$filename) { // Check for errors if ($_FILES['images']['error'][$uuid] != 0) { $message = $L->g('Maximum load file size allowed:') . ' ' . ini_get('upload_max_filesize'); Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message); } // Convert URL characters such as spaces or quotes to characters $filename = urldecode($filename); // Check path traversal on $filename if (Text::stringContains($filename, DS, false)) { $message = 'Path traversal detected.'; Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message); } // Check file extension $fileExtension = Filesystem::extension($filename); $fileExtension = Text::lowercase($fileExtension); if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION'])) { $message = $L->g('File type is not supported. Allowed types:') . ' ' . implode(', ', $GLOBALS['ALLOWED_IMG_EXTENSION']); Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message); } // Check file MIME Type $fileMimeType = Filesystem::mimeType($_FILES['images']['tmp_name'][$uuid]); if ($fileMimeType !== false) { if (!in_array($fileMimeType, $GLOBALS['ALLOWED_IMG_MIMETYPES'])) { $message = $L->g('File mime type is not supported. Allowed types:') . ' ' . implode(', ', $GLOBALS['ALLOWED_IMG_MIMETYPES']); Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message); } } // Move from PHP tmp file to Bludit tmp directory Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP . $filename); // Transform the image and generate the thumbnail $image = transformImage(PATH_TMP . $filename, $imageDirectory, $thumbnailDirectory); if ($image) { chmod($image, 0644); $filename = Filesystem::filename($image); array_push($images, $filename); } else { $message = 'Error after transformImage() function.'; Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message); } } ajaxResponse(0, 'Images uploaded.', array( 'images' => $images ));