bludit/bl-kernel/ajax/logo-upload.php

<?php defined('BLUDIT') or die('Bludit CMS.');
header('Content-Type: application/json');

/*
| Upload site logo
| The final filename is the site's name and the extension is the same as the file uploaded
|
| @_FILES['inputFile']	multipart/form-data	File from form
|
| @return	array
*/

if (!isset($_FILES['inputFile'])) {
	ajaxResponse(1, 'Error trying to upload the site logo.');
}

// Check path traversal on $filename
if (Text::stringContains($_FILES['inputFile']['name'], DS, false)) {
	$message = 'Path traversal detected.';
	Log::set($message, LOG_TYPE_ERROR);
	ajaxResponse(1, $message);
}

// File extension
$fileExtension = Filesystem::extension($_FILES['inputFile']['name']);
$fileExtension = Text::lowercase($fileExtension);
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
	$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
	Log::set($message, LOG_TYPE_ERROR);
	ajaxResponse(1, $message);
}

// Final filename
$filename = 'logo.'.$fileExtension;
if (Text::isNotEmpty( $site->title() )) {
	$filename = $site->title().'.'.$fileExtension;
}

// Delete old image
$oldFilename = $site->logo(false);
if ($oldFilename) {
	Filesystem::rmfile(PATH_UPLOADS.$oldFilename);
}

// Move from temporary directory to uploads
Filesystem::mv($_FILES['inputFile']['tmp_name'], PATH_UPLOADS.$filename);

// Permissions
chmod(PATH_UPLOADS.$filename, 0644);

// Store the filename in the database
$site->set(array('logo'=>$filename));

ajaxResponse(0, 'Image uploaded.', array(
	'filename'=>$filename,
	'absoluteURL'=>DOMAIN_UPLOADS.$filename,
	'absolutePath'=>PATH_UPLOADS.$filename
));

?>
Site logo implementation 2018-12-21 19:45:53 +01:00			`<?php defined('BLUDIT') or die('Bludit CMS.');`
			`header('Content-Type: application/json');`

added some comments 2019-05-27 19:41:46 +02:00			`/*`
			`\| Upload site logo`
			`\| The final filename is the site's name and the extension is the same as the file uploaded`
			`\|`
			`\| @_FILES['inputFile'] multipart/form-data File from form`
			`\|`
			`\| @return array`
			`*/`

Site logo implementation 2018-12-21 19:45:53 +01:00			`if (!isset($_FILES['inputFile'])) {`
Ajax response improves 2019-01-31 20:07:59 +01:00			`ajaxResponse(1, 'Error trying to upload the site logo.');`
Site logo implementation 2018-12-21 19:45:53 +01:00			`}`

Check file types uploaded and handle message error for the users 2019-09-09 19:29:35 +02:00			`// Check path traversal on $filename`
			`if (Text::stringContains($_FILES['inputFile']['name'], DS, false)) {`
			`$message = 'Path traversal detected.';`
			`Log::set($message, LOG_TYPE_ERROR);`
			`ajaxResponse(1, $message);`
			`}`

Site logo implementation 2018-12-21 19:45:53 +01:00			`// File extension`
Check file extension, bug fix #1011 2019-05-27 19:24:11 +02:00			`$fileExtension = Filesystem::extension($_FILES['inputFile']['name']);`
			`$fileExtension = Text::lowercase($fileExtension);`
Bug fix for PHP 5.6 when upload images 2019-05-29 19:28:11 +02:00			`if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {`
Check file types uploaded and handle message error for the users 2019-09-09 19:29:35 +02:00			`$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);`
added some comments 2019-05-27 19:41:46 +02:00			`Log::set($message, LOG_TYPE_ERROR);`
			`ajaxResponse(1, $message);`
Check file extension, bug fix #1011 2019-05-27 19:24:11 +02:00			`}`
Site logo implementation 2018-12-21 19:45:53 +01:00
			`// Final filename`
			`$filename = 'logo.'.$fileExtension;`
site logo with the sitename 2019-01-15 19:42:15 +01:00			`if (Text::isNotEmpty( $site->title() )) {`
			`$filename = $site->title().'.'.$fileExtension;`
			`}`
Site logo implementation 2018-12-21 19:45:53 +01:00
			`// Delete old image`
			`$oldFilename = $site->logo(false);`
			`if ($oldFilename) {`
			`Filesystem::rmfile(PATH_UPLOADS.$oldFilename);`
			`}`

			`// Move from temporary directory to uploads`
Check file extension, bug fix #1011 2019-05-27 19:24:11 +02:00			`Filesystem::mv($_FILES['inputFile']['tmp_name'], PATH_UPLOADS.$filename);`
Site logo implementation 2018-12-21 19:45:53 +01:00
			`// Permissions`
			`chmod(PATH_UPLOADS.$filename, 0644);`

			`// Store the filename in the database`
			`$site->set(array('logo'=>$filename));`

Ajax response improves 2019-01-31 20:07:59 +01:00			`ajaxResponse(0, 'Image uploaded.', array(`
Site logo implementation 2018-12-21 19:45:53 +01:00			`'filename'=>$filename,`
			`'absoluteURL'=>DOMAIN_UPLOADS.$filename,`
			`'absolutePath'=>PATH_UPLOADS.$filename`
Ajax response improves 2019-01-31 20:07:59 +01:00			`));`
Site logo implementation 2018-12-21 19:45:53 +01:00
			`?>`