function process_upload($upload) { global $min_upload_width, $min_upload_height, $max_upload_width, $max_upload_height; if ($upload == "") { echo "No data detected."; return false; } $ext = explode('.', $upload['name']); $count = count($ext); $ext = $ext[$count - 1]; $ext = strtolower($ext); if ($ext != "jpg" && $ext != "jpeg" && $ext != "gif" && $ext != "png" && $ext != "webm") { echo "Invalid extension: ." . $ext . "."; return false; } $ext = "." . $ext; $fname = hash('sha1', hash_file('md5', $upload['tmp_name'])); move_uploaded_file($upload['tmp_name'], "./tmp/" . $fname . $ext); $f = fopen("./tmp/" . $fname . $ext, "rb"); if ($f == "") { echo "Could not open file for reading."; return false; } $data = ''; while (!feof($f)) { $data .= fread($f, 4096); } fclose($f); if (preg_match("#<(script|html|head|title|body|table|a\\s+href|link|plaintext)#si", $data) == 1) { echo "Invalid Data detected."; unlink("./tmp/" . $fname . $ext); return false; } if ($ext === ".webm") { $vid = new webm("./tmp/" . $fname . $ext); if ($vid->valid_webm()) { $img = $vid->frame(); $iinfo = [imagesx($img), imagesy($img)]; $iinfo['mime'] = 'video/web'; } else { echo "Invalid video file."; return false; } } else { $iinfo = getimagesize("./tmp/" . $fname . $ext); } if (substr($iinfo['mime'], 0, 5) != "image" && substr($iinfo['mime'], 0, 5) != "video" || $iinfo[0] < $min_upload_width && $min_upload_width != 0 || $iinfo[0] > $max_upload_width && $max_upload_width != 0 || $iinfo[1] < $min_upload_height && $min_upload_height != 0 || $iinfo[1] > $max_upload_height && $max_upload_height != 0 || !$this->checksum("./tmp/" . $fname . $ext)) { echo "Not a valid image or video file."; unlink("./tmp/" . $fname . $ext); return false; } $ffname = $fname; $cdir = $this->getcurrentfolder(); $i = 0; if (!is_dir("./images/" . $cdir . "/")) { $this->makefolder($cdir); } while (file_exists("./images/" . $cdir . "/" . $fname . $ext)) { $i++; $fname = hash('sha1', hash('md5', $fname . $i)); } $f = fopen("./images/" . $cdir . "/" . $fname . $ext, "w"); if ($f == "") { echo "Could not write file to disk."; return false; } fwrite($f, $data); fclose($f); $this->folder_index_increment($cdir); unlink("./tmp/" . $ffname . $ext); return $cdir . ":" . $fname . $ext; }