mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-09 03:32:00 +09:00
- Originally committed on April 3, 2022 - Thanks to @misol @conory - getDownloadUrl()에서 기존 메소드 형태 최대한 그대로 유지하는 방향으로 작업 (단, source_filename 파라미터를 전달하지 않으면 긴주소로 강제됨) - getDirectFileUrl()의 불필요하게 복잡한 코드 정리 - getFileList()에서 이미지가 아닌 파일도 절대경로를 반환하도록 수정 - procFileDownload, procFileOutput에서 URL에 포함된 파일명을 검증하도록 하여 동일한 첨부파일에서 파일명 부분만 변형한 링크를 무한 생성할 수 없도록 함 - 짧은주소 미사용시 불필요한 module_srl 파라미터 제거
This commit is contained in:
Kijin Sung
parent
0029d1a1ec
commit
17279c264b
6 changed files with 49 additions and 25 deletions
|
|
@ -46,6 +46,12 @@ class Router
|
||||||
'vars' => ['mid' => 'any', 'act' => 'word'],
|
'vars' => ['mid' => 'any', 'act' => 'word'],
|
||||||
'priority' => 20,
|
'priority' => 20,
|
||||||
),
|
),
|
||||||
|
'files/download/link/$file_srl/$sid/$filename' => array(
|
||||||
|
'regexp' => '#^files/download/link/(?<file_srl>[0-9]+)/(?<sid>[0-9a-f]+)/(?<filename>[^/]+)$#',
|
||||||
|
'vars' => ['file_srl' => 'int', 'sid' => 'hex', 'filename' => 'any'],
|
||||||
|
'extra_vars' => ['act' => 'procFileDownload'],
|
||||||
|
'priority' => 0,
|
||||||
|
),
|
||||||
'files/download/$file_srl/$file_key/$filename' => array(
|
'files/download/$file_srl/$file_key/$filename' => array(
|
||||||
'regexp' => '#^files/download/(?<file_srl>[0-9]+)/(?<file_key>[a-zA-Z0-9_-]+)/(?<filename>[^/]+)$#',
|
'regexp' => '#^files/download/(?<file_srl>[0-9]+)/(?<file_key>[a-zA-Z0-9_-]+)/(?<filename>[^/]+)$#',
|
||||||
'vars' => ['file_srl' => 'int', 'file_key' => 'any', 'filename' => 'any'],
|
'vars' => ['file_srl' => 'int', 'file_key' => 'any', 'filename' => 'any'],
|
||||||
|
|
|
||||||
|
|
@ -183,8 +183,8 @@
|
||||||
else if(/\.(mp4|webm|ogv)$/i.test(result.source_filename) && opt.autoinsertTypes.video) {
|
else if(/\.(mp4|webm|ogv)$/i.test(result.source_filename) && opt.autoinsertTypes.video) {
|
||||||
if(result.original_type === 'image/gif') {
|
if(result.original_type === 'image/gif') {
|
||||||
temp_code += '<video src="' + result.download_url + '" autoplay loop muted playsinline data-file-srl="' + result.file_srl + '" />';
|
temp_code += '<video src="' + result.download_url + '" autoplay loop muted playsinline data-file-srl="' + result.file_srl + '" />';
|
||||||
} else if (result.download_url.match(/\bprocFileDownload\b/)) {
|
} else if (result.download_url.match(/\b(?:procFileDownload\b|files\/download\/)/)) {
|
||||||
if (result.download_url.match(/^\?/)) {
|
if (!result.download_url.match(/^\//)) {
|
||||||
result.download_url = XE.URI(default_url).pathname() + result.download_url;
|
result.download_url = XE.URI(default_url).pathname() + result.download_url;
|
||||||
}
|
}
|
||||||
temp_code += '<video src="' + result.download_url + '" controls preload="none" data-file-srl="' + result.file_srl + '" />';
|
temp_code += '<video src="' + result.download_url + '" controls preload="none" data-file-srl="' + result.file_srl + '" />';
|
||||||
|
|
@ -364,8 +364,8 @@
|
||||||
else if(/\.(mp4|webm|ogv)$/i.test(result.source_filename)) {
|
else if(/\.(mp4|webm|ogv)$/i.test(result.source_filename)) {
|
||||||
if(result.original_type === 'image/gif') {
|
if(result.original_type === 'image/gif') {
|
||||||
temp_code += '<video src="' + result.download_url + '" autoplay loop muted playsinline data-file-srl="' + result.file_srl + '" />';
|
temp_code += '<video src="' + result.download_url + '" autoplay loop muted playsinline data-file-srl="' + result.file_srl + '" />';
|
||||||
} else if (result.download_url.match(/\bprocFileDownload\b/)) {
|
} else if (result.download_url.match(/\b(?:procFileDownload\b|files\/download\/)/)) {
|
||||||
if (result.download_url.match(/^\?/)) {
|
if (!result.download_url.match(/^\//)) {
|
||||||
result.download_url = XE.URI(default_url).pathname() + result.download_url;
|
