1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-12-22 13:45:02 +00:00

Implement some error conditions for the file uploader.

This commit is contained in:
Starbeamrainbowlabs 2015-10-19 08:03:38 +01:00
parent 1c99138c72
commit 92b3dbaeb0
2 changed files with 45 additions and 5 deletions

View file

@ -15,8 +15,10 @@ register_module([
case "GET":
// Send upload page
if($settings->allow_uploads)
exit(page_renderer::render("Upload - $settings->sitename", "<form method='post' action='?action=upload' enctype='multipart/form-data'>
if($settings->upload_enabled && $env->is_logged_in)
exit(page_renderer::render("Upload - $settings->sitename", "<p>Select an image below, and then type a name for it in the box. This server currently supports uploads up to " . get_max_upload_size() . " in size.</p>
<p>$settings->sitename currently supports uploading of the following file types: " . implode(", ", $settings->upload_allowed_file_types) . ".</p>
<form method='post' action='?action=upload' enctype='multipart/form-data'>
<label for='file'>Select a file to upload.</label>
<input type='file' name='file' />
<br />
@ -26,15 +28,41 @@ register_module([
<input type='submit' value='Upload' />
</form>"));
else
exit(page_renderer::render("Error - Upload - $settings->sitename", "<p>$settings->sitename does not currently have uploads enabled. <a href='javascript:history.back();'>Go back</a>.</p>"));
exit(page_renderer::render("Error - Upload - $settings->sitename", "<p>$settings->sitename does not currently have uploads enabled, or you do not currently have permission to upload files because you are not logged in. <a href='javascript:history.back();'>Go back</a>.</p>"));
break;
case "PUT":
case "POST":
// Recieve file
if(!$settings->allow_uploads)
{
unlink($_FILES["file"]["tmp_name"]);
http_response_code(412);
exit(page_renderer::render("Upload failed - $settings->sitename", "<p>Your upload couldn't be processed because uploads are currently disabled on $settings->sitename. <a href='index.php'>Go back to the main page</a>.</p>"));
}
if(!$env->is_logged_in)
{
unlink($_FILES["file"]["tmp_name"]);
http_response_code(401);
exit(page_renderer::render("Upload failed - $settings->sitename", "<p>Your upload couldn't be processed because you are not logged in.</p><p>Try <a href='?action=login&returnto=" . rawurlencode("?action=upload") . "'>logging in</a> first."));
}
// Calculate the target filename, removing any characters we
// are unsure about.
$target_filename = preg_replace("/[^a-z0-9\-_]/i", "", $_POST["filename"]);
$extra_data = [];
$imagesize = getimagesize($_FILES["file"]["tmp_name"], $extra_data);
echo("Raw file information: ");
var_dump($_FILES);
echo("Image sizing information: ");
var_dump($imagesize);
echo("Extra embedded information: ");
var_dump($extra_data);
unlink($_FILES["file"]["tmp_name"]);
break;
}
@ -63,7 +91,7 @@ register_module([
//// http://stackoverflow.com/a/25370978/1460422
// Returns a file size limit in bytes based on the PHP upload_max_filesize
// and post_max_size
function file_upload_max_size()
function get_max_upload_size()
{
static $max_size = -1;
if ($max_size < 0) {

View file

@ -171,6 +171,18 @@ $settings->footer_message = "All content is under <a href='?page=License' target
// page. May contain HTML.
$settings->editing_message = "By submitting your edit, you are agreeing to release your changes under <a href='?action=view&page=License' target='_blank'>this license</a>. Also note that if you don't want your work to be edited by other users of this site, please don't submit it here!";
// Whether to allow image uploads to the server. Currently disabled temporarily
// for security reasons while I finish writing the file uploader.
$settings->upload_enabled = true;
// An array of mime types that are allowed to be uploaded.
$settings->upload_allowed_types = [
"image/jpeg",
"image/png",
"image/gif",
"image/webp"
];
// A string of css to include. Will be included in the <head> of every page
// inside a <style> tag. This may also be a url - urls will be referenced via a
// <link rel='stylesheet' /> tag.