chmod($upload_file, 0644); } if (filesize($upload_file) == 0) { logError("File is empty."); exit; } if (!scanFile($upload_file)) { rename($upload_file, $upload_file . "-virus"); logError("File did not pass the virus scan."); exit; } $fd = fopen("/tmp/upload.log", "a"); fwrite($fd, "Upload: " . serialize($_FILES) . " with " . serialize($_POST) . "\n"); fclose($fd); print_r($_FILES); $file = new File(); $file->byPath($upload_file); if ($file->isValid()) { $file->incrementShrinks(); } else { $file->path = $upload_file; $file->tag = randomTag(); $file->params['name'] = preg_replace(',[^a-zA-Z0-9_:;!@#$%^+=.~-],', '', $f['name']); $file->params['content_type'] = $f['type']; $file->params['size'] = filesize($upload_file); $file->creator = new Creator($_SERVER["REMOTE_ADDR"], $_SESSION["acct_auth"] ? $_SESSION["acct_official"] : null); $file->store(); } $sth = getDB()->prepare("INSERT INTO upload_tracking (upload_id,file_id,error) VALUES (?,?,'f')"); $sth->execute(array($_POST["UPLOAD_IDENTIFIER"], $file->id)); }