v2.33

Updated files and functions: upload.php, files.php and f_files.php
File extension checking: I added an additional check to the handleFileUpload function to check not only the MIME type, but also the file extension. This helps avoid situations where files with dangerous extensions such as .php are uploaded, which can be executed on the server and cause security problems.

Refinement of the list of allowed file types: I noticed that .jpg files were not allowed, so I refined the list of $allowed_file_types to include image/jpg along with image/jpeg. This ensures that all standard JPEG files are accepted.

I've made some important fixes to make file uploads more secure for the jd_simple_zer addon. These corrections include:

Improved uploadFile function:

I added checks for file type, extension and size. This helps prevent malicious files from being uploaded.

For example, I added the following checks to the uploadFile function:

if (!in_array($uploaded_file['type'], $allowed_file_types)) {
throw new Exception("Invalid file type.");
}
if ($uploaded_file['size'] > $max_file_size) {
throw new Exception("File size exceeded limit.");
}
if (!in_array(strtolower($filename_parts['extension']), $allowed_extensions)) {
throw new Exception("Invalid file extension.");
}
Updated file upload process in add_addon.php:

I added a CSRF token check to protect the form from unauthorized requests.

I also checked that the file was uploaded successfully and performed the appropriate actions depending on whether a new file was selected or an existing one was used.

if (!validateCSRFToken($_POST['csrf_token'])) {
die('CSRF token validation failed');
}
// ... [rest of file upload logic]
Security and error handling:

I made sure that all error messages were clear and didn't convey too much technical information.
I also made sure that all the data that is displayed to the user is properly sanitized to avoid XSS attacks.