/
uploads.php
127 lines (108 loc) · 3.53 KB
/
uploads.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
/**
* File Upload Helpers
*
* @package API - Uploads
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') or die('Wrong URL');
/**
* Checks a file to be sure it is valid
*
* @param string $path File path
* @param string $name File name
* @param string $ext File extension
* @return bool
*/
function cot_file_check($path, $name, $ext)
{
if (!Cot::$cfg['pfs']['pfsfilecheck']) {
return true;
}
require './datas/mimetype.php';
$fcheck = false;
if (in_array($ext, array('jpg', 'jpeg', 'png', 'gif'))) {
$img_size = @getimagesize($path);
switch($ext) {
case 'gif':
$fcheck = isset($img_size['mime']) && $img_size['mime'] == 'image/gif';
break;
case 'png':
$fcheck = isset($img_size['mime']) && $img_size['mime'] == 'image/png';
break;
default:
$fcheck = isset($img_size['mime']) && $img_size['mime'] == 'image/jpeg';
break;
}
$fcheck = $fcheck !== false;
} else {
if (!empty($mime_type[$ext])) {
foreach ($mime_type[$ext] as $mime) {
$content = file_get_contents($path, 0, NULL, $mime[3], $mime[4]);
$content = ($mime[2]) ? bin2hex($content) : $content;
$mime[1] = ($mime[2]) ? strtolower($mime[1]) : $mime[1];
if ($content == $mime[1]) {
$fcheck = TRUE;
break;
}
}
} else {
$fcheck = (Cot::$cfg['pfs']['pfsnomimepass']) ? 1 : 2;
cot_log(sprintf(Cot::$L['pfs_filechecknomime'], $ext, $name), 'sec', 'file_upload', 'error');
}
}
if (!$fcheck) {
cot_log(sprintf(Cot::$L['pfs_filecheckfail'], $ext, $name), 'sec', 'file_upload', 'error');
}
return $fcheck;
}
/**
* Returns maximum size for uploaded file, in KiB (allowed in php.ini, and may be allowed in .htaccess)
*
* @return int
*/
function cot_get_uploadmax()
{
static $par_a = ['upload_max_filesize', 'post_max_size', 'memory_limit',];
static $opt_a = ['G' => 1073741824, 'M' => 1048576, 'K' => 1024,];
$val_a = [];
foreach ($par_a as $par) {
$val = ini_get($par);
$opt = strtoupper($val[strlen($val) - 1]);
$val = isset($opt_a[$opt]) ? (int) $val * $opt_a[$opt] : (int) $val;
if ($val > 0) {
$val_a[] = $val;
}
}
return (int) floor(min($val_a) / 1024); // KiB
}
/**
* Strips all unsafe characters from file base name and converts it to latin
*
* @param string $basename File base name
* @param bool $underscore Convert spaces to underscores
* @param string $postfix Postfix appended to filename
* @return string
*/
function cot_safename($basename, $underscore = true, $postfix = '')
{
global $lang, $cot_translit;
if (!$cot_translit && $lang != 'en' && file_exists(cot_langfile('translit', 'core'))) {
require_once cot_langfile('translit','core');
}
$fname = mb_substr($basename, 0, mb_strrpos($basename, '.'));
$ext = mb_substr($basename, mb_strrpos($basename, '.') + 1);
if ($lang != 'en' && is_array($cot_translit)) {
$fname = cot_translit_encode($fname);
}
if ($underscore) {
$fname = str_replace(' ', '_', $fname);
}
$fname = str_replace('..', '.', $fname);
$safename = preg_replace('#[^a-zA-Z0-9\-_\.\ \+]#', '', $fname);
if (empty($safename)) {
$fname = $safename . cot_unique();
}
return $fname . $postfix . '.' . mb_strtolower($ext);
}