summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xdocs/CHANGELOG2
-rw-r--r--lib/class/error.class.php2
-rw-r--r--lib/preferences.php9
-rw-r--r--lib/upload.php19
-rw-r--r--templates/show_play_selected.inc.php2
-rw-r--r--templates/show_preferences.inc2
-rw-r--r--templates/show_upload.inc10
-rw-r--r--templates/style.inc3
-rw-r--r--upload.php57
9 files changed, 59 insertions, 47 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 191955c5..badac60a 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,8 @@
--------------------------------------------------------------------------
v.3.3.2-Beta2
+ - Improved Upload Error Messages and blanked up upload and
+ quarantine directories for non-admin users
- Added horrible hack to make Artist sorting work in the Album
browse page, this is temp until Ampache 3.4
- Fixed a problem with the playlist update confirmation page
diff --git a/lib/class/error.class.php b/lib/class/error.class.php
index b3e74ba5..013a2e08 100644
--- a/lib/class/error.class.php
+++ b/lib/class/error.class.php
@@ -51,7 +51,7 @@ class Error {
$array = array($name=>$description);
- error_results($array);
+ error_results($array,1);
$this->error_state = 1;
return true;
diff --git a/lib/preferences.php b/lib/preferences.php
index 1bb9e80f..970a099f 100644
--- a/lib/preferences.php
+++ b/lib/preferences.php
@@ -225,6 +225,10 @@ function create_preference_input($name,$value) {
elseif ($value == '0') {
echo "Disabled";
}
+ elseif ($name == 'upload_dir' || $name == 'quarantine_dir') {
+ /* Show Nothing */
+ echo " ";
+ }
else {
echo $value;
}
@@ -317,6 +321,11 @@ function create_preference_input($name,$value) {
} // foreach themes
echo "</select>\n";
break;
+ case 'quarantine_dir':
+ case 'upload_dir':
+ if (!$GLOBALS['user']->has_access(100)) {
+ break;
+ }
default:
echo "<input type=\"text\" size=\"$len\" name=\"$name\" value=\"$value\" />";
break;
diff --git a/lib/upload.php b/lib/upload.php
index a24c55c5..43cfc7bd 100644
--- a/lib/upload.php
+++ b/lib/upload.php
@@ -38,9 +38,7 @@ function check_upload_extension($name='file') {
return true;
}
- if (conf('debug')) {
- log_event($_SESSION['userdata']['username'],' upload ',"Error: Invalid Extension $extension");
- }
+ debug_event('upload',"Error: Invalid Extension $extension",'2');
return false;
@@ -51,16 +49,21 @@ function check_upload_extension($name='file') {
@discussion checks the filesize of the upload
*/
function check_upload_size($name='file') {
-
+ static $total_size;
$size = $_FILES[$name]['size'];
-
+
+ $total_size = $total_size + $size;
+
if ($size > conf('max_upload_size')) {
- if (conf('debug')) {
- log_event($_SESSION['userdata']['username'],' upload ',"Error: Upload to large, $size");
- }
+ debug_event('upload',"Error: Upload to large, $size",'2');
return false;
}
+
+ if ($total_size > conf('max_upload_size')) {
+ debug_event('upload',"Error: Total Upload to large, $total_size",'2');
+ return false;
+ }
return true;
diff --git a/templates/show_play_selected.inc.php b/templates/show_play_selected.inc.php
index 53cc42d4..9b44e8a0 100644
--- a/templates/show_play_selected.inc.php
+++ b/templates/show_play_selected.inc.php
@@ -19,6 +19,8 @@
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
+$web_path = conf('web_path');
+
?>
<table border="0" cellpadding="14" cellspacing="0" class="text-box">
<tr align="left">
diff --git a/templates/show_preferences.inc b/templates/show_preferences.inc
index e0c82225..9a96248a 100644
--- a/templates/show_preferences.inc
+++ b/templates/show_preferences.inc
@@ -79,7 +79,7 @@ if (($GLOBALS['user']->has_access(100)) AND ($user_id == '-1' AND conf('use_auth
<?php } ?>
</ul>
</div>
-<div class="text-box">
+<div class="text-box" style="width:35em;">
<form method="post" name="preferences" action="<?php echo conf('web_path'); ?><?php echo $target; ?>" enctype="multipart/form-data">
<?php
if ($current_tab != 'account') {
diff --git a/templates/show_upload.inc b/templates/show_upload.inc
index 029e6c5c..e2ccb542 100644
--- a/templates/show_upload.inc
+++ b/templates/show_upload.inc
@@ -24,12 +24,12 @@
?>
<form action="<?php echo conf('web_path'); ?>/upload.php?" method="post" name="upload_form" enctype="multipart/form-data" id="upload_form">
-<table class="text-box" cellspacing="0" cellpadding="0" border="0">
+<table class="text-box">
<tr>
<td>
- <h3><?php echo _("Uploading Music to Ampache"); ?><br /></h3>
+ <h3><?php echo _('Uploading Music to Ampache'); ?><br /></h3>
<p>
- <b><?php echo _("The following Audio file formats are supported"); ?></b>
+ <b><?php echo _('The following Audio file formats are supported'); ?></b>
</p>
<ul>
<li>OGG</li>
@@ -69,8 +69,8 @@
<tr>
<td>
<input type="hidden" name="action" value="upload" />
- <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo _("max_upload_size"); ?>" />
- <input class='button' type="submit" value="<?php echo _("Upload"); ?>" />
+ <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo _('max_upload_size'); ?>" />
+ <input class='button' type="submit" value="<?php echo _('Upload'); ?>" />
</td>
</tr>
</table>
diff --git a/templates/style.inc b/templates/style.inc
index a12bc5ad..a94c43a1 100644
--- a/templates/style.inc
+++ b/templates/style.inc
@@ -183,6 +183,9 @@
.fatalerror
{
padding-top: 3px;
+ padding-left: 3px;
+ padding-right: 3px;
+ display: table-cell;
padding-bottom: 3px;
color: <?php echo conf('error_color'); ?>;
border-right:4px solid <?php echo conf('error_color'); ?>;
diff --git a/upload.php b/upload.php
index 90e4b65a..816b5b21 100644
--- a/upload.php
+++ b/upload.php
@@ -36,11 +36,12 @@
*/
require_once( "modules/init.php" );
+
// Set page header
show_template('header');
// Access Control
-if(!$user->prefs['upload'] || conf('demo_mode')) {
+if(!$GLOBALS['user']->prefs['upload'] || conf('demo_mode')) {
access_denied();
}
@@ -48,20 +49,17 @@ $action = scrub_in( $_REQUEST['action'] );
switch( $action ) {
case 'upload':
-
/* Break if they don't have rights */
- if (!$user->prefs['upload'] OR !$user->has_access(25)) {
+ if (!$GLOBALS['user']->prefs['upload'] OR !$GLOBALS['user']->has_access(25)) {
break;
}
/* IF we need to quarantine this */
- if ($user->prefs['quarantine']) {
+ if ($GLOBALS['user']->prefs['quarantine']) {
/* Make sure the quarantine dir is writeable */
if (!check_upload_directory(conf('quarantine_dir'))) {
$GLOBALS['error']->add_error('general',"Error: Quarantine Directory isn't writeable");
- if (conf('debug')) {
- log_event($user->username,' upload ',"Error: Quarantine Directory isn't writeable");
- }
+ debug_event('upload',"Error: Quarantine Directory isn't writeable",'2');
} // if unwriteable
$catalog_id = find_upload_catalog(conf('quarantine_dir'));
@@ -69,9 +67,7 @@ switch( $action ) {
/* Make sure that it's not in a catalog dir */
if ($catalog_id) {
$GLOBALS['error']->add_error('general',"Error: Quarantine Directory inside a catalog");
- if (conf('debug')) {
- log_event($user->username,' upload ',"Error: Quarantine Directory inside a catalog");
- }
+ debug_event('upload',"Error: Quarantine Directory inside a catalog",'2');
} // if in catalog dir
foreach ($_FILES as $key => $file) {
@@ -99,7 +95,7 @@ switch( $action ) {
show_upload();
}
else {
- show_confirmation("Upload Quarantined", "Your Upload(s) have been quarantined and will be reviewed for addition","upload.php");
+ show_confirmation(_('Upload Quarantined'), _('Your Upload(s) have been quarantined and will be reviewed for addition'),'upload.php');
}
} // if quarantine
@@ -107,29 +103,24 @@ switch( $action ) {
/* Else direct upload time baby! */
else {
/* Make sure the quarantine dir is writeable */
- if (!check_upload_directory($user->prefs['upload_dir'])) {
