. "$_EXEC/cgilite/file.sh"
+# REV_ATTACHMENTS="${REV_ATTACHMENTS:-false}"
+
attachment_convert(){
local attpath="$1"
local cachepath="${attpath%/#attachments/*}/#cache/${attpath#*/#attachments/}"
;;
*/\[attachment\])
# show attachment page
- # receive uploads
- tsid="$(POST session_key)"; tsid="${tsid%% *}"
- attachment_delete="$(POST delete)"
page="${PATH_INFO%\[attachment\]}"
if [ ! -d "$_DATA/pages${page}" -a ! -d "$_DATA/pages${page}" ]; then
# base page does not exist
return 1
- elif [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ] && acl_write "${page}"; then
- . "$_EXEC/multipart.sh"
- multipart_cache
-
- # Validate session id from form to prevent CSRF
- # Only validate if username is present, because no username means
- # anonymous uploads are allowed via acl and cgilite/session.sh does not
- # validate anonymous sessions from a multipart/formdata
- if [ "$USER_NAME" -a "$(multipart session_id)" != "$SESSION_ID" ]; then
- rm -- "$multipart_cachefile"
- printf 'Refresh: %i\r\n' 4
- theme_error 403
- return 0
- fi
-
- mkdir -p "$_DATA/pages${page}#attachments/"
- n=1; while filename=$(multipart_filename "file" "$n"); do
- filename="$(printf %s "$filename" |tr /\\0 __)"
- multipart "file" "$n" >"$_DATA/pages${page}#attachments/$filename"
- n=$((n + 1))
- done
- rm -- "$multipart_cachefile"
- REDIRECT "${_BASE}${PATH_INFO}"
elif [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ]; then
- printf 'Refresh: %i\r\n' 4
- theme_error 403
- head -c $((CONTENT_LENGTH)) >/dev/null
- return 0
- elif [ "$attachment_delete" -a "$SESSION_ID" = "$tsid" ]; then
- rm -- "$_DATA/pages${page}#attachments/$attachment_delete"
- REDIRECT "${_BASE}${PATH_INFO}"
- elif [ "$attachment_delete" ]; then
- printf 'Refresh: %i\r\n' 4
- theme_error 403
- return 0
+ # pass uploads to next handler
+ return 1
+ elif [ "$(POST action)" ]; then
+ # pass edits to next handler
+ return 1
elif ! acl_read "${page}"; then
theme_error 403
return 0