--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/web/drupal/modules/blogapi/blogapi.module Fri Aug 21 16:26:26 2009 +0000
@@ -0,0 +1,950 @@
+<?php
+// $Id: blogapi.module,v 1.115.2.5 2008/10/08 20:12:17 goba Exp $
+
+/**
+ * @file
+ * Enable users to post using applications that support XML-RPC blog APIs.
+ */
+
+/**
+ * Implementation of hook_help().
+ */
+function blogapi_help($path, $arg) {
+ switch ($path) {
+ case 'admin/help#blogapi':
+ $output = '<p>'. t("The Blog API module allows your site's users to access and post to their blogs from external blogging clients. External blogging clients are available for a wide range of desktop operating systems, and generally provide a feature-rich graphical environment for creating and editing posts.") .'</p>';
+ $output .= '<p>'. t('<a href="@ecto-link">Ecto</a>, a blogging client available for both Mac OS X and Microsoft Windows, can be used with Blog API. Blog API also supports <a href="@blogger-api">Blogger API</a>, <a href="@metaweblog-api">MetaWeblog API</a>, and most of the <a href="@movabletype-api">Movable Type API</a>. Blogging clients and other services (e.g. <a href="@flickr">Flickr\'s</a> "post to blog") that support these APIs may also be compatible.', array('@ecto-link' => url('http://infinite-sushi.com/software/ecto/'), '@blogger-api' => url('http://www.blogger.com/developers/api/1_docs/'), '@metaweblog-api' => url('http://www.xmlrpc.com/metaWeblogApi'), '@movabletype-api' => url('http://www.movabletype.org/docs/mtmanual_programmatic.html'), '@flickr' => url('http://www.flickr.com'))) .'</p>';
+ $output .= '<p>'. t('Select the content types available to external clients on the <a href="@blogapi-settings">Blog API settings page</a>. If supported and available, each content type will be displayed as a separate "blog" by the external client.', array('@blogapi-settings' => url('admin/settings/blogapi'))) .'</p>';
+ $output .= '<p>'. t('For more information, see the online handbook entry for <a href="@blogapi">Blog API module</a>.', array('@blogapi' => url('http://drupal.org/handbook/modules/blogapi/'))) .'</p>';
+ return $output;
+ }
+}
+
+/**
+ * Implementation of hook_perm().
+ */
+function blogapi_perm() {
+ return array('administer content with blog api');
+}
+
+/**
+ * Implementation of hook_xmlrpc().
+ */
+function blogapi_xmlrpc() {
+ return array(
+ array(
+ 'blogger.getUsersBlogs',
+ 'blogapi_blogger_get_users_blogs',
+ array('array', 'string', 'string', 'string'),
+ t('Returns a list of blogs to which an author has posting privileges.')),
+ array(
+ 'blogger.getUserInfo',
+ 'blogapi_blogger_get_user_info',
+ array('struct', 'string', 'string', 'string'),
+ t('Returns information about an author in the system.')),
+ array(
+ 'blogger.newPost',
+ 'blogapi_blogger_new_post',
+ array('string', 'string', 'string', 'string', 'string', 'string', 'boolean'),
+ t('Creates a new post, and optionally publishes it.')),
+ array(
+ 'blogger.editPost',
+ 'blogapi_blogger_edit_post',
+ array('boolean', 'string', 'string', 'string', 'string', 'string', 'boolean'),
+ t('Updates the information about an existing post.')),
+ array(
+ 'blogger.getPost',
+ 'blogapi_blogger_get_post',
+ array('struct', 'string', 'string', 'string', 'string'),
+ t('Returns information about a specific post.')),
+ array(
+ 'blogger.deletePost',
+ 'blogapi_blogger_delete_post',
+ array('boolean', 'string', 'string', 'string', 'string', 'boolean'),
+ t('Deletes a post.')),
+ array(
+ 'blogger.getRecentPosts',
+ 'blogapi_blogger_get_recent_posts',
+ array('array', 'string', 'string', 'string', 'string', 'int'),
+ t('Returns a list of the most recent posts in the system.')),
+ array(
+ 'metaWeblog.newPost',
+ 'blogapi_metaweblog_new_post',
+ array('string', 'string', 'string', 'string', 'struct', 'boolean'),
+ t('Creates a new post, and optionally publishes it.')),
+ array(
+ 'metaWeblog.editPost',
+ 'blogapi_metaweblog_edit_post',
+ array('boolean', 'string', 'string', 'string', 'struct', 'boolean'),
+ t('Updates information about an existing post.')),
+ array(
+ 'metaWeblog.getPost',
+ 'blogapi_metaweblog_get_post',
+ array('struct', 'string', 'string', 'string'),
+ t('Returns information about a specific post.')),
+ array(
+ 'metaWeblog.newMediaObject',
+ 'blogapi_metaweblog_new_media_object',
+ array('string', 'string', 'string', 'string', 'struct'),
+ t('Uploads a file to your webserver.')),
+ array(
+ 'metaWeblog.getCategories',
+ 'blogapi_metaweblog_get_category_list',
+ array('struct', 'string', 'string', 'string'),
+ t('Returns a list of all categories to which the post is assigned.')),
+ array(
+ 'metaWeblog.getRecentPosts',
+ 'blogapi_metaweblog_get_recent_posts',
+ array('array', 'string', 'string', 'string', 'int'),
+ t('Returns a list of the most recent posts in the system.')),
+ array(
+ 'mt.getRecentPostTitles',
+ 'blogapi_mt_get_recent_post_titles',
+ array('array', 'string', 'string', 'string', 'int'),
+ t('Returns a bandwidth-friendly list of the most recent posts in the system.')),
+ array(
+ 'mt.getCategoryList',
+ 'blogapi_mt_get_category_list',
+ array('array', 'string', 'string', 'string'),
+ t('Returns a list of all categories defined in the blog.')),
+ array(
+ 'mt.getPostCategories',
+ 'blogapi_mt_get_post_categories',
+ array('array', 'string', 'string', 'string'),
+ t('Returns a list of all categories to which the post is assigned.')),
+ array(
+ 'mt.setPostCategories',
+ 'blogapi_mt_set_post_categories',
+ array('boolean', 'string', 'string', 'string', 'array'),
+ t('Sets the categories for a post.')),
+ array(
+ 'mt.supportedMethods',
+ 'xmlrpc_server_list_methods',
+ array('array'),
+ t('Retrieve information about the XML-RPC methods supported by the server.')),
+ array(
+ 'mt.supportedTextFilters',
+ 'blogapi_mt_supported_text_filters',
+ array('array'),
+ t('Retrieve information about the text formatting plugins supported by the server.')),
+ array(
+ 'mt.publishPost',
+ 'blogapi_mt_publish_post',
+ array('boolean', 'string', 'string', 'string'),
+ t('Publish (rebuild) all of the static files related to an entry from your blog. Equivalent to saving an entry in the system (but without the ping).')));
+}
+
+/**
+ * Blogging API callback. Finds the URL of a user's blog.
+ */
+
+function blogapi_blogger_get_users_blogs($appid, $username, $password) {
+
+ $user = blogapi_validate_user($username, $password);
+ if ($user->uid) {
+ $types = _blogapi_get_node_types();
+ $structs = array();
+ foreach ($types as $type) {
+ $structs[] = array('url' => url('blog/'. $user->uid, array('absolute' => TRUE)), 'blogid' => $type, 'blogName' => $user->name .": ". $type);
+ }
+ return $structs;
+ }
+ else {
+ return blogapi_error($user);
+ }
+}
+
+/**
+ * Blogging API callback. Returns profile information about a user.
+ */
+function blogapi_blogger_get_user_info($appkey, $username, $password) {
+ $user = blogapi_validate_user($username, $password);
+
+ if ($user->uid) {
+ $name = explode(' ', $user->realname ? $user->realname : $user->name, 2);
+ return array(
+ 'userid' => $user->uid,
+ 'lastname' => $name[1],
+ 'firstname' => $name[0],
+ 'nickname' => $user->name,
+ 'email' => $user->mail,
+ 'url' => url('blog/'. $user->uid, array('absolute' => TRUE)));
+ }
+ else {
+ return blogapi_error($user);
+ }
+}
+
+/**
+ * Blogging API callback. Inserts a new blog post as a node.
+ */
+function blogapi_blogger_new_post($appkey, $blogid, $username, $password, $content, $publish) {
+ $user = blogapi_validate_user($username, $password);
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+
+ if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
+ // Return an error if not configured type.
