2018-10-06 19:39:34 +02:00
|
|
|
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
2019-04-23 23:12:38 +02:00
|
|
|
/*
|
|
|
|
| Upload an image to a particular page
|
|
|
|
|
|
|
|
|
| @_POST['uuid'] string Page uuid
|
|
|
|
|
|
|
|
|
| @return array
|
|
|
|
*/
|
|
|
|
|
2018-10-06 19:39:34 +02:00
|
|
|
// $_POST
|
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
$uuid = empty($_POST['uuid']) ? false : $_POST['uuid'];
|
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
|
2019-09-08 10:45:56 +02:00
|
|
|
// Check path traversal on $uuid
|
|
|
|
if ($uuid) {
|
|
|
|
if (Text::stringContains($uuid, DS, false)) {
|
|
|
|
$message = 'Path traversal detected.';
|
|
|
|
Log::set($message, LOG_TYPE_ERROR);
|
|
|
|
ajaxResponse(1, $message);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-06 19:39:34 +02:00
|
|
|
// Set upload directory
|
|
|
|
if ($uuid && IMAGE_RESTRICT) {
|
2019-04-23 23:12:38 +02:00
|
|
|
$imageDirectory = PATH_UPLOADS_PAGES.$uuid.DS;
|
|
|
|
$thumbnailDirectory = $imageDirectory.'thumbnails'.DS;
|
2019-04-27 20:30:57 +02:00
|
|
|
if (!Filesystem::directoryExists($thumbnailDirectory)) {
|
|
|
|
Filesystem::mkdir($thumbnailDirectory, true);
|
|
|
|
}
|
2018-10-06 19:39:34 +02:00
|
|
|
} else {
|
2019-04-23 23:12:38 +02:00
|
|
|
$imageDirectory = PATH_UPLOADS;
|
2018-10-06 19:39:34 +02:00
|
|
|
$thumbnailDirectory = PATH_UPLOADS_THUMBNAILS;
|
|
|
|
}
|
|
|
|
|
2019-04-23 23:12:38 +02:00
|
|
|
$images = array();
|
|
|
|
foreach ($_FILES['images']['name'] as $uuid=>$filename) {
|
2018-10-06 19:39:34 +02:00
|
|
|
// Check for errors
|
2019-04-23 23:12:38 +02:00
|
|
|
if ($_FILES['images']['error'][$uuid] != 0) {
|
2019-02-02 16:11:36 +01:00
|
|
|
$message = $L->g('Maximum load file size allowed:').' '.ini_get('upload_max_filesize');
|
2018-10-06 19:39:34 +02:00
|
|
|
Log::set($message, LOG_TYPE_ERROR);
|
2019-01-30 23:15:36 +01:00
|
|
|
ajaxResponse(1, $message);
|
2018-10-06 19:39:34 +02:00
|
|
|
}
|
|
|
|
|
2019-01-11 17:43:37 +01:00
|
|
|
// Convert URL characters such as spaces or quotes to characters
|
|
|
|
$filename = urldecode($filename);
|
|
|
|
|
2019-09-08 10:45:56 +02:00
|
|
|
// Check path traversal on $filename
|
2019-09-05 23:10:39 +02:00
|
|
|
if (Text::stringContains($filename, DS, false)) {
|
|
|
|
$message = 'Path traversal detected.';
|
|
|
|
Log::set($message, LOG_TYPE_ERROR);
|
|
|
|
ajaxResponse(1, $message);
|
|
|
|
}
|
|
|
|
|
2019-09-09 19:29:35 +02:00
|
|
|
// Check file extension
|
|
|
|
$fileExtension = Filesystem::extension($filename);
|
|
|
|
$fileExtension = Text::lowercase($fileExtension);
|
|
|
|
if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
|
|
|
|
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
|
|
|
|
Log::set($message, LOG_TYPE_ERROR);
|
|
|
|
ajaxResponse(1, $message);
|
|
|
|
}
|
|
|
|
|
2020-06-28 10:36:41 +02:00
|
|
|
// Check file MIME Type
|
|
|
|
$fileMimeType = Filesystem::mimeType($_FILES['images']['tmp_name'][$uuid]);
|
|
|
|
if (!in_array($fileMimeType, $GLOBALS['ALLOWED_IMG_MIMETYPES'])) {
|
|
|
|
$message = $L->g('File mime type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_MIMETYPES']);
|
|
|
|
Log::set($message, LOG_TYPE_ERROR);
|
|
|
|
ajaxResponse(1, $message);
|
|
|
|
}
|
|
|
|
|
2019-04-23 23:12:38 +02:00
|
|
|
// Move from PHP tmp file to Bludit tmp directory
|
|
|
|
Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP.$filename);
|
2018-10-06 19:39:34 +02:00
|
|
|
|
2019-04-23 23:12:38 +02:00
|
|
|
// Transform the image and generate the thumbnail
|
|
|
|
$image = transformImage(PATH_TMP.$filename, $imageDirectory, $thumbnailDirectory);
|
2019-09-05 23:10:39 +02:00
|
|
|
|
2019-04-23 23:12:38 +02:00
|
|
|
if ($image) {
|
2019-09-09 19:29:35 +02:00
|
|
|
chmod($image, 0644);
|
2019-04-23 23:12:38 +02:00
|
|
|
$filename = Filesystem::filename($image);
|
|
|
|
array_push($images, $filename);
|
2018-10-06 19:39:34 +02:00
|
|
|
} else {
|
2019-09-09 19:29:35 +02:00
|
|
|
$message = 'Error after transformImage() function.';
|
2019-04-23 23:12:38 +02:00
|
|
|
Log::set($message, LOG_TYPE_ERROR);
|
|
|
|
ajaxResponse(1, $message);
|
2018-10-06 19:39:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-23 23:12:38 +02:00
|
|
|
ajaxResponse(0, 'Images uploaded.', array(
|
|
|
|
'images'=>$images
|
2019-01-30 23:15:36 +01:00
|
|
|
));
|
2018-10-06 19:39:34 +02:00
|
|
|
|
2020-06-28 10:36:41 +02:00
|
|
|
?>
|