$parts = explode('_', $fileName); if (count($parts)) { $runNum = $parts[0]; $fileBase = $parts[count($parts) - 1]; $cached = ''; if (strpos($fileName, '_Cached')) { $cached = '_cached'; } $path .= "/video_{$runNum}{$cached}"; if (!is_dir($path)) { mkdir($path); } $fileName = 'frame_' . $fileBase; } } MoveUploadedFile($_FILES['file']['tmp_name'], "{$path}/{$fileName}"); } } } } } } /** * Move the file upload and set the appropriate permissions */ function MoveUploadedFile($src, $dest) { move_uploaded_file($src, $dest); touch($dest); @chmod($dest, 0666); }
$key = $_REQUEST['key']; } $id = $_REQUEST['id']; $testPath = './' . GetTestPath($id); if (ValidateTestId($id)) { $testInfo = GetTestInfo($id); if ($testInfo && is_array($testInfo) && isset($testInfo['location'])) { $location = $testInfo['location']; $locKey = GetLocationKey($location); if (isset($locKey)) { if (!strlen($locKey) || !strcmp($key, $locKey) || !strcmp($_SERVER['REMOTE_ADDR'], "127.0.0.1")) { if (array_key_exists('file', $_FILES) && array_key_exists('name', $_FILES['file'])) { $fileName = $_FILES['file']['name']; if (validateUploadFileName($fileName)) { $fileDestination = getFileDestination($testPath, $fileName); MoveUploadedFile($_FILES['file']['tmp_name'], $fileDestination); } } } } } } /** * Checks if the fileName contains invalid characters or has an invalid extension * @param $fileName string The filename to check * @return bool true if accepted for an upload, false otherwise */ function validateUploadFileName($fileName) { if (strpos($fileName, '..') !== false || strpos($fileName, '/') !== false || strpos($fileName, '\\') !== false) { return false;