Project

General

Profile

« Previous | Next » 

Revision 06930018

Added by Stephen Jones over 7 years ago

Fixed it so it will validate that it is an image uploaded and not something else

View differences:

src/usr/local/www/widgets/widgets/picture.widget.php
83 83
			log_error("Warning, could not read file " . $_FILES['pictfile']['tmp_name']);
84 84
			die("Could not read temporary file");
85 85
		} else {
86
			// Make sure they upload an image and not some other file
87
			$img_info = getimagesize($_FILES['pictfile']['tmp_name']);
88
			if($img_info === FALSE){
89
				die("Unable to determine image type of uploaded file");
90
			}
91
			if(($img_info[2] !== IMAGETYPE_GIF) && ($img_info[2] !== IMAGETYPE_JPEG) && ($img_info[2] !== IMAGETYPE_PNG)){
92
				die("Not a gif/jpg/png");
93
			}
86 94
			$picname = basename($_FILES['uploadedfile']['name']);
87 95
			$user_settings['widgets']['picturewidget'] = base64_encode($data);
88 96
			$user_settings['widgets']['picturewidget_filename'] = $_FILES['pictfile']['name'];

Also available in: Unified diff