if ($value != "0_1") { $file_keys .= ($file_keys ? ":" : "") . $key . "_" . intval($value); $file_keywords[$key] = intval($value); } else { $file_error["keywords"][$key] = 1; } } } //starts upload of file if (!is_uploaded_file($_FILES["file"]["tmp_name"])) { $file_error["file"] = $BL['be_fprivup_err1']; } elseif ($_FILES["file"]["size"] > $phpwcms["file_maxsize"]) { $file_error["file"] = $BL['be_fprivup_err2'] . " " . number_format($phpwcms["file_maxsize"] / 1024, 2, ',', '.') . " kB"; } else { $fileName = sanitize_filename($_FILES["file"]["name"]); $fileExt = check_image_extension($_FILES["file"]["tmp_name"], $fileName); $fileExt = $fileExt === false ? which_ext($fileName) : $fileExt; $fileHash = md5($fileName . microtime()); $fileType = is_mimetype_format($_FILES["file"]["type"]) ? $_FILES["file"]["type"] : get_mimetype_by_extension($fileExt); $fileSize = intval($_FILES["file"]["size"]); // Check against forbidden file names $forbiddenUploadName = array('.htaccess', 'web.config', 'lighttpd.conf', 'nginx.conf'); if (in_array(strtolower($fileName), $forbiddenUploadName)) { $file_error["file"] = sprintf($BL['be_fprivup_err7'], $fileName); } // Only allowed file extensions if (empty($file_error["file"])) { if (is_string($phpwcms['allowed_upload_ext'])) { $phpwcms['allowed_upload_ext'] = convertStringToArray(strtolower($phpwcms['allowed_upload_ext'])); } if ($fileExt === '') {
} ?> <p><img src="../../img/symbole/rotation.gif" alt="" width="15" height="15"><strong class="title"> selected files uploaded via ftp will be taken over!</strong></p><?php echo "<p class=\"v10\">"; flush(); foreach ($ftp["mark"] as $key => $value) { if (!ini_get('safe_mode') && function_exists('set_time_limit')) { set_time_limit(60); } $file = $ftp["file"][$key]; $file_path = PHPWCMS_ROOT . $phpwcms["ftp_path"] . $file; if (is_file($file_path)) { $file_type = ''; $file_error["upload"] = 0; $file_size = filesize($file_path); $file_ext = check_image_extension($file_path); $file_ext = false === $file_ext ? which_ext($file) : $file_ext; $file_name = sanitize_filename($ftp["filename"][$key]); $file_hash = md5($file_name . microtime()); if (trim($file_type) === '') { //check file_type if (is_mimetype_by_extension($file_ext)) { $file_type = get_mimetype_by_extension($file_ext); } else { $file_check = getimagesize($file_path); if (version_compare("4.3.0", phpversion(), ">=") && $file_check) { $file_type = image_type_to_mime_type($file_check[2]); } if (!is_mimetype_format($file_type)) { $file_type = get_mimetype_by_extension($file_ext); }