mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
6e7c0c00e3
- Remove separate video/audio/peertube_video/peertube_audio pools from UI - TFE pool now accepts all file types including video/audio - When PeerTube is enabled, video/audio dropped into TFE pool auto-upload to PeerTube (process.php detects MIME and uploads immediately) - PeerTube return IDs now encode type: peertube:video:UUID or peertube:audio:UUID - load.php returns placeholder SVG for PeerTube files so they appear in FilePond - Edit mode: all existing files (including PeerTube) shown in TFE FilePond pool - Remove legacy video/audio/peertube_* handling from both controllers - Remove unused vide/audio/peertube_* entries from JS QUEUE_CONFIG
76 lines
2.8 KiB
PHP
76 lines
2.8 KiB
PHP
<?php
|
|
/**
|
|
* FilePond revert endpoint — deletes a just-uploaded tmp file.
|
|
*
|
|
* DELETE /admin/actions/filepond/revert.php
|
|
* Body: plain text file_id
|
|
*
|
|
* Called when the user removes a file before form submit.
|
|
*/
|
|
|
|
require_once __DIR__ . '/../../../../bootstrap.php';
|
|
require_once __DIR__ . '/../../../../src/AdminAuth.php';
|
|
|
|
AdminAuth::requireLogin();
|
|
|
|
// ── CSRF via header ──────────────────────────────────────────────────────
|
|
$csrfHeader = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
|
|
if (!isset($_SESSION['csrf_token'])
|
|
|| !hash_equals($_SESSION['csrf_token'], $csrfHeader)) {
|
|
http_response_code(403);
|
|
die('Token CSRF invalide.');
|
|
}
|
|
|
|
// ── Only accept DELETE ───────────────────────────────────────────────────
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'DELETE') {
|
|
http_response_code(405);
|
|
die('Méthode non autorisée.');
|
|
}
|
|
|
|
// ── Read file_id from body ───────────────────────────────────────────────
|
|
$fileId = trim(file_get_contents('php://input'));
|
|
|
|
// PeerTube files have a special prefix; nothing to clean up locally
|
|
// Format: peertube:video:UUID or peertube:audio:UUID
|
|
if (str_starts_with($fileId, 'peertube:')) {
|
|
// PeerTube files are already uploaded; we don't delete them from PeerTube on revert
|
|
// (the user might still submit and associate them)
|
|
http_response_code(200);
|
|
exit;
|
|
}
|
|
|
|
if ($fileId === '' || !preg_match('/^[a-f0-9]{32}$/', $fileId)) {
|
|
http_response_code(400);
|
|
die('ID de fichier invalide.');
|
|
}
|
|
|
|
// ── Verify tmp directory exists and manifest matches session ─────────────
|
|
$tmpDir = STORAGE_ROOT . '/tmp/filepond/' . $fileId;
|
|
$manifestPath = $tmpDir . '/manifest.json';
|
|
|
|
if (!is_dir($tmpDir) || !file_exists($manifestPath)) {
|
|
http_response_code(404);
|
|
exit;
|
|
}
|
|
|
|
$manifest = json_decode(file_get_contents($manifestPath), true);
|
|
if (!is_array($manifest) || ($manifest['session_id'] ?? '') !== session_id()) {
|
|
http_response_code(403);
|
|
die('Session invalide.');
|
|
}
|
|
|
|
// ── Delete directory recursively ─────────────────────────────────────────
|
|
$it = new RecursiveDirectoryIterator($tmpDir, RecursiveDirectoryIterator::SKIP_DOTS);
|
|
$files_it = new RecursiveIteratorIterator($it, RecursiveIteratorIterator::CHILD_FIRST);
|
|
foreach ($files_it as $file) {
|
|
if ($file->isDir()) {
|
|
rmdir($file->getRealPath());
|
|
} else {
|
|
unlink($file->getRealPath());
|
|
}
|
|
}
|
|
rmdir($tmpDir);
|
|
|
|
http_response_code(200);
|
|
exit;
|