From af18ee56fecdfbb97b47f0c288116870daea4203 Mon Sep 17 00:00:00 2001 From: ridz1208 Date: Fri, 29 Nov 2019 18:42:32 -0500 Subject: [PATCH 01/11] SQL --- SQL/0000-00-03-ConfigTables.sql | 4 ++++ .../2019-11-29-Add_upload_directory_configuration.sql | 9 +++++++++ 2 files changed, 13 insertions(+) create mode 100644 SQL/New_patches/2019-11-29-Add_upload_directory_configuration.sql diff --git a/SQL/0000-00-03-ConfigTables.sql b/SQL/0000-00-03-ConfigTables.sql index 8f341181b3e..718cb2dae18 100644 --- a/SQL/0000-00-03-ConfigTables.sql +++ b/SQL/0000-00-03-ConfigTables.sql @@ -75,6 +75,8 @@ INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'publication_uploads', 'Path to uploaded publications', 1, 0, 'web_path', ID, 'Publications', 10 FROM ConfigSettings WHERE Name="paths"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'publication_deletions', 'Path to deleted publications', 1, 0, 'web_path', ID, 'Deleted Publications', 11 FROM ConfigSettings WHERE Name="paths"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'MINCToolsPath', 'Path to the MINC tools', 1, 0, 'web_path', ID, 'Path to the MINC tools', 12 FROM ConfigSettings WHERE Name="paths"; +INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'documentRepositoryPath', 'Path to uploaded document repository files', 1, 0, 'text', ID, 'Document Repository Upload Path', 13 FROM ConfigSettings WHERE Name="paths"; +INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'dataReleasePath', 'Path to uploaded data release files', 1, 0, 'text', ID, 'Data release Upload Path', 14 FROM ConfigSettings WHERE Name="paths"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, Label, OrderNumber) VALUES ('gui', 'Settings related to the overall display of LORIS', 1, 0, 'GUI', 3); @@ -190,6 +192,8 @@ INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/uploads/" FROM ConfigSett INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/publication_uploads/" FROM ConfigSettings WHERE Name="publication_uploads"; INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/publication_uploads/to_be_deleted/" FROM ConfigSettings WHERE Name="publication_deletions"; INSERT INTO Config (ConfigID, Value) SELECT ID, "%MINCToolsPath%" FROM ConfigSettings WHERE Name="MINCToolsPath"; +INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/document_repository_uploads/" FROM ConfigSettings WHERE Name="documentRepositoryPath"; +INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/data_release_uploads/" FROM ConfigSettings WHERE Name="dataReleasePath"; INSERT INTO Config (ConfigID, Value) SELECT ID, "main.css" FROM ConfigSettings WHERE Name="css"; diff --git a/SQL/New_patches/2019-11-29-Add_upload_directory_configuration.sql b/SQL/New_patches/2019-11-29-Add_upload_directory_configuration.sql new file mode 100644 index 00000000000..f056928a409 --- /dev/null +++ b/SQL/New_patches/2019-11-29-Add_upload_directory_configuration.sql @@ -0,0 +1,9 @@ +INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'documentRepositoryPath', 'Path to uploaded document repository files', 1, 0, 'text', cs1.ID, 'Document Repository Upload Path', MAX(cs2.OrderNumber)+1 FROM ConfigSettings cs1 JOIN ConfigSettings cs2 WHERE cs1.Name="paths" AND cs2.parent=cs1.ID; +INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'dataReleasePath', 'Path to uploaded data release files', 1, 0, 'text', cs1.ID, 'Data Release Upload Path', MAX(cs2.OrderNumber)+1 FROM ConfigSettings cs1 JOIN ConfigSettings cs2 WHERE cs1.Name="paths" AND cs2.parent=cs1.ID; + +-- For backwards compatibility, check the previous base and default to same folder as previous setting +SELECT Value INTO @base FROM Config c JOIN ConfigSettings cs ON cs.ID=c.ConfigID WHERE cs.Name="base"; + +INSERT INTO Config (ConfigID, Value) SELECT ID, CONCAT(@base,"modules/document_repository/user_uploads/") FROM ConfigSettings WHERE Name="documentRepositoryPath"; +INSERT INTO Config (ConfigID, Value) SELECT ID, CONCAT(@base,"modules/data_release/user_uploads/") FROM ConfigSettings WHERE Name="dataReleasePath"; + From cf9d628975222d29f81cacc3d2f288f705921d0b Mon Sep 17 00:00:00 2001 From: ridz1208 Date: Fri, 29 Nov 2019 18:42:50 -0500 Subject: [PATCH 02/11] code --- modules/data_release/README.md | 9 +-------- modules/data_release/ajax/FileUpload.php | 17 +++++++++-------- modules/data_release/ajax/GetFile.php | 8 +++++--- modules/document_repository/php/files.class.inc | 11 ++++++++--- 4 files changed, 23 insertions(+), 22 deletions(-) diff --git a/modules/data_release/README.md b/modules/data_release/README.md index b5927a21a02..9678ea2e209 100644 --- a/modules/data_release/README.md +++ b/modules/data_release/README.md @@ -44,15 +44,8 @@ Note: At the moment, the only way to remove a user's permission to a specific ## Configurations -- Data release uploads are stored under the - `modules/data_release/user_uploads directory`, which can easily be symlinked - to another location if necessary. Note that this directory needs to be - writable by your web server. +- `dataReleasePath` designates the target location for release file uploads. ## Other notes: -- Uploads are stored under the `modules/data_release/user_uploads` directory which -can easily be symlinked to another location if necessary, ensure that it can be written -to by your web server. -- Remove permissions by deleting rows in the data_release_permissions table. - Upload date will automatically be added during file upload. diff --git a/modules/data_release/ajax/FileUpload.php b/modules/data_release/ajax/FileUpload.php index 908718401ec..1e7a45af4ca 100644 --- a/modules/data_release/ajax/FileUpload.php +++ b/modules/data_release/ajax/FileUpload.php @@ -12,8 +12,9 @@ * @link https://github.com/aces/Loris */ -$DB = \Database::singleton(); -$user = \User::singleton(); +$DB = \Database::singleton(); +$user = \User::singleton(); +$config =\ NDB_Factory::singleton()->config(); if ($_POST['action'] == 'upload' && $user->hasPermission("data_release_upload") @@ -21,27 +22,27 @@ $fileName = $_FILES["file"]["name"]; $version = $_POST['version']; $upload_date = date('Y-m-d'); - $base_path = __DIR__ . "/../user_uploads/"; $factory = NDB_Factory::singleton(); $settings = $factory->settings(); $baseURL = $settings->getBaseURL(); + $path = $config->getSetting('dataReleasePath'); - if (!file_exists(__DIR__ . "/../user_uploads/")) { + if (!file_exists($path)) { error_log( - "ERROR: File upload failed. Default user_uploads" + "ERROR: File upload failed. Default upload" . " directory not found." ); header("HTTP/1.1 500 Internal Server Error"); - } elseif (!is_writable(__DIR__ . "/../user_uploads/")) { + } elseif (!is_writable($path)) { error_log( - "File upload failed. Default user_uploads directory" + "File upload failed. Default upload directory" . " does not appear to be writeable." ); header("HTTP/1.1 500 Internal Server Error"); } else { - $target_path = $base_path . $fileName; + $target_path = $path . $fileName; if (move_uploaded_file($_FILES["file"]["tmp_name"], $target_path)) { $DB->insert( 'data_release', diff --git a/modules/data_release/ajax/GetFile.php b/modules/data_release/ajax/GetFile.php index cc29403c89b..e6885fad342 100644 --- a/modules/data_release/ajax/GetFile.php +++ b/modules/data_release/ajax/GetFile.php @@ -12,7 +12,9 @@ * @link https://github.com/aces/Loris */ -$user =& User::singleton(); +$user =& User::singleton(); +$config = \NDB_Factory::singleton()->config(); +$path = $config->getSetting('dataReleasePath'); $File = $_GET['File']; // Make sure that the user isn't trying to break out of the $path by @@ -23,13 +25,13 @@ header("HTTP/1.1 400 Bad Request"); exit(4); } -$FullPath = __DIR__ . "/../user_uploads/$File"; +$FullPath = $path . $File; if (!file_exists($FullPath)) { error_log("ERROR: File $FullPath does not exist"); header("HTTP/1.1 404 Not Found"); exit(5); } -$db =& Database::singleton(); +$db = \Database::singleton(); $fileID = $db->pselectOne( "SELECT ID FROM data_release WHERE " . "file_name=:fn", diff --git a/modules/document_repository/php/files.class.inc b/modules/document_repository/php/files.class.inc index 5204a565dc0..e7c09d59d6c 100644 --- a/modules/document_repository/php/files.class.inc +++ b/modules/document_repository/php/files.class.inc @@ -67,6 +67,8 @@ class Files extends \NDB_Page */ public function handle(ServerRequestInterface $request) : ResponseInterface { + $config =\ NDB_Factory::singleton()->config(); + $path = $config->getSetting("documentRepositoryPath"); switch ($request->getMethod()) { case "POST": if ($this->uploadDocFile($request)) { @@ -107,7 +109,7 @@ class Files extends \NDB_Page $name = \User::singleton()->getUsername(); $record = urldecode(basename($request->getUri()->getPath())); if (!is_numeric($record)) { - $file = __DIR__ . "/../user_uploads/$name/$record"; + $file = $path. "$name/$record"; return (new \LORIS\Http\Response()) ->withHeader('Content-Type', 'application/octet-stream') ->withHeader( @@ -171,6 +173,8 @@ class Files extends \NDB_Page */ function deleteFile($rid): void { + $config =\ NDB_Factory::singleton()->config(); + $path = $config->getSetting("documentRepositoryPath"); // create Database object $DB = \Database::singleton(); $user = \User::singleton(); @@ -205,7 +209,7 @@ class Files extends \NDB_Page $Notifier->notify($msg_data); } - $path = __DIR__ . "/../user_uploads/$dataDir"; + $path = $path.$dataDir; if (file_exists($path)) { unlink($path); @@ -349,6 +353,7 @@ class Files extends \NDB_Page $baseURL = $factory->settings()->getBaseURL(); $config = $factory->config(); $base = $config->getSetting('base'); + $path = $config->getSetting("documentRepositoryPath"); $name = \User::singleton()->getUsername(); $DB = \Database::singleton(); $category = $req['category']; // required @@ -368,7 +373,7 @@ class Files extends \NDB_Page $fileSize = $uploadedFile->getSize(); $fileName = $uploadedFile->getClientFileName(); $fileType = pathinfo($fileName, PATHINFO_EXTENSION); - $uploadPath = "$base/modules/document_repository/user_uploads/$name/"; + $uploadPath = $path.$name."/"; // $category is a string representation of an ID, and so should be at // least equal to zero. if (intval($category) < 0) { From 5f19132a92358c0634278bc56d2ff43723acc2ed Mon Sep 17 00:00:00 2001 From: ridz1208 Date: Fri, 29 Nov 2019 18:45:46 -0500 Subject: [PATCH 03/11] RB --- raisinbread/RB_files/RB_Config.sql | 2 ++ raisinbread/RB_files/RB_ConfigSettings.sql | 2 ++ raisinbread/migration.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/raisinbread/RB_files/RB_Config.sql b/raisinbread/RB_files/RB_Config.sql index 4cad972980e..570db797ce0 100644 --- a/raisinbread/RB_files/RB_Config.sql +++ b/raisinbread/RB_files/RB_Config.sql @@ -94,5 +94,7 @@ INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (97,70,'/data-raisinbrea INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (98,93,'V1'); INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (99,101,''); INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (102,19,'false'); +INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (103,102,'/var/www/loris/modules/document_repository/user_uploads/'); +INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (104,103,'/var/www/loris/modules/data_release/user_uploads/'); UNLOCK