function isSafeAllowed($path) { return isSafe($path) && isAllowedExt($path); }
$response_binval = null; $response_error = null; $response_id = '0'; // Set a special XML header header('Content-Type: text/xml; charset=utf-8'); // No file uploaded? if (!isset($_FILES['file']) || empty($_FILES['file']) || (!isset($_POST['id']) || empty($_POST['id']))) { $response_error = 'bad-request'; $response_id = '0'; } else { // Get the POST vars $response_id = $_POST['id']; $tmp_filename = $_FILES['file']['tmp_name']; $old_filename = $_FILES['file']['name']; // Security sanitization if (isAllowedExt($old_filename)) { // Get the file extension $ext = getFileExt($old_filename); // Hash it! $filename = md5($old_filename . time()) . '.' . $ext; // Define some vars $path = JAPPIX_BASE . '/tmp/avatar/' . $filename; // Define MIME type if ($ext == 'jpg') { $ext = 'jpeg'; } $response_type = 'image/' . $ext; if (!preg_match('/^(jpeg|png|gif)$/i', $ext)) { // Unsupported file extension $response_error = 'forbidden-type'; } else {