function blogapi_metaweblog_new_media_object

6.x blogapi.module blogapi_metaweblog_new_media_object($blogid, $username, $password, $file)

Blogging API callback. Inserts a file into Drupal.

1 string reference to 'blogapi_metaweblog_new_media_object'

blogapi_xmlrpc in drupal-6.x/modules/blogapi/blogapi.module: Implementation of hook_xmlrpc().

File

drupal-6.x/modules/blogapi/blogapi.module, line 405: Enable users to post using applications that support XML-RPC blog APIs.

Code

function blogapi_metaweblog_new_media_object($blogid, $username, $password, $file) {
  $user = blogapi_validate_user($username, $password);
  if (!$user->uid) {
    return blogapi_error($user);
  }

  $usersize = 0;
  $uploadsize = 0;

  $roles = array_intersect(user_roles(FALSE, 'administer content with blog api'), $user->roles);

  foreach ($roles as $rid => $name) {
    $extensions .= ' ' . strtolower(variable_get("blogapi_extensions_$rid", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));
    $usersize = max($usersize, variable_get("blogapi_usersize_$rid", variable_get('blogapi_usersize_default', 1)) * 1024 * 1024);
    $uploadsize = max($uploadsize, variable_get("blogapi_uploadsize_$rid", variable_get('blogapi_uploadsize_default', 1)) * 1024 * 1024);
  }

  $filesize = strlen($file['bits']);

  if ($filesize > $uploadsize) {
    return blogapi_error(t('It is not possible to upload the file, because it exceeded the maximum filesize of @maxsize.', array('@maxsize' => format_size($uploadsize))));
  }

  if (_blogapi_space_used($user->uid) + $filesize > $usersize) {
    return blogapi_error(t('The file can not be attached to this post, because the disk quota of @quota has been reached.', array('@quota' => format_size($usersize))));
  }

  // Only allow files with whitelisted extensions and convert remaining dots to
  // underscores to prevent attacks via non-terminal executable extensions with
  // files such as exploit.php.jpg.

  $whitelist = array_unique(explode(' ', trim($extensions)));

  $name = basename($file['name']);

  if ($extension_position = strrpos($name, '.')) {
    $filename = drupal_substr($name, 0, $extension_position);
    $final_extension = drupal_substr($name, $extension_position + 1);

    if (!in_array(strtolower($final_extension), $whitelist)) {
      return blogapi_error(t('It is not possible to upload the file, because it is only possible to upload files with the following extensions: @extensions', array('@extensions' => implode(' ', $whitelist))));
    }

    $filename = str_replace('.', '_', $filename);
    $filename .= '.' . $final_extension;
  }

  $data = $file['bits'];

  if (!$data) {
    return blogapi_error(t('No file sent.'));
  }

  if (!$file = file_save_data($data, $filename)) {
    return blogapi_error(t('Error storing file.'));
  }

  $row = new stdClass();
  $row->uid = $user->uid;
  $row->filepath = $file;
  $row->filesize = $filesize;

  drupal_write_record('blogapi_files', $row);

  // Return the successful result.
  return array('url' => file_create_url($file), 'struct');
}