+ return $error;
+ }
+
+ $edit = array();
+ $edit['type'] = $blogid;
+ // get the node type defaults
+ $node_type_default = variable_get('node_options_'. $edit['type'], array('status', 'promote'));
+ $edit['uid'] = $user->uid;
+ $edit['name'] = $user->name;
+ $edit['promote'] = in_array('promote', $node_type_default);
+ $edit['comment'] = variable_get('comment_'. $edit['type'], 2);
+ $edit['revision'] = in_array('revision', $node_type_default);
+ $edit['format'] = FILTER_FORMAT_DEFAULT;
+ $edit['status'] = $publish;
+
+ // check for bloggerAPI vs. metaWeblogAPI
+ if (is_array($content)) {
+ $edit['title'] = $content['title'];
+ $edit['body'] = $content['description'];
+ _blogapi_mt_extra($edit, $content);
+ }
+ else {
+ $edit['title'] = blogapi_blogger_title($content);
+ $edit['body'] = $content;
+ }
+
+ if (!node_access('create', $edit['type'])) {
+ return blogapi_error(t('You do not have permission to create this type of post.'));
+ }
+
+ if (user_access('administer nodes') && !isset($edit['date'])) {
+ $edit['date'] = format_date(time(), 'custom', 'Y-m-d H:i:s O');
+ }
+
+ node_invoke_nodeapi($edit, 'blogapi new');
+
+ $valid = blogapi_status_error_check($edit, $publish);
+ if ($valid !== TRUE) {
+ return $valid;
+ }
+
+ node_validate($edit);
+ if ($errors = form_get_errors()) {
+ return blogapi_error(implode("\n", $errors));
+ }
+
+ $node = node_submit($edit);
+ node_save($node);
+ if ($node->nid) {
+ watchdog('content', '@type: added %title using blog API.', array('@type' => $node->type, '%title' => $node->title), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
+ // blogger.newPost returns a string so we cast the nid to a string by putting it in double quotes:
+ return "$node->nid";
+ }
+
+ return blogapi_error(t('Error storing post.'));
+}
+
+/**
+ * Blogging API callback. Modifies the specified blog node.
+ */
+function blogapi_blogger_edit_post($appkey, $postid, $username, $password, $content, $publish) {
+
+ $user = blogapi_validate_user($username, $password);
+
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+
+ $node = node_load($postid);
+ if (!$node) {
+ return blogapi_error(t('n/a'));
+ }
+ // Let the teaser be re-generated.
+ unset($node->teaser);
+
+ if (!node_access('update', $node)) {
+ return blogapi_error(t('You do not have permission to update this post.'));
+ }
+ // Save the original status for validation of permissions.
+ $original_status = $node->status;
+ $node->status = $publish;
+
+ // check for bloggerAPI vs. metaWeblogAPI
+ if (is_array($content)) {
+ $node->title = $content['title'];
+ $node->body = $content['description'];
+ _blogapi_mt_extra($node, $content);
+ }
+ else {
+ $node->title = blogapi_blogger_title($content);
+ $node->body = $content;
+ }
+
+ node_invoke_nodeapi($node, 'blogapi edit');
+
+ $valid = blogapi_status_error_check($node, $original_status);
+ if ($valid !== TRUE) {
+ return $valid;
+ }
+
+ node_validate($node);
+ if ($errors = form_get_errors()) {
+ return blogapi_error(implode("\n", $errors));
+ }
+
+ if (user_access('administer nodes') && !isset($edit['date'])) {
+ $node->date = format_date($node->created, 'custom', 'Y-m-d H:i:s O');
+ }
+ $node = node_submit($node);
+ node_save($node);
+ if ($node->nid) {
+ watchdog('content', '@type: updated %title using Blog API.', array('@type' => $node->type, '%title' => $node->title), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
+ return TRUE;
+ }
+
+ return blogapi_error(t('Error storing post.'));
+}
+
+/**
+ * Blogging API callback. Returns a specified blog node.
+ */
+function blogapi_blogger_get_post($appkey, $postid, $username, $password) {
+ $user = blogapi_validate_user($username, $password);
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+
+ $node = node_load($postid);
+
+ return _blogapi_get_post($node, TRUE);
+}
+
+/**
+ * Check that the user has permission to save the node with the chosen status.
+ *
+ * @return
+ * TRUE if no error, or the blogapi_error().
+ */
+function blogapi_status_error_check($node, $original_status) {
+
+ $node = (object) $node;
+
+ $node_type_default = variable_get('node_options_'. $node->type, array('status', 'promote'));
+
+ // If we don't have the 'administer nodes' permission and the status is
+ // changing or for a new node the status is not the content type's default,
+ // then return an error.
+ if (!user_access('administer nodes') && (($node->status != $original_status) || (empty($node->nid) && $node->status != in_array('status', $node_type_default)))) {
+ if ($node->status) {
+ return blogapi_error(t('You do not have permission to publish this type of post. Please save it as a draft instead.'));
+ }
+ else {
+ return blogapi_error(t('You do not have permission to save this post as a draft. Please publish it instead.'));
+ }
+ }
+ return TRUE;
+}
+
+
+/**
+ * Blogging API callback. Removes the specified blog node.
+ */
+function blogapi_blogger_delete_post($appkey, $postid, $username, $password, $publish) {
+ $user = blogapi_validate_user($username, $password);
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+
+ node_delete($postid);
+ return TRUE;
+}
+
+/**
+ * Blogging API callback. Returns the latest few postings in a user's blog. $bodies TRUE
+ * <a href="http://movabletype.org/docs/mtmanual_programmatic.html#item_mt%2EgetRecentPostTitles">
+ * returns a bandwidth-friendly list</a>.
+ */
+function blogapi_blogger_get_recent_posts($appkey, $blogid, $username, $password, $number_of_posts, $bodies = TRUE) {
+ // Remove unused appkey (from bloggerAPI).
+ $user = blogapi_validate_user($username, $password);
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+
+ if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
+ // Return an error if not configured type.
+ return $error;
+ }
+
+ if ($bodies) {
+ $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts);
+ }
+ else {
+ $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts);
+ }
+ $blogs = array();
+ while ($blog = db_fetch_object($result)) {
+ $blogs[] = _blogapi_get_post($blog, $bodies);
+ }
+ return $blogs;
+}
+
+function blogapi_metaweblog_new_post($blogid, $username, $password, $content, $publish) {
+ return blogapi_blogger_new_post('0123456789ABCDEF', $blogid, $username, $password, $content, $publish);
+}
+
+function blogapi_metaweblog_edit_post($postid, $username, $password, $content, $publish) {
+ return blogapi_blogger_edit_post('0123456789ABCDEF', $postid, $username, $password, $content, $publish);
+}
+
+function blogapi_metaweblog_get_post($postid, $username, $password) {
+ return blogapi_blogger_get_post('01234567890ABCDEF', $postid, $username, $password);
+}
+
+/**
+ * Blogging API callback. Inserts a file into Drupal.
+ */
+function blogapi_metaweblog_new_media_object($blogid, $username, $password, $file) {
+ $user = blogapi_validate_user($username, $password);
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+
+ $usersize = 0;
+ $uploadsize = 0;
+
+ $roles = array_intersect(user_roles(FALSE, 'administer content with blog api'), $user->roles);
+
+ foreach ($roles as $rid => $name) {
+ $extensions .= ' '. strtolower(variable_get("blogapi_extensions_$rid", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));
+ $usersize= max($usersize, variable_get("blogapi_usersize_$rid", variable_get('blogapi_usersize_default', 1)) * 1024 * 1024);
+ $uploadsize = max($uploadsize, variable_get("blogapi_uploadsize_$rid", variable_get('blogapi_uploadsize_default', 1)) * 1024 * 1024);
+ }
+
+ $filesize = strlen($file['bits']);
+
+ if ($filesize > $uploadsize) {
+ return blogapi_error(t('It is not possible to upload the file, because it exceeded the maximum filesize of @maxsize.', array('@maxsize' => format_size($uploadsize))));
+ }
+
+ if (_blogapi_space_used($user->uid) + $filesize > $usersize) {
+ return blogapi_error(t('The file can not be attached to this post, because the disk quota of @quota has been reached.', array('@quota' => format_size($usersize))));
+ }
+
+ // Only allow files with whitelisted extensions and convert remaining dots to
+ // underscores to prevent attacks via non-terminal executable extensions with
+ // files such as exploit.php.jpg.
+
+ $whitelist = array_unique(explode(' ', trim($extensions)));
+
+ $name = basename($file['name']);
+
+ if ($extension_position = strrpos($name, '.')) {
+ $filename = drupal_substr($name, 0, $extension_position);
+ $final_extension = drupal_substr($name, $extension_position + 1);
+
+ if (!in_array(strtolower($final_extension), $whitelist)) {
+ return blogapi_error(t('It is not possible to upload the file, because it is only possible to upload files with the following extensions: @extensions', array('@extensions' => implode(' ', $whitelist))));
+ }
+
+ $filename = str_replace('.', '_', $filename);
+ $filename .= '.'. $final_extension;
+ }
+
+ $data = $file['bits'];
+
+ if (!$data) {
+ return blogapi_error(t('No file sent.'));
+ }
+
+ if (!$file = file_save_data($data, $filename)) {
+ return blogapi_error(t('Error storing file.'));
+ }
+
+ $row = new stdClass();
+ $row->uid = $user->uid;
+ $row->filepath = $file;
+ $row->filesize = $filesize;
+
+ drupal_write_record('blogapi_files', $row);
+
+ // Return the successful result.
+ return array('url' => file_create_url($file), 'struct');
+}
+/**
+ * Blogging API callback. Returns a list of the taxonomy terms that can be
+ * associated with a blog node.
+ */
+function blogapi_metaweblog_get_category_list($blogid, $username, $password) {
+ $user = blogapi_validate_user($username, $password);
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+
+ if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
+ // Return an error if not configured type.
+ return $error;
+ }
+
+ $vocabularies = module_invoke('taxonomy', 'get_vocabularies', $blogid, 'vid');
+ $categories = array();
+ if ($vocabularies) {
+ foreach ($vocabularies as $vocabulary) {
+ $terms = module_invoke('taxonomy', 'get_tree', $vocabulary->vid, 0, -1);
+ foreach ($terms as $term) {
+ $term_name = $term->name;
+ foreach (module_invoke('taxonomy', 'get_parents', $term->tid, 'tid') as $parent) {
+ $term_name = $parent->name .'/'. $term_name;
+ }
+ $categories[] = array('categoryName' => $term_name, 'categoryId' => $term->tid);
+ }
+ }
+ }
+ return $categories;
+}
+
+function blogapi_metaweblog_get_recent_posts($blogid, $username, $password, $number_of_posts) {
+ return blogapi_blogger_get_recent_posts('0123456789ABCDEF', $blogid, $username, $password, $number_of_posts, TRUE);
+}
+
+function blogapi_mt_get_recent_post_titles($blogid, $username, $password, $number_of_posts) {
+ return blogapi_blogger_get_recent_posts('0123456789ABCDEF', $blogid, $username, $password, $number_of_posts, FALSE);
+}
+
+function blogapi_mt_get_category_list($blogid, $username, $password) {
+ return blogapi_metaweblog_get_category_list($blogid, $username, $password);
+}
+
+/**
+ * Blogging API callback. Returns a list of the taxonomy terms that are
+ * assigned to a particular node.
+ */
+function blogapi_mt_get_post_categories($postid, $username, $password) {
+ $user = blogapi_validate_user($username, $password);
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+
+ $node = node_load($postid);
+ $terms = module_invoke('taxonomy', 'node_get_terms', $node, 'tid');
+ $categories = array();
+ foreach ($terms as $term) {
+ $term_name = $term->name;
+ foreach (module_invoke('taxonomy', 'get_parents', $term->tid, 'tid') as $parent) {
+ $term_name = $parent->name .'/'. $term_name;
+ }
+ $categories[] = array('categoryName' => $term_name, 'categoryId' => $term->tid, 'isPrimary' => TRUE);
+ }
+
+ return $categories;
+}
+
+/**
+ * Blogging API callback. Assigns taxonomy terms to a particular node.
+ */
+function blogapi_mt_set_post_categories($postid, $username, $password, $categories) {
+ $user = blogapi_validate_user($username, $password);
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+
+ $node = node_load($postid);
+ $node->taxonomy = array();
+ foreach ($categories as $category) {
+ $node->taxonomy[] = $category['categoryId'];
+ }
+ $validated = blogapi_mt_validate_terms($node);
+ if ($validated !== TRUE) {
+ return $validated;
+ }
+ node_save($node);
+ return TRUE;
+}
+
+/**
+ * Blogging API helper - find allowed taxonomy terms for a node type.
+ */
+function blogapi_mt_validate_terms($node) {
+ // We do a lot of heavy lifting here since taxonomy module doesn't have a
+ // stand-alone validation function.
+ if (module_exists('taxonomy')) {
+ $found_terms = array();
+ if (!empty($node->taxonomy)) {
+ $term_list = array_unique($node->taxonomy);
+ $params = $term_list;
+ $params[] = $node->type;
+ $result = db_query(db_rewrite_sql("SELECT t.tid, t.vid FROM {term_data} t INNER JOIN {vocabulary_node_types} n ON t.vid = n.vid WHERE t.tid IN (". db_placeholders($term_list) .") AND n.type = '%s'", 't', 'tid'), $params);
+ $found_terms = array();
+ $found_count = 0;
+ while ($term = db_fetch_object($result)) {
+ $found_terms[$term->vid][$term->tid] = $term->tid;
+ $found_count++;
+ }
+ // If the counts don't match, some terms are invalid or not accessible to this user.
