From 1e52b9f2483141dd50bdc1b99d82fb20487628c4 Mon Sep 17 00:00:00 2001 From: Yandols ZeonX Date: Fri, 12 Apr 2019 03:52:45 +0800 Subject: [PATCH] Cleanup + set randomized length to 11, bringing the total filename length to 13. --- upload.php | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/upload.php b/upload.php index 129c521..c7e1d09 100644 --- a/upload.php +++ b/upload.php @@ -1,12 +1,14 @@ 6291456) { echo "Sorry, your file is too large. (Max is 6MB)"; $uploadOk = 0; header('Location: ./failed.php'); } -// Allow certain file formats -// Fixed uppercase rejection bug in 1.1a +// Allow only certain file formats. +// 1.1a -- Fixed uppercase rejection bug and allows them. if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG" && $imageFileType != "gif" && $imageFileType != "svg" @@ -40,17 +42,17 @@ if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg $uploadOk = 0; header('Location: ./failed.php'); } -// Check if $uploadOk is set to 0 by an error +// Check if $uploadOk is set to 0 by an error, if so go to failure condition. if ($uploadOk == 0) { echo "Sorry, your file could not be uploaded."; header('Location: ./failed.php'); -// if everything is ok, try to upload file +// If everything is ok, try to upload file. } else { // 1.2a --- Changed some case-confusing characters such as I and O to web safe symbols. // 1.3 ---- Removed some problematic symbol characters that can break CMS such as + and $. // 1.3_0 -- Changed the filename randomizer algorithm to compensate for characters pool reduction to 62 from 64. $characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!*'; - $random_string_length = 10; + $random_string_length = 11; $randomFilename = ''; for ($i = 0; $i < $random_string_length; $i++) { $randomFilename .= $characters[rand(0, strlen($characters) - 1)]; @@ -85,22 +87,18 @@ if ($uploadOk == 0) { } else { $hourId = 'z'; } - //$newfilename = time() . '_' . rand(1000000, 9999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.6b - //$newfilename = time() . '_' . rand(100, 999) . '_' . rand(100000000, 999999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.8 - //$newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); + // Finalize file upload and return output to user. + // Old line: $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v1.3, kept for instaneous rollback safety. $newfilename = $dayId . $hourId . $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); $newtarget = $target_dir . $newfilename; if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) { - chmod("$newtarget", 0775); // Set read and write permissions if file + chmod("$newtarget", 0775); // Set read and write permissions on file echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; $uploaderlog = "" . date('U') . ", ". date('Y-m-d H:i:s e') . ", $_SERVER[REMOTE_ADDR], $newfilename" . ", " . $imejicoreversion . ", $_SERVER[HTTP_USER_AGENT]"; - //$uploaderlog = "Unix Time: " . date('U') . ", Logical Time: ". date('Y-m-d H:i:s e') . ", IP Address: $_SERVER[REMOTE_ADDR], Filename: $newfilename" . ", User Agent: $_SERVER[HTTP_USER_AGENT], Referer: $_SERVER[HTTP_REFERER]"; --simplified in v0.9e file_put_contents('uploads.log', $uploaderlog . PHP_EOL, FILE_APPEND); header('Location: https://i.yandols.xyz/' . $newfilename); - //header('Location: http://i.zxicar.us/' . $newfilename); --switched to HTTPS as of v0.9d - //header('Location: ../imeji/' . $newtarget); --changed as of v0.7 - //header('Location: http://zxicar.us/imeji/'.basename( $_FILES["fileToUpload"]["name"])); --changed as of v0.2 } else { + // If anything wrong here, go to failure condition. echo "Sorry, there was a problem uploading your file."; header('Location: ./failed.php'); }