bludit/bl-kernel/ajax/profile-picture-upload.php

<?php defined('BLUDIT') or die('Bludit CMS.');
header('Content-Type: application/json');

// $_POST
// ----------------------------------------------------------------------------
// (string) $_POST['username']
$username = empty($_POST['username']) ? false : $_POST['username'];
// ----------------------------------------------------------------------------

if ($username===false) {
	ajaxResponse(1, 'Error in username.');
}

if (!isset($_FILES['profilePictureInputFile'])) {
	ajaxResponse(1, 'Error trying to upload the profile picture.');
}

// Check path traversal
if (Text::stringContains($username, DS, false)) {
	$message = 'Path traversal detected.';
	Log::set($message, LOG_TYPE_ERROR);
	ajaxResponse(1, $message);
}

// Check file extension
$fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']);
$fileExtension = Text::lowercase($fileExtension);
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
	$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
	Log::set($message, LOG_TYPE_ERROR);
	ajaxResponse(1, $message);
}

// Tmp filename
$tmpFilename = $username.'.'.$fileExtension;

// Final filename
$filename = $username.'.png';

// Move from temporary directory to uploads folder
rename($_FILES['profilePictureInputFile']['tmp_name'], PATH_TMP.$tmpFilename);

// Resize and convert to png
$image = new Image();
$image->setImage(PATH_TMP.$tmpFilename, PROFILE_IMG_WIDTH, PROFILE_IMG_HEIGHT, 'crop');
$image->saveImage(PATH_UPLOADS_PROFILES.$filename, PROFILE_IMG_QUALITY, false, true);

// Delete temporary file
Filesystem::rmfile(PATH_TMP.$tmpFilename);

// Permissions
chmod(PATH_UPLOADS_PROFILES.$filename, 0644);

ajaxResponse(0, 'Image uploaded.', array(
	'filename'=>$filename,
	'absoluteURL'=>DOMAIN_UPLOADS_PROFILES.$filename,
	'absolutePath'=>PATH_UPLOADS_PROFILES.$filename
));

?>
Bug fixes 2018-07-30 23:43:12 +02:00			`<?php defined('BLUDIT') or die('Bludit CMS.');`
			`header('Content-Type: application/json');`

bug fix profile picture 2018-10-29 18:21:42 +01:00			`// $_POST`
			`// ----------------------------------------------------------------------------`
			`// (string) $_POST['username']`
			`$username = empty($_POST['username']) ? false : $_POST['username'];`
			`// ----------------------------------------------------------------------------`

			`if ($username===false) {`
Ajax response improves 2019-01-31 20:07:59 +01:00			`ajaxResponse(1, 'Error in username.');`
bug fix profile picture 2018-10-29 18:21:42 +01:00			`}`

Bug fixes 2018-07-30 23:43:12 +02:00			`if (!isset($_FILES['profilePictureInputFile'])) {`
Ajax response improves 2019-01-31 20:07:59 +01:00			`ajaxResponse(1, 'Error trying to upload the profile picture.');`
Bug fixes 2018-07-30 23:43:12 +02:00			`}`

Check file types uploaded and handle message error for the users 2019-09-09 19:29:35 +02:00			`// Check path traversal`
			`if (Text::stringContains($username, DS, false)) {`
			`$message = 'Path traversal detected.';`
check extension and path traversal 2019-03-10 18:27:24 +01:00			`Log::set($message, LOG_TYPE_ERROR);`
			`ajaxResponse(1, $message);`
			`}`

Check file types uploaded and handle message error for the users 2019-09-09 19:29:35 +02:00			`// Check file extension`
			`$fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']);`
			`$fileExtension = Text::lowercase($fileExtension);`
			`if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {`
			`$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);`
check extension and path traversal 2019-03-10 18:27:24 +01:00			`Log::set($message, LOG_TYPE_ERROR);`
			`ajaxResponse(1, $message);`
			`}`

Bug fix for PHP 5.6 when upload images 2019-05-29 19:28:11 +02:00			`// Tmp filename`
			`$tmpFilename = $username.'.'.$fileExtension;`

Language updated 2019-06-06 19:26:35 +02:00			`// Final filename`
			`$filename = $username.'.png';`

Bug fixes 2018-07-30 23:43:12 +02:00			`// Move from temporary directory to uploads folder`
			`rename($_FILES['profilePictureInputFile']['tmp_name'], PATH_TMP.$tmpFilename);`

			`// Resize and convert to png`
			`$image = new Image();`
			`$image->setImage(PATH_TMP.$tmpFilename, PROFILE_IMG_WIDTH, PROFILE_IMG_HEIGHT, 'crop');`
			`$image->saveImage(PATH_UPLOADS_PROFILES.$filename, PROFILE_IMG_QUALITY, false, true);`

Check file types uploaded and handle message error for the users 2019-09-09 19:29:35 +02:00			`// Delete temporary file`
			`Filesystem::rmfile(PATH_TMP.$tmpFilename);`
Bug fixes 2018-07-30 23:43:12 +02:00
			`// Permissions`
			`chmod(PATH_UPLOADS_PROFILES.$filename, 0644);`

Ajax response improves 2019-01-31 20:07:59 +01:00			`ajaxResponse(0, 'Image uploaded.', array(`
Bug fixes 2018-07-30 23:43:12 +02:00			`'filename'=>$filename,`
			`'absoluteURL'=>DOMAIN_UPLOADS_PROFILES.$filename,`
			`'absolutePath'=>PATH_UPLOADS_PROFILES.$filename`
Ajax response improves 2019-01-31 20:07:59 +01:00			`));`
Bug fixes 2018-07-30 23:43:12 +02:00
			`?>`