+ if (count($term_list) != $found_count) {
+ return blogapi_error(t('Invalid categories submitted.'));
+ }
+ }
+ // Look up all the vocabularies for this node type.
+ $result2 = db_query(db_rewrite_sql("SELECT v.vid, v.name, v.required, v.multiple FROM {vocabulary} v INNER JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE n.type = '%s'", 'v', 'vid'), $node->type);
+ // Check each vocabulary associated with this node type.
+ while ($vocabulary = db_fetch_object($result2)) {
+ // Required vocabularies must have at least one term.
+ if ($vocabulary->required && empty($found_terms[$vocabulary->vid])) {
+ return blogapi_error(t('A category from the @vocabulary_name vocabulary is required.', array('@vocabulary_name' => $vocabulary->name)));
+ }
+ // Vocabularies that don't allow multiple terms may have at most one.
+ if (!($vocabulary->multiple) && (isset($found_terms[$vocabulary->vid]) && count($found_terms[$vocabulary->vid]) > 1)) {
+ return blogapi_error(t('You may only choose one category from the @vocabulary_name vocabulary.'), array('@vocabulary_name' => $vocabulary->name));
+ }
+ }
+ }
+ elseif (!empty($node->taxonomy)) {
+ return blogapi_error(t('Error saving categories. This feature is not available.'));
+ }
+ return TRUE;
+}
+
+/**
+ * Blogging API callback. Sends a list of available input formats.
+ */
+function blogapi_mt_supported_text_filters() {
+ // NOTE: we're only using anonymous' formats because the MT spec
+ // does not allow for per-user formats.
+ $formats = filter_formats();
+
+ $filters = array();
+ foreach ($formats as $format) {
+ $filter['key'] = $format->format;
+ $filter['label'] = $format->name;
+ $filters[] = $filter;
+ }
+
+ return $filters;
+}
+
+/**
+ * Blogging API callback. Publishes the given node
+ */
+function blogapi_mt_publish_post($postid, $username, $password) {
+ $user = blogapi_validate_user($username, $password);
+ if (!$user->uid) {
+ return blogapi_error($user);
+ }
+ $node = node_load($postid);
+ if (!$node) {
+ return blogapi_error(t('Invalid post.'));
+ }
+
+ // Nothing needs to be done if already published.
+ if ($node->status) {
+ return;
+ }
+
+ if (!node_access('update', $node) || !user_access('administer nodes')) {
+ return blogapi_error(t('You do not have permission to update this post.'));
+ }
+
+ $node->status = 1;
+ node_save($node);
+
+ return TRUE;
+}
+
+/**
+ * Prepare an error message for returning to the XMLRPC caller.
+ */
+function blogapi_error($message) {
+ static $xmlrpcusererr;
+ if (!is_array($message)) {
+ $message = array($message);
+ }
+
+ $message = implode(' ', $message);
+
+ return xmlrpc_error($xmlrpcusererr + 1, strip_tags($message));
+}
+
+/**
+ * Ensure that the given user has permission to edit a blog.
+ */
+function blogapi_validate_user($username, $password) {
+ global $user;
+
+ $user = user_authenticate(array('name' => $username, 'pass' => $password));
+
+ if ($user->uid) {
+ if (user_access('administer content with blog api', $user)) {
+ return $user;
+ }
+ else {
+ return t('You do not have permission to edit this blog.');
+ }
+ }
+ else {
+ return t('Wrong username or password.');
+ }
+}
+
+/**
+ * For the blogger API, extract the node title from the contents field.
+ */
+function blogapi_blogger_title(&$contents) {
+ if (eregi('<title>([^<]*)</title>', $contents, $title)) {
+ $title = strip_tags($title[0]);
+ $contents = ereg_replace('<title>[^<]*</title>', '', $contents);
+ }
+ else {
+ list($title, $contents) = explode("\n", $contents, 2);
+ }
+ return $title;
+}
+
+function blogapi_admin_settings() {
+ $node_types = array_map('check_plain', node_get_types('names'));
+ $defaults = isset($node_types['blog']) ? array('blog' => 1) : array();
+ $form['blogapi_node_types'] = array(
+ '#type' => 'checkboxes',
+ '#title' => t('Enable for external blogging clients'),
+ '#required' => TRUE,
+ '#default_value' => variable_get('blogapi_node_types', $defaults),
+ '#options' => $node_types,
+ '#description' => t('Select the content types available to external blogging clients via Blog API. If supported, each enabled content type will be displayed as a separate "blog" by the external client.')
