📄 attachmentwebhandler.java
字号:
/*
* $Header: /cvsroot/mvnforum/mvnforum/src/com/mvnforum/user/AttachmentWebHandler.java,v 1.13 2004/06/01 13:00:02 skoehler Exp $
* $Author: skoehler $
* $Revision: 1.13 $
* $Date: 2004/06/01 13:00:02 $
*
* ====================================================================
*
* Copyright (C) 2002-2004 by MyVietnam.net
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or any later version.
*
* All copyright notices regarding mvnForum MUST remain intact
* in the scripts and in the outputted HTML.
* The "powered by" text/logo with a link back to
* http://www.mvnForum.com and http://www.MyVietnam.net in the
* footer of the pages MUST remain visible when the pages
* are viewed on the internet or intranet.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Support can be obtained from support forums at:
* http://www.mvnForum.com/mvnforum/index
*
* Correspondence and Marketing Questions can be sent to:
* info@MyVietnam.net
*
* @author: Minh Nguyen minhnn@MyVietnam.net
* @author: Mai Nguyen mai.nh@MyVietnam.net
*/
package com.mvnforum.user;
import java.io.*;
import java.sql.Timestamp;
import java.util.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.mvnforum.MVNForumConfig;
import com.mvnforum.MyUtil;
import com.mvnforum.auth.*;
import com.mvnforum.common.AttachmentUtil;
import com.mvnforum.db.*;
import net.myvietnam.mvncore.exception.*;
import net.myvietnam.mvncore.fileupload.*;
import net.myvietnam.mvncore.filter.DisableHtmlTagFilter;
import net.myvietnam.mvncore.interceptor.InterceptorService;
import net.myvietnam.mvncore.util.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
class AttachmentWebHandler {
private static Log log = LogFactory.getLog(AttachmentWebHandler.class);
private OnlineUserManager userManager = OnlineUserManager.getInstance();
AttachmentWebHandler() {
}
public void prepareAdd(HttpServletRequest request)
throws BadInputException, DatabaseException, ObjectNotFoundException,
AuthenticationException, AssertionException {
if (MVNForumConfig.getEnableAttachment() == false) {
throw new AssertionException("Cannot add Attachment because Attachment feature is disabled by administrator.");
}
OnlineUser onlineUser = userManager.getOnlineUser(request);
MVNForumPermission permission = onlineUser.getPermission();
/* was: permission.ensureIsAuthenticated();
* That didn't allow guests to add attachments even if admin tried to
* explicitly allow them to. So, we only need ensureCanAddAttachment(forumID),
* and the admin will be responsible if he gets flooded (as he has to
* explicitly allow them that anyway).
* Same goes for processAdd() method below.
*/
// primary key column(s)
int postID = ParamUtil.getParameterInt(request, "post");
PostBean postBean = DAOFactory.getPostDAO().getPost(postID);
int forumID = postBean.getForumID();
permission.ensureCanAddAttachment(forumID);
ForumCache.getInstance().getBean(forumID).ensureNotDisabledForum();
int logonMemberID = onlineUser.getMemberID();
int authorID = postBean.getMemberID();
// check constraint
if (permission.canEditPost(forumID)) {//@todo is this the correct permission checking ??? Igor: yes it is
// have permission, just do nothing, that is dont check the max day contraint
} else if ( (logonMemberID==authorID) && onlineUser.isMember() ) {
// same author, but not guest
Timestamp now = DateUtil.getCurrentGMTTimestamp();
// check date here, usually must not older than 1 days
Timestamp postDate = postBean.getPostCreationDate();
int maxDays = MVNForumConfig.getMaxAttachDays();
if ( (now.getTime() - postDate.getTime()) > (DateUtil.DAY * maxDays) ) {
/** @todo choose a better Exception here */
throw new BadInputException("You cannot attach a file to a post which is older than " + maxDays + " days.");
}
/** @todo check status of this post */
/*
if (postBean.getPostStatus() == ?) {
throw new BadInputException("Cannot attach a file to disabled post.");
}*/
} else {//not an author, so this user must have Edit Permission
//@todo is this the correct permission checking ??? Igor: yes it is
permission.ensureCanEditPost(forumID);// this method ALWAYS throws AuthenticationException
}
request.setAttribute("PostBean", postBean);
}
void processAdd(HttpServletRequest request)
throws BadInputException, CreateException, DatabaseException, IOException, ForeignKeyNotFoundException,
AuthenticationException, AssertionException, ObjectNotFoundException, InterceptorException {
if (MVNForumConfig.getEnableAttachment() == false) {
throw new AssertionException("Cannot add Attachment because Attachment feature is disabled by administrator.");
}
OnlineUser onlineUser = userManager.getOnlineUser(request);
MVNForumPermission permission = onlineUser.getPermission();
/* was: permission.ensureIsAuthenticated();
* See prepareAdd() method above.
