summaryrefslogtreecommitdiff
path: root/lib/helpers.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/helpers.php')
-rw-r--r--lib/helpers.php85
1 files changed, 75 insertions, 10 deletions
diff --git a/lib/helpers.php b/lib/helpers.php
index e7e7771..eb8994c 100644
--- a/lib/helpers.php
+++ b/lib/helpers.php
@@ -74,9 +74,9 @@ function get_timezone($lat, $lng) {
return null;
}
-function micropub_post_for_user(&$user, $params) {
+function micropub_post_for_user(&$user, $params, $file_path = NULL) {
// Now send to the micropub endpoint
- $r = micropub_post($user->micropub_endpoint, $params, $user->micropub_access_token);
+ $r = micropub_post($user->micropub_endpoint, $params, $user->micropub_access_token, $file_path);
$user->last_micropub_response = substr(json_encode($r), 0, 1024);
$user->last_micropub_response_date = date('Y-m-d H:i:s');
@@ -94,21 +94,33 @@ function micropub_post_for_user(&$user, $params) {
return $r;
}
-function micropub_post($endpoint, $params, $access_token) {
+function micropub_post($endpoint, $params, $access_token, $file_path = NULL) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $endpoint);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array(
- 'Authorization: Bearer ' . $access_token
- ));
curl_setopt($ch, CURLOPT_POST, true);
- $post = http_build_query(array_merge(array(
- 'h' => 'entry'
- ), $params));
- $post = preg_replace('/%5B[0-9]+%5D/', '%5B%5D', $post); // change [0] to []
+
+ $httpheaders = array('Authorization: Bearer ' . $access_token);
+ $params = array_merge(array('h' => 'entry'), $params);
+
+ if(!$file_path) {
+ $post = http_build_query($params);
+ $post = preg_replace('/%5B[0-9]+%5D/', '%5B%5D', $post); // change [0] to []
+ } else {
+ $finfo = finfo_open(FILEINFO_MIME_TYPE);
+ $mimetype = finfo_file($finfo, $file_path);
+ $multipart = new p3k\Multipart();
+ $multipart->addArray($params);
+ $multipart->addFile('photo', $file_path, $mimetype);
+ $post = $multipart->data();
+ array_push($httpheaders, 'Content-Type: ' . $multipart->contentType());
+ }
+
+ curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheaders);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
+
$response = curl_exec($ch);
$error = curl_error($ch);
$sent_headers = curl_getinfo($ch, CURLINFO_HEADER_OUT);
@@ -219,4 +231,57 @@ function instagram_client() {
));
}
+function validate_photo(&$file) {
+ try {
+ if ($_SERVER['REQUEST_METHOD'] == 'POST' && count($_POST) < 1 ) {
+ throw new RuntimeException('File upload size exceeded.');
+ }
+
+ // Undefined | Multiple Files | $_FILES Corruption Attack
+ // If this request falls under any of them, treat it invalid.
+ if (
+ !isset($file['error']) ||
+ is_array($file['error'])
+ ) {
+ throw new RuntimeException('Invalid parameters.');
+ }
+
+ // Check $file['error'] value.
+ switch ($file['error']) {
+ case UPLOAD_ERR_OK:
+ break;
+ case UPLOAD_ERR_NO_FILE:
+ throw new RuntimeException('No file sent.');
+ case UPLOAD_ERR_INI_SIZE:
+ case UPLOAD_ERR_FORM_SIZE:
+ throw new RuntimeException('Exceeded filesize limit.');
+ default:
+ throw new RuntimeException('Unknown errors.');
+ }
+
+ // You should also check filesize here.
+ if ($file['size'] > 1000000) {
+ throw new RuntimeException('Exceeded filesize limit.');
+ }
+
+ // DO NOT TRUST $file['mime'] VALUE !!
+ // Check MIME Type by yourself.
+ $finfo = new finfo(FILEINFO_MIME_TYPE);
+ if (false === $ext = array_search(
+ $finfo->file($file['tmp_name']),
+ array(
+ 'jpg' => 'image/jpeg',
+ 'png' => 'image/png',
+ 'gif' => 'image/gif',
+ ),
+ true
+ )) {
+ throw new RuntimeException('Invalid file format.');
+ }
+
+ } catch (RuntimeException $e) {
+
+ return $e->getMessage();
+ }
+} \ No newline at end of file