+ );
+
+ $blogapi_extensions_default = variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp');
+ $blogapi_uploadsize_default = variable_get('blogapi_uploadsize_default', 1);
+ $blogapi_usersize_default = variable_get('blogapi_usersize_default', 1);
+
+ $form['settings_general'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('File settings'),
+ '#collapsible' => TRUE,
+ );
+
+ $form['settings_general']['blogapi_extensions_default'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Default permitted file extensions'),
+ '#default_value' => $blogapi_extensions_default,
+ '#maxlength' => 255,
+ '#description' => t('Default extensions that users can upload. Separate extensions with a space and do not include the leading dot.'),
+ );
+
+ $form['settings_general']['blogapi_uploadsize_default'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Default maximum file size per upload'),
+ '#default_value' => $blogapi_uploadsize_default,
+ '#size' => 5,
+ '#maxlength' => 5,
+ '#description' => t('The default maximum file size a user can upload.'),
+ '#field_suffix' => t('MB')
+ );
+
+ $form['settings_general']['blogapi_usersize_default'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Default total file size per user'),
+ '#default_value' => $blogapi_usersize_default,
+ '#size' => 5,
+ '#maxlength' => 5,
+ '#description' => t('The default maximum size of all files a user can have on the site.'),
+ '#field_suffix' => t('MB')
+ );
+
+ $form['settings_general']['upload_max_size'] = array('#value' => '<p>'. t('Your PHP settings limit the maximum file size per upload to %size.', array('%size' => format_size(file_upload_max_size()))).'</p>');
+
+ $roles = user_roles(0, 'administer content with blog api');
+ $form['roles'] = array('#type' => 'value', '#value' => $roles);
+
+ foreach ($roles as $rid => $role) {
+ $form['settings_role_'. $rid] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Settings for @role', array('@role' => $role)),
+ '#collapsible' => TRUE,
+ '#collapsed' => TRUE,
+ );
+ $form['settings_role_'. $rid]['blogapi_extensions_'. $rid] = array(
+ '#type' => 'textfield',
+ '#title' => t('Permitted file extensions'),
+ '#default_value' => variable_get('blogapi_extensions_'. $rid, $blogapi_extensions_default),
+ '#maxlength' => 255,
+ '#description' => t('Extensions that users in this role can upload. Separate extensions with a space and do not include the leading dot.'),
+ );
+ $form['settings_role_'. $rid]['blogapi_uploadsize_'. $rid] = array(
+ '#type' => 'textfield',
+ '#title' => t('Maximum file size per upload'),
+ '#default_value' => variable_get('blogapi_uploadsize_'. $rid, $blogapi_uploadsize_default),
+ '#size' => 5,
+ '#maxlength' => 5,
+ '#description' => t('The maximum size of a file a user can upload (in megabytes).'),
+ );
+ $form['settings_role_'. $rid]['blogapi_usersize_'. $rid] = array(
+ '#type' => 'textfield',
+ '#title' => t('Total file size per user'),
+ '#default_value' => variable_get('blogapi_usersize_'. $rid, $blogapi_usersize_default),
+ '#size' => 5,
+ '#maxlength' => 5,
+ '#description' => t('The maximum size of all files a user can have on the site (in megabytes).'),
+ );
+ }
+
+ return system_settings_form($form);
+}
+
+function blogapi_menu() {
+ $items['blogapi/rsd'] = array(
+ 'title' => 'RSD',
+ 'page callback' => 'blogapi_rsd',
+ 'access arguments' => array('access content'),
+ 'type' => MENU_CALLBACK,
+ );
+ $items['admin/settings/blogapi'] = array(
+ 'title' => 'Blog API',
+ 'description' => 'Configure the content types available to external blogging clients.',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('blogapi_admin_settings'),
+ 'access arguments' => array('administer site configuration'),
+ 'type' => MENU_NORMAL_ITEM,
+ );
+
+ return $items;
+}
+
+function blogapi_init() {
+ if (drupal_is_front_page()) {
+ drupal_add_link(array('rel' => 'EditURI',
+ 'type' => 'application/rsd+xml',
+ 'title' => t('RSD'),
+ 'href' => url('blogapi/rsd', array('absolute' => TRUE))));
+ }
+}
+
+function blogapi_rsd() {
+ global $base_url;
+
+ $xmlrpc = $base_url .'/xmlrpc.php';
+ $base = url('', array('absolute' => TRUE));
+ $blogid = 1; # until we figure out how to handle multiple bloggers
+
+ drupal_set_header('Content-Type: application/rsd+xml; charset=utf-8');
+ print <<<__RSD__
+<?xml version="1.0"?>
+<rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
+ <service>
+ <engineName>Drupal</engineName>
+ <engineLink>http://drupal.org/</engineLink>
+ <homePageLink>$base</homePageLink>
+ <apis>
+ <api name="MetaWeblog" preferred="false" apiLink="$xmlrpc" blogID="$blogid" />
+ <api name="Blogger" preferred="false" apiLink="$xmlrpc" blogID="$blogid" />
+ <api name="MovableType" preferred="true" apiLink="$xmlrpc" blogID="$blogid" />
+ </apis>
+ </service>
+</rsd>
+__RSD__;
+}
+
+/**
+ * Handles extra information sent by clients according to MovableType's spec.
