| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- <?php
-
- /*
- * TinyMCE Image uploader!
- */
- mb_internal_encoding("utf-8"); // Internal encoding set to UTF-8, should fix some charset issues.
-
- session_start(); // Start PHP session, so we can handle session-data on all pages.
-
- require_once("include.php");
-
- // Get working dir, and file path
- $cwd = getcwd();
- $imageFolder = $cwd . '/' . Config::$file_path;
-
- reset($_FILES);
- $temp = current($_FILES);
- if (is_uploaded_file($temp['tmp_name'])) {
-
- if (!User::checkLevel("75")) {
- header("HTTP/1.1 403 Origin Denied");
- return;
- }
-
- // Sanitize input
- if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
- header("HTTP/1.1 400 Invalid file name.");
- return;
- }
-
- // Verify extension
- if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), Config::$file_types)) {
- header("HTTP/1.1 400 Invalid extension.");
- return;
- }
-
- // Accept upload
- $filetowrite = $imageFolder . $temp['name'];
- move_uploaded_file($temp['tmp_name'], $filetowrite);
-
- // Respond to the successful upload with JSON.
- // Use a location key to specify the path to the saved image resource.
- // { location : '/your/uploaded/image/file'}
-
- echo json_encode(array('location' => Config::$sys_url . Config::$file_path . $temp['name']));
- } else {
- // Notify editor that the upload failed
- header("HTTP/1.1 500 Server Error");
- }
|
