nc-gpxedit/controller/utilscontroller.php

372 lines
12 KiB
PHP
Raw Permalink Normal View History

<?php
/**
* ownCloud - gpxedit
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Julien Veyssier <eneiluj@gmx.fr>
* @copyright Julien Veyssier 2015
*/
namespace OCA\GpxEdit\Controller;
2017-03-17 23:16:12 +00:00
use OCP\App\IAppManager;
use OCP\IURLGenerator;
use OCP\IConfig;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\ContentSecurityPolicy;
use OCP\IRequest;
use OCP\AppFramework\Http\DataResponse;
2016-12-14 01:28:41 +00:00
use OCP\AppFramework\Http\DataDisplayResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Controller;
/**
* Recursive find files from name pattern
*/
function globRecursive($path, $find, $recursive=True) {
$result = Array();
$dh = opendir($path);
while (($file = readdir($dh)) !== false) {
if (substr($file, 0, 1) === '.') continue;
$rfile = "{$path}/{$file}";
if (is_dir($rfile) and $recursive) {
foreach (globRecursive($rfile, $find) as $ret) {
array_push($result, $ret);
}
} else {
if (fnmatch($find, $file)){
array_push($result, $rfile);
}
}
}
closedir($dh);
return $result;
}
/*
* search into all directories in PATH environment variable
* to find a program and return it if found
*/
function getProgramPath($progname){
$path_ar = explode(':',getenv('path'));
$path_ar = array_merge($path_ar, explode(':',getenv('PATH')));
foreach ($path_ar as $path){
$supposed_gpath = $path.'/'.$progname;
if (file_exists($supposed_gpath) and
is_executable($supposed_gpath)){
return $supposed_gpath;
}
}
return null;
}
function endswith($string, $test) {
$strlen = strlen($string);
$testlen = strlen($test);
if ($testlen > $strlen) return false;
return substr_compare($string, $test, $strlen - $testlen, $testlen) === 0;
}
class UtilsController extends Controller {
private $userId;
private $userfolder;
private $config;
private $userAbsoluteDataPath;
private $dbconnection;
private $dbtype;
2017-03-17 23:16:12 +00:00
public function __construct($AppName, IRequest $request, $UserId,
$userfolder, $config, IAppManager $appManager){
parent::__construct($AppName, $request);
$this->userId = $UserId;
$this->dbtype = $config->getSystemValue('dbtype');
// IConfig object
$this->config = $config;
if ($this->dbtype === 'pgsql'){
$this->dbdblquotes = '"';
}
else{
$this->dbdblquotes = '';
}
if ($UserId !== '' and $userfolder !== null){
// path of user files folder relative to DATA folder
$this->userfolder = $userfolder;
// absolute path to user files folder
$this->userAbsoluteDataPath =
$this->config->getSystemValue('datadirectory').
rtrim($this->userfolder->getFullPath(''), '/');
// make cache if it does not exist
$cachedirpath = $this->userAbsoluteDataPath.'/../cache';
if (! is_dir($cachedirpath)){
mkdir($cachedirpath);
}
$this->dbconnection = \OC::$server->getDatabaseConnection();
}
}
/**
*/
public function deleteExtraSymbol($name) {
$filename = str_replace(array('../', '..\\', '/'), '', $name);
$filepath = $this->config->getSystemValue('datadirectory').'/gpxedit/symbols/'.$filename;
if (file_exists($filepath)){
unlink($filepath);
}
return new DataResponse(
[
'data' =>
[
'name' => $filename,
'message' => 'Deleted'
],
'status' => 'success'
]
);
}
/**
*/
public function uploadExtraSymbol($addExtraSymbolName) {
$newSymbol = $this->request->getUploadedFile('uploadsymbol');
$filename = str_replace(array('../', '..\\', '/'), '', $addExtraSymbolName);
2016-12-13 11:56:46 +00:00
if (!endswith($newSymbol['name'], '.png')){
return new DataResponse(
[
'data' =>
[
'message' => 'File has to be a png'
],
'status' => 'fail'
],
Http::STATUS_UNPROCESSABLE_ENTITY
);
}
if (empty($newSymbol)) {
return new DataResponse(
[
'data' => [
'message' => 'No file uploaded'
]
],
Http::STATUS_UNPROCESSABLE_ENTITY
);
}
if(!empty($newSymbol)) {
$filepath = $this->config->getSystemValue('datadirectory').'/gpxedit/symbols/'.$filename.'.png';
$content = file_get_contents($newSymbol['tmp_name']);
file_put_contents($filepath, $content);
}
return new DataResponse(
[
'data' =>
[
'name' => $filename.'.png',
'message' => 'Saved'
],
'status' => 'success'
]
);
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
*/
public function getExtraSymbol() {
2016-12-14 01:28:41 +00:00
$filename = str_replace(array('../', '..\\', '/'), '', $_GET['name']);
$filepath = $this->config->getSystemValue('datadirectory').'/gpxedit/symbols/'.$filename;
$filecontent = file_get_contents($filepath);
2016-12-14 01:28:41 +00:00
$response = new DataDisplayResponse(
$filecontent, \OCP\AppFramework\Http::STATUS_OK, Array('Content-type'=>'image/png')
);
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('*')
->addAllowedMediaDomain('*')
->addAllowedConnectDomain('*');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* Add one tile server to the DB for current user
* @NoAdminRequired
*/
public function addTileServer($servername, $serverurl, $type,
