X-Git-Url: https://git.plutz.net/?a=blobdiff_plain;f=handlers%2F20_attachment.sh;h=63b42b4ea14058665ad850069e9082167153dd4a;hb=a3dafeab4e60718460b9f46f560faea764aa7018;hp=efc66f1b77f714fa4ed6afcfc25030c2e87b8258;hpb=7af38aed3e2f4d019b371da3ec58a41457173248;p=shellwiki

diff --git a/handlers/20_attachment.sh b/handlers/20_attachment.sh
index efc66f1..63b42b4 100755
--- a/handlers/20_attachment.sh
+++ b/handlers/20_attachment.sh
@@ -66,13 +66,24 @@ attachment_convert(){
 
 case ${PATH_INFO} in
   */\[attachment\]/)
+    # no trailing slash
     REDIRECT "${_BASE}${PATH_INFO%/}"
     ;;
+  */*/)
+    # attached files never end on /
+    return 1
+    ;;
   */\[attachment\])
+    # show attachment page
+    # receive uploads
     tsid="$(POST session_key)"; tsid="${tsid%% *}"
     attachment_delete="$(POST delete)"
+    page="${PATH_INFO%\[attachment\]}"
 
-    if [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ] && acl_write "${PATH_INFO%\[attachment\]}"; then
+    if [ ! -d "$_DATA/pages${page}" -a ! -d "$_DATA/pages${page}" ]; then
+      # base page does not exist
+      return 1
+    elif [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ] && acl_write "${page}"; then
       . "$_EXEC/multipart.sh"
       multipart_cache
 
@@ -87,10 +98,10 @@ case ${PATH_INFO} in
         return 0
       fi
 
-      mkdir -p "$_DATA/pages/${PATH_INFO%/\[attachment\]}/#attachments/"
+      mkdir -p "$_DATA/pages${page}#attachments/"
       n=1; while filename=$(multipart_filename "file" "$n"); do
         filename="$(printf %s "$filename" |tr /\\0 __)"
-        multipart "file" "$n" >"$_DATA/pages/${PATH_INFO%/\[attachment\]}/#attachments/$filename"
+        multipart "file" "$n" >"$_DATA/pages${page}#attachments/$filename"
         n=$((n + 1))
       done
       rm -- "$multipart_cachefile"
@@ -101,17 +112,17 @@ case ${PATH_INFO} in
       head -c $((CONTENT_LENGTH)) >/dev/null
       return 0
     elif [ "$attachment_delete" -a "$SESSION_ID" = "$tsid" ]; then
-      rm -- "$_DATA/pages/${PATH_INFO%/\[attachment\]}/#attachments/$attachment_delete"
+      rm -- "$_DATA/pages${page}#attachments/$attachment_delete"
       REDIRECT "${_BASE}${PATH_INFO}"
     elif [ "$attachment_delete" ]; then
       printf 'Refresh: %i\r\n' 4
       theme_error 403
       return 0
-    elif acl_read "${PATH_INFO%\[attachment\]}"; then
-      theme_attachments "${PATH_INFO%\[attachment\]}"
+    elif ! acl_read "${page}"; then
+      theme_error 403
       return 0
     else
-      theme_error 404
+      theme_attachments "${page}"
       return 0
     fi
     ;;
@@ -119,7 +130,9 @@ case ${PATH_INFO} in
   */\[attachment\]/*)
     attpath="${PATH_INFO%/\[attachment\]/*}/#attachments/${PATH_INFO##*/}"
 
-    if ! acl_read "${PATH_INFO%/\[attachment\]/*}"; then
+    if [ ! -f "$_DATA/pages/$attpath" -a ! -f "$_EXEC/pages/$attpath" ]; then
+      return 1
+    elif ! acl_read "${PATH_INFO%/\[attachment\]/*}"; then
       theme_error 403
       return 0
     elif [ -f "$_DATA/pages/$attpath" ]; then
@@ -128,18 +141,14 @@ case ${PATH_INFO} in
     elif [ -f "$_EXEC/pages/$attpath" ]; then
       FILE "$_EXEC/pages/$attpath"
       return 0
-    else
-      theme_error 404
-      return 0
     fi
     ;;
-  */*/)
-    return 1
-    ;;
   */*)
     attpath="${PATH_INFO%/*}/#attachments/${PATH_INFO##*/}"
 
-    if ! acl_read "${PATH_INFO%/*}/"; then
+    if [ ! -f "$_DATA/pages/$attpath" -a ! -f "$_EXEC/pages/$attpath" ]; then
+      return 1
+    elif ! acl_read "${PATH_INFO%/*}/"; then
       theme_error 403
       return 0
     elif [ -f "$_DATA/pages/$attpath" ]; then
@@ -148,11 +157,6 @@ case ${PATH_INFO} in
     elif [ -f "$_EXEC/pages/$attpath" ]; then
       FILE "$(attachment_convert "$_EXEC/pages/$attpath")"
       return 0
-    elif [ -d "$_DATA/pages/${PATH_INFO}" -o -d "$_EXEC/pages/${PATH_INFO}" ]; then
-      REDIRECT "${_BASE}${PATH_INFO}/"
-    elif [ "${PATH_INFO%\[*\]}" = "${PATH_INFO}" ]; then
-      theme_error 404
-      return 0
     fi
     ;;
 esac