TABLES; SET FOREIGN_KEY_CHECKS=1; diff --git a/raisinbread/RB_files/RB_ConfigSettings.sql b/raisinbread/RB_files/RB_ConfigSettings.sql index 5eadfcc5df5..b398d819b02 100644 --- a/raisinbread/RB_files/RB_ConfigSettings.sql +++ b/raisinbread/RB_files/RB_ConfigSettings.sql @@ -98,5 +98,7 @@ INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMult INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (99,'usePwnedPasswordsAPI','Whether to query the Have I Been Pwned password API on password changes to prevent the usage of common and breached passwords',1,0,'boolean',1,'Enable \"Pwned Password\" check',22); INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (100,'EnvironmentFile','Name of the environment file that need to be sourced for the imaging pipeline',1,0,'text',69,'Name of the environment file',20); INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (101,'MINCToolsPath','Path to the MINC tools',1,0,'web_path',26,'Path to the MINC tools',12); +INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (102,'documentRepositoryPath','Path to uploaded document repository files',1,0,'text',26,'Document Repository Upload Path',13); +INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (103,'dataReleasePath','Path to uploaded data release files',1,0,'text',26,'Data Release Upload Path',14); UNLOCK TABLES; SET FOREIGN_KEY_CHECKS=1; diff --git a/raisinbread/migration.md b/raisinbread/migration.md index 0dabaf770e1..5fb3f154c62 100644 --- a/raisinbread/migration.md +++ b/raisinbread/migration.md @@ -55,5 +55,7 @@ 2019-11-25-Default_value_for_session_submitted.sql # NEW +2019-10-09_move_MINCToolsPath_configuration_to_Config_tables.sql +2019-11-29-Add_upload_directory_configuration.sql # CLEAN-UP \ No newline at end of file From 7a71b44d4c7c0f6f2dfdd450a372eb42a782f319 Mon Sep 17 00:00:00 2001 From: ridz1208 Date: Fri, 29 Nov 2019 18:55:33 -0500 Subject: [PATCH 04/11] typo --- modules/data_release/ajax/FileUpload.php | 2 +- modules/document_repository/php/files.class.inc | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/data_release/ajax/FileUpload.php b/modules/data_release/ajax/FileUpload.php index 1e7a45af4ca..ef3f46e31bd 100644 --- a/modules/data_release/ajax/FileUpload.php +++ b/modules/data_release/ajax/FileUpload.php @@ -14,7 +14,7 @@ $DB = \Database::singleton(); $user = \User::singleton(); -$config =\ NDB_Factory::singleton()->config(); +$config = \NDB_Factory::singleton()->config(); if ($_POST['action'] == 'upload' && $user->hasPermission("data_release_upload") diff --git a/modules/document_repository/php/files.class.inc b/modules/document_repository/php/files.class.inc index e7c09d59d6c..e0c50d81396 100644 --- a/modules/document_repository/php/files.class.inc +++ b/modules/document_repository/php/files.class.inc @@ -67,7 +67,7 @@ class Files extends \NDB_Page */ public function handle(ServerRequestInterface $request) : ResponseInterface { - $config =\ NDB_Factory::singleton()->config(); + $config = \NDB_Factory::singleton()->config(); $path = $config->getSetting("documentRepositoryPath"); switch ($request->getMethod()) { case "POST": @@ -173,7 +173,7 @@ class Files extends \NDB_Page */ function deleteFile($rid): void { - $config =\ NDB_Factory::singleton()->config(); + $config = \NDB_Factory::singleton()->config(); $path = $config->getSetting("documentRepositoryPath"); // create Database object $DB = \Database::singleton(); From c894e11a493d81960bb03875d8d4d04a2208bcb7 Mon Sep 17 00:00:00 2001 From: ridz1208 Date: Fri, 29 Nov 2019 18:55:45 -0500 Subject: [PATCH 05/11] install mod --- tools/install.