mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-22 13:45:02 +00:00
Implement some error conditions for the file uploader.
This commit is contained in:
parent
1c99138c72
commit
92b3dbaeb0
2 changed files with 45 additions and 5 deletions
|
@ -15,8 +15,10 @@ register_module([
|
|||
case "GET":
|
||||
// Send upload page
|
||||
|
||||
if($settings->allow_uploads)
|
||||
exit(page_renderer::render("Upload - $settings->sitename", "<form method='post' action='?action=upload' enctype='multipart/form-data'>
|
||||
if($settings->upload_enabled && $env->is_logged_in)
|
||||
exit(page_renderer::render("Upload - $settings->sitename", "<p>Select an image below, and then type a name for it in the box. This server currently supports uploads up to " . get_max_upload_size() . " in size.</p>
|
||||
<p>$settings->sitename currently supports uploading of the following file types: " . implode(", ", $settings->upload_allowed_file_types) . ".</p>
|
||||
<form method='post' action='?action=upload' enctype='multipart/form-data'>
|
||||
<label for='file'>Select a file to upload.</label>
|
||||
<input type='file' name='file' />
|
||||
<br />
|
||||
|
@ -26,15 +28,41 @@ register_module([
|
|||
<input type='submit' value='Upload' />
|
||||
</form>"));
|
||||
else
|
||||
exit(page_renderer::render("Error - Upload - $settings->sitename", "<p>$settings->sitename does not currently have uploads enabled. <a href='javascript:history.back();'>Go back</a>.</p>"));
|
||||
exit(page_renderer::render("Error - Upload - $settings->sitename", "<p>$settings->sitename does not currently have uploads enabled, or you do not currently have permission to upload files because you are not logged in. <a href='javascript:history.back();'>Go back</a>.</p>"));
|
||||
|
||||
break;
|
||||
|
||||
case "PUT":
|
||||
case "POST":
|
||||
// Recieve file
|
||||
|
||||
if(!$settings->allow_uploads)
|
||||
{
|
||||
unlink($_FILES["file"]["tmp_name"]);
|
||||
http_response_code(412);
|
||||
exit(page_renderer::render("Upload failed - $settings->sitename", "<p>Your upload couldn't be processed because uploads are currently disabled on $settings->sitename. <a href='index.php'>Go back to the main page</a>.</p>"));
|
||||
}
|
||||
|
||||
if(!$env->is_logged_in)
|
||||
{
|
||||
unlink($_FILES["file"]["tmp_name"]);
|
||||
http_response_code(401);
|
||||
exit(page_renderer::render("Upload failed - $settings->sitename", "<p>Your upload couldn't be processed because you are not logged in.</p><p>Try <a href='?action=login&returnto=" . rawurlencode("?action=upload") . "'>logging in</a> first."));
|
||||
}
|
||||
|
||||
// Calculate the target filename, removing any characters we
|
||||
// are unsure about.
|
||||
$target_filename = preg_replace("/[^a-z0-9\-_]/i", "", $_POST["filename"]);
|
||||
|
||||
$extra_data = [];
|
||||
$imagesize = getimagesize($_FILES["file"]["tmp_name"], $extra_data);
|
||||
echo("Raw file information: ");
|
||||
var_dump($_FILES);
|
||||
echo("Image sizing information: ");
|
||||
var_dump($imagesize);
|
||||
echo("Extra embedded information: ");
|
||||
var_dump($extra_data);
|
||||
|
||||
unlink($_FILES["file"]["tmp_name"]);
|
||||
|
||||
break;
|
||||
}
|
||||
|
@ -63,7 +91,7 @@ register_module([
|
|||
//// http://stackoverflow.com/a/25370978/1460422
|
||||
// Returns a file size limit in bytes based on the PHP upload_max_filesize
|
||||
// and post_max_size
|
||||
function file_upload_max_size()
|
||||
function get_max_upload_size()
|
||||
{
|
||||
static $max_size = -1;
|
||||
if ($max_size < 0) {
|
||||
|
|
|
@ -171,6 +171,18 @@ $settings->footer_message = "All content is under <a href='?page=License' target
|
|||
// page. May contain HTML.
|
||||
$settings->editing_message = "By submitting your edit, you are agreeing to release your changes under <a href='?action=view&page=License' target='_blank'>this license</a>. Also note that if you don't want your work to be edited by other users of this site, please don't submit it here!";
|
||||
|
||||
// Whether to allow image uploads to the server. Currently disabled temporarily
|
||||
// for security reasons while I finish writing the file uploader.
|
||||
$settings->upload_enabled = true;
|
||||
|
||||
// An array of mime types that are allowed to be uploaded.
|
||||
$settings->upload_allowed_types = [
|
||||
"image/jpeg",
|
||||
"image/png",
|
||||
"image/gif",
|
||||
"image/webp"
|
||||
];
|
||||
|
||||
// A string of css to include. Will be included in the <head> of every page
|
||||
// inside a <style> tag. This may also be a url - urls will be referenced via a
|
||||
// <link rel='stylesheet' /> tag.
|
||||
|
|
Loading…
Reference in a new issue