summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README20
-rw-r--r--actions/getfile.php66
-rw-r--r--classes/File.php33
-rw-r--r--config.php.sample17
-rw-r--r--htaccess.sample8
-rw-r--r--lib/default.php1
6 files changed, 100 insertions, 45 deletions
diff --git a/README b/README
index 6e39890cb..c26fe786e 100644
--- a/README
+++ b/README
@@ -710,11 +710,21 @@ private site, but users of the private site may be able to subscribe
to users on a remote site. (Or not... it's not well tested.) The
"proper behaviour" hasn't been defined here, so handle with care.
-If fancy URLs is enabled, access to file attachments can also be
-restricted to logged-in users only. Uncomment the appropriate rewrite
-rule in .htaccess or your server's httpd.conf. (This most likely will
-not work if you are using a virtual server for attachments, so consider
-the performance/security tradeoff.)
+Access to file attachments can also be restricted to logged-in users only.
+1. Add a directory outside the web root where your file uploads will be
+ stored. Usually a command like this will work:
+
+ mkdir /var/www/mublog-files
+
+2. Make the file uploads directory writeable by the web server. An
+ insecure way to do this is:
+
+ chmod a+x /var/www/mublog-files
+
+3. Tell StatusNet to use this directory for file uploads. Add a line
+ like this to your config.php:
+
+ $config['attachments']['dir'] = '/var/www/mublog-files';
Upgrading
=========
diff --git a/actions/getfile.php b/actions/getfile.php
index ecda34c0f..cd327e410 100644
--- a/actions/getfile.php
+++ b/actions/getfile.php
@@ -1,13 +1,13 @@
<?php
/**
- * StatusNet, the distributed open-source microblogging tool
+ * StatusNet - the distributed open-source microblogging tool
+ * Copyright (C) 2009, StatusNet, Inc.
*
- * Returns a given file attachment, allowing private sites to only allow
- * access to file attachments after login.
+ * Return a requested file
*
* PHP version 5
*
- * LICENCE: This program is free software: you can redistribute it and/or modify
+ * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
@@ -20,28 +20,32 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
- * @category Personal
+ * @category PrivateAttachments
* @package StatusNet
* @author Jeffery To <jeffery.to@gmail.com>
- * @copyright 2008-2009 StatusNet, Inc.
- * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @copyright 2009 StatusNet, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
* @link http://status.net/
*/
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('STATUSNET')) {
exit(1);
}
require_once 'MIME/Type.php';
/**
- * Action for getting a file attachment
+ * An action for returning a requested file
*
- * @category Personal
- * @package StatusNet
- * @author Jeffery To <jeffery.to@gmail.com>
- * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
- * @link http://status.net/
+ * The StatusNet system will do an implicit user check if the site is
+ * private before allowing this to continue
+ *
+ * @category PrivateAttachments
+ * @package StatusNet
+ * @author Jeffery To <jeffery.to@gmail.com>
+ * @copyright 2009 StatusNet, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
+ * @link http://status.net/
*/
class GetfileAction extends Action
@@ -68,7 +72,7 @@ class GetfileAction extends Action
$path = null;
if ($filename) {
- $path = common_config('attachments', 'dir') . $filename;
+ $path = File::path($filename);
}
if (empty($path) or !file_exists($path)) {
@@ -103,6 +107,10 @@ class GetfileAction extends Action
function lastModified()
{
+ if (common_config('site', 'use_x_sendfile')) {
+ return null;
+ }
+
return filemtime($this->path);
}
@@ -114,8 +122,24 @@ class GetfileAction extends Action
*
* @return string etag http header
*/
+
function etag()
{
+ if (common_config('site', 'use_x_sendfile')) {
+ return null;
+ }
+
+ $cache = common_memcache();
+ if($cache) {
+ $key = common_cache_key('attachments:etag:' . $this->path);
+ $etag = $cache->get($key);
+ if($etag === false) {
+ $etag = crc32(file_get_contents($this->path));
+ $cache->set($key,$etag);
+ }
+ return $etag;
+ }
+
$stat = stat($this->path);