+ if (!check_upload_directory($GLOBALS['user']->prefs['upload_dir'])) {
$GLOBALS['error']->add_error('general',"Error: Upload Directory isn't writeable");
- if (conf('debug')) {
- log_event($user->username,' upload ',"Error: Upload Directory isn't writeable");
- }
+ debug_event('upload',"Error: Upload Directory isn't writeable",'2');
} // if unwriteable
$catalog_id = find_upload_catalog($user->prefs['upload_dir']);
$catalog = new Catalog($catalog_id);
-
/* Make sure that it's not in a catalog dir */
if (!$catalog_id) {
$GLOBALS['error']->add_error('general',"Error: Upload Directory not inside a catalog");
- if (conf('debug')) {
- log_event($user->username,' upload ',"Error: Upload Directory not inside a catalog");
- }
+ debug_event('upload',"Error: Upload Directory not inside a catalog",'2');
} // if in catalog dir
-
+ /* Foreach through the post files */
foreach ($_FILES as $key => $file) {
- if (strlen($_FILES[$key]['name'])) {
+ if (strlen($_FILES[$key]['name']) && strlen($_FILES[$key]['tmp_name'])) {
/* Check size and extension */
if (!check_upload_extension($key)) {
$GLOBALS['error']->add_error($key,"Error: Invalid Extension");
@@ -140,31 +131,34 @@ switch( $action ) {
if (!$GLOBALS['error']->error_state) {
$new_filename = upload_file($key,$user->prefs['upload_dir']);
-
+
/* We aren't doing the quarantine thing, so just insert it */
if ($new_filename) { $catalog->insert_local_song($new_filename,filesize($new_filename)); }
} // if we havn't had an error
} // if there is a file to check
+ elseif (strlen($_FILES[$key]['name'])) {
+ $GLOBALS['error']->add_error($key,'Error: Total Filesize to large, file not uploaded');
+ }
+
} // end foreach files
if ($GLOBALS['error']->error_state) {
show_upload();
}
else {
- show_confirmation("Files Uploaded", "Your Upload(s) have been inserted into Ampache and are now live","upload.php");
+ show_confirmation(_('Files Uploaded'), _('Your Upload(s) have been inserted into Ampache and are now live'),"upload.php");
}
} // man this is a bad idea, the catch all should be the conservative option... oooh well
-
break;
case 'add':
/* Make sure they have access */
- if($user->has_access(100)) {
+ if($GLOBALS['user']->has_access(100)) {
$id = scrub_in($_REQUEST['id']);
update_quarantine_record($id,'add');
- show_confirmation("Upload Added","The Upload has been scheduled for a catalog add, please run command line script to add file","upload.php");
+ show_confirmation(_('Upload Added'),_('The Upload has been scheduled for a catalog add, please run command line script to add file'),"upload.php");
}
else {
access_denied();
@@ -172,11 +166,10 @@ switch( $action ) {
break;
case 'delete':
/* Make sure they got them rights */
- if($user->has_access(100)) {
+ if($GLOBALS['user']->has_access(100)) {
$id = scrub_in($_REQUEST['id']);
update_quarantine_record($id,'delete');
- show_confirmation("Upload Deleted","The Upload has been scheduled for deletion, please run command line script to permently delete this file","upload.php");
-
+ show_confirmation(_('Upload Deleted'),_('The Upload has been scheduled for deletion, please run command line script to permently delete this file'),"upload.php");
}
else {
access_denied();
@@ -184,8 +177,8 @@ switch( $action ) {
break;
case 'ack':
// everything is ready to bulk ack once we pass multiple ids and put them in $id[]
- if( $user->has_access( 100 ) ) {
- $id[] = scrub_in( $_REQUEST['id'] );
+ if($GLOBALS['user']->has_access(100)) {
+ $id[] = scrub_in($_REQUEST['id']);
$status = upload_ack( $id );
} else {
access_denied();
@@ -193,7 +186,7 @@ switch( $action ) {
break;
case 'purge':
- if( $user->has_access( 100 ) ) {
+ if($GLOBALS['user']->has_access(100)) {
$status = upload_purge();
} else {
access_denied();
generated by cgit (git 2.34.1) at 2025-08-13 13:31:47 +0000