Check file types uploaded and handle message error for the users
This commit is contained in:
parent
5857970461
commit
23237cb05d
@ -133,9 +133,13 @@
|
||||
cache: false,
|
||||
contentType: false,
|
||||
processData: false
|
||||
}).done(function(json) {
|
||||
console.log(json);
|
||||
$("#jsprofilePicturePreview").attr('src',json.absoluteURL+"?time="+Math.random());
|
||||
}).done(function(data) {
|
||||
console.log(data);
|
||||
if (data.status==0) {
|
||||
$("#jsprofilePicturePreview").attr('src',json.absoluteURL+"?time="+Math.random());
|
||||
} else {
|
||||
showAlert(data.message);
|
||||
}
|
||||
});
|
||||
});
|
||||
</script>
|
||||
|
@ -579,9 +579,13 @@
|
||||
cache: false,
|
||||
contentType: false,
|
||||
processData: false
|
||||
}).done(function(json) {
|
||||
console.log(json);
|
||||
$("#jssiteLogoPreview").attr('src',json.absoluteURL+"?time="+Math.random());
|
||||
}).done(function(data) {
|
||||
console.log(data);
|
||||
if (data.status==0) {
|
||||
$("#jssiteLogoPreview").attr('src',data.absoluteURL+"?time="+Math.random());
|
||||
} else {
|
||||
showAlert(data.message);
|
||||
}
|
||||
});
|
||||
});
|
||||
</script>
|
||||
|
@ -14,11 +14,18 @@ if (!isset($_FILES['inputFile'])) {
|
||||
ajaxResponse(1, 'Error trying to upload the site logo.');
|
||||
}
|
||||
|
||||
// Check path traversal on $filename
|
||||
if (Text::stringContains($_FILES['inputFile']['name'], DS, false)) {
|
||||
$message = 'Path traversal detected.';
|
||||
Log::set($message, LOG_TYPE_ERROR);
|
||||
ajaxResponse(1, $message);
|
||||
}
|
||||
|
||||
// File extension
|
||||
$fileExtension = Filesystem::extension($_FILES['inputFile']['name']);
|
||||
$fileExtension = Text::lowercase($fileExtension);
|
||||
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
||||
$message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
||||
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
||||
Log::set($message, LOG_TYPE_ERROR);
|
||||
ajaxResponse(1, $message);
|
||||
}
|
||||
|
@ -15,18 +15,18 @@ if (!isset($_FILES['profilePictureInputFile'])) {
|
||||
ajaxResponse(1, 'Error trying to upload the profile picture.');
|
||||
}
|
||||
|
||||
// Check file extension
|
||||
$fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']);
|
||||
$fileExtension = Text::lowercase($fileExtension);
|
||||
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
||||
$message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
||||
// Check path traversal
|
||||
if (Text::stringContains($username, DS, false)) {
|
||||
$message = 'Path traversal detected.';
|
||||
Log::set($message, LOG_TYPE_ERROR);
|
||||
ajaxResponse(1, $message);
|
||||
}
|
||||
|
||||
// Check path traversal
|
||||
if (Text::stringContains($username, DS, false)) {
|
||||
$message = 'Path traversal detected.';
|
||||
// Check file extension
|
||||
$fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']);
|
||||
$fileExtension = Text::lowercase($fileExtension);
|
||||
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
||||
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
||||
Log::set($message, LOG_TYPE_ERROR);
|
||||
ajaxResponse(1, $message);
|
||||
}
|
||||
@ -45,8 +45,8 @@ $image = new Image();
|
||||
$image->setImage(PATH_TMP.$tmpFilename, PROFILE_IMG_WIDTH, PROFILE_IMG_HEIGHT, 'crop');
|
||||
$image->saveImage(PATH_UPLOADS_PROFILES.$filename, PROFILE_IMG_QUALITY, false, true);
|
||||
|
||||
// Remove the tmp file
|
||||
unlink(PATH_TMP.$tmpFilename);
|
||||
// Delete temporary file
|
||||
Filesystem::rmfile(PATH_TMP.$tmpFilename);
|
||||
|
||||
// Permissions
|
||||
chmod(PATH_UPLOADS_PROFILES.$filename, 0644);
|
||||
|
@ -54,6 +54,15 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) {
|
||||
ajaxResponse(1, $message);
|
||||
}
|
||||
|
||||
// Check file extension
|
||||
$fileExtension = Filesystem::extension($filename);
|
||||
$fileExtension = Text::lowercase($fileExtension);
|
||||
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
||||
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
||||
Log::set($message, LOG_TYPE_ERROR);
|
||||
ajaxResponse(1, $message);
|
||||
}
|
||||
|
||||
// Move from PHP tmp file to Bludit tmp directory
|
||||
Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP.$filename);
|
||||
|
||||
@ -64,10 +73,11 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) {
|
||||
Filesystem::rmfile(PATH_TMP.$filename);
|
||||
|
||||
if ($image) {
|
||||
chmod($image, 0644);
|
||||
$filename = Filesystem::filename($image);
|
||||
array_push($images, $filename);
|
||||
} else {
|
||||
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
||||
$message = 'Error after transformImage() function.';
|
||||
Log::set($message, LOG_TYPE_ERROR);
|
||||
ajaxResponse(1, $message);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user