Check file types uploaded and handle message error for the users
This commit is contained in:
Diego Najar
parent
5857970461
commit
23237cb05d
|
|
@ -133,9 +133,13 @@
|
||||||
cache: false,
|
cache: false,
|
||||||
contentType: false,
|
contentType: false,
|
||||||
processData: false
|
processData: false
|
||||||
}).done(function(json) {
|
}).done(function(data) {
|
||||||
console.log(json);
|
console.log(data);
|
||||||
$("#jsprofilePicturePreview").attr('src',json.absoluteURL+"?time="+Math.random());
|
if (data.status==0) {
|
||||||
|
$("#jsprofilePicturePreview").attr('src',json.absoluteURL+"?time="+Math.random());
|
||||||
|
} else {
|
||||||
|
showAlert(data.message);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
|
|
|
||||||
|
|
@ -579,9 +579,13 @@
|
||||||
cache: false,
|
cache: false,
|
||||||
contentType: false,
|
contentType: false,
|
||||||
processData: false
|
processData: false
|
||||||
}).done(function(json) {
|
}).done(function(data) {
|
||||||
console.log(json);
|
console.log(data);
|
||||||
$("#jssiteLogoPreview").attr('src',json.absoluteURL+"?time="+Math.random());
|
if (data.status==0) {
|
||||||
|
$("#jssiteLogoPreview").attr('src',data.absoluteURL+"?time="+Math.random());
|
||||||
|
} else {
|
||||||
|
showAlert(data.message);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
|
|
|
||||||
|
|
@ -14,11 +14,18 @@ if (!isset($_FILES['inputFile'])) {
|
||||||
ajaxResponse(1, 'Error trying to upload the site logo.');
|
ajaxResponse(1, 'Error trying to upload the site logo.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check path traversal on $filename
|
||||||
|
if (Text::stringContains($_FILES['inputFile']['name'], DS, false)) {
|
||||||
|
$message = 'Path traversal detected.';
|
||||||
|
Log::set($message, LOG_TYPE_ERROR);
|
||||||
|
ajaxResponse(1, $message);
|
||||||
|
}
|
||||||
|
|
||||||
// File extension
|
// File extension
|
||||||
$fileExtension = Filesystem::extension($_FILES['inputFile']['name']);
|
$fileExtension = Filesystem::extension($_FILES['inputFile']['name']);
|
||||||
$fileExtension = Text::lowercase($fileExtension);
|
$fileExtension = Text::lowercase($fileExtension);
|
||||||
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
||||||
$message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
||||||
Log::set($message, LOG_TYPE_ERROR);
|
Log::set($message, LOG_TYPE_ERROR);
|
||||||
ajaxResponse(1, $message);
|
ajaxResponse(1, $message);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,18 +15,18 @@ if (!isset($_FILES['profilePictureInputFile'])) {
|
||||||
ajaxResponse(1, 'Error trying to upload the profile picture.');
|
ajaxResponse(1, 'Error trying to upload the profile picture.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check file extension
|
// Check path traversal
|
||||||
$fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']);
|
if (Text::stringContains($username, DS, false)) {
|
||||||
$fileExtension = Text::lowercase($fileExtension);
|
$message = 'Path traversal detected.';
|
||||||
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
|
||||||
$message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
|
||||||
Log::set($message, LOG_TYPE_ERROR);
|
Log::set($message, LOG_TYPE_ERROR);
|
||||||
ajaxResponse(1, $message);
|
ajaxResponse(1, $message);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check path traversal
|
// Check file extension
|
||||||
if (Text::stringContains($username, DS, false)) {
|
$fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']);
|
||||||
$message = 'Path traversal detected.';
|
$fileExtension = Text::lowercase($fileExtension);
|
||||||
|
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
||||||
|
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
||||||
Log::set($message, LOG_TYPE_ERROR);
|
Log::set($message, LOG_TYPE_ERROR);
|
||||||
ajaxResponse(1, $message);
|
ajaxResponse(1, $message);
|
||||||
}
|
}
|
||||||
|
|
@ -45,8 +45,8 @@ $image = new Image();
|
||||||
$image->setImage(PATH_TMP.$tmpFilename, PROFILE_IMG_WIDTH, PROFILE_IMG_HEIGHT, 'crop');
|
$image->setImage(PATH_TMP.$tmpFilename, PROFILE_IMG_WIDTH, PROFILE_IMG_HEIGHT, 'crop');
|
||||||
$image->saveImage(PATH_UPLOADS_PROFILES.$filename, PROFILE_IMG_QUALITY, false, true);
|
$image->saveImage(PATH_UPLOADS_PROFILES.$filename, PROFILE_IMG_QUALITY, false, true);
|
||||||
|
|
||||||
// Remove the tmp file
|
// Delete temporary file
|
||||||
unlink(PATH_TMP.$tmpFilename);
|
Filesystem::rmfile(PATH_TMP.$tmpFilename);
|
||||||
|
|
||||||
// Permissions
|
// Permissions
|
||||||
chmod(PATH_UPLOADS_PROFILES.$filename, 0644);
|
chmod(PATH_UPLOADS_PROFILES.$filename, 0644);
|
||||||
|
|
|
||||||
|
|
@ -54,6 +54,15 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) {
|
||||||
ajaxResponse(1, $message);
|
ajaxResponse(1, $message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check file extension
|
||||||
|
$fileExtension = Filesystem::extension($filename);
|
||||||
|
$fileExtension = Text::lowercase($fileExtension);
|
||||||
|
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
||||||
|
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
||||||
|
Log::set($message, LOG_TYPE_ERROR);
|
||||||
|
ajaxResponse(1, $message);
|
||||||
|
}
|
||||||
|
|
||||||
// Move from PHP tmp file to Bludit tmp directory
|
// Move from PHP tmp file to Bludit tmp directory
|
||||||
Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP.$filename);
|
Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP.$filename);
|
||||||
|
|
||||||
|
|
@ -64,10 +73,11 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) {
|
||||||
Filesystem::rmfile(PATH_TMP.$filename);
|
Filesystem::rmfile(PATH_TMP.$filename);
|
||||||
|
|
||||||
if ($image) {
|
if ($image) {
|
||||||
|
chmod($image, 0644);
|
||||||
$filename = Filesystem::filename($image);
|
$filename = Filesystem::filename($image);
|
||||||
array_push($images, $filename);
|
array_push($images, $filename);
|
||||||
} else {
|
} else {
|
||||||
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
$message = 'Error after transformImage() function.';
|
||||||
Log::set($message, LOG_TYPE_ERROR);
|
Log::set($message, LOG_TYPE_ERROR);
|
||||||
ajaxResponse(1, $message);
|
ajaxResponse(1, $message);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue