DFiNE
/
OdenseTrack
Observar 1
Favorito 1
Fork 0
Código Issues 3 Pull requests 0 Versões 2 Wiki Atividade
"OdenseTrack" is a school assignment/project from AspIT https://aspit.dfine.net/odensetrack
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
31 Commits
1 Branch
Tag: 78530354c0
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 78530354c0
${ noResults }
OdenseTrack/handleUpload.php

handleUpload.php 2.4KB
Histórico Original

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. <?php

  2. 

  3. /*

  4.  * TinyMCE Image uploader!

  5.  */

  6. mb_internal_encoding("utf-8"); // Internal encoding set to UTF-8, should fix some charset issues.

  7. 

  8. session_start(); // Start PHP session, so we can handle session-data on all pages.

  9. 

  10. require_once("include.php");

  11. 

  12. /* * *************************************************

  13.  * Only these origins are allowed to upload images *

  14.  * ************************************************* */

  15. $accepted_origins = array("http://localhost", "https://localhost", "https://127.0.0.1", "http://127.0.0.1");

  16. 

  17. /* * *******************************************

  18.  * Change this line to set the upload folder *

  19.  * ******************************************* */

  20. $cwd = getcwd();

  21. $imageFolder = $cwd .'/'. Config::$file_path;

  22. 

  23. reset($_FILES);

  24. $temp = current($_FILES);

  25. if (is_uploaded_file($temp['tmp_name'])) {

  26.     /* if (isset($_SERVER['HTTP_ORIGIN'])) {

  27.       // same-origin requests won't set an origin. If the origin is set, it must be valid.

  28.       if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {

  29.       header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);

  30.       } else {

  31.       header("HTTP/1.1 403 Origin Denied");

  32.       return;

  33.       }

  34.       } */

  35. 

  36.     if (!User::checkLevel("75")) {

  37.         header("HTTP/1.1 403 Origin Denied");

  38.         return;

  39.     }

  40. 

  41.     /*

  42.       If your script needs to receive cookies, set images_upload_credentials : true in

  43.       the configuration and enable the following two headers.

  44.      */

  45.     // header('Access-Control-Allow-Credentials: true');

  46.     // header('P3P: CP="There is no P3P policy."');

  47.     // Sanitize input

  48.     if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {

  49.         header("HTTP/1.1 400 Invalid file name.");

  50.         return;

  51.     }

  52. 

  53.     // Verify extension

  54.     if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) {

  55.         header("HTTP/1.1 400 Invalid extension.");

  56.         return;

  57.     }

  58. 

  59.     // Accept upload if there was no origin, or if it is an accepted origin

  60.     $filetowrite = $imageFolder . $temp['name'];

  61.     move_uploaded_file($temp['tmp_name'], $filetowrite);

  62. 

  63.     // Respond to the successful upload with JSON.

  64.     // Use a location key to specify the path to the saved image resource.

  65.     // { location : '/your/uploaded/image/file'}

  66.     echo json_encode(array('location' => Config::$sys_url.Config::$file_path.$temp['name']));

  67. } else {

  68.     // Notify editor that the upload failed

  69.     header("HTTP/1.1 500 Server Error");

  70. }