Revision 00fc2d5e
Added by Stephen Jones almost 8 years ago
| src/usr/local/www/widgets/widgets/picture.widget.php | ||
|---|---|---|
| 25 | 25 |
require_once("pfsense-utils.inc");
|
| 26 | 26 |
require_once("functions.inc");
|
| 27 | 27 |
|
| 28 |
|
|
| 28 | 29 |
if ($_GET['getpic']=="true") {
|
| 29 | 30 |
$pic_type_s = explode(".", $user_settings['widgets'][$_GET['widgetkey']]['picturewidget_filename']);
|
| 30 | 31 |
$pic_type = $pic_type_s[1]; |
| ... | ... | |
| 40 | 41 |
|
| 41 | 42 |
if ($_POST['widgetkey']) {
|
| 42 | 43 |
set_customwidgettitle($user_settings); |
| 43 |
|
|
| 44 | 44 |
if (is_uploaded_file($_FILES['pictfile']['tmp_name'])) {
|
| 45 | 45 |
/* read the file contents */ |
| 46 | 46 |
$fd_pic = fopen($_FILES['pictfile']['tmp_name'], "rb"); |
| ... | ... | |
| 53 | 53 |
log_error("Warning, could not read file " . $_FILES['pictfile']['tmp_name']);
|
| 54 | 54 |
die("Could not read temporary file");
|
| 55 | 55 |
} else {
|
| 56 |
// Make sure they upload an image and not some other file |
|
| 57 |
$img_info =getimagesize($_FILES['pictfile']['tmp_name']); |
|
| 58 |
if($img_info === FALSE){
|
|
| 59 |
die("Unable to determine image type of uploaded file");
|
|
| 60 |
} |
|
| 61 |
if(($img_info[2] !== IMAGETYPE_GIF) && ($img_info[2] !== IMAGETYPE_JPEG) && ($img_info[2] !== IMAGETYPE_PNG)){
|
|
| 62 |
die("Not a gif/jpg/png");
|
|
| 63 |
} |
|
| 56 | 64 |
$picname = basename($_FILES['uploadedfile']['name']); |
| 57 | 65 |
$user_settings['widgets'][$_POST['widgetkey']]['picturewidget'] = base64_encode($data); |
| 58 | 66 |
$user_settings['widgets'][$_POST['widgetkey']]['picturewidget_filename'] = $_FILES['pictfile']['name']; |
| ... | ... | |
| 66 | 74 |
|
| 67 | 75 |
?> |
| 68 | 76 |
<?php |
| 69 |
if($user_settings['widgets'][$widgetkey] != null){?>
|
|
| 77 |
if($user_settings['widgets'][$widgetkey]["picturewidget"] != null){?>
|
|
| 70 | 78 |
<a href="/widgets/widgets/picture.widget.php?getpic=true&widgetkey=<?=htmlspecialchars($widgetkey)?>" target="_blank"> |
| 71 | 79 |
<img style="width:100%; height:100%" src="/widgets/widgets/picture.widget.php?getpic=true&widgetkey=<?=htmlspecialchars($widgetkey)?>" alt="picture" /> |
| 72 | 80 |
</a> |
| 73 | 81 |
<?php } ?> |
| 74 | 82 |
<!-- close the body we're wrapped in and add a configuration-panel --> |
| 75 | 83 |
</div><div id="<?=$widget_panel_footer_id?>" |
| 76 |
<?php echo "class= " . "'" . "panel-footer". ($user_settings['widgets'][$widgetkey] != null ? " collapse": ""). "'"; ?>> |
|
| 84 |
<?php echo "class= " . "'" . "panel-footer". ($user_settings['widgets'][$widgetkey]["picturewidget"] != null ? " collapse": ""). "'"; ?>>
|
|
| 77 | 85 |
|
| 78 | 86 |
<form action="/widgets/widgets/picture.widget.php" method="post" enctype="multipart/form-data" class="form-horizontal"> |
| 79 | 87 |
<input type="hidden" name="widgetkey" value="<?=htmlspecialchars($widgetkey); ?>"> |
| ... | ... | |
| 81 | 89 |
<div class="form-group"> |
| 82 | 90 |
<label for="pictfile" class="col-sm-4 control-label"><?=gettext('New picture:')?> </label>
|
| 83 | 91 |
<div class="col-sm-6"> |
| 84 |
<input id="pictfile" name="pictfile" type="file" class="form-control" /> |
|
| 92 |
<input id="pictfile" name="pictfile" type="file" class="form-control" accept="image/*"/>
|
|
| 85 | 93 |
</div> |
| 86 | 94 |
</div> |
| 87 | 95 |
<div class="form-group"> |
Also available in: Unified diff
Fixed #7896 Made sure only images could be uploaded and validated on the server to make sure it is an image and not something else.