Mercurial > defr > drupal > core

comparison modules/blogapi/blogapi.module @ 9:acef7ccb09b5 6.4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Drupal 6.4
author Franck Deroche <webmaster@defr.org>
date Tue, 23 Dec 2008 14:32:08 +0100
parents c1f4ac30525a
children 589fb7c02327
comparison
equal deleted inserted replaced
8:85cbd6048071 9:acef7ccb09b5
1 <?php 1 <?php
2 // $Id: blogapi.module,v 1.115.2.1 2008/02/07 20:11:02 goba Exp $ 2 // $Id: blogapi.module,v 1.115.2.3 2008/08/13 23:59:13 drumm Exp $
3 3
4 /** 4 /**
5 * @file 5 * @file
6 * Enable users to post using applications that support XML-RPC blog APIs. 6 * Enable users to post using applications that support XML-RPC blog APIs.
7 */ 7 */
127 'blogapi_mt_supported_text_filters', 127 'blogapi_mt_supported_text_filters',
128 array('array'), 128 array('array'),
129 t('Retrieve information about the text formatting plugins supported by the server.')), 129 t('Retrieve information about the text formatting plugins supported by the server.')),
130 array( 130 array(
131 'mt.publishPost', 131 'mt.publishPost',
132 'blogap_mti_publish_post', 132 'blogapi_mt_publish_post',
133 array('boolean', 'string', 'string', 'string'), 133 array('boolean', 'string', 'string', 'string'),
134 t('Publish (rebuild) all of the static files related to an entry from your blog. Equivalent to saving an entry in the system (but without the ping).'))); 134 t('Publish (rebuild) all of the static files related to an entry from your blog. Equivalent to saving an entry in the system (but without the ping).')));
135 } 135 }
136 136
137 /** 137 /**
369 $user = blogapi_validate_user($username, $password); 369 $user = blogapi_validate_user($username, $password);
370 if (!$user->uid) { 370 if (!$user->uid) {
371 return blogapi_error($user); 371 return blogapi_error($user);
372 } 372 }
373 373
374 $usersize = 0;
375 $uploadsize = 0;
376
377 $roles = array_intersect(user_roles(FALSE, 'administer content with blog api'), $user->roles);
378
379 foreach ($roles as $rid => $name) {
380 $extensions .= ' '. strtolower(variable_get("blogapi_extensions_$rid", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));
381 $usersize= max($usersize, variable_get("blogapi_usersize_$rid", variable_get('blogapi_usersize_default', 1)) * 1024 * 1024);
382 $uploadsize = max($uploadsize, variable_get("blogapi_uploadsize_$rid", variable_get('blogapi_uploadsize_default', 1)) * 1024 * 1024);
383 }
384
385 $filesize = strlen($file['bits']);
386
387 if ($filesize > $uploadsize) {
388 return blogapi_error(t('It is not possible to upload the file, because it exceeded the maximum filesize of @maxsize.', array('@maxsize' => format_size($uploadsize))));
389 }
390
391 if (_blogapi_space_used($user->uid) + $filesize > $usersize) {
392 return blogapi_error(t('The file can not be attached to this post, because the disk quota of @quota has been reached.', array('@quota' => format_size($usersize))));
393 }
394
395 // Only allow files with whitelisted extensions and convert remaining dots to
396 // underscores to prevent attacks via non-terminal executable extensions with
397 // files such as exploit.php.jpg.
398
399 $whitelist = array_unique(explode(' ', trim($extensions)));
400
374 $name = basename($file['name']); 401 $name = basename($file['name']);
402
403 if ($extension_position = strrpos($name, '.')) {
404 $filename = drupal_substr($name, 0, $extension_position);
405 $final_extension = drupal_substr($name, $extension_position + 1);
406
407 if (!in_array(strtolower($final_extension), $whitelist)) {
408 return blogapi_error(t('It is not possible to upload the file, because it is only possible to upload files with the following extensions: @extensions', array('@extensions' => implode(' ', $whitelist))));
409 }
410
411 $filename = str_replace('.', '_', $filename);
412 $filename .= '.'. $final_extension;
413 }
414
375 $data = $file['bits']; 415 $data = $file['bits'];
376 416
377 if (!$data) { 417 if (!$data) {
378 return blogapi_error(t('No file sent.')); 418 return blogapi_error(t('No file sent.'));
379 } 419 }
380 420
381 if (!$file = file_save_data($data, $name)) { 421 if (!$file = file_save_data($data, $filename)) {
382 return blogapi_error(t('Error storing file.')); 422 return blogapi_error(t('Error storing file.'));
383 } 423 }
424
425 $row = new stdClass();
426 $row->uid = $user->uid;
427 $row->filepath = $file;
428 $row->filesize = $filesize;
429
430 drupal_write_record('blogapi_files', $row);
384 431
385 // Return the successful result. 432 // Return the successful result.
