<?php

/**
 * @file
 * Webform module file component.
 */

/**
 * Implements _webform_defaults_component().
 */
function _webform_defaults_file() {
  // If private file storage is enabled, make it the default for security
  // reasons. See: https://www.drupal.org/psa-2016-003
  $available_schemes = file_get_stream_wrappers(STREAM_WRAPPERS_WRITE_VISIBLE);
  $scheme = isset($available_schemes['private']) ? 'private' : 'public';

  return array(
    'name' => '',
    'form_key' => NULL,
    'required' => 0,
    'pid' => 0,
    'weight' => 0,
    'extra' => array(
      'filtering' => array(
        'types' => array('gif', 'jpg', 'png'),
        'addextensions' => '',
        'size' => '2 MB',
      ),
      'rename' => '',
      'scheme' => $scheme,
      'directory' => '',
      'progress_indicator' => 'throbber',
      'title_display' => 0,
      'description' => '',
      'description_above' => FALSE,
      'attributes' => array(),
      'private' => FALSE,
      'analysis' => FALSE,
    ),
  );
}

/**
 * Implements _webform_theme_component().
 */
function _webform_theme_file() {
  return array(
    'webform_edit_file_extensions' => array(
      'render element' => 'element',
      'file' => 'components/file.inc',
    ),
    'webform_display_file' => array(
      'render element' => 'element',
      'file' => 'components/file.inc',
    ),
    'webform_managed_file' => array(
      'render element' => 'element',
      'file' => 'components/file.inc',
    ),
  );
}

/**
 * Implements _webform_edit_component().
 */
function _webform_edit_file($component) {
  $form = array();
  $form['#element_validate'] = array('_webform_edit_file_check_directory');
  $form['#after_build'] = array('_webform_edit_file_check_directory');

  $form['validation']['size'] = array(
    '#type' => 'textfield',
    '#title' => t('Max upload size'),
    '#default_value' => $component['extra']['filtering']['size'],
    '#description' => t('Enter the max file size a user may upload such as 2 MB or 800 KB. Your server has a max upload size of @size.', array('@size' => format_size(file_upload_max_size()))),
    '#size' => 10,
    '#parents' => array('extra', 'filtering', 'size'),
    '#element_validate' => array('_webform_edit_file_size_validate'),
    '#weight' => 1,
  );

  $form['validation']['extensions'] = array(
    '#element_validate' => array('_webform_edit_file_extensions_validate'),
    '#parents' => array('extra', 'filtering'),
    '#theme' => 'webform_edit_file_extensions',
    '#theme_wrappers' => array('form_element'),
    '#title' => t('Allowed file extensions'),
    '#attached' => array(
      'js' => array(drupal_get_path('module', 'webform') . '/js/webform-admin.js'),
      'css' => array(drupal_get_path('module', 'webform') . '/css/webform-admin.css'),
    ),
    '#type' => 'webform_file_extensions',
    '#weight' => 2,
  );

  // Find the list of all currently valid extensions.
  $current_types = isset($component['extra']['filtering']['types']) ? $component['extra']['filtering']['types'] : array();

  $types = array('gif', 'jpg', 'png');
  $form['validation']['extensions']['types']['webimages'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Web images'),
    '#options' => drupal_map_assoc($types),
    '#default_value' => array_intersect($current_types, $types),
  );

  $types = array('bmp', 'eps', 'tif', 'pict', 'psd');
  $form['validation']['extensions']['types']['desktopimages'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Desktop images'),
    '#options' => drupal_map_assoc($types),
    '#default_value' => array_intersect($current_types, $types),
  );

  $types = array('txt', 'rtf', 'html', 'pdf', 'doc', 'docx', 'odt', 'ppt', 'pptx', 'odp', 'xls', 'xlsx', 'ods', 'xml');
  $form['validation']['extensions']['types']['documents'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Documents'),
    '#options' => drupal_map_assoc($types),
    '#default_value' => array_intersect($current_types, $types),
  );

  $types = array('avi', 'mov', 'mp3', 'ogg', 'wav');
  $form['validation']['extensions']['types']['media'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Media'),
    '#options' => drupal_map_assoc($types),
    '#default_value' => array_intersect($current_types, $types),
  );

  $types = array('bz2', 'dmg', 'gz', 'jar', 'rar', 'sit', 'tar', 'zip');
  $form['validation']['extensions']['types']['archives'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Archives'),
    '#options' => drupal_map_assoc($types),
    '#default_value' => array_intersect($current_types, $types),
  );

  $form['validation']['extensions']['addextensions'] = array(
    '#type' => 'textfield',
    '#title' => t('Additional extensions'),
    '#default_value' => $component['extra']['filtering']['addextensions'],
    '#description' => t('Enter a list of additional file extensions for this upload field, separated by commas.<br /> Entered extensions will be appended to checked items above.'),
    '#size' => 20,
    '#weight' => 3,
  );

  $scheme_options = array();
  foreach (file_get_stream_wrappers(STREAM_WRAPPERS_WRITE_VISIBLE) as $scheme => $stream_wrapper) {
    $scheme_options[$scheme] = $stream_wrapper['name'];
  }
  $form['extra']['scheme'] = array(
    '#type' => 'radios',
    '#title' => t('Upload destination'),
    '#options' => $scheme_options,
    '#default_value' => $component['extra']['scheme'],
    '#description' => t('Public files upload destination is dangerous for forms that are available to anonymous and/or untrusted users. For more information, see <a href="@psa">DRUPAL-PSA-2016-003</a>.', array('@psa' => 'https://www.drupal.org/psa-2016-003')),
    '#weight' => 4,
    '#access' => count($scheme_options) > 1,
  );
  $form['extra']['directory'] = array(
    '#type' => 'textfield',
    '#title' => t('Upload directory'),
    '#default_value' => $component['extra']['directory'],
    '#description' => t('You may optionally specify a sub-directory to store your files.') . ' ' . theme('webform_token_help'),
    '#weight' => 5,
    '#field_prefix' => 'webform/',
  );

  $form['extra']['rename'] = array(
    '#type' => 'textfield',
    '#title' => t('Rename files'),
    '#default_value' => $component['extra']['rename'],
    '#description' => t('You may optionally use tokens to create a pattern used to rename files upon submission. Omit the extension; it will be added automatically.') . ' ' . theme('webform_token_help', array('groups' => array('node', 'submission'))),
    '#weight' => 6,
    '#element_validate' => array('_webform_edit_file_rename_validate'),
    '#access' => webform_variable_get('webform_token_access'),
  );

  $form['display']['progress_indicator'] = array(
    '#type' => 'radios',
    '#title' => t('Progress indicator'),
    '#options' => array(
      'throbber' => t('Throbber'),
      'bar' => t('Bar with progress meter'),
    ),
    '#default_value' => $component['extra']['progress_indicator'],
    '#description' => t('The throbber display does not show the status of uploads but takes up less space. The progress bar is helpful for monitoring progress on large uploads.'),
    '#weight' => 16,
    '#access' => file_progress_implementation(),
    '#parents' => array('extra', 'progress_indicator'),
  );

  return $form;
}

/**
 * Form API validator ensures rename string is empty or contains one token.
 *
 * A Form API element validate function to ensure that the rename string is
 * either empty or contains at least one token.
 */
function _webform_edit_file_rename_validate($element, &$form_state, $form) {
  $rename = trim($form_state['values']['extra']['rename']);
  form_set_value($element, $rename, $form_state);
  if (strlen($rename) && !count(token_scan($rename))) {
    form_error($element, t('To create unique file names, use at least one token in the file name pattern.'));
  }
}

