From cc17f302902fb62c78b4411dadc3243913f18c74 Mon Sep 17 00:00:00 2001 From: joshuaruesweg Date: Tue, 1 Dec 2020 11:58:14 +0100 Subject: [PATCH] Prevent rewriting filenames for processed files --- .../files/lib/acp/form/StyleAddForm.class.php | 11 +++++++++-- .../files/lib/acp/form/StyleEditForm.class.php | 1 + .../files/lib/data/style/StyleAction.class.php | 17 +++++++++-------- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php b/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php index fb5e2b02b4..666b21a5ce 100644 --- a/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php @@ -219,6 +219,12 @@ class StyleAddForm extends AbstractForm { */ public $uploads = []; + /** + * @var (null|UploadField)[] + * @since 5.3 + */ + public $removedUploads = []; + /** * @var UploadField[] * @since 5.3 @@ -391,11 +397,11 @@ class StyleAddForm extends AbstractForm { // codemirror scroll offset if (isset($_POST['scrollOffsets']) && is_array($_POST['scrollOffsets'])) $this->scrollOffsets = ArrayUtil::toIntegerArray($_POST['scrollOffsets']); - $this->uploads = []; + $this->uploads = $this->removedUploads = []; foreach (array_keys($this->getUploadFields()) as $field) { $removedFiles = UploadHandler::getInstance()->getRemovedFiledByFieldId($field); if (!empty($removedFiles)) { - $this->uploads[$field] = null; + $this->removedUploads = array_merge($this->removedUploads, $removedFiles); } $files = UploadHandler::getInstance()->getFilesByFieldId($field); @@ -816,6 +822,7 @@ class StyleAddForm extends AbstractForm { 'apiVersion' => $this->apiVersion ]), 'uploads' => $this->uploads, + 'removedUploads' => $this->removedUploads, 'customAssets' => $this->customAssets, 'tmpHash' => $this->tmpHash, 'variables' => $this->variables, diff --git a/wcfsetup/install/files/lib/acp/form/StyleEditForm.class.php b/wcfsetup/install/files/lib/acp/form/StyleEditForm.class.php index 04225a5a9d..8f0ffe20ee 100644 --- a/wcfsetup/install/files/lib/acp/form/StyleEditForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/StyleEditForm.class.php @@ -251,6 +251,7 @@ class StyleEditForm extends StyleAddForm { 'apiVersion' => $this->apiVersion ]), 'uploads' => $this->uploads, + 'removedUploads' => $this->removedUploads, 'customAssets' => $this->customAssets, 'tmpHash' => $this->tmpHash, 'variables' => $this->variables, diff --git a/wcfsetup/install/files/lib/data/style/StyleAction.class.php b/wcfsetup/install/files/lib/data/style/StyleAction.class.php index c7b866ba44..c0f4aa5284 100644 --- a/wcfsetup/install/files/lib/data/style/StyleAction.class.php +++ b/wcfsetup/install/files/lib/data/style/StyleAction.class.php @@ -184,13 +184,8 @@ class StyleAction extends AbstractDatabaseObjectAction implements IToggleAction /** @var \wcf\system\file\upload\UploadFile $file */ $file = $this->parameters['uploads'][$type]; - if ($style->getVariable($type) && file_exists($style->getAssetPath().basename($style->getVariable($type)))) { - if (!$file || $style->getAssetPath().basename($style->getVariable($type)) !== $file->getLocation()) { - unlink($style->getAssetPath().basename($style->getVariable($type))); - } - } - - if ($file !== null) { + // Only save file, if it is not proccessed. + if ($file !== null && !$file->isProcessed()) { $fileLocation = $file->getLocation(); $extension = pathinfo($file->getFilename(), PATHINFO_EXTENSION); $newName = $type.'-'.\bin2hex(\random_bytes(4)).'.'.$extension; @@ -199,12 +194,18 @@ class StyleAction extends AbstractDatabaseObjectAction implements IToggleAction $this->parameters['variables'][$type] = $newName; $file->setProcessed($newLocation); } - else { + else if ($file === null) { $this->parameters['variables'][$type] = ''; } } } + foreach ($this->parameters['removedUploads'] as $removedUpload) { + if (file_exists($removedUpload->getLocation())) { + unlink($removedUpload->getLocation()); + } + } + $sql = "SELECT variableID, variableName, defaultValue FROM wcf".WCF_N."_style_variable"; $statement = WCF::getDB()->prepareStatement($sql); -- 2.20.1