*/
String tempDir = MVNForumConfig.getTempDir();
log.debug("AttachmentWebHandler : process upload with temp dir = " + tempDir);
FileUpload fileUpload = new FileUpload();
fileUpload.setSizeMax(MVNForumConfig.getMaxAttachmentSize());
fileUpload.setSizeThreshold(100000);// max memory used = 100K
fileUpload.setRepositoryPath(tempDir);
List fileItems;
try {
fileItems = fileUpload.parseRequest(request);
} catch (FileUploadException ex) {
log.error("Cannot upload", ex);
throw new IOException("Cannot upload. Detailed reason: " + ex.getMessage());
}
// values that must get from the form
int offset = 0;
int postID = 0;
String attachFilename = null;
int attachFileSize = 0;
String attachMimeType = null;
String attachDesc = null;
FileItem attachFileItem = null;
boolean attachMore = false;
for (int i = 0; i < fileItems.size(); i++ ) {
FileItem currentFileItem = (FileItem)fileItems.get(i);
// System.out.println(
// "ContentType = " + currentFileItem.getContentType() +
// " Fieldname = " + currentFileItem.getFieldName() +
// " Name = " + currentFileItem.getName() +
// " Size = " + currentFileItem.getSize()
// //" String = " + currentFileItem.getString()
// );
String fieldName = currentFileItem.getFieldName();
boolean isFormField = currentFileItem.isFormField();
if (fieldName.equals("offset")) {
String content = currentFileItem.getString("utf-8");
offset = Integer.parseInt(content);
log.debug("offset = " + offset);
} else if (fieldName.equals("AttachMore")) {
String content = currentFileItem.getString("utf-8");
attachMore = (content.length() > 0);
log.debug("attachMore = " + attachMore);
} else if (fieldName.equals("PostID")) {
String content = currentFileItem.getString("utf-8");
postID = Integer.parseInt(content);
log.debug("postID = " + postID);
} else if (fieldName.equals("AttachDesc")) {
String content = currentFileItem.getString("utf-8");
attachDesc = DisableHtmlTagFilter.filter(content);
log.debug("attachDesc = " + attachDesc);
InterceptorService.getInstance().validateContent(attachDesc);
} else if (fieldName.equals("vnselector")) {
//ignore
} else if (fieldName.equals("AttachFilename")) {
if (currentFileItem.isFormField() == true) {
throw new AssertionException("Cannot process uploaded attach file with a form field.");
}
attachMimeType = currentFileItem.getContentType();
attachMimeType = DisableHtmlTagFilter.filter(attachMimeType);
attachFileSize = (int)currentFileItem.getSize();
if (attachFileSize == 0) {
throw new BadInputException("Cannot process an attach file with size = 0. Please check the file size or check if your file is missing.");
}
String fullFilePath = currentFileItem.getName();
attachFilename = FileUtil.getFileName(fullFilePath);
attachFilename = DisableHtmlTagFilter.filter(attachFilename);
log.debug("attachFilename = " + attachFilename);
// now save to attachFileItem
attachFileItem = currentFileItem;
} else {
throw new AssertionException("Cannot process field name = " + fieldName);
}
}
Timestamp now = DateUtil.getCurrentGMTTimestamp();
// check constraint
PostBean postBean = DAOFactory.getPostDAO().getPost(postID);
int forumID = postBean.getForumID();
permission.ensureCanAddAttachment(forumID);
ForumCache.getInstance().getBean(forumID).ensureNotDisabledForum();
int logonMemberID = onlineUser.getMemberID();
//String logonMemberName = onlineUser.getMemberName();
int authorID = postBean.getMemberID();
// check constraint
if (permission.canEditPost(forumID)) { //@todo is this the correct permission checking ??? Igor: yes it is
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -