diff options
author | Aaron Parecki <aaron@parecki.com> | 2015-07-25 03:55:00 -0700 |
---|---|---|
committer | Aaron Parecki <aaron@parecki.com> | 2015-07-25 03:55:00 -0700 |
commit | 35bd5a9e68b50bf57963ea626a3fbf7432b37c93 (patch) | |
tree | cc5e9b506494eaf4c59a1200e4bcea875acba46a /lib | |
parent | 60830007641c985c11c8ac8f609aab735dd84a96 (diff) | |
parent | afa182bc120371a15b28227ce712cba501a78d05 (diff) |
Merge branch 'master' of github.com:aaronpk/IndiePost
Diffstat (limited to 'lib')
-rw-r--r-- | lib/config.template.php | 5 | ||||
-rw-r--r-- | lib/helpers.php | 95 |
2 files changed, 87 insertions, 13 deletions
diff --git a/lib/config.template.php b/lib/config.template.php index dae8968..ee822bb 100644 --- a/lib/config.template.php +++ b/lib/config.template.php @@ -4,11 +4,16 @@ class Config { public static $base_url = 'http://quill.dev/'; public static $gaid = ''; + // MySQL (default) public static $dbHost = '127.0.0.1'; public static $dbName = 'quill'; public static $dbUsername = 'quill'; public static $dbPassword = ''; + // Sqlite + // public static $dbType = 'sqlite'; + // public static $dbFilePath = './example.db'; + public static $jwtSecret = 'xxx'; public static $fbClientID = ''; diff --git a/lib/helpers.php b/lib/helpers.php index 4f6b4c1..eb8994c 100644 --- a/lib/helpers.php +++ b/lib/helpers.php @@ -1,8 +1,12 @@ <?php -ORM::configure('mysql:host=' . Config::$dbHost . ';dbname=' . Config::$dbName); -ORM::configure('username', Config::$dbUsername); -ORM::configure('password', Config::$dbPassword); +if(Config::$dbType == 'sqlite') { + ORM::configure('sqlite:' . Config::$dbFilePath); +} else { + ORM::configure('mysql:host=' . Config::$dbHost . ';dbname=' . Config::$dbName); + ORM::configure('username', Config::$dbUsername); + ORM::configure('password', Config::$dbPassword); +} function render($page, $data) { global $app; @@ -70,9 +74,9 @@ function get_timezone($lat, $lng) { return null; } -function micropub_post_for_user(&$user, $params) { +function micropub_post_for_user(&$user, $params, $file_path = NULL) { // Now send to the micropub endpoint - $r = micropub_post($user->micropub_endpoint, $params, $user->micropub_access_token); + $r = micropub_post($user->micropub_endpoint, $params, $user->micropub_access_token, $file_path); $user->last_micropub_response = substr(json_encode($r), 0, 1024); $user->last_micropub_response_date = date('Y-m-d H:i:s'); @@ -90,21 +94,33 @@ function micropub_post_for_user(&$user, $params) { return $r; } -function micropub_post($endpoint, $params, $access_token) { +function micropub_post($endpoint, $params, $access_token, $file_path = NULL) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $endpoint); - curl_setopt($ch, CURLOPT_HTTPHEADER, array( - 'Authorization: Bearer ' . $access_token - )); curl_setopt($ch, CURLOPT_POST, true); - $post = http_build_query(array_merge(array( - 'h' => 'entry' - ), $params)); - $post = preg_replace('/%5B[0-9]+%5D/', '%5B%5D', $post); // change [0] to [] + + $httpheaders = array('Authorization: Bearer ' . $access_token); + $params = array_merge(array('h' => 'entry'), $params); + + if(!$file_path) { + $post = http_build_query($params); + $post = preg_replace('/%5B[0-9]+%5D/', '%5B%5D', $post); // change [0] to [] + } else { + $finfo = finfo_open(FILEINFO_MIME_TYPE); + $mimetype = finfo_file($finfo, $file_path); + $multipart = new p3k\Multipart(); + $multipart->addArray($params); + $multipart->addFile('photo', $file_path, $mimetype); + $post = $multipart->data(); + array_push($httpheaders, 'Content-Type: ' . $multipart->contentType()); + } + + curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheaders); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLINFO_HEADER_OUT, true); + $response = curl_exec($ch); $error = curl_error($ch); $sent_headers = curl_getinfo($ch, CURLINFO_HEADER_OUT); @@ -215,4 +231,57 @@ function instagram_client() { )); } +function validate_photo(&$file) { + try { + + if ($_SERVER['REQUEST_METHOD'] == 'POST' && count($_POST) < 1 ) { + throw new RuntimeException('File upload size exceeded.'); + } + + // Undefined | Multiple Files | $_FILES Corruption Attack + // If this request falls under any of them, treat it invalid. + if ( + !isset($file['error']) || + is_array($file['error']) + ) { + throw new RuntimeException('Invalid parameters.'); + } + + // Check $file['error'] value. + switch ($file['error']) { + case UPLOAD_ERR_OK: + break; + case UPLOAD_ERR_NO_FILE: + throw new RuntimeException('No file sent.'); + case UPLOAD_ERR_INI_SIZE: + case UPLOAD_ERR_FORM_SIZE: + throw new RuntimeException('Exceeded filesize limit.'); + default: + throw new RuntimeException('Unknown errors.'); + } + // You should also check filesize here. + if ($file['size'] > 1000000) { + throw new RuntimeException('Exceeded filesize limit.'); + } + + // DO NOT TRUST $file['mime'] VALUE !! + // Check MIME Type by yourself. + $finfo = new finfo(FILEINFO_MIME_TYPE); + if (false === $ext = array_search( + $finfo->file($file['tmp_name']), + array( + 'jpg' => 'image/jpeg', + 'png' => 'image/png', + 'gif' => 'image/gif', + ), + true + )) { + throw new RuntimeException('Invalid file format.'); + } + + } catch (RuntimeException $e) { + + return $e->getMessage(); + } +}
\ No newline at end of file |