aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/www/include/share/net/upload.php
diff options
context:
space:
mode:
authorM.Gergo2018-07-06 11:14:41 +0200
committerM.Gergo2018-07-06 11:14:41 +0200
commit43de9af71f7f4ca5731b94a06d688ae8412ba427 (patch)
tree54835de1dfcda504c02da261f0dc26885aed2e89 /mayor-orig/www/include/share/net/upload.php
parent50310b0e4513ee3fcce67351ae61e8fff851130e (diff)
downloadmayor-43de9af71f7f4ca5731b94a06d688ae8412ba427.tar.gz
mayor-43de9af71f7f4ca5731b94a06d688ae8412ba427.zip
2018/Feb/28 -i állapot hozzáadva, mint a módosítások kiindulási állapota
Diffstat (limited to 'mayor-orig/www/include/share/net/upload.php')
-rw-r--r--mayor-orig/www/include/share/net/upload.php58
1 files changed, 58 insertions, 0 deletions
diff --git a/mayor-orig/www/include/share/net/upload.php b/mayor-orig/www/include/share/net/upload.php
new file mode 100644
index 00000000..a909f6c2
--- /dev/null
+++ b/mayor-orig/www/include/share/net/upload.php
@@ -0,0 +1,58 @@
+<?php
+
+function mayorFileUpload($WHERE) {
+
+try {
+
+ // Undefined | Multiple Files | $_FILES Corruption Attack
+ // If this request falls under any of them, treat it invalid.
+ if (
+ !isset($_FILES['upfile']['error']) ||
+ is_array($_FILES['upfile']['error'])
+ ) {
+ throw new RuntimeException('Paraméter hiba!');
+ }
+
+ // Check $_FILES['upfile']['error'] value.
+ switch ($_FILES['upfile']['error']) {
+ case UPLOAD_ERR_OK:
+ break;
+ case UPLOAD_ERR_NO_FILE:
+ throw new RuntimeException('Nincs megadott file.');
+ case UPLOAD_ERR_INI_SIZE:
+ case UPLOAD_ERR_FORM_SIZE:
+ throw new RuntimeException('FileSize limit hiba!');
+ default:
+ throw new RuntimeException('Valami hiba...');
+ }
+
+ // You should also check filesize here.
+ if ($_FILES['upfile']['size'] > 1000000) {
+ throw new RuntimeException('Túl nagy a file!');
+ }
+
+ $finfo = new finfo(FILEINFO_MIME_TYPE);
+ if (false === $ext = array_search(
+ $finfo->file($_FILES['upfile']['tmp_name']),
+ array(
+ 'jpg' => 'image/jpeg',
+ 'png' => 'image/png',
+ 'gif' => 'image/gif',
+ ),
+ true
+ )) {
+ throw new RuntimeException('Nem kép!');
+ }
+
+ // You should name it uniquely.
+ // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
+ // On this example, obtain safe unique name from its binary data.
+ if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$WHERE['subdir'].'/'.$WHERE['filename'])) {
+ throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?');
+ }
+
+ } catch (RuntimeException $e) {
+ $_SESSION['alert'][] = 'info::'.$e->getMessage();
+ }
+}
+?> \ No newline at end of file