386 return array('url' => file_create_url($file), 'struct'); 433 return array('url' => file_create_url($file), 'struct');
387 } 434 }
388 /** 435 /**
485 } 532 }
486 533
487 /** 534 /**
488 * Blogging API callback. Publishes the given node 535 * Blogging API callback. Publishes the given node
489 */ 536 */
490 function blogap_mti_publish_post($postid, $username, $password) { 537 function blogapi_mt_publish_post($postid, $username, $password) {
491 $user = blogapi_validate_user($username, $password); 538 $user = blogapi_validate_user($username, $password);
492 if (!$user->uid) { 539 if (!$user->uid) {
493 return blogapi_error($user); 540 return blogapi_error($user);
494 } 541 }
495 $node = node_load($postid); 542 $node = node_load($postid);
565 '#required' => TRUE, 612 '#required' => TRUE,
566 '#default_value' => variable_get('blogapi_node_types', $defaults), 613 '#default_value' => variable_get('blogapi_node_types', $defaults),
567 '#options' => $node_types, 614 '#options' => $node_types,
568 '#description' => t('Select the content types available to external blogging clients via Blog API. If supported, each enabled content type will be displayed as a separate "blog" by the external client.') 615 '#description' => t('Select the content types available to external blogging clients via Blog API. If supported, each enabled content type will be displayed as a separate "blog" by the external client.')
569 ); 616 );
617
618 $blogapi_extensions_default = variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp');
619 $blogapi_uploadsize_default = variable_get('blogapi_uploadsize_default', 1);
620 $blogapi_usersize_default = variable_get('blogapi_usersize_default', 1);
621
622 $form['settings_general'] = array(
623 '#type' => 'fieldset',
624 '#title' => t('File settings'),
625 '#collapsible' => TRUE,
626 );
627
628 $form['settings_general']['blogapi_extensions_default'] = array(
629 '#type' => 'textfield',
630 '#title' => t('Default permitted file extensions'),
631 '#default_value' => $blogapi_extensions_default,
632 '#maxlength' => 255,
633 '#description' => t('Default extensions that users can upload. Separate extensions with a space and do not include the leading dot.'),
634 );
635
636 $form['settings_general']['blogapi_uploadsize_default'] = array(
637 '#type' => 'textfield',
638 '#title' => t('Default maximum file size per upload'),
639 '#default_value' => $blogapi_uploadsize_default,
640 '#size' => 5,
641 '#maxlength' => 5,
642 '#description' => t('The default maximum file size a user can upload.'),
643 '#field_suffix' => t('MB')
644 );
645
646 $form['settings_general']['blogapi_usersize_default'] = array(
647 '#type' => 'textfield',
648 '#title' => t('Default total file size per user'),
649 '#default_value' => $blogapi_usersize_default,
650 '#size' => 5,
651 '#maxlength' => 5,
652 '#description' => t('The default maximum size of all files a user can have on the site.'),
653 '#field_suffix' => t('MB')
654 );
655
656 $form['settings_general']['upload_max_size'] = array('#value' => '<p>'. t('Your PHP settings limit the maximum file size per upload to %size.', array('%size' => format_size(file_upload_max_size()))).'</p>');
657
658 $roles = user_roles(0, 'administer content with blog api');
659 $form['roles'] = array('#type' => 'value', '#value' => $roles);
660
661 foreach ($roles as $rid => $role) {
662 $form['settings_role_'. $rid] = array(
663 '#type' => 'fieldset',
664 '#title' => t('Settings for @role', array('@role' => $role)),
665 '#collapsible' => TRUE,
666 '#collapsed' => TRUE,
667 );
668 $form['settings_role_'. $rid]['blogapi_extensions_'. $rid] = array(
669 '#type' => 'textfield',
670 '#title' => t('Permitted file extensions'),
671 '#default_value' => variable_get('blogapi_extensions_'. $rid, $blogapi_extensions_default),
672 '#maxlength' => 255,
673 '#description' => t('Extensions that users in this role can upload. Separate extensions with a space and do not include the leading dot.'),
674 );
675 $form['settings_role_'. $rid]['blogapi_uploadsize_'. $rid] = array(
676 '#type' => 'textfield',
677 '#title' => t('Maximum file size per upload'),
678 '#default_value' => variable_get('blogapi_uploadsize_'. $rid, $blogapi_uploadsize_default),
679 '#size' => 5,
680 '#maxlength' => 5,
681 '#description' => t('The maximum size of a file a user can upload (in megabytes).'),
682 );
683 $form['settings_role_'. $rid]['blogapi_usersize_'. $rid] = array(
684 '#type' => 'textfield',
685 '#title' => t('Total file size per user'),
686 '#default_value' => variable_get('blogapi_usersize_'. $rid, $blogapi_usersize_default),
687 '#size' => 5,
688 '#maxlength' => 5,
689 '#description' => t('The maximum size of all files a user can have on the site (in megabytes).'),
690 );
691 }
570 692
571 return system_settings_form($form); 693 return system_settings_form($form);
572 } 694 }
573 695
574 function blogapi_menu() { 696 function blogapi_menu() {
724 } 846 }
725 } 847 }
726 848
727 return $types; 849 return $types;
728 } 850 }
851
852 function _blogapi_space_used($uid) {
853 return db_result(db_query('SELECT SUM(filesize) FROM {blogapi_files} f WHERE f.uid = %d', $uid));
854 }