$layers, $version, $tformat, $opacity, $transparent,
$minzoom, $maxzoom, $attribution) {
// first we check it does not already exist
$sqlts = 'SELECT servername FROM *PREFIX*gpxedit_tile_servers ';
$sqlts .= 'WHERE '.$this->dbdblquotes.'user'.$this->dbdblquotes.'=\''.$this->userId.'\' ';
2018-01-15 13:17:10 +00:00
$sqlts .= 'AND servername='.$this->db_quote_escape_string($servername).' ';
$sqlts .= 'AND type='.$this->db_quote_escape_string($type).' ';
$req = $this->dbconnection->prepare($sqlts);
$req->execute();
$ts = null;
while ($row = $req->fetch()){
$ts = $row['servername'];
break;
}
$req->closeCursor();
// then if not, we insert it
if ($ts === null){
$sql = 'INSERT INTO *PREFIX*gpxedit_tile_servers';
$sql .= ' ('.$this->dbdblquotes.'user'.$this->dbdblquotes.', type, servername, url, layers, version, format, opacity, transparent, minzoom, maxzoom, attribution) ';
$sql .= 'VALUES (\''.$this->userId.'\',';
$sql .= $this->db_quote_escape_string($type).',';
$sql .= $this->db_quote_escape_string($servername).',';
$sql .= $this->db_quote_escape_string($serverurl).',';
$sql .= $this->db_quote_escape_string($layers).',';
$sql .= $this->db_quote_escape_string($version).',';
$sql .= $this->db_quote_escape_string($tformat).',';
$sql .= $this->db_quote_escape_string($opacity).',';
$sql .= $this->db_quote_escape_string($transparent).',';
$sql .= $this->db_quote_escape_string($minzoom).',';
$sql .= $this->db_quote_escape_string($maxzoom).',';
$sql .= $this->db_quote_escape_string($attribution).');';
$req = $this->dbconnection->prepare($sql);
$req->execute();
$req->closeCursor();
$ok = 1;
}
else{
$ok = 0;
}
$response = new DataResponse(
[
'done'=>$ok
]
);
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('*')
->addAllowedMediaDomain('*')
->addAllowedConnectDomain('*');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* Delete one tile server entry from DB for current user
* @NoAdminRequired
*/
public function deleteTileServer($servername, $type) {
$sqldel = 'DELETE FROM *PREFIX*gpxedit_tile_servers ';
$sqldel .= 'WHERE '.$this->dbdblquotes.'user'.$this->dbdblquotes.'='.$this->db_quote_escape_string($this->userId).' AND servername=';
$sqldel .= $this->db_quote_escape_string($servername).' AND type='.$this->db_quote_escape_string($type).';';
$req = $this->dbconnection->prepare($sqldel);
$req->execute();
$req->closeCursor();
$response = new DataResponse(
[
'done'=>1
]
);
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('*')
->addAllowedMediaDomain('*')
->addAllowedConnectDomain('*');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* Save options values to the DB for current user
* @NoAdminRequired
*/
public function saveOptionsValues($optionsValues) {
// first we check if user already has options values in DB
2017-08-27 16:10:43 +00:00
$sqlts = 'SELECT jsonvalues FROM *PREFIX*gpxedit_options ';
$sqlts .= 'WHERE '.$this->dbdblquotes.'user'.$this->dbdblquotes.'=\''.$this->userId.'\' ';
$req = $this->dbconnection->prepare($sqlts);
$req->execute();
$check = null;
while ($row = $req->fetch()){
$check = $row['jsonvalues'];
break;
}
$req->closeCursor();
// if nothing is there, we insert
if ($check === null){
2017-08-27 16:10:43 +00:00
$sql = 'INSERT INTO *PREFIX*gpxedit_options';
$sql .= ' ('.$this->dbdblquotes.'user'.$this->dbdblquotes.', jsonvalues) ';
$sql .= 'VALUES (\''.$this->userId.'\',';
$sql .= '\''.$optionsValues.'\');';
$req = $this->dbconnection->prepare($sql);
$req->execute();
$req->closeCursor();
}
// else we update the values
else{
2017-08-27 16:10:43 +00:00
$sqlupd = 'UPDATE *PREFIX*gpxedit_options ';
$sqlupd .= 'SET jsonvalues=\''.$optionsValues.'\' ';
$sqlupd .= 'WHERE '.$this->dbdblquotes.'user'.$this->dbdblquotes.'=\''.$this->userId.'\' ; ';
$req = $this->dbconnection->prepare($sqlupd);
$req->execute();
$req->closeCursor();
}
$response = new DataResponse(
[
'done'=>true
]
);
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('*')
->addAllowedMediaDomain('*')
->addAllowedConnectDomain('*');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* get options values to the DB for current user
* @NoAdminRequired
*/
public function getOptionsValues($optionsValues) {
2017-08-27 16:10:43 +00:00
$sqlov = 'SELECT jsonvalues FROM *PREFIX*gpxedit_options ';
$sqlov .= 'WHERE '.$this->dbdblquotes.'user'.$this->dbdblquotes.'='.$this->db_quote_escape_string($this->userId).' ;';
$req = $this->dbconnection->prepare($sqlov);
$req->execute();
$ov = '{}';
while ($row = $req->fetch()){
$ov = $row["jsonvalues"];
}
$req->closeCursor();
$response = new DataResponse(
[
'values'=>$ov
]
);
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('*')
->addAllowedMediaDomain('*')
->addAllowedConnectDomain('*');
$response->setContentSecurityPolicy($csp);
return $response;
}
/*
* quote and choose string escape function depending on database used
*/
private function db_quote_escape_string($str){
return $this->dbconnection->quote($str);
}
}