]> git.p6c8.net - jirafeau.git/blob - lib/functions.js
Fix input sanitize in scripting interface
[jirafeau.git] / lib / functions.js
1 /*
2 * Jirafeau, your web file repository
3 * Copyright (C) 2012 Jerome Jutteau <j.jutteau@gmail.com>
4 *
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU Affero General Public License as
7 * published by the Free Software Foundation, either version 3 of the
8 * License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU Affero General Public License for more details.
14 *
15 * You should have received a copy of the GNU Affero General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 */
18
19 function show_link (url, reference, delete_code, date)
20 {
21 var download_link = url + 'file.php?h=' + reference;
22 var delete_link = download_link + '&amp;d=' + delete_code;
23 var delete_link_href = download_link + '&d=' + delete_code;
24 document.getElementById('upload_link').innerHTML = download_link;
25 document.getElementById('upload_link').href = download_link;
26 document.getElementById('delete_link').innerHTML = delete_link;
27 document.getElementById('delete_link').href = delete_link_href;
28 if (date)
29 {
30 document.getElementById('date').innerHTML = date;
31 document.getElementById('validity').style.display = '';
32 }
33 else
34 document.getElementById('validity').style.display = 'none';
35
36 document.getElementById('uploading').style.display = 'none';
37 document.getElementById('upload').style.display = 'none';
38 document.getElementById('upload_finished').style.display = '';
39 }
40
41 function show_upload_progression (p)
42 {
43 document.getElementById('uploaded_percentage').innerHTML = p;
44 }
45
46 function upload_progress (e)
47 {
48 if (!e.lengthComputable)
49 return;
50 /* Show the user the operation do not reach 100%, the server need time
51 * to give a response before providing the link.
52 */
53 var p = Math.round (e.loaded * 99 / e.total);
54 show_upload_progression (p.toString() + '%');
55 }
56
57 function upload_failed (e)
58 {
59 /* Todo: Considere showing a error div. */
60 alert ('Sorry, upload failed');
61 }
62
63 function classic_upload (url, file, time, password, one_time)
64 {
65 var req = new XMLHttpRequest ();
66 req.upload.addEventListener ("progress", upload_progress, false);
67 req.addEventListener ("error", upload_failed, false);
68 req.addEventListener ("abort", upload_failed, false);
69 req.onreadystatechange = function ()
70 {
71 if (req.readyState == 4 && req.status == 200)
72 {
73 var res = req.responseText;
74 if (res == "Error")
75 return;
76 res = res.split ("\n");
77 if (time != 'none')
78 {
79 var d = new Date();
80 if (time == 'minute')
81 d.setSeconds (d.getSeconds() + 60);
82 else if (time == 'hour')
83 d.setSeconds (d.getSeconds() + 3600);
84 else if (time == 'day')
85 d.setSeconds (d.getSeconds() + 86400);
86 else if (time == 'week')
87 d.setSeconds (d.getSeconds() + 604800);
88 else if (time == 'month')
89 d.setSeconds (d.getSeconds() + 2419200);
90 else
91 return;
92 show_link (url, res[0], res[1], d.toString());
93 }
94 else
95 show_link (url, res[0], res[1]);
96 }
97 }
98 req.open ("POST", url + 'script.php' , true);
99
100 var form = new FormData();
101 form.append ("file", file);
102 if (time)
103 form.append ("time", time);
104 if (password)
105 form.append ("key", password);
106 if (one_time)
107 form.append ("one_time_download", '1');
108 req.send (form);
109 }
110
111 function check_html5_file_api ()
112 {
113 if (window.File && window.FileReader && window.FileList && window.Blob)
114 return true;
115 return false;
116 }
117
118 var async_global_transfered = 0;
119 var async_global_url = '';
120 var async_global_file;
121 var async_global_ref = '';
122 var async_global_max_size = 0;
123 var async_global_time;
124 var async_global_transfering = 0;
125
126 function async_upload_start (url, max_size, file, time, password, one_time)
127 {
128 async_global_transfered = 0;
129 async_global_url = url;
130 async_global_file = file;
131 async_global_max_size = max_size;
132 async_global_time = time;
133
134 var req = new XMLHttpRequest ();
135 req.addEventListener ("error", upload_failed, false);
136 req.addEventListener ("abort", upload_failed, false);
