diff options
Diffstat (limited to 'mayor-orig/www/include/share/net/upload.php')
| -rw-r--r-- | mayor-orig/www/include/share/net/upload.php | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/mayor-orig/www/include/share/net/upload.php b/mayor-orig/www/include/share/net/upload.php new file mode 100644 index 00000000..a909f6c2 --- /dev/null +++ b/mayor-orig/www/include/share/net/upload.php @@ -0,0 +1,58 @@ +<?php + +function mayorFileUpload($WHERE) { + +try { + + // Undefined | Multiple Files | $_FILES Corruption Attack + // If this request falls under any of them, treat it invalid. + if ( + !isset($_FILES['upfile']['error']) || + is_array($_FILES['upfile']['error']) + ) { + throw new RuntimeException('Paraméter hiba!'); + } + + // Check $_FILES['upfile']['error'] value. + switch ($_FILES['upfile']['error']) { + case UPLOAD_ERR_OK: + break; + case UPLOAD_ERR_NO_FILE: + throw new RuntimeException('Nincs megadott file.'); + case UPLOAD_ERR_INI_SIZE: + case UPLOAD_ERR_FORM_SIZE: + throw new RuntimeException('FileSize limit hiba!'); + default: + throw new RuntimeException('Valami hiba...'); + } + + // You should also check filesize here. + if ($_FILES['upfile']['size'] > 1000000) { + throw new RuntimeException('Túl nagy a file!'); + } + + $finfo = new finfo(FILEINFO_MIME_TYPE); + if (false === $ext = array_search( + $finfo->file($_FILES['upfile']['tmp_name']), + array( + 'jpg' => 'image/jpeg', + 'png' => 'image/png', + 'gif' => 'image/gif', + ), + true + )) { + throw new RuntimeException('Nem kép!'); + } + + // You should name it uniquely. + // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! + // On this example, obtain safe unique name from its binary data. + if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$WHERE['subdir'].'/'.$WHERE['filename'])) { + throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?'); + } + + } catch (RuntimeException $e) { + $_SESSION['alert'][] = 'info::'.$e->getMessage(); + } +} +?>
\ No newline at end of file |