/**
 * A Form API element validate function to check filesize is valid.
 */
function _webform_edit_file_size_validate($element) {
  if (!empty($element['#value'])) {
    $set_filesize = parse_size($element['#value']);
    if ($set_filesize == FALSE) {
      form_error($element, t('File size @value is not a valid file size. Use a value such as 2 MB or 800 KB.', array('@value' => $element['#value'])));
    }
    else {
      $max_filesize = parse_size(file_upload_max_size());
      if ($max_filesize < $set_filesize) {
        form_error($element, t('An upload size of @value is too large. You are allowed to upload files that are @max or less.', array('@value' => $element['#value'], '@max' => format_size($max_filesize))));
      }
    }
  }
}

/**
 * A Form API after build and validate function.
 *
 * Ensure that the destination directory exists and is writable.
 */
function _webform_edit_file_check_directory($element) {
  $scheme = $element['extra']['scheme']['#value'];
  $directory = $element['extra']['directory']['#value'];

  $destination_dir = file_stream_wrapper_uri_normalize($scheme . '://webform/' . $directory);
  $tokenized_dir = drupal_strtolower(webform_replace_tokens($destination_dir, $element['#node']));

  // Sanity check input to prevent use parent (../) directories.
  if (preg_match('/\.\.[\/\\\]/', $tokenized_dir . '/')) {
    form_error($element['extra']['directory'], t('The save directory %directory is not valid.', array('%directory' => $tokenized_dir)));
  }
  else {
    if (!file_prepare_directory($tokenized_dir, FILE_CREATE_DIRECTORY)) {
      form_error($element['extra']['directory'], t('The save directory %directory could not be created. Check that the webform files directory is writable.', array('%directory' => $tokenized_dir)));
    }
  }

  return $element;
}

/**
 * A Form API element validate function.
 *
 * Change the submitted values of the component so that all filtering extensions
 * are saved as a single array.
 */
function _webform_edit_file_extensions_validate($element, &$form_state) {
  // Predefined types.
  $extensions = array();
  foreach (element_children($element['types']) as $category) {
    foreach (array_keys($element['types'][$category]['#value']) as $extension) {
      if ($element['types'][$category][$extension]['#value']) {
        $extensions[] = $extension;
        // "jpeg" is an exception. It is allowed anytime "jpg" is allowed.
        if ($extension == 'jpg') {
          $extensions[] = 'jpeg';
        }
      }
    }
  }

  // Additional types.
  $additional_extensions = explode(',', $element['addextensions']['#value']);
  foreach ($additional_extensions as $extension) {
    $clean_extension = drupal_strtolower(trim($extension));
    if (!empty($clean_extension) && !in_array($clean_extension, $extensions)) {
      $extensions[] = $clean_extension;
    }
  }

  form_set_value($element['types'], $extensions, $form_state);
}

/**
 * Output the list of allowed extensions as checkboxes.
 */
function theme_webform_edit_file_extensions($variables) {
  $element = $variables['element'];

  // Format the components into a table.
  $rows = array();
  foreach (element_children($element['types']) as $filtergroup) {
    $row = array();
    if ($element['types'][$filtergroup]['#type'] == 'checkboxes') {
      $select_link = ' <a href="#" class="webform-select-link webform-select-link-' . $filtergroup . '">(' . t('select') . ')</a>';
      $row[] = $element['types'][$filtergroup]['#title'];
      $row[] = array('data' => $select_link, 'width' => 40);
      $row[] = array('data' => drupal_render_children($element['types'][$filtergroup]), 'class' => array('webform-file-extensions', 'webform-select-group-' . $filtergroup));
      $rows[] = array('data' => $row);
      unset($element['types'][$filtergroup]);
    }
  }

  // Add the row for additional types.
  if (!isset($element['addextensions']['#access']) || $element['addextensions']['#access']) {
    $row = array();
    $title = $element['addextensions']['#title'];
    $element['addextensions']['#title'] = NULL;
    $row[] = array('data' => $title, 'colspan' => 2);
    $row[] = drupal_render($element['addextensions']);
    $rows[] = $row;
  }

