87 lines
3.8 KiB
PHP
87 lines
3.8 KiB
PHP
<?php declare(strict_types=1);
|
|
|
|
class Oekaki extends Extension
|
|
{
|
|
public function onPageRequest(PageRequestEvent $event)
|
|
{
|
|
global $user, $page;
|
|
|
|
if ($event->page_matches("oekaki")) {
|
|
if ($user->can(Permissions::CREATE_IMAGE)) {
|
|
if ($event->get_arg(0) == "create") {
|
|
$this->theme->display_page();
|
|
$this->theme->display_block();
|
|
}
|
|
if ($event->get_arg(0) == "claim") {
|
|
// FIXME: move .chi to data/oekaki/$ha/$hash mirroring images and thumbs
|
|
// FIXME: .chi viewer?
|
|
// FIXME: clean out old unclaimed images?
|
|
$pattern = data_path('oekaki_unclaimed/' . $_SERVER['REMOTE_ADDR'] . ".*.png");
|
|
foreach (glob($pattern) as $tmpname) {
|
|
assert(file_exists($tmpname));
|
|
|
|
$pathinfo = pathinfo($tmpname);
|
|
if (!array_key_exists('extension', $pathinfo)) {
|
|
throw new UploadException("File has no extension");
|
|
}
|
|
log_info("oekaki", "Processing file [{$pathinfo['filename']}]");
|
|
$metadata = [];
|
|
$metadata['filename'] = 'oekaki.png';
|
|
$metadata['extension'] = $pathinfo['extension'];
|
|
$metadata['tags'] = Tag::explode('oekaki tagme');
|
|
$metadata['source'] = null;
|
|
$duev = new DataUploadEvent($tmpname, $metadata);
|
|
send_event($duev);
|
|
if ($duev->image_id == -1) {
|
|
throw new UploadException("File type not recognised");
|
|
} else {
|
|
unlink($tmpname);
|
|
$page->set_mode(PageMode::REDIRECT);
|
|
$page->set_redirect(make_link("post/view/".$duev->image_id));
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if ($event->get_arg(0) == "upload") {
|
|
// FIXME: this allows anyone to upload anything to /data ...
|
|
// hardcoding the ext to .png should stop the obvious exploit,
|
|
// but more checking may be wise
|
|
if (isset($_FILES["picture"])) {
|
|
header('Content-type: text/plain');
|
|
|
|
//$file = $_FILES['picture']['name'];
|
|
//$ext = (strpos($file, '.') === FALSE) ? '' : substr($file, strrpos($file, '.'));
|
|
$uploadname = $_SERVER['REMOTE_ADDR'] . "." . time();
|
|
$uploadfile = data_path('oekaki_unclaimed/'.$uploadname);
|
|
|
|
log_info("oekaki", "Uploading file [$uploadname]");
|
|
|
|
$success = true;
|
|
if (isset($_FILES["chibifile"])) {
|
|
$success = $success && move_uploaded_file($_FILES['chibifile']['tmp_name'], $uploadfile . ".chi");
|
|
}
|
|
|
|
// hardcode the ext, so nobody can upload "foo.php"
|
|
$success = $success && move_uploaded_file($_FILES['picture']['tmp_name'], $uploadfile . ".png"); # $ext);
|
|
if ($success) {
|
|
echo "CHIBIOK\n";
|
|
} else {
|
|
echo "CHIBIERROR\n";
|
|
}
|
|
} else {
|
|
echo "CHIBIERROR No Data\n";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// FIXME: "edit this image" button on existing images?
|
|
public function onPostListBuilding(PostListBuildingEvent $event)
|
|
{
|
|
global $user;
|
|
if ($user->can(Permissions::CREATE_IMAGE)) {
|
|
$this->theme->display_block();
|
|
}
|
|
}
|
|
}
|