+
+ # Used by the XP publishing wizard -- largely the same as the code above
+ # but vastly simplified. Should we refactor?
+ if ($r->method eq "POST") {
+ my $apr = Apache2::Request->new($r);
+ my $client_size = $apr->param('size');
+ my $event = $apr->param('event');
+
+ my $file = $apr->upload('image');
+ my $filename = $file->filename();
+ if ($client_size != $file->size()) {
+ $r->content_type('text/plain; charset="utf-8"');
+ $r->status(403);
+ $r->print("Client-size resizing detected; refusing automatically");
+
+ $r->log->info("Client-size resized upload of $event/$filename detected");
+ return Apache2::Const::OK;
+ }
+
+ # Ugh, Windows XP seems to be sending this in... something that's not UTF-8, at least
+ my $takenby_given;
+ eval {
+ $takenby_given = Encode::decode("utf-8", $apr->param('takenby'), Encode::FB_CROAK);
+ };
+ if ($@) {
+ $takenby_given = Encode::decode("iso8859-1", $apr->param('takenby'));
+ }
+
+ if (defined($takenby_given) && $takenby_given !~ /^\s*$/ && $takenby_given !~ /[<>&]/ && length($takenby_given) <= 100) {
+ $takenby = $takenby_given;
+ }
+
+ # Remove evil characters
+ if ($filename =~ /[^a-zA-Z0-9._-]/) {
+ $filename =~ tr/a-zA-Z0-9.-/_/c;
+ }
+
+ # Get the new ID
+ my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;");
+ my $newid = $ref->{'id'};
+ if (!defined($newid)) {
+ dberror($r, "Couldn't get new ID");
+ }
+
+ # Autorename if we need to
+ {
+ my $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE event=? AND filename=?",
+ undef, $event, $filename)
+ or dberror($r, "Couldn't check for existing files");
+ if ($ref->{'numfiles'} > 0) {
+ $r->log->info("Renaming $filename to $newid.jpeg");
+ $filename = "$newid.jpeg";
+ }
+ }
+
+ {
+ # Enable transactions and error raising temporarily
+ local $dbh->{AutoCommit} = 0;
+ local $dbh->{RaiseError} = 1;
+ my $fname;