  $header = array(array('data' => t('Category'), 'colspan' => '2'), array('data' => t('Types')));

  // Create the table inside the form.
  $element['types']['table'] = array(
    '#theme' => 'table',
    '#header' => $header,
    '#rows' => $rows,
    '#attributes' => array('class' => array('webform-file-extensions')),
  );

  return drupal_render_children($element);
}

/**
 * Implements _webform_render_component().
 */
function _webform_render_file($component, $value = NULL, $filter = TRUE, $submission = NULL) {
  $node = isset($component['nid']) ? node_load($component['nid']) : NULL;

  // Cap the upload size according to the PHP limit.
  $max_filesize = parse_size(file_upload_max_size());
  $set_filesize = $component['extra']['filtering']['size'];
  if (!empty($set_filesize) && parse_size($set_filesize) < $max_filesize) {
    $max_filesize = parse_size($set_filesize);
  }

  $element = array(
    '#type' => 'managed_file',
    '#theme' => 'webform_managed_file',
    '#title' => $filter ? webform_filter_xss($component['name']) : $component['name'],
    '#title_display' => $component['extra']['title_display'] ? $component['extra']['title_display'] : 'before',
    '#required' => $component['required'],
    '#default_value' => isset($value[0]) ? $value[0] : NULL,
    '#attributes' => $component['extra']['attributes'],
    '#upload_validators' => array(
      'file_validate_size' => array($max_filesize),
      'file_validate_extensions' => array(implode(' ', $component['extra']['filtering']['types'])),
    ),
    '#pre_render' => array_merge(element_info_property('managed_file', '#pre_render'), array('webform_file_allow_access')),
    '#upload_location' => $component['extra']['scheme'] . '://webform/' . ($filter
                                                                              ? drupal_strtolower(webform_replace_tokens($component['extra']['directory'], $node))
                                                                              : $component['extra']['directory']),
    '#progress_indicator' => $component['extra']['progress_indicator'],
    '#description' => $filter ? webform_filter_descriptions($component['extra']['description'], $node) : $component['extra']['description'],
    '#weight' => $component['weight'],
    '#theme_wrappers' => array('webform_element'),
    '#translatable' => array('title', 'description'),
  );

  if ($filter) {
    $element['#description'] = theme('file_upload_help', array('description' => $element['#description'], 'upload_validators' => $element['#upload_validators']));
  }

  return $element;
}

/**
 * Returns HTML for a webform managed file element.
 *
 * See #2495821 and #2497909. The core theme_file_managed_file creates a
 * wrapper around the element with the element's id, thereby creating 2 elements
 * with the same id.
 *
 * @param array $variables
 *   An associative array containing:
 *   - element: A render element representing the file.
 *
 * @return string
 *   The HTML.
 */
function theme_webform_managed_file($variables) {
  $element = $variables['element'];

  $attributes = array();

  // For webform use, do not add the id to the wrapper.
  // @code
  // if (isset($element['#id'])) {
  //   $attributes['id'] = $element['#id'];
  // }
  // @endcode
  if (!empty($element['#attributes']['class'])) {
    $attributes['class'] = (array) $element['#attributes']['class'];
  }
  $attributes['class'][] = 'form-managed-file';

  // This wrapper is required to apply JS behaviors and CSS styling.
  $output = '';
  $output .= '<div' . drupal_attributes($attributes) . '>';
  $output .= drupal_render_children($element);
  $output .= '</div>';
  return $output;
}

/**
 * Implements _webform_submit_component().
 */
function _webform_submit_file($component, $value) {
  $fid = is_array($value)
            ? (!empty($value['fid']) ? $value['fid'] : '')
            : (!empty($value) ? $value : '');
  // Extend access to this file, even if the submission has not been saved yet.
  // This may happen when previewing a private file which was selected but not
  // explicitly uploaded, and then previewed.
  if ($fid) {
    $_SESSION['webform_files'][$fid] = $fid;
  }
  return $fid;
}

