Revision 06930018
Added by Stephen Jones over 7 years ago
| src/usr/local/www/widgets/widgets/picture.widget.php | ||
|---|---|---|
| 83 | 83 |
log_error("Warning, could not read file " . $_FILES['pictfile']['tmp_name']);
|
| 84 | 84 |
die("Could not read temporary file");
|
| 85 | 85 |
} else {
|
| 86 |
// Make sure they upload an image and not some other file |
|
| 87 |
$img_info = getimagesize($_FILES['pictfile']['tmp_name']); |
|
| 88 |
if($img_info === FALSE){
|
|
| 89 |
die("Unable to determine image type of uploaded file");
|
|
| 90 |
} |
|
| 91 |
if(($img_info[2] !== IMAGETYPE_GIF) && ($img_info[2] !== IMAGETYPE_JPEG) && ($img_info[2] !== IMAGETYPE_PNG)){
|
|
| 92 |
die("Not a gif/jpg/png");
|
|
| 93 |
} |
|
| 86 | 94 |
$picname = basename($_FILES['uploadedfile']['name']); |
| 87 | 95 |
$user_settings['widgets']['picturewidget'] = base64_encode($data); |
| 88 | 96 |
$user_settings['widgets']['picturewidget_filename'] = $_FILES['pictfile']['name']; |
Also available in: Unified diff
Fixed it so it will validate that it is an image uploaded and not something else