6 anni fa · 44f0d7d8c7
--- a/handleUpload.php
+++ b/handleUpload.php
@@ -9,41 +9,19 @@ session_start(); // Start PHP session, so we can handle session-data on all page
 
				
				 
			
 
				
				 require_once("include.php");
			
 
				
				 
			
 
				
				-/* * *************************************************
			
 
				
				- * Only these origins are allowed to upload images *
			
 
				
				- * ************************************************* */
			
 
				
				-$accepted_origins = array("http://localhost", "https://localhost", "https://127.0.0.1", "http://127.0.0.1");
			
 
				
				-
			
 
				
				-/* * *******************************************
			
 
				
				- * Change this line to set the upload folder *
			
 
				
				- * ******************************************* */
			
 
				
				+// Get working dir, and file path
			
 
				
				 $cwd = getcwd();
			
 
				
				-$imageFolder = $cwd .'/'. Config::$file_path;
			
 
				
				+$imageFolder = $cwd . '/' . Config::$file_path;
			
 
				
				 
			
 
				
				 reset($_FILES);
			
 
				
				 $temp = current($_FILES);
			
 
				
				 if (is_uploaded_file($temp['tmp_name'])) {
			
 
				
				-    /* if (isset($_SERVER['HTTP_ORIGIN'])) {
			
 
				
				-      // same-origin requests won't set an origin. If the origin is set, it must be valid.
			
 
				
				-      if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {
			
 
				
				-      header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
			
 
				
				-      } else {
			
 
				
				-      header("HTTP/1.1 403 Origin Denied");
			
 
				
				-      return;
			
 
				
				-      }
			
 
				
				-      } */
			
 
				
				 
			
 
				
				     if (!User::checkLevel("75")) {
			
 
				
				         header("HTTP/1.1 403 Origin Denied");
			
 
				
				         return;
			
 
				
				     }
			
 
				
				 
			
 
				
				-    /*
			
 
				
				-      If your script needs to receive cookies, set images_upload_credentials : true in
			
 
				
				-      the configuration and enable the following two headers.
			
 
				
				-     */
			
 
				
				-    // header('Access-Control-Allow-Credentials: true');
			
 
				
				-    // header('P3P: CP="There is no P3P policy."');
			
 
				
				     // Sanitize input
			
 
				
				     if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
			
 
				
				         header("HTTP/1.1 400 Invalid file name.");
			
@@ -51,19 +29,20 @@ if (is_uploaded_file($temp['tmp_name'])) {
 
				
				     }
			
 
				
				 
			
 
				
				     // Verify extension
			
 
				
				-    if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) {
			
 
				
				+    if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), Config::$file_types)) {
			
 
				
				         header("HTTP/1.1 400 Invalid extension.");
			
 
				
				         return;
			
 
				
				     }
			
 
				
				 
			
 
				
				-    // Accept upload if there was no origin, or if it is an accepted origin
			
 
				
				+    // Accept upload
			
 
				
				     $filetowrite = $imageFolder . $temp['name'];
			
 
				
				     move_uploaded_file($temp['tmp_name'], $filetowrite);
			
 
				
				 
			
 
				
				     // Respond to the successful upload with JSON.
			
 
				
				     // Use a location key to specify the path to the saved image resource.
			
 
				
				     // { location : '/your/uploaded/image/file'}
			
 
				
				-    echo json_encode(array('location' => Config::$sys_url.Config::$file_path.$temp['name']));
			
 
				
				+
			
 
				
				+    echo json_encode(array('location' => Config::$sys_url . Config::$file_path . $temp['name']));
			
 
				
				 } else {
			
 
				
				     // Notify editor that the upload failed
			
 
				
				     header("HTTP/1.1 500 Server Error");