-
Notifications
You must be signed in to change notification settings - Fork 448
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3 from pkp/master
Merge from original repository
- Loading branch information
Showing
2,701 changed files
with
222,986 additions
and
144,403 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| --- | ||
| name: Bug report | ||
| about: Report a broken feature in OJS or OMP | ||
| title: '' | ||
| labels: '' | ||
| assignees: '' | ||
|
|
||
| --- | ||
|
|
||
| **Describe the bug** | ||
| Please tell us what happens, what you expected to happen, and why you think it is a bug in the software. | ||
|
|
||
| **To Reproduce** | ||
| Steps to reproduce the behavior: | ||
| 1. Go to '...' | ||
| 2. Click on '....' | ||
| 3. Scroll down to '....' | ||
| 4. See error | ||
|
|
||
| **What application are you using?** | ||
| OJS or OMP version X.X.X | ||
|
|
||
| **Additional information** | ||
| Please add any screenshots, logs or other information we can use to investigate this bug report. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| --- | ||
| name: Feature request | ||
| about: Suggest a new feature for OJS or OMP | ||
| title: '' | ||
| labels: '' | ||
| assignees: '' | ||
|
|
||
| --- | ||
|
|
||
| **Describe the problem you would like to solve** | ||
| Example: Our editors need a way to [...] | ||
|
|
||
| **Describe the solution you'd like** | ||
| Tell us how you would like this solution to be solved. | ||
|
|
||
| **Who is asking for this feature?** | ||
| Tell us what kind of users are requesting this feature. Example: Journal Editors, Journal Administrators, Technical Support, Authors, Reviewers, etc. | ||
|
|
||
| **Additional information** | ||
| Add any other information or screenshots about the feature request here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| [submodule "lib/counterBots"] | ||
| path = lib/counterBots | ||
| url = https://github.com/atmire/COUNTER-Robots.git |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
200 changes: 200 additions & 0 deletions
200
api/v1/_uploadPublicFile/PKPUploadPublicFileHandler.inc.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,200 @@ | ||
| <?php | ||
| /** | ||
| * @file api/v1/contexts/PKPUploadPublicFileHandler.inc.php | ||
| * | ||
| * Copyright (c) 2014-2019 Simon Fraser University | ||
| * Copyright (c) 2000-2019 John Willinsky | ||
| * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING. | ||
| * | ||
| * @class PKPUploadPublicFileHandler | ||
| * @ingroup api_v1_uploadPublicFile | ||
| * | ||
| * @brief Handle API requests to upload a file to a user's public directory. | ||
| */ | ||
| import('lib.pkp.classes.handler.APIHandler'); | ||
|
|
||
| class PKPUploadPublicFileHandler extends APIHandler { | ||
| /** | ||
| * @copydoc APIHandler::__construct() | ||
| */ | ||
| public function __construct() { | ||
| $this->_handlerPath = '_uploadPublicFile'; | ||
| $roles = [ROLE_ID_SITE_ADMIN, ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_REVIEWER, ROLE_ID_AUTHOR, ROLE_ID_ASSISTANT, ROLE_ID_READER]; | ||
| $this->_endpoints = array( | ||
| 'OPTIONS' => array( | ||
| array( | ||
| 'pattern' => $this->getEndpointPattern(), | ||
| 'handler' => array($this, 'getOptions'), | ||
| 'roles' => $roles, | ||
| ), | ||
| ), | ||
| 'POST' => array( | ||
| array( | ||
| 'pattern' => $this->getEndpointPattern(), | ||
| 'handler' => array($this, 'uploadFile'), | ||
| 'roles' => $roles, | ||
| ), | ||
| ), | ||
| ); | ||
|
|
||
| parent::__construct(); | ||
| } | ||
|
|
||
| /** | ||
| * @copydoc PKPHandler::authorize | ||
| */ | ||
| public function authorize($request, &$args, $roleAssignments) { | ||
| import('lib.pkp.classes.security.authorization.PolicySet'); | ||
| $rolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES); | ||
|
|
||
| import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy'); | ||
| foreach($roleAssignments as $role => $operations) { | ||
| $rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations)); | ||
| } | ||
| $this->addPolicy($rolePolicy); | ||
|
|
||
| return parent::authorize($request, $args, $roleAssignments); | ||
| } | ||
|
|
||
| /** | ||
| * A helper method which adds the necessary response headers to allow | ||
| * file uploads | ||
| * | ||
| * @param $response Response object | ||
| * @return Response | ||
| */ | ||
| private function getResponse($response) { | ||
| return $response->withHeader('Access-Control-Allow-Headers', 'Content-Type, X-Requested-With, X-PINGOTHER, X-File-Name, Cache-Control'); | ||
| } | ||
|
|
||
| /** | ||
| * Upload a requested file | ||
| * | ||
| * @param $slimRequest Request Slim request object | ||
| * @param $response Response object | ||
| * @param $args array arguments | ||
| * @return Response | ||
| */ | ||
| public function uploadFile($slimRequest, $response, $args) { | ||
| $request = $this->getRequest(); | ||
|
|
||
| if (empty($_FILES) || empty($_FILES['file'])) { | ||
