upload security issue fixed
This commit is contained in:
Miroslav Šedivý
parent
c9fc32f6a7
commit
06bc3461c4
3 changed files with 34 additions and 79 deletions
|
|
@ -93,44 +93,23 @@ class Image
|
|||
$imgt($old_image, $source_path);
|
||||
}
|
||||
|
||||
public static function upload($name, $data){
|
||||
ini_set('memory_limit', '128M');
|
||||
|
||||
$photo = null;
|
||||
$ext = null;
|
||||
|
||||
if($data){
|
||||
preg_match('/^data\:image\/(jpe?g|png|gif)\;base64,(.*)$/', $data, $m);
|
||||
|
||||
if(!$m){
|
||||
throw new Exception("Invalid file.");
|
||||
}
|
||||
|
||||
$ext = $m[1];
|
||||
if($ext == "jpeg") $ext = "jpg";
|
||||
|
||||
// Decode photo
|
||||
$photo = base64_decode($m[2]);
|
||||
}
|
||||
|
||||
if($_FILES){
|
||||
$photo = file_get_contents($_FILES["file"]["tmp_name"]);
|
||||
$name = $_FILES['file']['name'];
|
||||
$ext = pathinfo($name, PATHINFO_EXTENSION);
|
||||
}
|
||||
|
||||
if(!$_FILES && !$data){
|
||||
public static function upload(){
|
||||
if(!$_FILES){
|
||||
throw new Exception("No file.");
|
||||
}
|
||||
|
||||
|
||||
// Create MD5
|
||||
$md5 = md5($photo);
|
||||
$md5 = md5_file($_FILES['file']['tmp_name']);
|
||||
|
||||
// Find duplicate
|
||||
if($d = DB::get_instance()->query("SELECT `path`, `thumb` FROM `images` WHERE `md5` = ? AND `status` = 1 LIMIT 1", $md5)->first()){
|
||||
return $d;
|
||||
}
|
||||
|
||||
// Get metadata
|
||||
$name = $_FILES['file']['name'];
|
||||
$ext = pathinfo($name, PATHINFO_EXTENSION);
|
||||
|
||||
// Save to DB
|
||||
$id = DB::get_instance()->query(
|
||||
"INSERT INTO `images` ".
|
||||
|
|
@ -145,13 +124,18 @@ class Image
|
|||
$thumb = 't/'.$name;
|
||||
|
||||
// Save path
|
||||
if(false === file_put_contents($path, $photo)){
|
||||
if(!move_uploaded_file($_FILES['file']['tmp_name'], $path)){
|
||||
DB::get_instance()->query("UPDATE `images` SET `status` = 0 WHERE `id` = ?", $id);
|
||||
throw new Exception("Can't write to image folders `i` and `t`.");
|
||||
}
|
||||
|
||||
// Create thumb
|
||||
self::thumb($path, $thumb);
|
||||
if(!self::thumb($path, $thumb)){
|
||||
DB::get_instance()->query("UPDATE `images` SET `status` = 0 WHERE `id` = ?", $id);
|
||||
unlink($path);
|
||||
unlink($thumb);
|
||||
throw new Exception("File is not image.");
|
||||
}
|
||||
|
||||
// Save to DB
|
||||
DB::get_instance()->query("UPDATE `images` SET `path` = ?, `thumb` = ?, `status` = 1 WHERE `id` = ?", $path, $thumb, $id);
|
||||
|
|
|
|||
|
|
@ -38,6 +38,6 @@ pass = demo
|
|||
|
||||
[system]
|
||||
system_name = blog
|
||||
version = 1.17
|
||||
version = 1.18
|
||||
debug = true
|
||||
logs = false
|
||||
|
|
@ -519,21 +519,24 @@ $.fn.apply_edit = function(data){
|
|||
autosize($(modal.find(".e_text")));
|
||||
},0);
|
||||
|
||||
var file_data = modal.find(".photo_upload");
|
||||
$(file_data).change(function(){
|
||||
var upload_image = function(file) {
|
||||
if(file.type.match(/image/) === null){
|
||||
$("body").error_msg("Only images can be uploaded.");
|
||||
return ;
|
||||
}
|
||||
|
||||
var form_data = new FormData();
|
||||
form_data.append('file', file_data[0].files[0]);
|
||||
|
||||
form_data.append('file', file);
|
||||
|
||||
add_content_loading();
|
||||
|
||||
$.ajax({
|
||||
dataType: 'json',
|
||||
url: 'ajax.php?action=upload_image',
|
||||
$.post({
|
||||
dataType: "json",
|
||||
url: "ajax.php?action=upload_image",
|
||||
cache: false,
|
||||
contentType: false,
|
||||
processData: false,
|
||||
data: form_data,
|
||||
type: 'post',
|
||||
success: function(data){
|
||||
if(data.error){
|
||||
$("body").error_msg(data.msg);
|
||||
|
|
@ -544,6 +547,11 @@ $.fn.apply_edit = function(data){
|
|||
add_content("image", data);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
var file_data = modal.find(".photo_upload");
|
||||
$(file_data).change(function(){
|
||||
upload_image(file_data[0].files[0]);
|
||||
});
|
||||
|
||||
if(data.feeling){
|
||||
|
|
@ -621,45 +629,8 @@ $.fn.apply_edit = function(data){
|
|||
|
||||
// Drag & Drop
|
||||
modal.find(".drop_space").filedrop({
|
||||
callback : function(file) {
|
||||
if(file.size > 5000000){
|
||||
$("body").error_msg("File is bigger than 5MB.");
|
||||
return ;
|
||||
}
|
||||
|
||||
if(file.type != 'image/png' && file.type != 'image/jpg' && file.type != 'image/gif' && file.type != 'image/jpeg' ){
|
||||
$("body").error_msg("Only images can be uploaded.");
|
||||
return ;
|
||||
}
|
||||
|
||||
var reader = new FileReader()
|
||||
reader.onload = function(event) {
|
||||
add_content_loading();
|
||||
|
||||
// Parse image
|
||||
$.post({
|
||||
dataType: "json",
|
||||
url: "ajax.php",
|
||||
data: {
|
||||
action: "upload_image",
|
||||
name: file.name,
|
||||
data: event.target.result
|
||||
},
|
||||
success: function(data){
|
||||
if(data.error){
|
||||
$("body").error_msg(data.msg);
|
||||
remove_content();
|
||||
return ;
|
||||
}
|
||||
|
||||
add_content("image", data);
|
||||
}
|
||||
});
|
||||
}
|
||||
reader.readAsDataURL(file);
|
||||
}
|
||||
})
|
||||
|
||||
callback: upload_image
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue