Index: plupload.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/plupload/plupload.module,v
retrieving revision 1.1.2.10
diff -u -p -r1.1.2.10 plupload.module
--- plupload.module	15 Dec 2010 14:54:42 -0000	1.1.2.10
+++ plupload.module	16 Dec 2010 16:07:03 -0000
@@ -12,7 +12,7 @@ define('PLUPLOAD_URL_PARAM_PREFIX', 'dru
  * Implementation of hook_perm().
  */
 function plupload_perm() {
-  return array('bulk upload files with plupload', 'administer plupload bulk uploads');
+  return array('upload files with plupload', 'administer plupload bulk uploads');
 }
 
 /**
@@ -23,14 +23,14 @@ function plupload_menu() {
     'title' => 'Upload files',
     'page callback' => 'plupload_pernode',
     'access callback' => 'user_access',
-    'access arguments' => array('bulk upload files with plupload'),
+    'access arguments' => array('upload files with plupload'),
     'type' => MENU_CALLBACK,
   );
   $items['file-plupload'] = array(
     'title' => 'Upload files',
     'page callback' => 'plupload_upload_page',
     'access callback' => 'user_access',
-    'access arguments' => array('bulk upload files with plupload'),
+    'access arguments' => array('upload files with plupload'),
     'type' => MENU_CALLBACK,
   );
   $items['admin/settings/plupload-bulk'] = array(
@@ -139,18 +139,23 @@ __RSD__;
 }
 
 function plupload_pernode() {
-  $temp_directory = file_directory_temp();
-
   // Chunk it?
   $chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0;
   $chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0;
   
   // Get and clean the filename.
-  $file_name = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
+  $filename = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
+  $filename = preg_replace('/[^\w\._]+/', '', $filename);
+  $extensions = '';
+  global $user;
+  foreach ($user->roles as $rid => $name) {
+    $extensions .= ' '. variable_get("upload_extensions_$rid",
+    variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp'));
+  }
+  $filename = file_munge_filename(trim(basename($filename), '.'), $extensions);
 
-  // Clean the fileName for security reasons
-  $file_name = preg_replace('/[^\w\._]+/', '', $file_name);
-  
+  // Put the file into a temporary location
+  $temp_filename = file_create_filename(basename($filename), file_directory_temp());
   
   // Look for the content type header
   if (isset($_SERVER["HTTP_CONTENT_TYPE"])) {
@@ -160,48 +165,35 @@ function plupload_pernode() {
     $content_type = $_SERVER["CONTENT_TYPE"];
   }
 
+  // Open temp file
+  $out = fopen($temp_filename, $chunk == 0 ? "wb" : "ab");
+  if ($out === FALSE) {
+    die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
+  }
+
+  $input_filename = 'php://input';
   // Is this a multipart upload?
   if (strpos($content_type, "multipart") !== false) {
-    if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
-      // Open temp file
-      $out = fopen($temp_directory . DIRECTORY_SEPARATOR . $file_name, $chunk == 0 ? "wb" : "ab");
-      if ($out) {
-        // Read binary input stream and append it to temp file
-        $in = fopen($_FILES['file']['tmp_name'], "rb");
-
-        if ($in) {
-          while ($buff = fread($in, 4096))
-            fwrite($out, $buff);
-        } else
-          die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
-
-        fclose($in);
-        fclose($out);
-        unlink($_FILES['file']['tmp_name']);
-      } else
-        die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
-    } else
+    $input_filename = $_FILES['file']['tmp_name'];
+    if (!isset($input_filename) || !is_uploaded_file($input_filename)) {
       die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
-  }
-  else {
-    // Open temp file
-    $out = fopen($temp_directory . DIRECTORY_SEPARATOR . $file_name, $chunk == 0 ? "wb" : "ab");
-    if ($out) {
-      // Read binary input stream and append it to temp file
-      $in = fopen("php://input", "rb");
-
-      if ($in) {
-        while ($buff = fread($in, 4096))
-          fwrite($out, $buff);
-      } else
-        die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
-
-      fclose($in); 
-      fclose($out);
-    } else
-      die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
+    }
   }
   
+  // Read binary input stream and append it to temp file
+  $in = fopen($input_filename, "rb");
+  if ($in === FALSE) {
+    die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
+  }
+  while ($buff = fread($in, 4096)) {
+    fwrite($out, $buff);
+  }
+  fclose($in);
+  fclose($out);
+  if (strpos($content_type, "multipart") !== false) {
+    unlink($input_filename);
+  }
+
   if ($chunks > 1 && $chunk < $chunks - 1) {
     // Don't move the file and add the node yet, we have more chunks coming
     die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
@@ -219,7 +211,7 @@ function plupload_pernode() {
     }
   }
 
-  $image_node = plupload_imagefield_create_node_from($temp_directory . DIRECTORY_SEPARATOR . $file_name, $file_name, $options);
+  $image_node = plupload_imagefield_create_node_from($temp_filename, $filename, $options);
 
   // @todo check the $image_node and do some error handling.
   
@@ -238,7 +230,7 @@ function plupload_pernode() {
  * @return $node
  *   a node object.
  */
-function plupload_imagefield_create_node_from($temp_filepath, $file_name, $options) {
+function plupload_imagefield_create_node_from($temp_filepath, $filename, $options) {
   // Only get files from Drupal's tmp directory.
   $directory = file_directory_temp();
   if (file_check_location($temp_filepath, $directory)) {
@@ -266,7 +258,7 @@ function plupload_imagefield_create_node
   
       // Create some defaults that imagefield expects.
       $form_state_values = array(
-        'title' => $file_name,
+        'title' => $filename,
         'body' => '',
         'field_photo' => array(0 => array(
             'fid' => 0,
@@ -289,7 +281,7 @@ function plupload_imagefield_create_node
         'node_status' => NULL,
         )
       );
-      // Save the file and create a node.
+      // Actually save the file and create a node.
       if ($file = field_file_save_file($temp_filepath, $validators, $directory)) {
         $file['original_path'] = $temp_filepath;
         $node = _plupload_imagefield_import_create_node($field, $form_state_values, $file, $options);