| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- <?php
-
- /*
- * TinyMCE Image uploader!
- */
- mb_internal_encoding("utf-8"); // Internal encoding set to UTF-8, should fix some charset issues.
-
- session_start(); // Start PHP session, so we can handle session-data on all pages.
-
- require_once("include.php");
-
- // Get working dir, and file path
- $cwd = getcwd();
- $imageFolder = $cwd . '/' . Config::$file_path;
-
- reset($_FILES);
- $temp = current($_FILES);
- if (is_uploaded_file($temp['tmp_name'])) {
-
- if (!User::checkLevel("75")) {
- header("HTTP/1.1 403 Permission Denied");
- return;
- }
-
- // Set required variables.
- $ext = explode('.', $temp['name']); // end() doesnt like us using explode directly.
- $extension = strtolower(end($ext)); // Get the extension of the file.
- $randomname = Upload::generateRandomString(); // We give our file a random name - It will be this.
-
- // Check if filename exists, and regenrate until it doesnt.
- while (IS_FILE($cwd . '/' . Config::$file_path . $randomname . '.' . $extension)) {
- $randomname = Upload::generateRandomString();
- }
-
- // Sanitize input
- if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
- header("HTTP/1.1 400 Invalid file name.");
- return;
- }
-
- // Verify extension
- if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), Config::$file_types)) {
- header("HTTP/1.1 400 Invalid extension.");
- return;
- }
-
- // Accept upload
- $filetowrite = $imageFolder . $randomname .'.'. $extension;
- move_uploaded_file($temp['tmp_name'], $filetowrite);
-
- // Respond to the successful upload with JSON. - And add image to database.
- Alter::insertImage($randomname . '.' . $extension, $temp['type']);
- echo json_encode(array('location' => Config::$sys_url . Config::$file_path . $randomname .'.'. $extension));
- } else {
- // Notify editor that the upload failed
- header("HTTP/1.1 500 Server Error");
- }
|