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tools/install.sh b/tools/install.sh index 875abe353cf..e0d78a22593 100755 --- a/tools/install.sh +++ b/tools/install.sh @@ -130,20 +130,12 @@ debian=("Debian" "Ubuntu") redhat=("Red" "CentOS" "Fedora" "Oracle") if [[ " ${debian[*]} " =~ " $os_distro " ]]; then - mkdir -p ../modules/document_repository/user_uploads - mkdir -p ../modules/data_release/user_uploads - sudo chown www-data.www-data ../modules/document_repository/user_uploads - sudo chown www-data.www-data ../modules/data_release/user_uploads sudo chown www-data.www-data ../smarty/templates_c # Make Apache the group for project directory, so that the web based install # can write the config.xml file. sudo chgrp www-data ../project sudo chmod 770 ../project elif [[ " ${redhat[*]} " =~ " $os_distro " ]]; then - mkdir -p ../modules/document_repository/user_uploads - mkdir -p ../modules/data_release/user_uploads - sudo chown apache.apache ../modules/document_repository/user_uploads - sudo chown apache.apache ../modules/data_release/user_uploads sudo chown apache.apache ../smarty/templates_c # Make Apache the group for project directory, so that the web based install # can write the config.xml file. @@ -152,8 +144,6 @@ elif [[ " ${redhat[*]} " =~ " $os_distro " ]]; then else echo "$os_distro Linux distribution detected. We currently do not support this. " echo "Please manually change subdirectory ownership and permissions to ensure the web server can read *and write* in the following: " - echo "../modules/data_release/user_uploads " - echo "../modules/document_repository/user_uploads " echo "../smarty/templates_c " echo "" fi From 09fbda7ee7aebee8068fa6ee31819f7d84906546 Mon Sep 17 00:00:00 2001 From: ridz1208 Date: Fri, 6 Dec 2019 12:30:35 -0500 Subject: [PATCH 06/11] adjustments --- SQL/0000-00-03-ConfigTables.sql | 6 ++---- modules/data_release/ajax/FileUpload.php | 8 ++++---- modules/data_release/ajax/GetFile.php | 8 +++++--- modules/document_repository/php/files.class.inc | 10 +++++----- raisinbread/RB_files/RB_Config.sql | 4 ++-- tools/install.sh | 1 - 6 files changed, 18 insertions(+), 19 deletions(-) diff --git a/SQL/0000-00-03-ConfigTables.sql b/SQL/0000-00-03-ConfigTables.sql index 718cb2dae18..e2d69cf173e 100644 --- a/SQL/0000-00-03-ConfigTables.sql +++ b/SQL/0000-00-03-ConfigTables.sql @@ -75,8 +75,8 @@ INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'publication_uploads', 'Path to uploaded publications', 1, 0, 'web_path', ID, 'Publications', 10 FROM ConfigSettings WHERE Name="paths"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'publication_deletions', 'Path to deleted publications', 1, 0, 'web_path', ID, 'Deleted Publications', 11 FROM ConfigSettings WHERE Name="paths"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'MINCToolsPath', 'Path to the MINC tools', 1, 0, 'web_path', ID, 'Path to the MINC tools', 12 FROM ConfigSettings WHERE Name="paths"; -INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'documentRepositoryPath', 'Path to uploaded document repository files', 1, 0, 'text', ID, 'Document Repository Upload Path', 13 FROM ConfigSettings WHERE Name="paths"; -INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'dataReleasePath', 'Path to uploaded data release files', 1, 0, 'text', ID, 'Data release Upload Path', 14 FROM ConfigSettings WHERE Name="paths"; +INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'documentRepositoryPath', 'Path to uploaded document repository files', 1, 0, 'web_path', ID, 'Document Repository Upload Path', 13 FROM ConfigSettings WHERE Name="paths"; +INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'dataReleasePath', 'Path to uploaded data release files', 1, 0, 'web_path', ID, 'Data release Upload Path', 14 FROM ConfigSettings WHERE Name="paths"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, Label, OrderNumber) VALUES ('gui', 'Settings related to the overall display of LORIS', 1, 0, 'GUI', 3); @@ -192,8 +192,6 @@ INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/uploads/" FROM ConfigSett INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/publication_uploads/" FROM ConfigSettings WHERE Name="publication_uploads"; INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/publication_uploads/to_be_deleted/" FROM ConfigSettings WHERE Name="publication_deletions"; INSERT INTO Config (ConfigID, Value) SELECT ID, "%MINCToolsPath%" FROM ConfigSettings WHERE Name="MINCToolsPath"; -INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/document_repository_uploads/" FROM ConfigSettings WHERE Name="documentRepositoryPath"; -INSERT INTO Config (ConfigID, Value) SELECT ID, "/data/data_release_uploads/" FROM ConfigSettings WHERE Name="dataReleasePath"; INSERT INTO Config (ConfigID, Value) SELECT ID, "main.css" FROM ConfigSettings WHERE Name="css"; diff --git a/modules/data_release/ajax/FileUpload.php b/modules/data_release/ajax/FileUpload.php index ef3f46e31bd..5e0fa861030 100644 --- a/modules/data_release/ajax/FileUpload.php +++ b/modules/data_release/ajax/FileUpload.php @@ -12,9 +12,10 @@ * @link https://github.com/aces/Loris */ -$DB = \Database::singleton(); -$user = \User::singleton(); -$config = \NDB_Factory::singleton()->config(); +$factory = \NDB_Factory::singleton(); +$DB = $factory->database(); +$user = $factory->user(); +$config = $factory->config(); if ($_POST['action'] == 'upload' && $user->hasPermission("data_release_upload") @@ -23,7 +24,6 @@ $version = $_POST['version']; $upload_date = date('Y-m-d'); - $factory = NDB_Factory::singleton(); $settings = $factory->settings(); $baseURL = $settings->getBaseURL(); diff --git a/modules/data_release/ajax/GetFile.php b/modules/data_release/ajax/GetFile.php index e6885fad342..7db19860e8b 100644 --- a/modules/data_release/ajax/GetFile.php +++ b/modules/data_release/ajax/GetFile.php @@ -12,8 +12,11 @@ * @link https://github.com/aces/Loris */ -$user =& User::singleton(); -$config = \NDB_Factory::singleton()->config(); + +$factory = \NDB_Factory::singleton(); +$db = $factory->database(); +$user = $factory->user(); +$config = $factory->config(); $path = $config->getSetting('dataReleasePath'); $File = $_GET['File']; @@ -31,7 +34,6 @@ header("HTTP/1.1 404 Not Found"); exit(5); } -$db = \Database::singleton(); $fileID = $db->pselectOne( "SELECT ID FROM data_release WHERE " . "file_name=:fn", diff --git a/modules/document_repository/php/files.class.inc b/modules/document_repository/php/files.class.inc index e0c50d81396..92596f3cd3c 100644 --- a/modules/document_repository/php/files.class.inc +++ b/modules/document_repository/php/files.class.inc @@ -173,16 +173,16 @@ class Files extends \NDB_Page */ function deleteFile($rid): void { - $config = \NDB_Factory::singleton()->config(); - $path = $config->getSetting("documentRepositoryPath"); + $factory = \NDB_Factory::singleton(); + $DB = $factory->database(); + $user = $factory->user(); + $config = $factory->config(); + $path = $config->getSetting("documentRepositoryPath"); // create Database object - $DB = \Database::singleton(); - $user = \User::singleton(); $Notifier = new \NDB_Notifier( "document_repository", "delete" ); - $factory = \NDB_Factory::singleton(); $baseURL = $factory->settings()->getBaseURL(); $fileName = $DB->pselectOne( "SELECT File_name FROM document_repository diff --git a/raisinbread/RB_files/RB_Config.sql b/raisinbread/RB_files/RB_Config.sql index 570db797ce0..f62cdcc71d6 100644 --- a/raisinbread/RB_files/RB_Config.sql +++ b/raisinbread/RB_files/RB_Config.sql @@ -94,7 +94,7 @@ INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (97,70,'/data-raisinbrea INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (98,93,'V1'); INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (99,101,''); INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (102,19,'false'); -INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (103,102,'/var/www/loris/modules/document_repository/user_uploads/'); -INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (104,103,'/var/www/loris/modules/data_release/user_uploads/'); +INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (103,102,'/data/document_repository_uploads/'); +INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (104,103,'/data/data_release_uploads/'); UNLOCK TABLES; SET FOREIGN_KEY_CHECKS=1; diff --git a/tools/install.sh b/tools/install.sh index e0d78a22593..3c8aa755791 100755 --- a/tools/install.sh +++ b/tools/install.sh @@ -117,7 +117,6 @@ mkdir -p ../smarty/templates_c # Setting 770 permissions for templates_c chmod 770 ../smarty/templates_c -# Changing group to 'www-data' or 'apache' to give permission to create directories in Document Repository module # Detecting distribution if ! os_distro=$(hostnamectl 2>/dev/null) then From dae2448280dbdda4563d9f0973f708d76943e68c Mon Sep 17 00:00:00 2001 From: Rida Date: Fri, 13 Dec 2019 14:43:22 -0500 Subject: [PATCH 07/11] phpcs --- modules/data_release/ajax/GetFile.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/data_release/ajax/GetFile.php b/modules/data_release/ajax/GetFile.php index 7db19860e8b..50e6c8d4647 100644 --- a/modules/data_release/ajax/GetFile.php +++ b/modules/data_release/ajax/GetFile.php @@ -13,11 +13,11 @@ */ -$factory = \NDB_Factory::singleton(); -$db = $factory->database(); -$user = $factory->user(); -$config = $factory->config(); -$path = $config->getSetting('dataReleasePath'); +$factory = \NDB_Factory::singleton(); +$db = $factory->database(); +$user = $factory->user(); +$config = $factory->config(); +$path = $config->getSetting('dataReleasePath'); $File = $_GET['File']; // Make sure that the user isn't trying to break out of the $path by From 6c2e50c79afeca43f991321dd1c69432687c29a5 Mon Sep 17 00:00:00 2001 From: Rida Abou-Haidar Date: Mon, 16 Dec 2019 11:48:17 -0500 Subject: [PATCH 08/11] Update modules/data_release/ajax/FileUpload.php Co-Authored-By: John Saigle <4022790+johnsaigle@users.noreply.github.com> --- modules/data_release/ajax/FileUpload.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/data_release/ajax/FileUpload.php b/modules/data_release/ajax/FileUpload.php index 5e0fa861030..f7cdf35fa50 100644 --- a/modules/data_release/ajax/FileUpload.php +++ b/modules/data_release/ajax/FileUpload.php @@ -31,7 +31,7 @@ if (!file_exists($path)) { error_log( - "ERROR: File upload failed. Default upload" + "ERROR: File upload failed. Upload" . " directory not found." ); header("HTTP/1.1 500 Internal Server Error"); @@ -84,4 +84,3 @@ echo "There was an error uploading the file"; } - From 9d9c2f89cf411979666369ebc609ba2127e6a131 Mon Sep 17 00:00:00 2001 From: Rida Abou-Haidar Date: Mon, 16 Dec 2019 11:48:27 -0500 Subject: [PATCH 09/11] Update modules/data_release/ajax/FileUpload.php Co-Authored-By: John Saigle <4022790+johnsaigle@users.noreply.github.com> --- modules/data_release/ajax/FileUpload.