~ubuntu-branches/ubuntu/karmic/drupal5/karmic-security

t('Publish (rebuild) all of the static files related to an entry from your weblog. Equivalent to saving an entry in the system (but without the ping).')));

135

}

362

return blogapi_error($user);

363

}

364

365

$usersize = 0;

366

$uploadsize = 0;

367

368

$roles = array_intersect(user_roles(0, 'administer content with blog api'), $user->roles);

369

370

foreach ($roles as $rid => $name) {

371

$extensions .= ' '. strtolower(variable_get("blogapi_extensions_$rid", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));

372

$usersize= max($usersize, variable_get("blogapi_usersize_$rid", variable_get('blogapi_usersize_default', 1)) * 1024 * 1024);

373

$uploadsize = max($uploadsize, variable_get("blogapi_uploadsize_$rid", variable_get('blogapi_uploadsize_default', 1)) * 1024 * 1024);

374

}

375

376

$filesize = strlen($file['bits']);

377

378

if ($filesize > $uploadsize) {

379

return blogapi_error(t('It is not possible to upload the file, because it exceeded the maximum filesize of @maxsize.', array('@maxsize' => format_size($uploadsize))));

380

}

381

382

if (_blogapi_space_used($user->uid) + $filesize > $usersize) {

383

return blogapi_error(t('The file can not be attached to this post, because the disk quota of @quota has been reached.', array('@quota' => format_size($usersize))));

384

}

385

386

// Only allow files with whitelisted extensions and convert remaining dots to

387

// underscores to prevent attacks via non-terminal executable extensions with

388

// files such as exploit.php.jpg.

389

390

$whitelist = array_unique(explode(' ', trim($extensions)));

391

365

392

$name = basename($file['name']);

393

394

if ($extension_position = strrpos($name, '.')) {

395

$filename = drupal_substr($name, 0, $extension_position);

396

$final_extension = drupal_substr($name, $extension_position + 1);

397

398

if (!in_array(strtolower($final_extension), $whitelist)) {

399

return blogapi_error(t('It is not possible to upload the file, because it is only possible to upload files with the following extensions: @extensions', array('@extensions' => implode(' ', $whitelist))));

400

}

401

402

$filename = str_replace('.', '_', $filename);

403

$filename .= '.'. $final_extension;

404

}

405

366

406

$data = $file['bits'];

367

407

368

408

if (!$data) {

369

409

return blogapi_error(t('No file sent.'));

370

410

}

371

411

372

if (!$file = file_save_data($data, $name)) {

412

if (!$file = file_save_data($data, $filename)) {

373

413

return blogapi_error(t('Error storing file.'));

374

414

}

375

415

416

db_query("INSERT INTO {blogapi_files} (uid, filepath, filesize) VALUES (%d, '%s', %d)", $user->uid, $file, $filesize);

417

376

418

// Return the successful result.

377

419

return array('url' => file_create_url($file), 'struct');

378

420

}

421

379

422

/**

380

423

* Blogging API callback. Returns a list of the taxonomy terms that can be

381

424

* associated with a blog node.

474

517

/**

475

518

* Blogging API callback. Publishes the given node

476

519

477

function blogap_mti_publish_post($postid, $username, $password) {

520

function blogapi_mt_publish_post($postid, $username, $password) {

478

521

$user = blogapi_validate_user($username, $password);

479

522

if (!$user->uid) {

480

523

return blogapi_error($user);

555

598

'#description' => t('Select the content types for which you wish to enable posting via blogapi. Each type will appear as a different "blog" in the client application (if supported).')

556

599

);

557

600

601

602

$blogapi_extensions_default = variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp');

603

$blogapi_uploadsize_default = variable_get('blogapi_uploadsize_default', 1);

604

$blogapi_usersize_default = variable_get('blogapi_usersize_default', 1);

605

606

$form['settings_general'] = array(

607

'#type' => 'fieldset',

608

'#title' => t('File settings'),

609

'#collapsible' => TRUE,

610

);

611

612

$form['settings_general']['blogapi_extensions_default'] = array(

613

'#type' => 'textfield',

614

'#title' => t('Default permitted file extensions'),

615

'#default_value' => $blogapi_extensions_default,

616

'#maxlength' => 255,

617

'#description' => t('Default extensions that users can upload. Separate extensions with a space and do not include the leading dot.'),

618

);

619

620

$form['settings_general']['blogapi_uploadsize_default'] = array(

621

'#type' => 'textfield',

622

'#title' => t('Default maximum file size per upload'),

623

'#default_value' => $blogapi_uploadsize_default,

624

'#size' => 5,

625

'#maxlength' => 5,

626

'#description' => t('The default maximum file size a user can upload.'),

627

'#field_suffix' => t('MB')

628

);

629

630

$form['settings_general']['blogapi_usersize_default'] = array(

631

'#type' => 'textfield',

632

'#title' => t('Default total file size per user'),

633

'#default_value' => $blogapi_usersize_default,

634

'#size' => 5,

635

'#maxlength' => 5,

636

'#description' => t('The default maximum size of all files a user can have on the site.'),

637

'#field_suffix' => t('MB')

638

);

639

640

$form['settings_general']['upload_max_size'] = array('#value' => '<p>'. t('Your PHP settings limit the maximum file size per upload to %size.', array('%size' => format_size(file_upload_max_size()))).'</p>');

641

642

$roles = user_roles(0, 'administer content with blog api');

643

$form['roles'] = array('#type' => 'value', '#value' => $roles);

644

645

foreach ($roles as $rid => $role) {

646

$form['settings_role_'. $rid] = array(

647

'#type' => 'fieldset',

648

'#title' => t('Settings for @role', array('@role' => $role)),

649

'#collapsible' => TRUE,

650

'#collapsed' => TRUE,

651

);

652

$form['settings_role_'. $rid]['blogapi_extensions_'. $rid] = array(

653

'#type' => 'textfield',

654

'#title' => t('Permitted file extensions'),

655

'#default_value' => variable_get('blogapi_extensions_'. $rid, $blogapi_extensions_default),

656

'#maxlength' => 255,

657

'#description' => t('Extensions that users in this role can upload. Separate extensions with a space and do not include the leading dot.'),

658

);

659

$form['settings_role_'. $rid]['blogapi_uploadsize_'. $rid] = array(

660

'#type' => 'textfield',

661

'#title' => t('Maximum file size per upload'),

662

'#default_value' => variable_get('blogapi_uploadsize_'. $rid, $blogapi_uploadsize_default),

663

'#size' => 5,

664

'#maxlength' => 5,

665

'#description' => t('The maximum size of a file a user can upload (in megabytes).'),

666

);

667

$form['settings_role_'. $rid]['blogapi_usersize_'. $rid] = array(

668

'#type' => 'textfield',

669

'#title' => t('Total file size per user'),

670

'#default_value' => variable_get('blogapi_usersize_'. $rid, $blogapi_usersize_default),

671

'#size' => 5,

672

'#maxlength' => 5,

673

'#description' => t('The maximum size of all files a user can have on the site (in megabytes).'),

674

);

675

}

676

558

677

return system_settings_form($form);

559

678

}

560

679

720

839

return $types;

721

840

}

722

841

842

843

function _blogapi_space_used($uid) {

844

return db_result(db_query('SELECT SUM(filesize) FROM {blogapi_files} f WHERE f.uid = %d', $uid));

845

}

b'\\ No newline at end of file'

Older »