Revision 06930018
Added by Stephen Jones over 7 years ago
src/usr/local/www/widgets/widgets/picture.widget.php | ||
---|---|---|
83 | 83 |
log_error("Warning, could not read file " . $_FILES['pictfile']['tmp_name']); |
84 | 84 |
die("Could not read temporary file"); |
85 | 85 |
} else { |
86 |
// Make sure they upload an image and not some other file |
|
87 |
$img_info = getimagesize($_FILES['pictfile']['tmp_name']); |
|
88 |
if($img_info === FALSE){ |
|
89 |
die("Unable to determine image type of uploaded file"); |
|
90 |
} |
|
91 |
if(($img_info[2] !== IMAGETYPE_GIF) && ($img_info[2] !== IMAGETYPE_JPEG) && ($img_info[2] !== IMAGETYPE_PNG)){ |
|
92 |
die("Not a gif/jpg/png"); |
|
93 |
} |
|
86 | 94 |
$picname = basename($_FILES['uploadedfile']['name']); |
87 | 95 |
$user_settings['widgets']['picturewidget'] = base64_encode($data); |
88 | 96 |
$user_settings['widgets']['picturewidget_filename'] = $_FILES['pictfile']['name']; |
Also available in: Unified diff
Fixed it so it will validate that it is an image uploaded and not something else