137 req.onreadystatechange = function ()
138 {
139 if (req.readyState == 4 && req.status == 200)
140 {
141 var res = req.responseText;
142 if (res == "Error")
143 return;
144 res = res.split ("\n");
145 async_global_ref = res[0];
146 var code = res[1];
147 async_upload_push (code);
148 }
149 }
150 req.open ("POST", async_global_url + 'script.php?init_async' , true);
151
152 var form = new FormData();
153 form.append ("filename", async_global_file.name);
154 form.append ("type", async_global_file.type);
155 if (time)
156 form.append ("time", time);
157 if (password)
158 form.append ("key", password);
159 if (one_time)
160 form.append ("one_time_download", '1');
161 req.send (form);
162 }
163
164 function async_upload_progress (e)
165 {
166 if (!e.lengthComputable && async_global_file.size != 0)
167 return;
168 var p = Math.round ((e.loaded + async_global_transfered) * 99 / (async_global_file.size));
169 show_upload_progression (p.toString() + '%');
170 }
171
172 function async_upload_push (code)
173 {
174 if (async_global_transfered == async_global_file.size)
175 {
176 async_upload_end (code);
177 return;
178 }
179 var req = new XMLHttpRequest ();
180 req.upload.addEventListener ("progress", async_upload_progress, false);
181 req.addEventListener ("error", upload_failed, false);
182 req.addEventListener ("abort", upload_failed, false);
183 req.onreadystatechange = function ()
184 {
185 if (req.readyState == 4 && req.status == 200)
186 {
187 var res = req.responseText;
188 if (res == "Error")
189 return;
190 res = res.split ("\n");
191 var code = res[0]
192 async_global_transfered = async_global_transfering;
193 async_upload_push (code);
194 }
195 }
196 req.open ("POST", async_global_url + 'script.php?push_async' , true);
197
198 var chunk_size = parseInt (async_global_max_size * 0.90);
199 var start = async_global_transfered;
200 var end = start + chunk_size;
201 if (end >= async_global_file.size)
202 end = async_global_file.size;
203 var blob = async_global_file.slice (start, end);
204 async_global_transfering = end;
205
206 var form = new FormData();
207 form.append ("ref", async_global_ref);
208 form.append ("data", blob);
209 form.append ("code", code);
210 req.send (form);
211 }
212
213 function async_upload_end (code)
214 {
215 var req = new XMLHttpRequest ();
216 req.addEventListener ("error", upload_failed, false);
217 req.addEventListener ("abort", upload_failed, false);
218 req.onreadystatechange = function ()
219 {
220 if (req.readyState == 4 && req.status == 200)
221 {
222 var res = req.responseText;
223 if (res == "Error")
224 return;
225 res = res.split ("\n");
226 if (async_global_time != 'none')
227 {
228 var d = new Date();
229 if (async_global_time == 'minute')
230 d.setSeconds (d.getSeconds() + 60);
231 else if (async_global_time == 'hour')
232 d.setSeconds (d.getSeconds() + 3600);
233 else if (async_global_time == 'day')
234 d.setSeconds (d.getSeconds() + 86400);
235 else if (async_global_time == 'week')
236 d.setSeconds (d.getSeconds() + 604800);
237 else if (async_global_time == 'month')
238 d.setSeconds (d.getSeconds() + 2419200);
239 else
240 return;
241 show_link (async_global_url, res[0], res[1], d.toString());
242 }
243 else
244 show_link (async_global_url, res[0], res[1]);
245 }
246 }
247 req.open ("POST", async_global_url + 'script.php?end_async' , true);
248
249 var form = new FormData();
250 form.append ("ref", async_global_ref);
251 form.append ("code", code);
252 req.send (form);
253 }
254
255 function upload (url, max_size)
256 {
257 if (check_html5_file_api ()
258 && document.getElementById('file_select').files[0].size >= max_size)
259 {
260 async_upload_start (url,
261 max_size,
262 document.getElementById('file_select').files[0],
263 document.getElementById('select_time').value,
264 document.getElementById('input_key').value,
265 document.getElementById('one_time_download').checked
266 );
267 }
268 else
269 {
270 classic_upload (url,
271 document.getElementById('file_select').files[0],
272 document.getElementById('select_time').value,
273 document.getElementById('input_key').value,
274 document.getElementById('one_time_download').checked
275 );
276 }
277 }

patrick-canterino.de