/** * standard PHP file-upload security measures. all variables accessed in a global context * @return bool True on success */ public function confirm_upload() { global $sugar_config; if (empty($this->field_name) || !isset($_FILES[$this->field_name])) { return false; } //check to see if there are any errors from upload if ($_FILES[$this->field_name]['error'] != UPLOAD_ERR_OK) { if ($_FILES[$this->field_name]['error'] != UPLOAD_ERR_NO_FILE) { if ($_FILES[$this->field_name]['error'] == UPLOAD_ERR_INI_SIZE) { //log the error, the string produced will read something like: //ERROR: There was an error during upload. Error code: 1 - UPLOAD_ERR_INI_SIZE - The uploaded file exceeds the upload_max_filesize directive in php.ini. upload_maxsize is 16 $errMess = string_format($GLOBALS['app_strings']['UPLOAD_ERROR_TEXT_SIZEINFO'], array($_FILES['filename_file']['error'], self::$filesError[$_FILES['filename_file']['error']], $sugar_config['upload_maxsize'])); $GLOBALS['log']->fatal($errMess); } else { //log the error, the string produced will read something like: //ERROR: There was an error during upload. Error code: 3 - UPLOAD_ERR_PARTIAL - The uploaded file was only partially uploaded. $errMess = string_format($GLOBALS['app_strings']['UPLOAD_ERROR_TEXT'], array($_FILES['filename_file']['error'], self::$filesError[$_FILES['filename_file']['error']])); $GLOBALS['log']->fatal($errMess); } } return false; } if (!is_uploaded_file($_FILES[$this->field_name]['tmp_name'])) { return false; } elseif ($_FILES[$this->field_name]['size'] > $sugar_config['upload_maxsize']) { $GLOBALS['log']->fatal("ERROR: uploaded file was too big: max filesize: {$sugar_config['upload_maxsize']}"); return false; } if (!UploadStream::writable()) { $GLOBALS['log']->fatal("ERROR: cannot write to upload directory"); return false; } $this->mime_type = $this->getMime($_FILES[$this->field_name]); $this->stored_file_name = $this->create_stored_filename(); $this->temp_file_location = $_FILES[$this->field_name]['tmp_name']; $this->uploaded_file_name = $_FILES[$this->field_name]['name']; return true; }
/** * standard PHP file-upload security measures. all variables accessed in a global context * @return bool True on success */ public function confirm_upload() { global $sugar_config; if (empty($this->field_name) || !isset($_FILES[$this->field_name])) { return false; } if ($_FILES[$this->field_name]['error'] != UPLOAD_ERR_OK) { if ($_FILES[$this->field_name]['error'] != UPLOAD_ERR_NO_FILE) { $GLOBALS['log']->error('File upload error: ' . self::$filesError[$_FILES[$this->field_name]['error']]); } return false; } if (!is_uploaded_file($_FILES[$this->field_name]['tmp_name'])) { return false; } elseif ($_FILES[$this->field_name]['size'] > $sugar_config['upload_maxsize']) { $GLOBALS['log']->fatal("ERROR: uploaded file was too big: max filesize: {$sugar_config['upload_maxsize']}"); return false; } if (!UploadStream::writable()) { $GLOBALS['log']->fatal("ERROR: cannot write to upload directory"); return false; } $this->mime_type = $this->getMime($_FILES[$this->field_name]); $this->stored_file_name = $this->create_stored_filename(); $this->temp_file_location = $_FILES[$this->field_name]['tmp_name']; return true; }