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/data_release/ajax/FileUpload.php b/modules/data_release/ajax/FileUpload.php index f7cdf35fa50..1277a3d4873 100644 --- a/modules/data_release/ajax/FileUpload.php +++ b/modules/data_release/ajax/FileUpload.php @@ -37,7 +37,7 @@ header("HTTP/1.1 500 Internal Server Error"); } elseif (!is_writable($path)) { error_log( - "File upload failed. Default upload directory" + "File upload failed. Upload directory" . " does not appear to be writeable." ); header("HTTP/1.1 500 Internal Server Error"); @@ -83,4 +83,3 @@ header("HTTP/1.1 400 Bad Request"); echo "There was an error uploading the file"; } - From 97e08be555da646cd6727c8c0848a08e707522f0 Mon Sep 17 00:00:00 2001 From: ridz1208 Date: Tue, 17 Dec 2019 16:23:13 -0500 Subject: [PATCH 10/11] added check --- modules/data_release/ajax/FileUpload.php | 2 +- modules/data_release/ajax/GetFile.php | 2 +- php/libraries/Utility.class.inc | 12 ++++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/modules/data_release/ajax/FileUpload.php b/modules/data_release/ajax/FileUpload.php index 1277a3d4873..68a94df3f09 100644 --- a/modules/data_release/ajax/FileUpload.php +++ b/modules/data_release/ajax/FileUpload.php @@ -27,7 +27,7 @@ $settings = $factory->settings(); $baseURL = $settings->getBaseURL(); - $path = $config->getSetting('dataReleasePath'); + $path = \Utility::appendForwardSlash($config->getSetting('dataReleasePath')); if (!file_exists($path)) { error_log( diff --git a/modules/data_release/ajax/GetFile.php b/modules/data_release/ajax/GetFile.php index 50e6c8d4647..28bc800653a 100644 --- a/modules/data_release/ajax/GetFile.php +++ b/modules/data_release/ajax/GetFile.php @@ -17,7 +17,7 @@ $db = $factory->database(); $user = $factory->user(); $config = $factory->config(); -$path = $config->getSetting('dataReleasePath'); +$path = \Utility::appendForwardSlash($config->getSetting('dataReleasePath')); $File = $_GET['File']; // Make sure that the user isn't trying to break out of the $path by diff --git a/php/libraries/Utility.class.inc b/php/libraries/Utility.class.inc index 633ca0634b4..10bb2e64859 100644 --- a/php/libraries/Utility.class.inc +++ b/php/libraries/Utility.class.inc @@ -1005,5 +1005,17 @@ class Utility return $scan_types; } + + /** + * Append a forward slash to a path if it doesn't already exist + * + * @param string $path path to which the slash should be appended + * + * @return string + */ + static function appendForwardSlash(string $path) : string + { + return rtrim($path, '/\\') . '/'; + } } From 0eec4b8a92ecaf290dd880aae23cb1ecd8558e20 Mon Sep 17 00:00:00 2001 From: ridz1208 Date: Tue, 17 Dec 2019 16:42:30 -0500 Subject: [PATCH 11/11] oops --- modules/document_repository/php/files.class.inc | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/document_repository/php/files.class.inc b/modules/document_repository/php/files.class.inc index 92596f3cd3c..6c5f42df096 100644 --- a/modules/document_repository/php/files.class.inc +++ b/modules/document_repository/php/files.class.inc @@ -68,7 +68,9 @@ class Files extends \NDB_Page public function handle(ServerRequestInterface $request) : ResponseInterface { $config = \NDB_Factory::singleton()->config(); - $path = $config->getSetting("documentRepositoryPath"); + $path = \Utility::appendForwardSlash( + $config->getSetting("documentRepositoryPath") + ); switch ($request->getMethod()) { case "POST": if ($this->uploadDocFile($request)) { @@ -177,7 +179,9 @@ class Files extends \NDB_Page $DB = $factory->database(); $user = $factory->user(); $config = $factory->config(); - $path = $config->getSetting("documentRepositoryPath"); + $path = \Utility::appendForwardSlash( + $config->getSetting("documentRepositoryPath") + ); // create Database object $Notifier = new \NDB_Notifier( "document_repository", @@ -353,7 +357,9 @@ class Files extends \NDB_Page $baseURL = $factory->settings()->getBaseURL(); $config = $factory->config(); $base = $config->getSetting('base'); - $path = $config->getSetting("documentRepositoryPath"); + $path = \Utility::appendForwardSlash( + $config->getSetting("documentRepositoryPath") + ); $name = \User::singleton()->getUsername(); $DB = \Database::singleton(); $category = $req['category']; // required