$file = $_FILES['uploadimage']['tmp_name']; $fname = $_FILES['uploadimage']['name']; //not going to go by MIME type - don't trust the browser $extension = strtolower(substr($fname, strlen($fname) - 4, 4)); if ($extension == '.gif') { $extension = '.gif'; } else { $extension = '.jpg'; } $finalname = $res; imageHandler($file, $finalname . $extension, $savedir, $maxwidth, $maxheight, $quality, $extension); imageHandler($file, "thumb_" . $finalname . $extension, $savedir, $thumbwidth, $thumbheight, $quality, $extension); photobblog_post_photo($bBlog, $res, $finalname . $extension, $_POST['caption']); } elseif ($_POST['image'] == "server") { $imageLoc = $_POST['serverimage']; photobblog_post_photo($bBlog, $res, $imageLoc, $_POST['caption']); } } else { $bBlog->smartyObj->assign('post_message', "Sorry, error adding post: " . mysql_error()); } } // get modifiers $bBlog->get_modifiers(); if (isset($_REQUEST['popup']) && $_REQUEST['popup'] == 'true') { include 'inc/bookmarkletstuff.php'; $bBlog->display('popuppost.html'); } else { $bBlog->display('post.html'); } //// // !makes sure post data is sql safe
$fname = $_FILES['uploadimage']['name']; //not going to go by MIME type - don't trust the browser $extension = strtolower(substr($fname, strlen($fname) - 4, 4)); if ($extension == '.gif') { $extension = '.gif'; } else { $extension = '.jpg'; } $finalname = $_POST['postid']; imageHandler($file, $finalname . $extension, $savedir, $maxwidth, $maxheight, $quality, $extension); imageHandler($file, "thumb_" . $finalname . $extension, $savedir, $thumbwidth, $thumbheight, $quality, $extension); $result = $bBlog->get_var("select postid from " . TBL_PREFIX . "photobblog where postid=" . $_POST['postid']); if ($result) { photobblog_update($bBlog, $_POST['postid'], $_POST['postid'] . $extension, $_POST['caption']); } else { photobblog_post_photo($bBlog, $_POST['postid'], $_POST['postid'] . $extension, $_POST['caption']); } } if (isset($_POST['send_trackback']) && $_POST['send_trackback'] == "TRUE") { // send a trackback include "./trackback.php"; if (!isset($_POST['title_text'])) { $_POST['title_text'] = ""; } if (!isset($_POST['excerpt'])) { $_POST['excerpt'] = ""; } if (!isset($_POST['tburl'])) { $_POST['tburl'] = ""; } send_trackback($bBlog->_get_entry_permalink($_POST['postid']), $_POST['title_text'], $_POST['excerpt'], $_POST['tburl']);