if ($user === false || !isset($_REQUEST['id'])) { $response = ["redirect" => "/index.php"]; return $response; } else { $addonObject = AddonManager::getFromId($_REQUEST['id']); } if (!isset($_POST['submit'])) { $response = ["message" => "Updating " . $addonObject->getName(), "version" => $addonObject->getVersion()]; return $response; } if (!isset($_POST['csrftoken']) || $_POST['csrftoken'] != $_SESSION['csrftoken']) { $response = ["message" => "Cross site request forgery attempt blocked", "version" => $addonObject->getVersion()]; return $response; } if ($_FILES['uploadfile']['error'] !== UPLOAD_ERR_OK) { $response = ["message" => "Upload error: " . codeToMessage($_FILES['uploadfile']['error']), "version" => $addonObject->getVersion()]; return $response; } if (!isset($_FILES['uploadfile']['name']) || !isset($_FILES['uploadfile']['size']) || !$_FILES['uploadfile']['size']) { $response = ["message" => "No file was selected to be uploaded", "version" => $addonObject->getVersion()]; return $response; } $uploadExt = pathinfo($_FILES['uploadfile']['name'], PATHINFO_EXTENSION); if ($uploadExt != "zip") { $response = ["message" => "Only .zip files are allowed", "version" => $addonObject->getVersion()]; return $response; } require_once realpath(dirname(__DIR__) . "/class/AddonManager.php"); if ($_FILES['uploadfile']['size'] > AddonManager::$maxFileSize) { $response = ["message" => "File too large - The maximum upload file size is 50 MB. Contact an administrator if you need to upload a larger file.", "version" => $addonObject->getVersion()]; return $response;
function upload_file($file_name, $file_size, $file_tmp, $file_error, $prefix, $uploads_dir) { /* --- FILE: NAME--- */ $files_name = substr($file_name, 0, -4); $file_type = substr($file_name, -4); /* --- FILE: SIZE --- */ if ($file_size > $size) { $type = 'danger'; $msg = 'File exceed, max upload 3 MB'; return false; } /* --- FILE: TYPE --- */ $finfo = new finfo(FILEINFO_MIME_TYPE); if (false === ($ext = array_search($finfo->file($file_tmp), array('jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif'), true))) { $type = 'danger'; $msg = 'Invalid file format'; return false; } /* --- FILE: ERROR --- */ $file_error = codeToMessage($file_error); if ($file_error !== UPLOAD_ERR_OK) { $type = 'danger'; $msg = $file_error; return false; } else { $uploads_dir = "files/uploads/{$uploads_dir}"; $userfile_name = cleanurl(str_replace(array('(', ')', ' '), '_', $files_name)) . $file_type; $userfile_tmp = $file_tmp; $prefix = $prefix; $prod_img = $uploads_dir . $prefix . $userfile_name; move_uploaded_file($userfile_tmp, $prod_img); $slider_image = $prefix . $userfile_name; $filename = 'files/uploads/$uploads_dir' . $prefix . $userfile_name; $type = 'success'; $msg = 'Changes successfully saved'; return $filename; } }
$message = "File upload stopped by extension"; break; default: $message = "Unknown upload error"; break; } return $message; } if ($debug) { /*Head of the page*/ include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/building/head.php'; dump($_FILES, "Files"); } if (isset($_FILES)) { $error = $_FILES['file']['error']; if (isset($_POST['upload']) && $_FILES['file']['size'] > 0) { $fileName = $_FILES['file']['name']; $type = pathinfo($_FILES['file']['tmp_name'], PATHINFO_EXTENSION); $data = file_get_contents($_FILES['file']['tmp_name']); /*The file will be save as base64 encode.*/ $content = base64_encode($data); if (!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); } if (uploadFile($userid, $fileName, $_FILES['file']['size'], $_FILES['file']['type'], $content)) { $_SESSION['success'] = ($debug ? "<b>upload.php:</b><br />" : "") . "File '{$fileName}' was uploaded successfully at the database."; } } else { $_SESSION['error'] = ($debug ? "<b>upload.php:</b><br />" : "") . "The file was rejected because: " . codeToMessage($error); } }