hvorragend
commented
13 years ago diff -Bwc0 Attic/pnvfs_db.php ./pnvfs_db.php
*** Attic/pnvfs_db.php Thu Mar 18 21:26:52 2010
--- ./pnvfs_db.php Sun Feb 27 20:29:54 2011
***************
*** 14 ****
--- 15,17 ----
+ // Use vfs_db handler for protected storage directory too (2011-02-26, Reiner Maiwald, Dortmund)
+ $vfs = 'vfs_' . pnModGetVar('mediashare', 'vfs');
+
***************
*** 16 ****
! pnModAPILoad('mediashare', 'vfs_db');
--- 19 ----
! pnModAPILoad('mediashare', $vfs);
***************
*** 18 ****
! $media = pnModAPIFunc('mediashare', 'vfs_db', 'getMedia', array('fileref' => $fileref));
--- 21 ----
! $media = pnModAPIFunc('mediashare', $vfs, 'getMedia', array('fileref' => $fileref));
diff -Bwc0 Attic/pnvfs_fsdirectapi.php ./pnvfs_fsdirectapi.php
*** Attic/pnvfs_fsdirectapi.php Thu Mar 18 21:26:52 2010
--- ./pnvfs_fsdirectapi.php Sun Feb 27 20:30:20 2011
***************
*** 58 ****
! if (!file_exists("mediashare/$id"))
--- 58,59 ----
! $storage_dir = $this->storageDir . '/' . $id;
! if (!file_exists($storage_dir))
***************
*** 60,61 ****
! mkdir("mediashare/$id");
! chmod("mediashare/$id", 0777);
--- 61,62 ----
! mkdir($storage_dir);
! chmod($storage_dir, 0777);
***************
*** 76 ****
--- 78,128 ----
+ }
+
+
+ function mediashare_vfs_fsdirectapi_getMedia($args)
+ {
+ $fileref = pnVarPrepForStore($args['fileref']);
+
+ list($dbconn) = pnDBGetConn();
+ $pntable = pnDBGetTables();
+
+ $mediaTable = $pntable['mediashare_media'];
+ $mediaColumn = $pntable['mediashare_media_column'];
+ $storageTable = $pntable['mediashare_mediastore'];
+ $storageColumn = $pntable['mediashare_mediastore_column'];
+
+ $sql = "
+ SELECT store.$storageColumn[mimeType],
+ store.$storageColumn[bytes],
+ media.$mediaColumn[id],
+ media.$mediaColumn[parentAlbumId],
+ media.$mediaColumn[title],
+ UNIX_TIMESTAMP(media.$mediaColumn[modifiedDate])
+ FROM $storageTable store
+ LEFT JOIN $mediaTable media
+ ON ( media.$mediaColumn[thumbnailId] = store.$storageColumn[id]
+ OR media.$mediaColumn[previewId] = store.$storageColumn[id]
+ OR media.$mediaColumn[originalId] = store.$storageColumn[id])
+ WHERE store.$storageColumn[fileRef] = '".$fileref."'";
+
+ $result = $dbconn->execute($sql);
+
+ if ($dbconn->errorNo() != 0)
+ return mediashareErrorAPI(__FILE__, __LINE__, '"getMedia" failed (pnvf_dbapi): ' . $dbconn->errorMsg() . " while executing: $sql");
+
+ if ($result->EOF)
+ return mediashareErrorAPI(__FILE__, __LINE__, "Unknown media item");
+
+ $info = array('mimeType' => $result->fields[0],
+ 'bytes' => $result->fields[1],
+ 'mediaId' => $result->fields[2],
+ 'albumId' => $result->fields[3],
+ 'title' => $result->fields[4],
+ 'modifiedDate' => $result->fields[5]);
+
+ $storageDir = pnModGetVar('mediashare', 'mediaDirName');
+ $fillfilename = $storageDir . '/' . $fileref;
+ $info['data'] = file_get_contents($fillfilename);
+
+ $result->Close();
+
+ return $info;
Description problem
Strict access control of media files should be available for both media storages, database an file system. analysis
Media stored in the file system are accessible for everyone. Weired file names do not really protect the files. A robot can generate all possible file names and thus access all media. Strict access control ist only available, when media are stored in the database. enhancement recommendation
It is very simple to extend pnvfs_db.php to load either pnvfs_dbapi.php or pnvfs_fsdirectapi.php depending on the configuration variable vfs. After adding the getMedia function to pnvfs_fsdirectapi.php the virtual file system works for both media storages, database and file system. This enhances pnvfs_db.php to pnvfs.php (see attached diff file). Attachments
mediashare-4.0.0-vfs-patch.txt Download (3.1 KB) - added by rmaiwald 6 months ago. mediashare-3.2.0-vfs-patch.txt Download (3.1 KB) - added by rmaiwald 6 months ago. vfs-patch for mediashare 3.2.0
Change History Changed 6 months ago by rmaiwald
Changed 6 months ago by rmaiwald
vfs-patch for mediashare 3.2.0 comment:1 Changed 4 months ago by espaan
Hi, sounds great. To be honest I dont follow exactly what you are doing. Have to dive into the vsf files again. Can you explain a little more what you patch does that is not being done right now in the current trunk version of mediashare (4.1). Did you patch your code against the current trunk? A lot of small fixes and enhancements have been made tehre already and the version has been set to 4.1 to show the difference.