LocariaTechnologies
/
IcarusImeji-Caddy
forked from YandolsZX/IcarusImeji
2
1
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Apply UFNRA update to droploader.

Browse Source
master
YandolsZX 5 years ago
parent 07e9424bb7
commit fc1d66e2f4
1 changed files with 53 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 69
      dropload.php

69
dropload.php
Unescape View File

@ -1,12 +1,14 @@
<?php <?php
//Imeji Uploader Core Code -- Version 2.0 (revision 49) (Migrations Phase 1) // Imeji Uploader Core Code -- Version 2.1 (revision 54) (Uploader Filename Randomizer Algorithm Update)
$imejicoreversion = "Icarus_Imeji_V2_Droploader_r49_S_p1"; //
// Core Variables. Don't change unless you know what you're doing.
$imejicoreversion = "Icarus_Imeji_V2.1_Droploader_r54";
$target_dir = "public/"; $target_dir = "public/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]); $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$target_filenameonly = basename($_FILES["fileToUpload"]["name"]); $target_filenameonly = basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1; $uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image // Check if uploaded image file is a actual image or fake image with masked extension.
if(isset($_POST["submit"])) { if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]); $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) { if($check !== false) {
@ -22,7 +24,7 @@ if(isset($_POST["submit"])) {
return; return;
} }
} }
// Check if file already exists // Check whether a file with the same name already exists on server or not for security reasons.
if (file_exists($target_file)) { if (file_exists($target_file)) {
//echo "Sorry, file already exists."; //echo "Sorry, file already exists.";
$uploadOk = 0; $uploadOk = 0;
@ -32,7 +34,7 @@ if (file_exists($target_file)) {
//echo 400; //echo 400;
return; return;
} }
// Check file size (Currently Max 6MB) // Check file size. (Imeji Standard Max is 6MB)
if ($_FILES["fileToUpload"]["size"] > 6291456) { if ($_FILES["fileToUpload"]["size"] > 6291456) {
//echo "Sorry, your file is too large. (Max is 6MB)"; //echo "Sorry, your file is too large. (Max is 6MB)";
$uploadOk = 0; $uploadOk = 0;
@ -42,8 +44,8 @@ if ($_FILES["fileToUpload"]["size"] > 6291456) {
//echo 400; //echo 400;
return; return;
} }
// Allow certain file formats // Allow only certain file formats.
// Fixed uppercase rejection bug in 1.1a // 1.1a -- Fixed uppercase rejection bug and allows them.
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG" && $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG"
&& $imageFileType != "gif" && $imageFileType != "svg" && $imageFileType != "gif" && $imageFileType != "svg"
@ -56,7 +58,7 @@ if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg
//echo 400; //echo 400;
return; return;
} }
// Check if $uploadOk is set to 0 by an error // Check if $uploadOk is set to 0 by an error, if so go to failure condition.
if ($uploadOk == 0) { if ($uploadOk == 0) {
//echo "Sorry, your file could not be uploaded."; //echo "Sorry, your file could not be uploaded.";
//header('Location: ./failed.php'); //header('Location: ./failed.php');
@ -64,20 +66,55 @@ if ($uploadOk == 0) {
http_response_code(400); http_response_code(400);
//echo 400; //echo 400;
return; return;
// if everything is ok, try to upload file // If everything is ok, try to upload file.
} else { } else {
// 1.2a -- Changed some case-confusing characters such as I and O to web safe symbols. // 1.2a --- Changed some case-confusing characters such as I and O to web safe symbols.
$characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!$+*'; // 1.3 ---- Removed some problematic symbol characters that can break CMS such as + and $.
$random_string_length = 12; // 1.3_0 -- Changed the filename randomizer algorithm to compensate for characters pool reduction to 62 from 64.
$characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!*';
$random_string_length = 11;
$randomFilename = ''; $randomFilename = '';
for ($i = 0; $i < $random_string_length; $i++) { for ($i = 0; $i < $random_string_length; $i++) {
$randomFilename .= $characters[rand(0, strlen($characters) - 1)]; $randomFilename .= $characters[rand(0, strlen($characters) - 1)];
} }
//$newfilename = time() . '_' . rand(1000000, 9999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.6b // Day-base identifiers (Implemented in v1.3_0)
//$newfilename = time() . '_' . rand(100, 999) . '_' . rand(100000000, 999999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.8 if (date('D') == 'Sun') {
$newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); $dayId = 'Q';
} else if (date('D') == 'Mon') {
$dayId = 'a';
} else if (date('D') == 'Tue') {
$dayId = 'z';
} else if (date('D') == 'Wed') {
$dayId = '2';
} else if (date('D') == 'Thu') {
$dayId = 'W';
} else if (date('D') == 'Fri') {
$dayId = 's';
} else if (date('D') == 'Sat') {
$dayId = 'x';
} else {
$dayId = '0';
}
// Hour-base identifiers (Implemented in v1.3_0 / Changed in v1.3_2)
if ((date('H') >= '00') && (date('H') <= '03')) {
$hourId = '3';
} else if ((date('H') >= '04') && (date('H') <= '07')) {
$hourId = 'E';
} else if ((date('H') >= '08') && (date('H') <= '11')) {
$hourId = 'd';
} else if ((date('H') >= '12') && (date('H') <= '15')) {
$hourId = '4';
} else if ((date('H') >= '16') && (date('H') <= '19')) {
$hourId = 'R';
} else if ((date('H') >= '20') && (date('H') <= '23')) {
$hourId = 'f';
} else {
$hourId = 'z';
}
// Finalize file upload and return output to user.
// Old line: $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v1.3, kept for instaneous rollback safety.
$newfilename = $dayId . $hourId . $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"]));
$newtarget = $target_dir . $newfilename; $newtarget = $target_dir . $newfilename;
//if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) { if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) {
chmod("$newtarget", 0775); // Set read and write permissions if file chmod("$newtarget", 0775); // Set read and write permissions if file
//echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; //echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";

Write Preview
Loading…
Cancel
Save