/**
 * Pre-render callback to allow access to uploaded files.
 *
 * Files that have not yet been saved into a submission must be accessible to
 * the user who uploaded it, but no one else. After the submission is saved,
 * access is granted through the file_usage table. Before then, we use a
 * $_SESSION value to record a user's upload.
 *
 * @see webform_file_download()
 */
function webform_file_allow_access($element) {
  if (!empty($element['#value']['fid'])) {
    $fid = $element['#value']['fid'];
    $_SESSION['webform_files'][$fid] = $fid;
  }

  return $element;
}

/**
 * Implements _webform_display_component().
 */
function _webform_display_file($component, $value, $format = 'html', $submission = array()) {
  $fid = isset($value[0]) ? $value[0] : NULL;
  return array(
    '#title' => $component['name'],
    '#title_display' => $component['extra']['title_display'] ? $component['extra']['title_display'] : 'before',
    '#value' => $fid ? webform_get_file($fid) : NULL,
    '#weight' => $component['weight'],
    '#theme' => 'webform_display_file',
    '#theme_wrappers' => $format == 'text' ? array('webform_element_text') : array('webform_element'),
    '#format' => $format,
    '#translatable' => array('title'),
  );
}

/**
 * Format the output of text data for this component.
 */
function theme_webform_display_file($variables) {
  $element = $variables['element'];

  $file = $element['#value'];
  $url = !empty($file) ? webform_file_url($file->uri) : t('no upload');
  return !empty($file) ? ($element['#format'] == 'text' ? $url : l($file->filename, $url)) : ' ';
}

/**
 * Implements _webform_delete_component().
 */
function _webform_delete_file($component, $value) {
  // Delete an individual submission file.
  if (!empty($value[0]) && ($file = webform_get_file($value[0]))) {
    file_usage_delete($file, 'webform');
    file_delete($file);
  }
}

/**
 * Implements _webform_attachments_component().
 */
function _webform_attachments_file($component, $value) {
  $file = (array) webform_get_file($value[0]);
  $files = array($file);
  return $files;
}

/**
 * Implements _webform_analysis_component().
 */
function _webform_analysis_file($component, $sids = array(), $single = FALSE, $join = NULL) {
  $query = db_select('webform_submitted_data', 'wsd', array('fetch' => PDO::FETCH_ASSOC))
    ->fields('wsd', array('no', 'data'))
    ->condition('wsd.nid', $component['nid'])
    ->condition('wsd.cid', $component['cid']);

  if (count($sids)) {
    $query->condition('wsd.sid', $sids, 'IN');
  }

  if ($join) {
    $query->innerJoin($join, 'ws2_', 'wsd.sid = ws2_.sid');
  }

  $nonblanks = 0;
  $sizetotal = 0;
  $submissions = 0;

  $result = $query->execute();
  foreach ($result as $data) {
    $file = webform_get_file($data['data']);
    if (isset($file->filesize)) {
      $nonblanks++;
      $sizetotal += $file->filesize;
    }
    $submissions++;
  }

  $rows[0] = array(t('Left Blank'), ($submissions - $nonblanks));
  $rows[1] = array(t('User uploaded file'), $nonblanks);
  $other[0] = array(t('Average uploaded file size'), ($sizetotal != 0 ? (int) (($sizetotal / $nonblanks) / 1024) . ' KB' : '0'));
  return array(
    'table_rows' => $rows,
    'other_data' => $other,
  );
}

/**
 * Implements _webform_table_component().
 */
function _webform_table_file($component, $value) {
  $output = '';
  $file = webform_get_file($value[0]);
  if (!empty($file->fid)) {
    $output = '<a href="' . webform_file_url($file->uri) . '">' . check_plain(webform_file_name($file->uri)) . '</a>';
    $output .= ' (' . (int) ($file->filesize / 1024) . ' KB)';
  }
  return $output;
}

/**
 * Implements _webform_csv_headers_component().
 */
function _webform_csv_headers_file($component, $export_options) {
  $header = array();
  // Two columns in header.
  $header[0] = array('', '');
  $header[1] = array($export_options['header_keys'] ? $component['form_key'] : $component['name'], '');
  $header[2] = array(t('Name'), t('Filesize (KB)'));
  return $header;
}

/**
 * Implements _webform_csv_data_component().
 */
function _webform_csv_data_file($component, $export_options, $value) {
  $file = webform_get_file($value[0]);
  return empty($file->filename) ? array('', '') : array(webform_file_url($file->uri), (int) ($file->filesize / 1024));
}

/**
 * Helper function to create proper file names for uploaded file.
 */
function webform_file_name($filepath) {
  if (!empty($filepath)) {
    $info = pathinfo($filepath);
    $file_name = $info['basename'];
  }
  return isset($file_name) ? $file_name : '';
}

/**
 * Helper function to create proper URLs for uploaded file.
 */
function webform_file_url($uri) {
  if (!empty($uri)) {
    $file_url = file_create_url($uri);
  }
  return isset($file_url) ? $file_url : '';
}

/**
 * Helper function to load a file from the database.
 */
function webform_get_file($fid) {
  // Simple check to prevent loading of NULL values, which throws an entity
  // system error.
  return $fid ? file_load($fid) : FALSE;
}

/**
 * Given a submission with file_usage set, add or remove file usage entries.
 */
function webform_file_usage_adjust($submission) {
  if (isset($submission->file_usage)) {
    $files = file_load_multiple($submission->file_usage['added_fids']);
    foreach ($files as $file) {
      $file->status = 1;
      file_save($file);
      file_usage_add($file, 'webform', 'submission', $submission->sid);
    }

    $files = file_load_multiple($submission->file_usage['deleted_fids']);
    foreach ($files as $file) {
      file_usage_delete($file, 'webform', 'submission', $submission->sid);
      file_delete($file);
    }
  }
}

/**
 * Rename any files which are eligible for renaming.
 *
 * Renames if this submission is being submitted for the first time.
 */
function webform_file_rename($node, $submission) {
  if (isset($submission->file_usage)) {
    foreach ($submission->file_usage['renameable'] as $cid => $fids) {
      foreach ($fids as $fid) {
        webform_file_process_rename($node, $submission, $node->webform['components'][$cid], $fid);
      }
    }
  }
}

/**
 * Renames the uploaded file name using tokens.
 *
 * @param object $node
 *   The webform node object.
 * @param object $submission
 *   The webform submission object.
 * @param array $component
 *   Component settings array for which fid is going to be processed.
 * @param int $fid
 *   A file id to be processed.
 */
function webform_file_process_rename($node, $submission, $component, $fid) {
  $file = webform_get_file($fid);

  if ($file) {
    // Get the destination uri.
    $destination_dir = $component['extra']['scheme'] . '://webform/' . drupal_strtolower(webform_replace_tokens($component['extra']['directory'], $node));
    $destination_dir = file_stream_wrapper_uri_normalize($destination_dir);

    // Get the file extension.
    $info = pathinfo($file->uri);
    $extension = $info['extension'];

    // Prepare new file name without extension.
    $new_file_name = webform_replace_tokens($component['extra']['rename'], $node, $submission, NULL, TRUE);
    $new_file_name = trim($new_file_name);
    $new_file_name = _webform_transliterate($new_file_name);
    $new_file_name = str_replace('/', '_', $new_file_name);
    $new_file_name = preg_replace('/[^a-zA-Z0-9_\- ]/', '', $new_file_name);
    if (strlen($new_file_name)) {
      // Prepare the new uri with new filename.
      $destination = "$destination_dir/$new_file_name.$extension";

      // Compare the uri and Rename the file name.
      if ($file->uri != $destination) {
        file_move($file, $destination, FILE_EXISTS_RENAME);
      }
    }
  }
}