+ # Remove evil characters
+ if ($filename =~ /[^a-zA-Z0-9._()-]/) {
+ if (defined($autorename) && $autorename eq "autorename/") {
+ $filename =~ tr/a-zA-Z0-9.()-/_/c;
+ } else {
+ $res->status(403);
+ $res->content_type('text/plain; charset=utf-8');
+ $res->body("Illegal characters in filename");
+ return $res;
+ }
+ }
+
+ # Get the new ID
+ my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;");
+ my $newid = $ref->{'id'};
+ if (!defined($newid)) {
+ return dberror($r, "Couldn't get new ID");
+ }
+
+ # Autorename if we need to
+ $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?",
+ undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename)
+ or return dberror($r, "Couldn't check for existing files");
+ if ($ref->{'numfiles'} > 0) {
+ if (defined($autorename) && $autorename eq "autorename/") {
+ Sesse::pr0n::Common::log_info($r, "Renaming $filename to $newid.jpeg");
+ $filename = "$newid.jpeg";
+ } else {
+ $res->status(403);
+ $res->content_type('text/plain; charset=utf-8');
+ $res->body("File $filename already exists in event $event, cannot overwrite");
+ return $res;
+ }
+ }
+
+ {
+ # Enable transactions and error raising temporarily
+ local $dbh->{AutoCommit} = 0;
+ local $dbh->{RaiseError} = 1;
+ my $fname;
+
+ # Try to insert this new file
+ eval {
+ $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)',
+ undef, $newid, Sesse::pr0n::Common::get_server_name($r), $event, $user, $takenby, $filename);
+ Sesse::pr0n::Common::purge_cache($r, $res, "/$event/");