From b6f8a5d314e60d99fba0bcccdef1bccb3c115dbd Mon Sep 17 00:00:00 2001 From: Kyle Browning Date: Wed, 25 May 2011 14:33:19 -0700 Subject: [PATCH] Remove base64_encode from file_resources --- resources/file_resource.inc | 63 ++++++++------------------- servers/rest_server/includes/RESTServer.inc | 6 ++- 2 files changed, 24 insertions(+), 45 deletions(-) diff --git a/resources/file_resource.inc b/resources/file_resource.inc index 1a5bf43..f825d43 100644 --- a/resources/file_resource.inc +++ b/resources/file_resource.inc @@ -116,52 +116,26 @@ function _file_resource_definition() { * Unique identifier for the file (fid) or errors if there was a problem. */ function _file_resource_create($file) { - global $user; - $file = (object) $file; - - // If the file data is empty then bail - if (!isset($file->file)) { - return FALSE; - } - - // Make sure we create new file. - $file->fid = NULL; - - // Get the directory name for the location of the file: - if (isset($file->filename) && !isset($file->filepath)) { - $file->filepath = file_default_scheme() . '://' . $file->filename; - } - $dir = file_default_scheme() . '://'; - // Build the destination folder tree if it doesn't already exists. - if (!file_prepare_directory($dir, FILE_CREATE_DIRECTORY)) { - return services_error(t("Could not create destination directory for file."), 500); - } - - $file->filemime = file_get_mimetype($file->filename); - - // Rename potentially executable files, to help prevent exploits. - if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (drupal_substr($file->filename, -4) != '.txt')) { - $file->filemime = 'text/plain'; - $file->filepath .= '.txt'; - $file->filename .= '.txt'; - } - - // Update the timestamp to the current time, otherwise the file could - // get deleted on the next cron run if its status is set to 0. - $file->timestamp = time(); - - // Write the file - if (!$file = file_save_data(base64_decode($file->file), $file->filepath)) { - return services_error(t("Could not write file to destination"), 500); + $validators = array( + 'file_validate_extensions' => array(), + 'file_validate_size' => array(), + ); + $files = array(); + foreach($_FILES['files']['name'] as $field_name => $file_name) { + $file = file_save_upload($field_name, $validators ,file_default_scheme() . "://"); + // Required to be able to reference this file. + if($file->fid) { + file_usage_add($file, 'services', 'files', $file->fid); + $files[] = array( + 'fid' => $file->fid, + 'uri' => services_resource_uri(array('file', $file->fid)), + ); + } else { + return services_error(t('An unknown error occured', 500); + } } - // Required to be able to reference this file. - file_usage_add($file, 'services', 'files', $file->fid); - - return array( - 'fid' => $file->fid, - 'uri' => services_resource_uri(array('file', $file->fid)), - ); + return $files; } /** @@ -257,6 +231,7 @@ function _file_resource_access($op = 'view', $args = array()) { return $file->uid == $user->uid && user_access('get own binary files'); break; case 'create': + return user_access('save file information'); case 'delete': return $file->uid == $user->uid && user_access('save file information'); break; diff --git a/servers/rest_server/includes/RESTServer.inc b/servers/rest_server/includes/RESTServer.inc index ed3adcb..bcdacc1 100755 --- a/servers/rest_server/includes/RESTServer.inc +++ b/servers/rest_server/includes/RESTServer.inc @@ -221,6 +221,10 @@ class RESTServer { else { if (isset($sources[$info['source']][$info['name']])) { $arguments[$i] = $sources[$info['source']][$info['name']]; + } else { + if (isset($sources[$info['source']])) { + $arguments[$i] = $sources[$info['source']]; + } } } // Convert to array if argument expected to be array. @@ -254,7 +258,7 @@ class RESTServer { } switch ($method) { case 'POST': - if (isset($type['value']) && $type['value'] == 'application/x-www-form-urlencoded') { + if (isset($type['value']) && ($type['value'] == 'application/x-www-form-urlencoded' || $type['value'] == "multipart/form-data")) { return $_POST; } case 'PUT': -- 1.7.3.4