@ -0,0 +1,80 @@ | |||
<?php | |||
if(!function_exists('mime_content_type')) { | |||
function mime_content_type($filename) { | |||
$mime_types = array( | |||
'txt' => 'text/plain', | |||
'htm' => 'text/html', | |||
'html' => 'text/html', | |||
'php' => 'text/html', | |||
'css' => 'text/css', | |||
'js' => 'application/javascript', | |||
'json' => 'application/json', | |||
'xml' => 'application/xml', | |||
'swf' => 'application/x-shockwave-flash', | |||
'flv' => 'video/x-flv', | |||
// images | |||
'png' => 'image/png', | |||
'jpe' => 'image/jpeg', | |||
'jpeg' => 'image/jpeg', | |||
'jpg' => 'image/jpeg', | |||
'gif' => 'image/gif', | |||
'bmp' => 'image/bmp', | |||
'ico' => 'image/vnd.microsoft.icon', | |||
'tiff' => 'image/tiff', | |||
'tif' => 'image/tiff', | |||
'svg' => 'image/svg+xml', | |||
'svgz' => 'image/svg+xml', | |||
// archives | |||
'zip' => 'application/zip', | |||
'rar' => 'application/x-rar-compressed', | |||
'exe' => 'application/x-msdownload', | |||
'msi' => 'application/x-msdownload', | |||
'cab' => 'application/vnd.ms-cab-compressed', | |||
// audio/video | |||
'mp3' => 'audio/mpeg', | |||
'qt' => 'video/quicktime', | |||
'mov' => 'video/quicktime', | |||
'ogg' => 'application/ogg', | |||
// adobe | |||
'pdf' => 'application/pdf', | |||
'psd' => 'image/vnd.adobe.photoshop', | |||
'ai' => 'application/postscript', | |||
'eps' => 'application/postscript', | |||
'ps' => 'application/postscript', | |||
// ms office | |||
'doc' => 'application/msword', | |||
'rtf' => 'application/rtf', | |||
'xls' => 'application/vnd.ms-excel', | |||
'ppt' => 'application/vnd.ms-powerpoint', | |||
// open office | |||
'odt' => 'application/vnd.oasis.opendocument.text', | |||
'ods' => 'application/vnd.oasis.opendocument.spreadsheet', | |||
); | |||
if(strpos($filename,'.') !== false) { | |||
$ext = strtolower(array_pop(explode('.',$filename))); | |||
if (array_key_exists($ext, $mime_types)) { | |||
return $mime_types[$ext]; | |||
} | |||
} | |||
elseif (function_exists('finfo_open')) { | |||
$finfo = finfo_open(FILEINFO_MIME); | |||
$mimetype = finfo_file($finfo, $filename); | |||
finfo_close($finfo); | |||
return $mimetype; | |||
} | |||
else { | |||
return 'application/octet-stream'; | |||
} | |||
}} | |||
@ -0,0 +1,105 @@ | |||
<?php | |||
require_once('include/attach.php'); | |||
require_once('include/datetime.php'); | |||
function wall_attach_post(&$a) { | |||
if($a->argc > 1) { | |||
$nick = $a->argv[1]; | |||
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1", | |||
dbesc($nick) | |||
); | |||
if(! count($r)) | |||
return; | |||
} | |||
else | |||
return; | |||
$can_post = false; | |||
$visitor = 0; | |||
$page_owner_uid = $r[0]['uid']; | |||
$page_owner_nick = $r[0]['nickname']; | |||
$community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false); | |||
if((local_user()) && (local_user() == $page_owner_uid)) | |||
$can_post = true; | |||
else { | |||
if($community_page && remote_user()) { | |||
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", | |||
intval(remote_user()), | |||
intval($page_owner_uid) | |||
); | |||
if(count($r)) { | |||
$can_post = true; | |||
$visitor = remote_user(); | |||
} | |||
} | |||
} | |||
if(! $can_post) { | |||
notice( t('Permission denied.') . EOL ); | |||
killme(); | |||
} | |||
if(! x($_FILES,'userfile')) | |||
killme(); | |||
$src = $_FILES['userfile']['tmp_name']; | |||
$filename = basename($_FILES['userfile']['name']); | |||
$filesize = intval($_FILES['userfile']['size']); | |||
$maxfilesize = get_config('system','maxfilesize'); | |||
if(($maxfilesize) && ($filesize > $maxfilesize)) { | |||
notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL); | |||
@unlink($src); | |||
return; | |||
} | |||
$filedata = @file_get_contents($src); | |||
$mimetype = mime_content_type($src); | |||
$hash = random_string(); | |||
$created = datetime_convert(); | |||
dbg(1); | |||
$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` ) | |||
VALUES ( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", | |||
intval($page_owner_uid), | |||
dbesc($hash), | |||
dbesc($mimetype), | |||
intval($filesize), | |||
dbesc($filedata), | |||
dbesc($created), | |||
dbesc($created), | |||
dbesc('<' . $page_owner_uid . '>'), | |||
dbesc(''), | |||
dbesc(''), | |||
dbesc('') | |||
); | |||
@unlink($src); | |||
if(! $r) { | |||
echo ( t('File upload failed.') . EOL); | |||
killme(); | |||
} | |||
$r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1", | |||
intval($page_owner_uid), | |||
dbesc($created), | |||
dbesc($hash) | |||
); | |||
if(! count($r)) { | |||
echo ( t('File upload failed.') . EOL); | |||
killme(); | |||
} | |||
echo '<br /><br />[attachment]' . $r[0]['id'] . '[/attachment]' . '<br />'; | |||
killme(); | |||
// NOTREACHED | |||
} |