return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"';
}
@@ -133,13 +157,19 @@ class GetfileAction extends Action
// undo headers set by PHP sessions
$sec = session_cache_expire() * 60;
header('Expires: ' . date(DATE_RFC1123, time() + $sec));
- header('Cache-Control: public, max-age=' . $sec);
- header('Pragma: public');
+ header('Cache-Control: max-age=' . $sec);
parent::handle($args);
$path = $this->path;
+
header('Content-Type: ' . MIME_Type::autoDetect($path));
- readfile($path);
+
+ if (common_config('site', 'use_x_sendfile')) {
+ header('X-Sendfile: ' . $path);
+ } else {
+ header('Content-Length: ' . filesize($path));
+ readfile($path);
+ }
}
}
diff --git a/classes/File.php b/classes/File.php
index e04a9d525..6173f31d6 100644
--- a/classes/File.php
+++ b/classes/File.php
@@ -182,25 +182,32 @@ class File extends Memcached_DataObject
static function url($filename)
{
- $path = common_config('attachments', 'path');
+ if(common_config('site','private')) {
- if ($path[strlen($path)-1] != '/') {
- $path .= '/';
- }
+ return common_local_url('getfile',
+ array('filename' => $filename));
- if ($path[0] != '/') {
- $path = '/'.$path;
- }
+ } else {
+ $path = common_config('attachments', 'path');
- $server = common_config('attachments', 'server');
+ if ($path[strlen($path)-1] != '/') {
+ $path .= '/';
+ }
- if (empty($server)) {
- $server = common_config('site', 'server');
- }
+ if ($path[0] != '/') {
+ $path = '/'.$path;
+ }
+
+ $server = common_config('attachments', 'server');
- // XXX: protocol
+ if (empty($server)) {
+ $server = common_config('site', 'server');
+ }
- return 'http://'.$server.$path.$filename;
+ // XXX: protocol
+
+ return 'http://'.$server.$path.$filename;
+ }
}
function getEnclosure(){
diff --git a/config.php.sample b/config.php.sample
index 91e6614c0..b8852dc67 100644
--- a/config.php.sample
+++ b/config.php.sample
@@ -41,6 +41,20 @@ $config['site']['path'] = 'statusnet';
// Make the site invisible to non-logged-in users
// $config['site']['private'] = true;
+// If your web server supports X-Sendfile (Apache with mod_xsendfile,
+// lighttpd, nginx), you can enable X-Sendfile support for better
+// performance. Presently, only attachment serving when the site is
+// in private mode will use X-Sendfile.
+// $config['site']['X-Sendfile'] = false;
+// You may also need to enable X-Sendfile support for your web server and
+// allow it to access files outside of the web root. For Apache with
+// mod_xsendfile, you can add these to your .htaccess or server config:
+//
+// XSendFile on
+// XSendFileAllowAbove on
+//
+// See http://tn123.ath.cx/mod_xsendfile/ for mod_xsendfile.
+
// If you want logging sent to a file instead of syslog
// $config['site']['logfile'] = '/tmp/statusnet.log';
@@ -265,6 +279,7 @@ $config['sphinx']['port'] = 3312;
// $config['attachments']['user_quota'] = 50000000;
// $config['attachments']['monthly_quota'] = 15000000;
// $config['attachments']['uploads'] = true;
-// $config['attachments']['path'] = "/file/";
+// $config['attachments']['path'] = "/file/"; //ignored if site is private
+// $config['attachments']['dir'] = INSTALLDIR . '/file/';
// $config['oohembed']['endpoint'] = 'http://oohembed.com/oohembed/';
diff --git a/htaccess.sample b/htaccess.sample
index 91ae9da9b..37eb8e01e 100644
--- a/htaccess.sample
+++ b/htaccess.sample
@@ -5,14 +5,6 @@
RewriteBase /mublog/
- # If your site is private and want to only allow logged-in users to
- # be able to download file attachments, uncomment this rule.
- #
- # If you have a custom attachment path
- # ($config['attachments']['path']), change "file/" to match.
- #
- #RewriteRule ^file/(.*) getfile/$1
-
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php?p=$1 [L,QSA]
diff --git a/lib/default.php b/lib/default.php
index eea11eb2b..f2e577149 100644
--- a/lib/default.php
+++ b/lib/default.php
@@ -54,6 +54,7 @@ $default =
'dupelimit' => 60, # default for same person saying the same thing
'textlimit' => 140,
'indent' => true,
+ 'use_x_sendfile' => false,
),
'db' =>
array('database' => 'YOU HAVE TO SET THIS IN config.php',