id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,mlocked 8374,update mythvideo's scan.php to support hashes,Dave Miller ,Rob Smith,"The attached patches update scan.php in mythweb's video module to support handling the hashes that are now kept on video files. They also fix a minor potential security issue where the path being scanned isn't properly shell-escaped before being passed to the find command. Even in the non-security case, the lack of shell-escape could have undesired consequences if your storage path happens to contain any spaces or other funny characters. From what I can tell, php appears to not support unsigned 64-bit integers at all, which are required for proper calculation of the hash. So I had to write a python script to do the hash calculation (it borrows the hash routine from JAMU.py and just makes it executable standalone from the command line) and dump it to standard out, then we shell out to it. This will probably need some massaging, as I don't know where the proper place is to put such a script, and right now scan.php with this patch just depends on it being in your default PATH (which I'm assuming probably isn't the best way to do it). I'm more than happy to update the patches if there are suggestions of a better way to do it. As patched, the new scanning process is: 1) Search for new files first. If it exists in the DB already, continue like before. 2) If there isn't a file with this filename in the DB already, then we hash the file, and look to see if there's a file with the same hash already (this step is skipped if the file is too small to hash). If there's a matching hash, then we update the filename on that entry in the database, on the assumption that the file's been moved. 3) If we still haven't matched anything at this point, it's a new file and it's added to the database, hash included. 4) After the above is done, so we can catch any files that were moved, then we go back and scan for files in the database that are no longer on the filesystem and remove them from the database. ",patch,closed,minor,0.25,Plugin - MythWeb,Master Head,medium,Won't Fix,,,0