array(
phutil_escape_html($transformed->getTransform()),
phutil_render_tag(
'a',
array(
'href' => PhabricatorFileURI::getViewURIForPHID($phid),
),
$phid));
}
$table = new AphrontTableView($rows);
$table->setHeaders(
array(
'Transform',
'File',
));
$xform_panel = new AphrontPanelView();
$xform_panel->appendChild($table);
$xform_panel->setWidth(AphrontPanelView::WIDTH_FORM);
$xform_panel->setHeader('Transformations');
return $this->buildStandardPageResponse(
array($panel, $xform_panel),
array(
'title' => 'File Info - '.$file->getName(),
));
}
}
diff --git a/src/applications/files/controller/view/__init__.php b/src/applications/files/controller/view/__init__.php
index f6dbd0e152..afe7459ce5 100644
--- a/src/applications/files/controller/view/__init__.php
+++ b/src/applications/files/controller/view/__init__.php
@@ -1,28 +1,29 @@
<?php
/**
* This file is automatically generated. Lint this module to rebuild it.
* @generated
*/
phutil_require_module('phabricator', 'aphront/response/400');
phutil_require_module('phabricator', 'aphront/response/404');
phutil_require_module('phabricator', 'aphront/response/file');
+phutil_require_module('phabricator', 'aphront/response/redirect');
phutil_require_module('phabricator', 'applications/files/controller/base');
phutil_require_module('phabricator', 'applications/files/storage/file');
phutil_require_module('phabricator', 'applications/files/storage/transformed');
phutil_require_module('phabricator', 'applications/files/uri');
phutil_require_module('phabricator', 'applications/people/storage/user');
phutil_require_module('phabricator', 'view/control/table');
phutil_require_module('phabricator', 'view/form/base');
phutil_require_module('phabricator', 'view/form/control/static');
phutil_require_module('phabricator', 'view/form/control/submit');
phutil_require_module('phabricator', 'view/layout/panel');
phutil_require_module('phabricator', 'view/utils');
phutil_require_module('phutil', 'markup');
phutil_require_module('phutil', 'utils');
phutil_require_source('PhabricatorFileViewController.php');
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Jan 19 2025, 12:18 (4 w, 2 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1124477
Default Alt Text
(13 KB)
Attached To
Mode
rP Phorge
Attached
Detach File
Event Timeline
Log In to Comment