[19804] | 1 | <?php |
---|
| 2 | defined('URLUPLOADER_PATH') or die('Hacking attempt!'); |
---|
| 3 | |
---|
| 4 | function urluploader_ws_add_methods($arr) |
---|
| 5 | { |
---|
| 6 | global $conf; |
---|
| 7 | $service = &$arr[0]; |
---|
| 8 | |
---|
| 9 | $service->addMethod( |
---|
| 10 | 'pwg.images.addRemote', |
---|
| 11 | 'ws_images_addRemote', |
---|
| 12 | array( |
---|
| 13 | 'file_url' => array(), |
---|
| 14 | 'category' => array(), |
---|
| 15 | 'name' => array('default' => null), |
---|
| 16 | 'level' => array( |
---|
| 17 | 'default' => 0, |
---|
| 18 | 'maxValue' => $conf['available_permission_levels'] |
---|
| 19 | ), |
---|
[20407] | 20 | 'url_in_comment' => array('default' => true), |
---|
[19804] | 21 | ), |
---|
| 22 | 'Add image from remote URL.' |
---|
| 23 | ); |
---|
| 24 | } |
---|
| 25 | |
---|
| 26 | function ws_images_addRemote($params, &$service) |
---|
| 27 | { |
---|
| 28 | global $conf; |
---|
| 29 | |
---|
| 30 | if (!is_admin()) |
---|
| 31 | { |
---|
| 32 | return new PwgError(401, 'Access denied'); |
---|
| 33 | } |
---|
| 34 | |
---|
| 35 | $params = array_map('trim', $params); |
---|
| 36 | |
---|
| 37 | $allowed_extensions = array('jpg','jpeg','png','gif'); |
---|
| 38 | $allowed_mimes = array('image/jpeg', 'image/png', 'image/gif'); |
---|
| 39 | |
---|
| 40 | // check empty url |
---|
| 41 | if (empty($params['file_url'])) |
---|
| 42 | { |
---|
| 43 | return new PwgError(WS_ERR_INVALID_PARAM, 'File URL is empty'); |
---|
| 44 | } |
---|
| 45 | // check remote url |
---|
| 46 | if (!url_is_remote($params['file_url'])) |
---|
| 47 | { |
---|
| 48 | return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid file URL'); |
---|
| 49 | } |
---|
| 50 | // check file extension |
---|
| 51 | if (!in_array(strtolower(get_extension($params['file_url'])), $allowed_extensions)) |
---|
| 52 | { |
---|
| 53 | return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid file type'); |
---|
| 54 | } |
---|
| 55 | |
---|
| 56 | // download file |
---|
| 57 | include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); |
---|
| 58 | |
---|
| 59 | $temp_filename = $conf['data_location'].basename($params['file_url']); |
---|
| 60 | $file = fopen($temp_filename, 'w+'); |
---|
| 61 | $result = fetchRemote($params['file_url'], $file); |
---|
| 62 | fclose($file); |
---|
| 63 | |
---|
| 64 | // download failed ? |
---|
| 65 | if (!$result) |
---|
| 66 | { |
---|
| 67 | @unlink($temp_filename); |
---|
| 68 | return new PwgError(WS_ERR_INVALID_PARAM, 'Unable to download file'); |
---|
| 69 | } |
---|
| 70 | // check mime-type |
---|
| 71 | if (!in_array(get_mime($temp_filename, $allowed_mimes[0]), $allowed_mimes)) |
---|
| 72 | { |
---|
| 73 | @unlink($temp_filename); |
---|
| 74 | return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid file type'); |
---|
| 75 | } |
---|
| 76 | |
---|
| 77 | // add photo |
---|
| 78 | include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); |
---|
| 79 | |
---|
| 80 | $image_id = add_uploaded_file( |
---|
| 81 | $temp_filename, |
---|
| 82 | basename($temp_filename), |
---|
| 83 | array($params['category']), |
---|
| 84 | $params['level'] |
---|
| 85 | ); |
---|
| 86 | |
---|
[20407] | 87 | $updates = array(); |
---|
[19804] | 88 | if (!empty($params['name'])) |
---|
| 89 | { |
---|
[20407] | 90 | $updates['name'] = $params['name']; |
---|
[19804] | 91 | } |
---|
[20407] | 92 | if ($params['url_in_comment']=='true') |
---|
| 93 | { |
---|
| 94 | $url = parse_url($params['file_url']); |
---|
| 95 | $url = $url['scheme'].'://'.$url['host']; |
---|
| 96 | $updates['comment'] = '<a href="'. $url . '">'. $url .'</a>'; |
---|
| 97 | } |
---|
[19804] | 98 | |
---|
[20407] | 99 | single_update( |
---|
| 100 | IMAGES_TABLE, |
---|
| 101 | $updates, |
---|
| 102 | array('id' => $image_id) |
---|
| 103 | ); |
---|
[19804] | 104 | |
---|
[20407] | 105 | |
---|
[19804] | 106 | // return infos |
---|
| 107 | $query = ' |
---|
| 108 | SELECT id, name, permalink |
---|
| 109 | FROM '.CATEGORIES_TABLE.' |
---|
| 110 | WHERE id = '.$params['category'].' |
---|
| 111 | ;'; |
---|
| 112 | $category = pwg_db_fetch_assoc(pwg_query($query)); |
---|
| 113 | |
---|
| 114 | $url_params = array( |
---|
| 115 | 'image_id' => $image_id, |
---|
| 116 | 'section' => 'categories', |
---|
| 117 | 'category' => $category, |
---|
| 118 | ); |
---|
| 119 | |
---|
| 120 | $query = ' |
---|
| 121 | SELECT id, path |
---|
| 122 | FROM '.IMAGES_TABLE.' |
---|
| 123 | WHERE id = '.$image_id.' |
---|
| 124 | ;'; |
---|
| 125 | $image_infos = pwg_db_fetch_assoc(pwg_query($query)); |
---|
| 126 | |
---|
| 127 | return array( |
---|
| 128 | 'image_id' => $image_id, |
---|
| 129 | 'url' => make_picture_url($url_params), |
---|
| 130 | 'thumbnail_url' => preg_replace('#^'.PHPWG_ROOT_PATH.'#', './', DerivativeImage::thumb_url($image_infos)), |
---|
| 131 | ); |
---|
| 132 | } |
---|
| 133 | |
---|
| 134 | ?> |
---|