Update to uploadhandler (tinymce)

handleUpload.php

@@ -9,41 +9,19 @@ session_start(); // Start PHP session, so we can handle session-data on all page
 
 require_once("include.php");
 
-/* * *************************************************
- * Only these origins are allowed to upload images *
- * ************************************************* */
-$accepted_origins = array("http://localhost", "https://localhost", "https://127.0.0.1", "http://127.0.0.1");
-
-/* * *******************************************
- * Change this line to set the upload folder *
- * ******************************************* */
+// Get working dir, and file path
 $cwd = getcwd();
-$imageFolder = $cwd .'/'. Config::$file_path;
+$imageFolder = $cwd . '/' . Config::$file_path;
 
 reset($_FILES);
 $temp = current($_FILES);
 if (is_uploaded_file($temp['tmp_name'])) {
-    /* if (isset($_SERVER['HTTP_ORIGIN'])) {
-      // same-origin requests won't set an origin. If the origin is set, it must be valid.
-      if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {
-      header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
-      } else {
-      header("HTTP/1.1 403 Origin Denied");
-      return;
-      }
-      } */
 
     if (!User::checkLevel("75")) {
         header("HTTP/1.1 403 Origin Denied");
         return;
     }
 
-    /*
-      If your script needs to receive cookies, set images_upload_credentials : true in
-      the configuration and enable the following two headers.
-     */
-    // header('Access-Control-Allow-Credentials: true');
-    // header('P3P: CP="There is no P3P policy."');
     // Sanitize input
     if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
         header("HTTP/1.1 400 Invalid file name.");
@@ -51,19 +29,20 @@ if (is_uploaded_file($temp['tmp_name'])) {
     }
 
     // Verify extension
-    if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) {
+    if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), Config::$file_types)) {
         header("HTTP/1.1 400 Invalid extension.");
         return;
     }
 
-    // Accept upload if there was no origin, or if it is an accepted origin
+    // Accept upload
     $filetowrite = $imageFolder . $temp['name'];
     move_uploaded_file($temp['tmp_name'], $filetowrite);
 
     // Respond to the successful upload with JSON.
     // Use a location key to specify the path to the saved image resource.
     // { location : '/your/uploaded/image/file'}
-    echo json_encode(array('location' => Config::$sys_url.Config::$file_path.$temp['name']));
+
+    echo json_encode(array('location' => Config::$sys_url . Config::$file_path . $temp['name']));
 } else {
     // Notify editor that the upload failed
     header("HTTP/1.1 500 Server Error");