result.download_url = XE.URI(default_url).pathname() + result.download_url;
|
||||||
}
|
}
|
||||||
temp_code += '<video src="' + result.download_url + '" controls preload="none" data-file-srl="' + result.file_srl + '" />';
|
temp_code += '<video src="' + result.download_url + '" controls preload="none" data-file-srl="' + result.file_srl + '" />';
|
||||||
|
|
|
||||||
|
|
@ -114,7 +114,7 @@ class fileAdminModel extends file
|
||||||
{
|
{
|
||||||
$file->isCarted = false;
|
$file->isCarted = false;
|
||||||
}
|
}
|
||||||
$file->download_url = FileModel::getDownloadUrl($file->file_srl, $file->sid, $file->module_srl);
|
$file->download_url = FileModel::getDownloadUrl($file->file_srl, $file->sid, $file->module_srl, $file->source_filename);
|
||||||
$output->data[$key] = $file;
|
$output->data[$key] = $file;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -158,7 +158,7 @@ class fileController extends file
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$this->add('download_url', FileModel::getDownloadUrl($output->get('file_srl'), $output->get('sid'), $module_srl));
|
$this->add('download_url', FileModel::getDownloadUrl($output->get('file_srl'), $output->get('sid'), $module_srl, $output->get('source_filename')));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -288,18 +288,24 @@ class fileController extends file
|
||||||
|
|
||||||
$file_srl = Context::get('file_srl');
|
$file_srl = Context::get('file_srl');
|
||||||
$sid = Context::get('sid');
|
$sid = Context::get('sid');
|
||||||
$logged_info = Context::get('logged_info');
|
$filename_arg = Context::get('filename');
|
||||||
|
|
||||||
// Get file information from the DB
|
// Get file information from the DB
|
||||||
$file_obj = FileModel::getFile($file_srl);
|
$file_obj = FileModel::getFile($file_srl);
|
||||||
|
$filename = preg_replace('/\.\.+/', '.', $file_obj->source_filename);
|
||||||
|
|
||||||
// If the requested file information is incorrect, an error that file cannot be found appears
|
// If the requested file information is incorrect, an error that file cannot be found appears
|
||||||
if($file_obj->file_srl != $file_srl || $file_obj->sid !== $sid)
|
if($file_obj->file_srl != $file_srl || $file_obj->sid !== $sid)
|
||||||
{
|
{
|
||||||
throw new Rhymix\Framework\Exceptions\TargetNotFound('msg_file_not_found');
|
throw new Rhymix\Framework\Exceptions\TargetNotFound('msg_file_not_found');
|
||||||
}
|
}
|
||||||
// File name
|
if ($filename_arg !== null && $filename_arg !== $filename)
|
||||||
$filename = $file_obj->source_filename;
|
{
|
||||||
$file_module_config = FileModel::getFileModuleConfig($file_obj->module_srl);
|
throw new Rhymix\Framework\Exceptions\TargetNotFound('msg_file_not_found');
|
||||||
|
}
|
||||||
|
|
||||||
// Not allow the file outlink
|
// Not allow the file outlink
|
||||||
|
$file_module_config = FileModel::getFileModuleConfig($file_obj->module_srl);
|
||||||
if($file_module_config->allow_outlink == 'N' && $_SERVER["HTTP_REFERER"])
|
if($file_module_config->allow_outlink == 'N' && $_SERVER["HTTP_REFERER"])
|
||||||
{
|
{
|
||||||
// Handles extension to allow outlink
|
// Handles extension to allow outlink
|
||||||
|
|
@ -430,6 +436,12 @@ class fileController extends file
|
||||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check filename if given
|
||||||
|
if ($filename_arg !== null && $filename_arg !== $filename)
|
||||||
|
{
|
||||||
|
throw new Rhymix\Framework\Exceptions\TargetNotFound('msg_file_not_found');
|
||||||
|
}
|
||||||
|
|
||||||
// Check if file exists
|
// Check if file exists
|
||||||
$uploaded_filename = $file_obj->uploaded_filename;
|
$uploaded_filename = $file_obj->uploaded_filename;
|
||||||
if(!file_exists($uploaded_filename))
|
if(!file_exists($uploaded_filename))
|
||||||
|
|
@ -452,7 +464,7 @@ class fileController extends file
|
||||||
}
|
}
|
||||||
|
|
||||||
// Encode the filename.
|
// Encode the filename.
|
||||||
if ($filename_arg && $filename_arg === $filename)
|
if ($filename_arg !== null && $filename_arg === $filename)
|
||||||
{
|
{
|
||||||
$filename_param = '';
|
$filename_param = '';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -86,11 +86,14 @@ class fileModel extends file
|
||||||
$obj->original_type = $file_info->original_type;
|
$obj->original_type = $file_info->original_type;
|
||||||
$obj->direct_download = $file_info->direct_download;
|
$obj->direct_download = $file_info->direct_download;
|
||||||
$obj->cover_image = ($file_info->cover_image === 'Y') ? true : false;
|
$obj->cover_image = ($file_info->cover_image === 'Y') ? true : false;
|
||||||
$obj->download_url = $file_info->download_url;
|
|
||||||
if($obj->direct_download === 'Y' && self::isDownloadable($file_info))
|
if($obj->direct_download === 'Y' && self::isDownloadable($file_info))
|
||||||
{
|
{
|
||||||
$obj->download_url = self::getDirectFileUrl($file_info->uploaded_filename);
|
$obj->download_url = self::getDirectFileUrl($file_info->uploaded_filename);
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$obj->download_url = self::getDirectFileUrl($file_info->download_url);
|
||||||
|
}
|
||||||
|
|
||||||
$file_list[] = $obj;
|
$file_list[] = $obj;
|
||||||
$attached_size += $file_info->file_size;
|
$attached_size += $file_info->file_size;
|
||||||
|
|
@ -248,12 +251,20 @@ class fileModel extends file
|
||||||
*
|
*
|
||||||
* @param int $file_srl The sequence of file to get url
|
* @param int $file_srl The sequence of file to get url
|
||||||
* @param string $sid
|
* @param string $sid
|
||||||
* @param int $module_srl
|
* @param int $module_srl (unused)
|
||||||
|
* @param string $source_filename
|
||||||
* @return string Returns a url
|
* @return string Returns a url
|
||||||
*/
|
*/
|
||||||
public static function getDownloadUrl($file_srl, $sid, $module_srl = 0)
|
public static function getDownloadUrl($file_srl, $sid, $module_srl = 0, $source_filename = null)
|
||||||
{
|
{
|
||||||
return sprintf('?module=%s&act=%s&file_srl=%s&sid=%s&module_srl=%d', 'file', 'procFileDownload', $file_srl, $sid, $module_srl);
|
if ($source_filename && config('use_rewrite') && self::getFileConfig()->download_short_url === 'Y')
|
||||||
|
{
|
||||||
|
return sprintf('files/download/link/%d/%s/%s', $file_srl, $sid, rawurlencode(preg_replace('/\.\.+/', '.', $source_filename)));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return sprintf('index.php?module=%s&act=%s&file_srl=%s&sid=%s', 'file', 'procFileDownload', $file_srl, $sid);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -264,12 +275,7 @@ class fileModel extends file
|
||||||
*/
|
*/
|
||||||
public static function getDirectFileUrl($path)
|
public static function getDirectFileUrl($path)
|
||||||
{
|
{
|
||||||
if(dirname($_SERVER['SCRIPT_NAME']) == '/' || dirname($_SERVER['SCRIPT_NAME']) == '\\')
|
return \RX_BASEURL . ltrim($path, './');
|
||||||
{
|
|
||||||
return '/' . substr($path, 2);
|
|
||||||
