| 1299 | | function mwnewmedia($params) { // ($blogid, $user, $pass, $struct) |
| 1300 | | global $xmlrpcerruser; |
| 1301 | | |
| 1302 | | return new xmlrpcresp(0, $xmlrpcerruser+10, // user error 10 |
| 1303 | | 'metaWeblog.newMediaObject not implemented (yet)'); |
| 1304 | | } |
| | 1299 | /** |
| | 1300 | * MetaWeblog.newMediaObject(blogid, user, pass, {bits, name, type}) |
| | 1301 | * Added by Adam Keys (adam@trmk.org) |
| | 1302 | */ |
| | 1303 | function mwnewmedia($params) { |
| | 1304 | global $xmlrpcerruser; |
| | 1305 | |
| | 1306 | $xblogid = $params->getParam(0); |
| | 1307 | $xuser = $params->getParam(1); |
| | 1308 | $xpass = $params->getParam(2); |
| | 1309 | $struct = $params->getParam(3); |
| | 1310 | |
| | 1311 | $blogid = $xblogid->scalarval(); |
| | 1312 | $username = $xuser->scalarval(); |
| | 1313 | $password = $xpass->scalarval(); |
| | 1314 | |
| | 1315 | $upload = phpxmlrpc_decode($struct); |
| | 1316 | $name = $upload['name']; |
| | 1317 | $type = $upload['type']; |
| | 1318 | // Get bits if pre-conditions pass |
| | 1319 | |
| | 1320 | $error = false; $msg = ''; |
| | 1321 | |
| | 1322 | // Pre-conditions: the user is valid, file upload is enabled, the file's |
| | 1323 | // extension is allowed, the upload path is writable and the file is not a |
| | 1324 | // duplicate. If any of these fail, return an error |
| | 1325 | if (!user_pass_ok($username, $password)) { |
| | 1326 | $error = true; |
| | 1327 | $msg = 'Wrong username/password combination ' . |
| | 1328 | $username . ' /' . starify($password); |
| | 1329 | } |
| | 1330 | |
| | 1331 | if (!get_settings('use_fileupload')) { |
| | 1332 | $error = true; |
| | 1333 | $msg = 'File upload is not enabled'; |
| | 1334 | } |
| | 1335 | |
| | 1336 | $upload_path = get_settings('fileupload_realpath') . $name; |
| | 1337 | $path = pathinfo($upload_path); |
| | 1338 | $dir = $path['dirname']; |
| | 1339 | $filename = $path['basename']; |
| | 1340 | $extension = $path['extension']; |
| | 1341 | |
| | 1342 | $allowed_types = explode(' ', |
| | 1343 | trim(strtolower(get_settings('fileupload_allowedtypes')))); |
| | 1344 | if (!in_array(strtolower($extension), $allowed_types)) { |
| | 1345 | $error = true; |
| | 1346 | $msg = 'File of ' . $filename . ' of extension ' |
| | 1347 | . $extension . ' is not allowed'; |
| | 1348 | } |
| | 1349 | |
| | 1350 | if (!file_exists($dir)) { |
| | 1351 | $error = true; |
| | 1352 | $msg = 'Path ' . $dir . ' does not exist'; |
| | 1353 | } |
| | 1355 | if (!is_writable($dir)) { |
| | 1356 | $error = true; |
| | 1357 | $msg = 'Upload path ' . $upload_path . ' not writable'; |
| | 1358 | } |
| | 1359 | |
| | 1360 | if (file_exists($upload_path)) { |
| | 1361 | $error = true; |
| | 1362 | $msg = 'File ' . $upload_path . ' already exists. Delete this file or use the upload page to rename the old version.'; |
| | 1363 | } |
| | 1364 | |
| | 1365 | if (!$error) { |
| | 1366 | $bits = $upload['bits']; |
| | 1367 | if ($f = fopen($upload_path, 'w')) { |
| | 1368 | if (fwrite($f, $bits) === FALSE) { |
| | 1369 | $error = true; |
| | 1370 | $msg = 'Error writing file ' . $upload_path; |
| | 1371 | } else { |
| | 1372 | fclose($f); |
| | 1373 | $msg = 'Success'; |
| | 1374 | } |
| | 1375 | } else { |
| | 1376 | $error = true; |
| | 1377 | $msg = 'Error opening file ' . $upload_path; |
| | 1378 | } |
| | 1379 | } |
| | 1380 | |
| | 1381 | if (!$error) { |
| | 1382 | logIO('O', '(AKK) Wrote uploaded file ' . $upload_path); |
| | 1383 | return new xmlrpcresp(new xmlrpcval(get_settings('fileupload_url') . $name)); |
| | 1384 | } else { |
| | 1385 | logIO('O', '(AKK) ' . $msg); |
| | 1386 | return new xmlrpcresp(0, $xmlrpcerruser + 4, $msg); // user error 4 |
| | 1387 | } |
| | 1388 | } |