/** * @return FileInfo|null * @throws Exception */ private static function checkUploadedFile() { // Undefined | Multiple Files | $_FILES Corruption Attack // If this request falls under any of them, treat it invalid. if (!isset($_FILES['upfile']['error']) || is_array($_FILES['upfile']['error'])) { throw new Exception('Invalid parameters.'); } // Check $_FILES['upfile']['error'] value. switch ($_FILES['upfile']['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_NO_FILE: return null; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: throw new Exception('Exceeded filesize limit.'); default: throw new Exception('Unknown errors.'); } // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !! // Check MIME Type by yourself. $finfo = new \finfo(FILEINFO_MIME_TYPE); if (false === ($ext = array_search($finfo->file($_FILES['upfile']['tmp_name']), array('jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif'), true))) { throw new Exception('Invalid file format.'); } if ($_FILES['upfile']['size'] > 4194304) { throw new Exception('Exceeded file size limit.'); } $imageData = getimagesize($_FILES['upfile']['tmp_name']); $fileInfo = new FileInfo(); $fileInfo->setSize($_FILES['upfile']['size'])->setHash(md5_file($_FILES['upfile']['tmp_name'], true))->setW($imageData[0])->setH($imageData[1])->setName(pathinfo($_FILES['upfile']['name'], PATHINFO_FILENAME))->setExt('.' . pathinfo($_FILES['upfile']['name'], PATHINFO_EXTENSION)); return $fileInfo; }
function addFileInfo(Board $b, int $no, int $tim, FileInfo $fi) { $prepared = $this->conn_rw->prepare("UPDATE `{$b->getName()}_post` SET " . "`tim`=:tim, `md5`=:md5, `w`=:w, `h`=:h, `filename`=:filename, `ext`=:ext, `fsize`=:fsize WHERE `no`=:no"); $prepared->execute([':tim' => $tim, ':md5' => $fi->getHash(), ':w' => $fi->getW(), ':h' => $fi->getH(), ':filename' => $fi->getName(), ':ext' => $fi->getExt(), ':fsize' => $fi->getSize(), ':no' => $no]); }