public function crop_upload() { if (isset($GLOBALS["HTTP_RAW_POST_DATA"])) { $pic = $GLOBALS["HTTP_RAW_POST_DATA"]; if (isset($_GET['width']) && !empty($_GET['width'])) { $width = intval($_GET['width']); } if (isset($_GET['height']) && !empty($_GET['height'])) { $height = intval($_GET['height']); } if (isset($_GET['file']) && !empty($_GET['file'])) { $_GET['file'] = str_ireplace(';', '', 'php', $_GET['file']); if (is_image($_GET['file']) == false || stripos($_GET['file'], '.php') !== false) { exit; } if (strpos($_GET['file'], pc_base::load_config('system', 'upload_url')) !== false) { $file = $_GET['file']; $basename = basename($file); if (strpos($basename, 'thumb_') !== false) { $file_arr = explode('_', $basename); $basename = array_pop($file_arr); } $new_file = 'thumb_' . $width . '_' . $height . '_' . $basename; } else { pc_base::load_sys_class('attachment', '', 0); $module = trim($_GET['module']); $catid = intval($_GET['catid']); $siteid = $this->get_siteid(); $attachment = new attachment($module, $catid, $siteid); $uploadedfile['filename'] = basename($_GET['file']); $uploadedfile['fileext'] = fileext($_GET['file']); if (in_array($uploadedfile['fileext'], array('jpg', 'gif', 'jpeg', 'png', 'bmp'))) { $uploadedfile['isimage'] = 1; } $file_path = $this->upload_path . date('Y/md/'); pc_base::load_sys_func('dir'); dir_create($file_path); $new_file = date('Ymdhis') . rand(100, 999) . '.' . $uploadedfile['fileext']; $uploadedfile['filepath'] = date('Y/md/') . $new_file; $aid = $attachment->add($uploadedfile); } $filepath = date('Y/md/'); file_put_contents($this->upload_path . $filepath . $new_file, $pic); } else { return false; } echo pc_base::load_config('system', 'upload_url') . $filepath . $new_file; exit; } }