| return $response->withStatus(400)->withJsonError('api.temporaryFiles.400.noUpload'); | ||
| } | ||
|
|
||
| $siteDir = Core::getBaseDir() . '/' . Config::getVar('files', 'public_files_dir') . '/site'; | ||
|
|
||
| if (!file_exists($siteDir) || !is_writeable($siteDir)) { | ||
| return $response->withStatus(500)->withJsonError('api.publicFiles.500.badFilesDir'); | ||
| } | ||
| $userDir = $siteDir . '/images/' . $request->getUser()->getUsername(); | ||
| $isUserAllowed = true; | ||
| $allowedDirSize = Config::getVar('files', 'public_user_dir_size', 5000) * 1024; | ||
| $allowedFileTypes = ['gif', 'jpg', 'png']; | ||
|
|
||
| HookRegistry::call('API::uploadPublicFile::permissions', [ | ||
| &$userDir, | ||
| &$isUserAllowed, | ||
| &$allowedDirSize, | ||
| &$allowedFileTypes, | ||
| $request, | ||
| $this->getAuthorizedContextObject(ASSOC_TYPE_USER_ROLES), | ||
| ]); | ||
|
|
||
| // Allow plugins to control who can upload files | ||
| if (!$isUserAllowed) { | ||
| return $response->withStatus(403)->withJsonError('api.publicFiles.403.unauthorized'); | ||
| } | ||
|
|
||
| // Don't allow user to exceed the alotted space in their public directory | ||
| $currentSize = 0; | ||
| if ($allowedDirSize > 0 && file_exists($userDir)) { | ||
| foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($userDir, FilesystemIterator::SKIP_DOTS)) as $object) { | ||
| $currentSize += $object->getSize(); | ||
| } | ||
| } | ||
| if (($currentSize + $_FILES['file']['size']) > $allowedDirSize) { | ||
| return $response->withStatus(413)->withJsonError('api.publicFiles.413.noDirSpace', [ | ||
| 'fileUploadSize' => ceil($_FILES['file']['size']/1024), | ||
| 'dirSizeLeft' => ceil(($allowedDirSize - $currentSize)/1024), | ||
| ]); | ||
| } | ||
|
|
||
| import('lib.pkp.classes.file.FileManager'); | ||
| $fileManager = new FileManager(); | ||
| $filename = $fileManager->getUploadedFileName('file'); | ||
| $filename = trim( | ||
| preg_replace( | ||
| "/[^a-z0-9\.\-]+/", | ||
| "", | ||
| str_replace( | ||
| [' ', '_', ':'], | ||
| '-', | ||
| strtolower($filename) | ||
| ) | ||
| ) | ||
| ); | ||
| $extension = end(explode('.', strtolower(trim($filename)))); | ||
|
|
||
| // Only allow permitted file types | ||
| if (!in_array($extension, $allowedFileTypes)) { | ||
| return $response->withStatus(400)->withJsonError('api.publicFiles.400.extensionNotSupported', [ | ||
| 'fileTypes' => join(__('common.commaListSeparator'), $allowedFileTypes) | ||
| ]); | ||
| } | ||
|
|
||
| // Perform additional checks on images | ||
| if (in_array($extension, ['gif', 'jpg', 'jpeg', 'png', 'jpe'])) { | ||
| if (getimagesize($_FILES['file']['tmp_name']) === false) { | ||
| return $response->withStatus(400)->withJsonError('api.publicFiles.400.invalidImage'); | ||
| } | ||
| $extensionFromMimeType = $fileManager->getImageExtension(PKPString::mime_content_type($_FILES['file']['tmp_name'])); | ||
| if ($extensionFromMimeType !== '.' . $extension) { | ||
| return $response->withStatus(400)->withJsonError('api.publicFiles.400.mimeTypeNotMatched'); | ||
| } | ||
| } | ||
|
|
||
| // Save the file | ||
| $destinationPath = $siteDir . '/images/' . $request->getUser()->getUsername() . '/' . $filename; | ||
| $success = $fileManager->uploadFile('file', $destinationPath); | ||
|
|
||
| if ($success === false) { | ||
| if ($fileManager->uploadError($filename)) { | ||
| switch ($fileManager->getUploadErrorCode($filename)) { | ||
| case UPLOAD_ERR_INI_SIZE: | ||
| case UPLOAD_ERR_FORM_SIZE: | ||
| return $response->withStatus(400)->withJsonError('api.temporaryFiles.400.fileSize', ['maxSize' => Application::getReadableMaxFileSize()]); | ||
| case UPLOAD_ERR_PARTIAL: | ||
| return $response->withStatus(400)->withJsonError('api.temporaryFiles.409.uploadFailed'); | ||
| case UPLOAD_ERR_NO_FILE: | ||
| return $response->withStatus(400)->withJsonError('api.temporaryFiles.400.noUpload'); | ||
| case UPLOAD_ERR_NO_TMP_DIR: | ||
| case UPLOAD_ERR_CANT_WRITE: | ||
| case UPLOAD_ERR_EXTENSION: | ||
| return $response->withStatus(400)->withJsonError('api.temporaryFiles.400.config'); | ||
| } | ||
| } | ||
| return $response->withStatus(400)->withJsonError('api.temporaryFiles.409.uploadFailed'); | ||
| } | ||
|
|
||
| return $this->getResponse($response->withJson([ | ||
| 'url' => $request->getBaseUrl() . '/' . | ||
| Config::getVar('files', 'public_files_dir') . '/site/images/' . | ||
| $request->getUser()->getUsername() . '/' . | ||
| $filename, | ||
| ])); | ||
| } | ||
|
|
||
| /** | ||
| * Respond affirmatively to a HTTP OPTIONS request with headers which allow | ||
| * file uploads | ||
| * | ||
| * @param $slimRequest Request Slim request object | ||
| * @param $response Response object | ||
| * @param $args array arguments | ||
| * @return Response | ||
| */ | ||
| public function getOptions($slimRequest, $response, $args) { | ||
| return $this->getResponse($response); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.