diff options
| -rw-r--r-- | includes/file.inc | 31 | ||||
| -rw-r--r-- | modules/blogapi.module | 24 | ||||
| -rw-r--r-- | modules/blogapi/blogapi.module | 24 |
3 files changed, 73 insertions, 6 deletions
diff --git a/includes/file.inc b/includes/file.inc index 8994ea9d2..79f1b3f22 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -289,6 +289,37 @@ function file_save_upload($source, $dest = 0, $replace = 0) { } /** + * Save a string to the specified destination + * + * @param $data A string containing the contents of the file + * @param $dest A string containing the destination location + * + * @return A string containing the resulting filename or 0 on error + */ +function file_save_data($data, $dest, $replace = 0) { + if (!valid_input_data($data)) { + watchdog('error', t('Possible exploit abuse: invalid data.')); + drupal_set_message(t("file upload failed: invalid data."), 'error'); + return 0; + } + + $temp = variable_get('file_directory_temp', (PHP_OS == 'WINNT' ? 'c:\\windows\\temp' : '/tmp')); + $file = tempnam($temp, 'file'); + if (!$fp = fopen($file, 'w')) { + drupal_set_message(t('unable to create file.'), 'error'); + return 0; + } + fwrite($fp, $data); + fclose($fp); + + if (!file_move($file, $dest)) { + return 0; + } + + return $file; +} + +/** * Transfer file using http to client. Pipes a file through Drupal to the * client. * diff --git a/modules/blogapi.module b/modules/blogapi.module index 8d5fa3089..15c68c01c 100644 --- a/modules/blogapi.module +++ b/modules/blogapi.module @@ -247,11 +247,29 @@ function blogapi_delete_post($req_params) { /** * Blogging API callback. Inserts a file into Drupal. - * - * This has yet to be implemented. */ function blogapi_new_media_object($req_params) { - return blogapi_error('not implemented'); + $params = blogapi_convert($req_params); + + $user = blogapi_validate_user($params[1], $params[2]); + if (!$user->uid) { + return blogapi_error($user); + } + + $name = basename($params[3]['name']); + $data = $params[3]['bits']; + + if (!$data) { + return blogapi_error(t('No file sent')); + } + + if (!$file = file_save_data($data, $name)) { + return blogapi_error(t('Error storing file')); + } + + // Return the successful result. + $result = new xmlrpcval(array('url' => new xmlrpcval(file_create_url($file), 'string')), 'struct'); + return new xmlrpcresp($result); } /** diff --git a/modules/blogapi/blogapi.module b/modules/blogapi/blogapi.module index 8d5fa3089..15c68c01c 100644 --- a/modules/blogapi/blogapi.module +++ b/modules/blogapi/blogapi.module @@ -247,11 +247,29 @@ function blogapi_delete_post($req_params) { /** * Blogging API callback. Inserts a file into Drupal. - * - * This has yet to be implemented. */ function blogapi_new_media_object($req_params) { - return blogapi_error('not implemented'); + $params = blogapi_convert($req_params); + + $user = blogapi_validate_user($params[1], $params[2]); + if (!$user->uid) { + return blogapi_error($user); + } + + $name = basename($params[3]['name']); + $data = $params[3]['bits']; + + if (!$data) { + return blogapi_error(t('No file sent')); + } + + if (!$file = file_save_data($data, $name)) { + return blogapi_error(t('Error storing file')); + } + + // Return the successful result. + $result = new xmlrpcval(array('url' => new xmlrpcval(file_create_url($file), 'string')), 'struct'); + return new xmlrpcresp($result); } /** |