DFiNE
/
OdenseTrack
關注 1
收藏 1
複製 0
程式碼 問題 3 合併請求 0 版本發佈 2 Wiki 活動
瀏覽代碼

Update to upload, so tinymce also uses random generated names

tags/rls1
kenn408k 6 年之前
父節點
44f0d7d8c7
當前提交
5a38a8a17d
共有 2 個檔案被更改,包括 14 行新增7 行删除
統一視圖 顯示文件統計
  1. 1
    1
      classes/upload.class.php
  2. 13
    6
      handleUpload.php

+ 1
- 1
classes/upload.class.php 查看文件

10
10
11 
     }
 11 
     }
12
12
13 
-    private static function generateRandomString($length = 5) {
13 
+    public static function generateRandomString($length = 5) {
14 
         // Function to generate a random string of 5 chars.
 14 
         // Function to generate a random string of 5 chars.
15 
         $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; // Chars to use
 15 
         $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; // Chars to use
16 
         $charactersLength = strlen($characters); // Check string length
 16 
         $charactersLength = strlen($characters); // Check string length

+ 13
- 6
handleUpload.php 查看文件

18 
 if (is_uploaded_file($temp['tmp_name'])) {
 18 
 if (is_uploaded_file($temp['tmp_name'])) {
19
19
20 
     if (!User::checkLevel("75")) {
 20 
     if (!User::checkLevel("75")) {
21 
-        header("HTTP/1.1 403 Origin Denied");
21 
+        header("HTTP/1.1 403 Permission Denied");
22 
         return;
 22 
         return;
23 
     }
 23 
     }
24
24
25 
+    // Set required variables.
26 
+    $ext = explode('.', $temp['name']); // end() doesnt like us using explode directly.
27 
+    $extension = strtolower(end($ext)); // Get the extension of the file.
28 
+    $randomname = Upload::generateRandomString(); // We give our file a random name - It will be this.
29 
+
30 
+    // Check if filename exists, and regenrate until it doesnt.
31 
+    while (IS_FILE($cwd . '/' . Config::$file_path . $randomname . '.' . $extension)) {
32 
+        $randomname = Upload::generateRandomString();
33 
+    }
34 
+
25 
     // Sanitize input
 35 
     // Sanitize input
26 
     if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
 36 
     if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
27 
         header("HTTP/1.1 400 Invalid file name.");
 37 
         header("HTTP/1.1 400 Invalid file name.");
35 
     }
 45 
     }
36
46
37 
     // Accept upload
 47 
     // Accept upload
38 
-    $filetowrite = $imageFolder . $temp['name'];
48 
+    $filetowrite = $imageFolder . $randomname .'.'. $extension;
39 
     move_uploaded_file($temp['tmp_name'], $filetowrite);
 49 
     move_uploaded_file($temp['tmp_name'], $filetowrite);
40
50
41 
     // Respond to the successful upload with JSON.
 51 
     // Respond to the successful upload with JSON.
42 
-    // Use a location key to specify the path to the saved image resource.
43 
-    // { location : '/your/uploaded/image/file'}
44 
-
45 
-    echo json_encode(array('location' => Config::$sys_url . Config::$file_path . $temp['name']));
52 
+    echo json_encode(array('location' => Config::$sys_url . Config::$file_path . $randomname .'.'. $extension));
46 
 } else {
 53 
 } else {
47 
     // Notify editor that the upload failed
 54 
     // Notify editor that the upload failed
48 
     header("HTTP/1.1 500 Server Error");
 55 
     header("HTTP/1.1 500 Server Error");

Write Preview
Loading…
取消
儲存