+ */
+function _blogapi_mt_extra(&$node, $struct) {
+ if (is_array($node)) {
+ $was_array = TRUE;
+ $node = (object)$node;
+ }
+
+ // mt_allow_comments
+ if (array_key_exists('mt_allow_comments', $struct)) {
+ switch ($struct['mt_allow_comments']) {
+ case 0:
+ $node->comment = COMMENT_NODE_DISABLED;
+ break;
+ case 1:
+ $node->comment = COMMENT_NODE_READ_WRITE;
+ break;
+ case 2:
+ $node->comment = COMMENT_NODE_READ_ONLY;
+ break;
+ }
+ }
+
+ // merge the 3 body sections (description, mt_excerpt, mt_text_more) into
+ // one body
+ if ($struct['mt_excerpt']) {
+ $node->body = $struct['mt_excerpt'] .'<!--break-->'. $node->body;
+ }
+ if ($struct['mt_text_more']) {
+ $node->body = $node->body .'<!--extended-->'. $struct['mt_text_more'];
+ }
+
+ // mt_convert_breaks
+ if ($struct['mt_convert_breaks']) {
+ $node->format = $struct['mt_convert_breaks'];
+ }
+
+ // dateCreated
+ if ($struct['dateCreated']) {
+ $node->date = format_date(mktime($struct['dateCreated']->hour, $struct['dateCreated']->minute, $struct['dateCreated']->second, $struct['dateCreated']->month, $struct['dateCreated']->day, $struct['dateCreated']->year), 'custom', 'Y-m-d H:i:s O');
+ }
+
+ if ($was_array) {
+ $node = (array)$node;
+ }
+}
+
+function _blogapi_get_post($node, $bodies = TRUE) {
+ $xmlrpcval = array(
+ 'userid' => $node->name,
+ 'dateCreated' => xmlrpc_date($node->created),
+ 'title' => $node->title,
+ 'postid' => $node->nid,
+ 'link' => url('node/'. $node->nid, array('absolute' => TRUE)),
+ 'permaLink' => url('node/'. $node->nid, array('absolute' => TRUE)),
+ );
+ if ($bodies) {
+ if ($node->comment == 1) {
+ $comment = 2;
+ }
+ else if ($node->comment == 2) {
+ $comment = 1;
+ }
+ $xmlrpcval['content'] = "<title>$node->title</title>$node->body";
+ $xmlrpcval['description'] = $node->body;
+ // Add MT specific fields
+ $xmlrpcval['mt_allow_comments'] = (int) $comment;
+ $xmlrpcval['mt_convert_breaks'] = $node->format;
+ }
+
+ return $xmlrpcval;
+}
+
+/**
+ * Validate blog ID, which maps to a content type in Drupal.
+ *
+ * Only content types configured to work with Blog API are supported.
+ *
+ * @return
+ * TRUE if the content type is supported and the user has permission
+ * to post, or a blogapi_error() XML construct otherwise.
+ */
+function _blogapi_validate_blogid($blogid) {
+ $types = _blogapi_get_node_types();
+ if (in_array($blogid, $types, TRUE)) {
+ return TRUE;
+ }
+ return blogapi_error(t("Blog API module is not configured to support the %type content type, or you don't have sufficient permissions to post this type of content.", array('%type' => $blogid)));
+}
+
+function _blogapi_get_node_types() {
+ $available_types = array_keys(array_filter(variable_get('blogapi_node_types', array('blog' => 1))));
+ $types = array();
+ foreach (node_get_types() as $type => $name) {
+ if (node_access('create', $type) && in_array($type, $available_types)) {
+ $types[] = $type;
+ }
+ }
+
+ return $types;
+}
+
+function _blogapi_space_used($uid) {
+ return db_result(db_query('SELECT SUM(filesize) FROM {blogapi_files} f WHERE f.uid = %d', $uid));
+}