From 354e54a0aff6809aab6f197c97489112774df043 Mon Sep 17 00:00:00 2001 From: Aaron van Geffen <aaron@aaronweb.net> Date: Sun, 1 Mar 2020 17:00:18 +0100 Subject: [PATCH] Limit album/tag downloading on a user basis. This removes the limit of downloading albums only; tags are fine, too. Now using UserFacingException for certain exceptions, as these are displayed to the user. Removing the inheritance of HTMLController, as we intend to output binary data only. --- controllers/Download.php | 36 ++++++++---------------------------- 1 file changed, 8 insertions(+), 28 deletions(-) diff --git a/controllers/Download.php b/controllers/Download.php index b6e2e6c2..b22b92b1 100644 --- a/controllers/Download.php +++ b/controllers/Download.php @@ -6,7 +6,7 @@ * Kabuki CMS (C) 2013-2019, Aaron van Geffen *****************************************************************************/ -class Download extends HTMLController +class Download { public function __construct() { @@ -15,38 +15,18 @@ class Download extends HTMLController if (!$user->isLoggedIn()) throw new NotAllowedException(); - if(!isset($_GET['tag'])) - throw new UnexpectedValueException('Must specify an album to download'); + if (!isset($_GET['tag'])) + throw new UserFacingException('No album or tag has been specified for download.'); $tag = (int)$_GET['tag']; $album = Tag::fromId($tag); - if($album->kind !== 'Album') - throw new UnexpectedValueException('Specified tag does not correspond to an album'); + if (isset($_SESSION['current_export'])) + throw new UserFacingException('An export of "' . $tag->tag . '" is ongoing. Please try again later.'); - //Yes TOCTOU but it does not need to be perfect. - $lock_file = join('/', [sys_get_temp_dir(), 'pics-export.lock']); - if(!file_exists($lock_file)) - { - try - { - $fp = fopen($lock_file, 'x'); - - if(!$fp) - throw new UnexpectedValueException('Could not open lock-file'); - - $this->exportAlbum($album); - } - finally - { - fclose($fp); - unlink($lock_file); - } - } - else - throw new UnexpectedValueException('Another export is busy, please try again later'); - - exit(); + // So far so good? + $this->exportAlbum($album); + exit; } private function exportAlbum($album)