function blogapi_metaweblog_new_media_object in Drupal 5
Same name and namespace in other branches
- 4 modules/blogapi.module \blogapi_metaweblog_new_media_object()
- 6 modules/blogapi/blogapi.module \blogapi_metaweblog_new_media_object()
Blogging API callback. Inserts a file into Drupal.
1 string reference to 'blogapi_metaweblog_new_media_object'
- blogapi_xmlrpc in modules/
blogapi/ blogapi.module - Implementation of hook_xmlrpc().
File
- modules/
blogapi/ blogapi.module, line 396 - Enable users to post using applications that support XML-RPC blog APIs.
Code
function blogapi_metaweblog_new_media_object($blogid, $username, $password, $file) {
$user = blogapi_validate_user($username, $password);
if (!$user->uid) {
return blogapi_error($user);
}
$usersize = 0;
$uploadsize = 0;
$roles = array_intersect(user_roles(0, 'administer content with blog api'), $user->roles);
foreach ($roles as $rid => $name) {
$extensions .= ' ' . strtolower(variable_get("blogapi_extensions_{$rid}", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));
$usersize = max($usersize, variable_get("blogapi_usersize_{$rid}", variable_get('blogapi_usersize_default', 1)) * 1024 * 1024);
$uploadsize = max($uploadsize, variable_get("blogapi_uploadsize_{$rid}", variable_get('blogapi_uploadsize_default', 1)) * 1024 * 1024);
}
$filesize = strlen($file['bits']);
if ($filesize > $uploadsize) {
return blogapi_error(t('It is not possible to upload the file, because it exceeded the maximum filesize of @maxsize.', array(
'@maxsize' => format_size($uploadsize),
)));
}
if (_blogapi_space_used($user->uid) + $filesize > $usersize) {
return blogapi_error(t('The file can not be attached to this post, because the disk quota of @quota has been reached.', array(
'@quota' => format_size($usersize),
)));
}
// Only allow files with whitelisted extensions and convert remaining dots to
// underscores to prevent attacks via non-terminal executable extensions with
// files such as exploit.php.jpg.
$whitelist = array_unique(explode(' ', trim($extensions)));
$name = basename($file['name']);
if ($extension_position = strrpos($name, '.')) {
$filename = drupal_substr($name, 0, $extension_position);
$final_extension = drupal_substr($name, $extension_position + 1);
if (!in_array(strtolower($final_extension), $whitelist)) {
return blogapi_error(t('It is not possible to upload the file, because it is only possible to upload files with the following extensions: @extensions', array(
'@extensions' => implode(' ', $whitelist),
)));
}
$filename = str_replace('.', '_', $filename);
$filename .= '.' . $final_extension;
}
$data = $file['bits'];
if (!$data) {
return blogapi_error(t('No file sent.'));
}
if (!($file = file_save_data($data, $filename))) {
return blogapi_error(t('Error storing file.'));
}
db_query("INSERT INTO {blogapi_files} (uid, filepath, filesize) VALUES (%d, '%s', %d)", $user->uid, $file, $filesize);
// Return the successful result.
return array(
'url' => file_create_url($file),
'struct',
);
}