function plupload_handle_uploads in Plupload integration 7.2
Same name and namespace in other branches
- 7 plupload.module \plupload_handle_uploads()
Callback that handles and saves uploaded files.
This will respond to the URL on which plupoad library will upload files.
1 string reference to 'plupload_handle_uploads'
- plupload_menu in ./
plupload.module - Implements hook_menu().
File
- ./
plupload.module, line 359 - Implementation of plupload.module.
Code
function plupload_handle_uploads() {
// @todo: Implement file_validate_size();
// Added a variable for this because in HA environments, temporary may need
// to be a shared location for this to work.
$temp_directory = variable_get('plupload_temporary_uri', 'temporary://');
$writable = file_prepare_directory($temp_directory, FILE_CREATE_DIRECTORY);
if (!$writable) {
die('{"jsonrpc" : "2.0", "error" : {"code": 104, "message": "Failed to open temporary directory."}, "id" : "id"}');
}
// Try to make sure this is private via htaccess.
file_create_htaccess($temp_directory, TRUE);
// Chunk it?
$chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0;
// Get and clean the filename.
$file_name = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
$file_name = _plupload_fix_temporary_filename($file_name);
// Check the file name for security reasons; it must contain letters, numbers
// and underscores followed by a (single) ".tmp" extension. Since this check
// is more stringent than the one performed in plupload_element_value(), we
// do not need to run the checks performed in that function here. This is
// fortunate, because it would be difficult for us to get the correct list of
// allowed extensions to pass in to file_munge_filename() from this point in
// the code (outside the form API).
if (empty($file_name) || !preg_match('/^\\w+\\.tmp$/', $file_name)) {
die('{"jsonrpc" : "2.0", "error" : {"code": 105, "message": "Invalid temporary file name."}, "id" : "id"}');
}
// Look for the content type header.
if (isset($_SERVER["HTTP_CONTENT_TYPE"])) {
$content_type = $_SERVER["HTTP_CONTENT_TYPE"];
}
if (isset($_SERVER["CONTENT_TYPE"])) {
$content_type = $_SERVER["CONTENT_TYPE"];
}
// Is this a multipart upload?.
if (strpos($content_type, "multipart") !== FALSE) {
if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
// Open temp file.
$out = fopen($temp_directory . $file_name, $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file.
$in = fopen($_FILES['file']['tmp_name'], "rb");
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
fclose($in);
}
else {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
fclose($out);
drupal_unlink($_FILES['file']['tmp_name']);
}
else {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
}
else {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
}
}
else {
// Open temp file.
$out = fopen($temp_directory . $file_name, $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file.
$in = fopen("php://input", "rb");
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
fclose($in);
}
else {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
fclose($out);
}
else {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
}
// Return JSON-RPC response.
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
}