function upload($fname, $upath, $ufilename, $atype, $alsize) { global $conn; if (is_uploaded_file($_FILES[$fname]['tmp_name'])) { //echo '<pre>'; print_r($_FILES); echo '</pre>'; ///////// to prevent executable file uploading $filename1 = time() . $_FILES[$fname]['name']; $blacklist = array("phtml", "php3", "php4", "js", "shtml", "pl", "py", "exe"); foreach ($blacklist as $file) { if (preg_match("/\\.{$file}\$/i", "{$filename1}")) { return "IT"; } } //////// if (!isValidFileName($_FILES[$fname]['name'])) { return "IF"; } $size = $_FILES[$fname]['size']; $atype = ""; $alsize = 0; $sql = "Select * from sptbl_lookup where vLookUpName IN('Attachments','MaxfileSize')"; $result = executeSelect($sql, $conn); if (mysql_num_rows($result) > 0) { while ($row = mysql_fetch_array($result)) { switch ($row["vLookUpName"]) { case "Attachments": $var_attach_typearr = explode("|", $row["vLookUpValue"]); // $atype = $atype . $var_attach_typearr[1] . ","; $atype_extension = $atype_extension . $var_attach_typearr[0] . ","; break; case "MaxfileSize": $alsize = $row["vLookUpValue"]; break; } } } mysql_free_result($result); $atype = substr($atype, 0, -1); if ($size > $alsize or $size <= 0) { return "IS"; } if ($atype != "all") { $allowetypearray = explode(",", $atype); $allowetype_extn_array = explode(",", $atype_extension); $file_type = $_FILES[$fname]['type']; $file_type_extension = substr($_FILES[$fname]['name'], strrpos($_FILES[$fname]['name'], ".") + 1); $allowed_flag = 0; $allowedextn_flag = 0; /* foreach ($allowetypearray as $key => $value) { if (strcasecmp($file_type, $value) == 0) { $allowed_flag = 1; break; } }*/ foreach ($allowetype_extn_array as $key => $value) { if (strcasecmp($file_type_extension, $value) == 0) { $allowedextn_flag = 1; $allowed_flag = 1; break; } } if ($allowed_flag == "0" or $allowedextn_flag == "0") { return "IT"; } } if ($ufilename == "") { $ufilename = time() . $_FILES[$fname]['name']; } $file_name = $upath . $ufilename; if (is_file($file_name)) { return "FE"; } elseif (substr(trim($ufilename), 0, 1) == ".") { return "IF"; } $mvstatus = @move_uploaded_file($_FILES[$fname]['tmp_name'], $file_name); if (!$mvstatus) { return "NW"; } chmod($file_name, 0777); return $ufilename; } else { return "FNA"; } }
function lineNumberOfErrorForOldHeader($filePath, $projectName, $contents) { // Getting header if (!preg_match('/\\/\\*\\*.+\\*\\//s', $contents, $matches)) { return 1; } $header = $matches[0]; // Checking header size $lines = preg_split("/[\n\r]+/", $header); if (count($lines) != 7) { return 1; } if (isValidFileName($lines[1], $filePath) == false) { return 2; } if (isValidProjectName($lines[2], $projectName) == false) { return 3; } if (isValidAuthor($lines[4]) == false) { return 5; } if (isValidCopyright($lines[5]) == false) { return 6; } return -1; }