From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 15 Apr 2024 10:50:00 +0000 (+0200)
Subject: Add a secret to upload files
X-Git-Tag: 6.1.0_Alpha_1~85^2^2~46
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=26218ee67b1c73ce9dfeb8805e42c60f4364bd4f;p=GitHub%2FWoltLab%2FWCF.git

Add a secret to upload files

The placement of files depends on the file extension, allowing files to be efficiently served by the web server instead of blocking a PHP worker.
---

diff --git a/wcfsetup/install/files/lib/data/file/File.class.php b/wcfsetup/install/files/lib/data/file/File.class.php
index bd27d90bbe..2d837eadf1 100644
--- a/wcfsetup/install/files/lib/data/file/File.class.php
+++ b/wcfsetup/install/files/lib/data/file/File.class.php
@@ -21,6 +21,7 @@ use wcf\util\StringUtil;
  * @property-read int $fileSize
  * @property-read string $fileHash
  * @property-read string $fileExtension
+ * @property-read string $secret
  * @property-read string $typeName
  * @property-read string $mimeType
  * @property-read int|null $width
@@ -61,8 +62,9 @@ class File extends DatabaseObject
     public function getSourceFilename(): string
     {
         return \sprintf(
-            '%d-%s.%s',
+            '%d-%s-%s.%s',
             $this->fileID,
+            $this->secret,
             $this->fileHash,
             $this->fileExtension,
         );
@@ -74,7 +76,8 @@ class File extends DatabaseObject
         $folderB = \substr($this->fileHash, 2, 2);
 
         return \sprintf(
-            \WCF_DIR . '_data/private/fileUpload/%s/%s/',
+            \WCF_DIR . '_data/%s/files/%s/%s/',
+            $this->fileExtension === 'bin' ? 'private' : 'public',
             $folderA,
             $folderB,
         );
diff --git a/wcfsetup/install/files/lib/data/file/FileEditor.class.php b/wcfsetup/install/files/lib/data/file/FileEditor.class.php
index 8696efdc2e..50be36834e 100644
--- a/wcfsetup/install/files/lib/data/file/FileEditor.class.php
+++ b/wcfsetup/install/files/lib/data/file/FileEditor.class.php
@@ -45,6 +45,7 @@ class FileEditor extends DatabaseObjectEditor
             'fileSize' => $fileTemporary->fileSize,
             'fileHash' => $fileTemporary->fileHash,
             'fileExtension' => File::getSafeFileExtension($mimeType, $fileTemporary->filename),
+            'secret' => \bin2hex(\random_bytes(10)),
             'typeName' => $fileTemporary->typeName,
             'mimeType' => $mimeType,
             'width' => $width,
diff --git a/wcfsetup/setup/db/install.sql b/wcfsetup/setup/db/install.sql
index c76e56a9ba..dc63a88748 100644
--- a/wcfsetup/setup/db/install.sql
+++ b/wcfsetup/setup/db/install.sql
@@ -605,6 +605,7 @@ CREATE TABLE wcf1_file (
 	fileSize BIGINT NOT NULL,
 	fileHash CHAR(64) NOT NULL,
 	fileExtension VARCHAR(10) NOT NULL,
+	secret CHAR(20) NOT NULL,
 	typeName VARCHAR(255) NOT NULL,
 	mimeType VARCHAR(255) NOT NULL,
 	width INT,