9 changed files with 216 additions and 4 deletions
@ -0,0 +1,80 @@
|
||||
<?php |
||||
|
||||
if(!function_exists('mime_content_type')) { |
||||
function mime_content_type($filename) { |
||||
|
||||
$mime_types = array( |
||||
|
||||
'txt' => 'text/plain', |
||||
'htm' => 'text/html', |
||||
'html' => 'text/html', |
||||
'php' => 'text/html', |
||||
'css' => 'text/css', |
||||
'js' => 'application/javascript', |
||||
'json' => 'application/json', |
||||
'xml' => 'application/xml', |
||||
'swf' => 'application/x-shockwave-flash', |
||||
'flv' => 'video/x-flv', |
||||
|
||||
// images |
||||
'png' => 'image/png', |
||||
'jpe' => 'image/jpeg', |
||||
'jpeg' => 'image/jpeg', |
||||
'jpg' => 'image/jpeg', |
||||
'gif' => 'image/gif', |
||||
'bmp' => 'image/bmp', |
||||
'ico' => 'image/vnd.microsoft.icon', |
||||
'tiff' => 'image/tiff', |
||||
'tif' => 'image/tiff', |
||||
'svg' => 'image/svg+xml', |
||||
'svgz' => 'image/svg+xml', |
||||
|
||||
// archives |
||||
'zip' => 'application/zip', |
||||
'rar' => 'application/x-rar-compressed', |
||||
'exe' => 'application/x-msdownload', |
||||
'msi' => 'application/x-msdownload', |
||||
'cab' => 'application/vnd.ms-cab-compressed', |
||||
|
||||
// audio/video |
||||
'mp3' => 'audio/mpeg', |
||||
'qt' => 'video/quicktime', |
||||
'mov' => 'video/quicktime', |
||||
'ogg' => 'application/ogg', |
||||
|
||||
// adobe |
||||
'pdf' => 'application/pdf', |
||||
'psd' => 'image/vnd.adobe.photoshop', |
||||
'ai' => 'application/postscript', |
||||
'eps' => 'application/postscript', |
||||
'ps' => 'application/postscript', |
||||
|
||||
// ms office |
||||
'doc' => 'application/msword', |
||||
'rtf' => 'application/rtf', |
||||
'xls' => 'application/vnd.ms-excel', |
||||
'ppt' => 'application/vnd.ms-powerpoint', |
||||
|
||||
|
||||
// open office |
||||
'odt' => 'application/vnd.oasis.opendocument.text', |
||||
'ods' => 'application/vnd.oasis.opendocument.spreadsheet', |
||||
); |
||||
|
||||
if(strpos($filename,'.') !== false) { |
||||
$ext = strtolower(array_pop(explode('.',$filename))); |
||||
if (array_key_exists($ext, $mime_types)) { |
||||
return $mime_types[$ext]; |
||||
} |
||||
} |
||||
elseif (function_exists('finfo_open')) { |
||||
$finfo = finfo_open(FILEINFO_MIME); |
||||
$mimetype = finfo_file($finfo, $filename); |
||||
finfo_close($finfo); |
||||
return $mimetype; |
||||
} |
||||
else { |
||||
return 'application/octet-stream'; |
||||
} |
||||
}} |
||||
|
@ -0,0 +1,105 @@
|
||||
<?php |
||||
|
||||
require_once('include/attach.php'); |
||||
require_once('include/datetime.php'); |
||||
|
||||
function wall_attach_post(&$a) { |
||||
|
||||
if($a->argc > 1) { |
||||
$nick = $a->argv[1]; |
||||
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1", |
||||
dbesc($nick) |
||||
); |
||||
if(! count($r)) |
||||
return; |
||||
|
||||
} |
||||
else |
||||
return; |
||||
|
||||
$can_post = false; |
||||
$visitor = 0; |
||||
|
||||
$page_owner_uid = $r[0]['uid']; |
||||
$page_owner_nick = $r[0]['nickname']; |
||||
$community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false); |
||||
|
||||
if((local_user()) && (local_user() == $page_owner_uid)) |
||||
$can_post = true; |
||||
else { |
||||
if($community_page && remote_user()) { |
||||
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", |
||||
intval(remote_user()), |
||||
intval($page_owner_uid) |
||||
); |
||||
if(count($r)) { |
||||
$can_post = true; |
||||
$visitor = remote_user(); |
||||
} |
||||
} |
||||
} |
||||
|
||||
if(! $can_post) { |
||||
notice( t('Permission denied.') . EOL ); |
||||
killme(); |
||||
} |
||||
|
||||
if(! x($_FILES,'userfile')) |
||||
killme(); |
||||
|
||||
$src = $_FILES['userfile']['tmp_name']; |
||||
$filename = basename($_FILES['userfile']['name']); |
||||
$filesize = intval($_FILES['userfile']['size']); |
||||
|
||||
$maxfilesize = get_config('system','maxfilesize'); |
||||
|
||||
if(($maxfilesize) && ($filesize > $maxfilesize)) { |
||||
notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL); |
||||
@unlink($src); |
||||
return; |
||||
} |
||||
|
||||
$filedata = @file_get_contents($src); |
||||
|
||||
$mimetype = mime_content_type($src); |
||||
$hash = random_string(); |
||||
$created = datetime_convert(); |
||||
dbg(1); |
||||
$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` ) |
||||
VALUES ( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", |
||||
intval($page_owner_uid), |
||||
dbesc($hash), |
||||
dbesc($mimetype), |
||||
intval($filesize), |
||||
dbesc($filedata), |
||||
dbesc($created), |
||||
dbesc($created), |
||||
dbesc('<' . $page_owner_uid . '>'), |
||||
dbesc(''), |
||||
dbesc(''), |
||||
dbesc('') |
||||
); |
||||
|
||||
@unlink($src); |
||||
|
||||
if(! $r) { |
||||
echo ( t('File upload failed.') . EOL); |
||||
killme(); |
||||
} |
||||
|
||||
$r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1", |
||||
intval($page_owner_uid), |
||||
dbesc($created), |
||||
dbesc($hash) |
||||
); |
||||
|
||||
if(! count($r)) { |
||||
echo ( t('File upload failed.') . EOL); |
||||
killme(); |
||||
} |
||||
|
||||
echo '<br /><br />[attachment]' . $r[0]['id'] . '[/attachment]' . '<br />'; |
||||
|
||||
killme(); |
||||
// NOTREACHED |
||||
} |
Loading…
Reference in new issue