}
|
|
||||||
|
|
||||||
return dirname($_SERVER['SCRIPT_NAME']) . '/' . substr($path, 2);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -342,7 +348,7 @@ class fileModel extends file
|
||||||
if(count($output->data) == 1)
|
if(count($output->data) == 1)
|
||||||
{
|
{
|
||||||
$file = $output->data[0];
|
$file = $output->data[0];
|
||||||
$file->download_url = self::getDownloadUrl($file->file_srl, $file->sid, $file->module_srl);
|
$file->download_url = self::getDownloadUrl($file->file_srl, $file->sid, $file->module_srl, $file->source_filename);
|
||||||
|
|
||||||
return $file;
|
return $file;
|
||||||
}
|
}
|
||||||
|
|
@ -355,7 +361,7 @@ class fileModel extends file
|
||||||
foreach($output->data as $key=>$value)
|
foreach($output->data as $key=>$value)
|
||||||
{
|
{
|
||||||
$file = $value;
|
$file = $value;
|
||||||
$file->download_url = self::getDownloadUrl($file->file_srl, $file->sid, $file->module_srl);
|
$file->download_url = self::getDownloadUrl($file->file_srl, $file->sid, $file->module_srl, $file->source_filename);
|
||||||
$fileList[] = $file;
|
$fileList[] = $file;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -387,7 +393,7 @@ class fileModel extends file
|
||||||
foreach ($output->data as $file)
|
foreach ($output->data as $file)
|
||||||
{
|
{
|
||||||
$file->source_filename = escape($file->source_filename, false);
|
$file->source_filename = escape($file->source_filename, false);
|
||||||
$file->download_url = self::getDownloadUrl($file->file_srl, $file->sid, $file->module_srl);
|
$file->download_url = self::getDownloadUrl($file->file_srl, $file->sid, $file->module_srl, $file->source_filename);
|
||||||
$fileList[] = $file;
|
$fileList[] = $file;
|
||||||
}
|
}
|
||||||
return $fileList;
|
return $fileList;
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<!--@if($uploaded_fileinfo->get('direct_download') === 'Y')-->
|
<!--@if($uploaded_fileinfo->get('direct_download') === 'Y')-->
|
||||||
uploaded_fileinfo.download_url = '{FileModel::getDirectFileUrl($uploaded_fileinfo->get("uploaded_filename"))}';
|
uploaded_fileinfo.download_url = '{FileModel::getDirectFileUrl($uploaded_fileinfo->get("uploaded_filename"))}';
|
||||||
<!--@else-->
|
<!--@else-->
|
||||||
uploaded_fileinfo.download_url = '{FileModel::getDownloadUrl($uploaded_fileinfo->get("file_srl"), $uploaded_fileinfo->get("sid"), $module_srl)}';
|
uploaded_fileinfo.download_url = '{FileModel::getDownloadUrl($uploaded_fileinfo->get("file_srl"), $uploaded_fileinfo->get("sid"), $module_srl, $uploaded_fileinfo->get("source_filename"))}';
|
||||||
<!--@end-->
|
<!--@end-->
|
||||||
uploaded_fileinfo.thumbnail_filename = '{$uploaded_fileinfo->get("thumbnail_filename")}';
|
uploaded_fileinfo.thumbnail_filename = '{$uploaded_fileinfo->get("thumbnail_filename")}';
|
||||||
uploaded_fileinfo.original_type = '{$uploaded_fileinfo->get("original_type")}';
|
uploaded_fileinfo.original_type = '{$uploaded_fileinfo->get("original_type")}';
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue