You are here

function blogapi_metaweblog_new_media_object in Drupal 5

Same name and namespace in other branches
  1. 4 modules/blogapi.module \blogapi_metaweblog_new_media_object()
  2. 6 modules/blogapi/blogapi.module \blogapi_metaweblog_new_media_object()

Blogging API callback. Inserts a file into Drupal.

1 string reference to 'blogapi_metaweblog_new_media_object'
blogapi_xmlrpc in modules/blogapi/blogapi.module
Implementation of hook_xmlrpc().

File

modules/blogapi/blogapi.module, line 396
Enable users to post using applications that support XML-RPC blog APIs.

Code

function blogapi_metaweblog_new_media_object($blogid, $username, $password, $file) {
  $user = blogapi_validate_user($username, $password);
  if (!$user->uid) {
    return blogapi_error($user);
  }
  $usersize = 0;
  $uploadsize = 0;
  $roles = array_intersect(user_roles(0, 'administer content with blog api'), $user->roles);
  foreach ($roles as $rid => $name) {
    $extensions .= ' ' . strtolower(variable_get("blogapi_extensions_{$rid}", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));
    $usersize = max($usersize, variable_get("blogapi_usersize_{$rid}", variable_get('blogapi_usersize_default', 1)) * 1024 * 1024);
    $uploadsize = max($uploadsize, variable_get("blogapi_uploadsize_{$rid}", variable_get('blogapi_uploadsize_default', 1)) * 1024 * 1024);
  }
  $filesize = strlen($file['bits']);
  if ($filesize > $uploadsize) {
    return blogapi_error(t('It is not possible to upload the file, because it exceeded the maximum filesize of @maxsize.', array(
      '@maxsize' => format_size($uploadsize),
    )));
  }
  if (_blogapi_space_used($user->uid) + $filesize > $usersize) {
    return blogapi_error(t('The file can not be attached to this post, because the disk quota of @quota has been reached.', array(
      '@quota' => format_size($usersize),
    )));
  }

  // Only allow files with whitelisted extensions and convert remaining dots to
  // underscores to prevent attacks via non-terminal executable extensions with
  // files such as exploit.php.jpg.
  $whitelist = array_unique(explode(' ', trim($extensions)));
  $name = basename($file['name']);
  if ($extension_position = strrpos($name, '.')) {
    $filename = drupal_substr($name, 0, $extension_position);
    $final_extension = drupal_substr($name, $extension_position + 1);
    if (!in_array(strtolower($final_extension), $whitelist)) {
      return blogapi_error(t('It is not possible to upload the file, because it is only possible to upload files with the following extensions: @extensions', array(
        '@extensions' => implode(' ', $whitelist),
      )));
    }
    $filename = str_replace('.', '_', $filename);
    $filename .= '.' . $final_extension;
  }
  $data = $file['bits'];
  if (!$data) {
    return blogapi_error(t('No file sent.'));
  }
  if (!($file = file_save_data($data, $filename))) {
    return blogapi_error(t('Error storing file.'));
  }
  db_query("INSERT INTO {blogapi_files} (uid, filepath, filesize) VALUES (%d, '%s', %d)", $user->uid, $file, $filesize);

  // Return the successful result.
  return array(
    'url' => file_create_url($file),
    'struct',
  );
}