Posting.php 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177
  1. <?php
  2. // {{{ License
  3. // This file is part of GNU social - https://www.gnu.org/software/social
  4. //
  5. // GNU social is free software: you can redistribute it and/or modify
  6. // it under the terms of the GNU Affero General Public License as published by
  7. // the Free Software Foundation, either version 3 of the License, or
  8. // (at your option) any later version.
  9. //
  10. // GNU social is distributed in the hope that it will be useful,
  11. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. // GNU Affero General Public License for more details.
  14. //
  15. // You should have received a copy of the GNU Affero General Public License
  16. // along with GNU social. If not, see <http://www.gnu.org/licenses/>.
  17. // }}}
  18. namespace Component\Posting;
  19. use App\Core\Cache;
  20. use App\Core\DB\DB;
  21. use App\Core\Event;
  22. use App\Core\Form;
  23. use App\Core\GSFile;
  24. use function App\Core\I18n\_m;
  25. use App\Core\Modules\Component;
  26. use App\Entity\Attachment;
  27. use App\Entity\AttachmentToNote;
  28. use App\Entity\GSActorToAttachment;
  29. use App\Entity\Note;
  30. use App\Util\Common;
  31. use App\Util\Exception\ClientException;
  32. use App\Util\Exception\DuplicateFoundException;
  33. use App\Util\Exception\InvalidFormException;
  34. use App\Util\Exception\RedirectException;
  35. use App\Util\Exception\ServerException;
  36. use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
  37. use Symfony\Component\Form\Extension\Core\Type\FileType;
  38. use Symfony\Component\Form\Extension\Core\Type\SubmitType;
  39. use Symfony\Component\Form\Extension\Core\Type\TextareaType;
  40. class Posting extends Component
  41. {
  42. /**
  43. * HTML render event handler responsible for adding and handling
  44. * the result of adding the note submission form, only if a user is logged in
  45. *
  46. * @throws ClientException
  47. * @throws RedirectException
  48. * @throws ServerException
  49. */
  50. public function onStartTwigPopulateVars(array &$vars): bool
  51. {
  52. if (($user = Common::user()) == null) {
  53. return Event::next;
  54. }
  55. $actor_id = $user->getId();
  56. $to_tags = [];
  57. $tags = Cache::get("actor-circle-{$actor_id}", function () use ($actor_id) {
  58. return DB::dql('select c.tag from App\Entity\GSActorCircle c where c.tagger = :tagger', ['tagger' => $actor_id]);
  59. });
  60. foreach ($tags as $t) {
  61. $t = $t['tag'];
  62. $to_tags[$t] = $t;
  63. }
  64. $placeholder_strings = ['How are you feeling?', 'Have something to share?', 'How was your day?'];
  65. Event::handle('PostingPlaceHolderString', [&$placeholder_strings]);
  66. $placeholder = $placeholder_strings[array_rand($placeholder_strings)];
  67. $request = $vars['request'];
  68. $form = Form::create([
  69. ['content', TextareaType::class, ['label' => ' ', 'data' => '', 'attr' => ['placeholder' => _m($placeholder)]]],
  70. ['attachments', FileType::class, ['label' => ' ', 'data' => null, 'multiple' => true, 'required' => false]],
  71. ['visibility', ChoiceType::class, ['label' => _m('Visibility:'), 'multiple' => false, 'expanded' => false, 'data' => 'public', 'choices' => [_m('Public') => 'public', _m('Instance') => 'instance', _m('Private') => 'private']]],
  72. ['to', ChoiceType::class, ['label' => _m('To:'), 'multiple' => false, 'expanded' => false, 'choices' => $to_tags]],
  73. ['post_note', SubmitType::class, ['label' => _m('Post')]],
  74. ]);
  75. $form->handleRequest($request);
  76. if ($form->isSubmitted()) {
  77. $data = $form->getData();
  78. if ($form->isValid()) {
  79. self::storeNote($actor_id, $data['content'], $data['attachments'], is_local: true);
  80. throw new RedirectException();
  81. } else {
  82. throw new InvalidFormException();
  83. }
  84. }
  85. $vars['post_form'] = $form->createView();
  86. return Event::next;
  87. }
  88. /**
  89. * Store the given note with $content and $attachments, created by
  90. * $actor_id, possibly as a reply to note $reply_to and with flag
  91. * $is_local. Sanitizes $content and $attachments
  92. *
  93. * @throws DuplicateFoundException
  94. * @throws ClientException|ServerException
  95. */
  96. public static function storeNote(int $actor_id, ?string $content, array $attachments, bool $is_local, ?int $reply_to = null, ?int $repeat_of = null)
  97. {
  98. $note = Note::create([
  99. 'gsactor_id' => $actor_id,
  100. 'content' => $content,
  101. 'is_local' => $is_local,
  102. 'reply_to' => $reply_to,
  103. 'repeat_of' => $repeat_of,
  104. ]);
  105. $processed_attachments = [];
  106. foreach ($attachments as $f) { // where $f is a Symfony\Component\HttpFoundation\File\UploadedFile
  107. $filesize = $f->getSize();
  108. $max_file_size = Common::config('attachments', 'file_quota');
  109. if ($max_file_size < $filesize) {
  110. throw new ClientException(_m('No file may be larger than {quota} bytes and the file you sent was {size} bytes. ' .
  111. 'Try to upload a smaller version.', ['quota' => $max_file_size, 'size' => $filesize]));
  112. }
  113. Event::handle('EnforceUserFileQuota', [$filesize, $actor_id]);
  114. $processed_attachments[] = [GSFile::sanitizeAndStoreFileAsAttachment($f), $f->getClientOriginalName()];
  115. }
  116. DB::persist($note);
  117. // Need file and note ids for the next step
  118. DB::flush();
  119. if ($processed_attachments != []) {
  120. foreach ($processed_attachments as [$a, $fname]) {
  121. if (empty(DB::findBy('gsactor_to_attachment', ['attachment_id' => $a->getId(), 'gsactor_id' => $actor_id]))) {
  122. DB::persist(GSActorToAttachment::create(['attachment_id' => $a->getId(), 'gsactor_id' => $actor_id]));
  123. }
  124. DB::persist(AttachmentToNote::create(['attachment_id' => $a->getId(), 'note_id' => $note->getId(), 'title' => $fname]));
  125. }
  126. DB::flush();
  127. }
  128. Event::handle('ProcessNoteContent', [$note->getId(), $content]);
  129. }
  130. /**
  131. * Get a unique representation of a file on disk
  132. *
  133. * This can be used in the future to deduplicate images by visual content
  134. *
  135. * @param string $filename
  136. * @param null|string $out_hash
  137. *
  138. * @return bool
  139. */
  140. public function onHashFile(string $filename, ?string &$out_hash): bool
  141. {
  142. $out_hash = hash_file(Attachment::FILEHASH_ALGO, $filename);
  143. return Event::stop;
  144. }
  145. /**
  146. * Fill the list with allowed sizes for an attachment, to prevent potential DoS'ing by requesting thousands of different thumbnail sizes
  147. *
  148. * @param null|array $sizes
  149. *
  150. * @return bool
  151. */
  152. public function onGetAllowedThumbnailSizes(?array &$sizes): bool
  153. {
  154. $sizes[] = ['width' => Common::config('thumbnail', 'width'), 'height' => Common::config('thumbnail', 'height')];
  155. return Event::next;
  156. }
  157. }