/**
* @return FileInfo|null
* @throws Exception
*/
private static function checkUploadedFile()
{
// Undefined | Multiple Files | $_FILES Corruption Attack
// If this request falls under any of them, treat it invalid.
if (!isset($_FILES['upfile']['error']) || is_array($_FILES['upfile']['error'])) {
throw new Exception('Invalid parameters.');
}
// Check $_FILES['upfile']['error'] value.
switch ($_FILES['upfile']['error']) {
case UPLOAD_ERR_OK:
break;
case UPLOAD_ERR_NO_FILE:
return null;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
throw new Exception('Exceeded filesize limit.');
default:
throw new Exception('Unknown errors.');
}
// DO NOT TRUST $_FILES['upfile']['mime'] VALUE !!
// Check MIME Type by yourself.
$finfo = new \finfo(FILEINFO_MIME_TYPE);
if (false === ($ext = array_search($finfo->file($_FILES['upfile']['tmp_name']), array('jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif'), true))) {
throw new Exception('Invalid file format.');
}
if ($_FILES['upfile']['size'] > 4194304) {
throw new Exception('Exceeded file size limit.');
}
$imageData = getimagesize($_FILES['upfile']['tmp_name']);
$fileInfo = new FileInfo();
$fileInfo->setSize($_FILES['upfile']['size'])->setHash(md5_file($_FILES['upfile']['tmp_name'], true))->setW($imageData[0])->setH($imageData[1])->setName(pathinfo($_FILES['upfile']['name'], PATHINFO_FILENAME))->setExt('.' . pathinfo($_FILES['upfile']['name'], PATHINFO_EXTENSION));
return $fileInfo;
}
function addFileInfo(Board $b, int $no, int $tim, FileInfo $fi)
{
$prepared = $this->conn_rw->prepare("UPDATE `{$b->getName()}_post` SET " . "`tim`=:tim, `md5`=:md5, `w`=:w, `h`=:h, `filename`=:filename, `ext`=:ext, `fsize`=:fsize WHERE `no`=:no");
$prepared->execute([':tim' => $tim, ':md5' => $fi->getHash(), ':w' => $fi->getW(), ':h' => $fi->getH(), ':filename' => $fi->getName(), ':ext' => $fi->getExt(), ':fsize' => $fi->getSize(), ':no' => $no]);
}
