Permalink
Browse files

Check if uploads are images

  • Loading branch information...
stefanneculai committed Jul 31, 2012
1 parent 15f796f commit f05e0d695e2f7e58424f55c169fecabba67cbc07
Showing with 37 additions and 1 deletion.
  1. +1 −1 .gitignore
  2. +28 −0 code/controller/v1/json/base/create.php
  3. +8 −0 config/errors.dist.json
View
@@ -6,4 +6,4 @@
*.swp
report/*
build/*
-www/uploads/*.jpg
+www/uploads/*
@@ -130,6 +130,28 @@ protected function getOptionalFields()
}
}
+ /**
+ * Check if the uploaded file is image
+ *
+ * @param string $path Path of the image
+ *
+ * @return boolean
+ *
+ * @since 1.0
+ */
+ protected function is_image($path)
+ {
+ $a = getimagesize($path);
+ $image_type = $a[2];
+
+ if (in_array($image_type, array(IMAGETYPE_GIF , IMAGETYPE_JPEG ,IMAGETYPE_PNG , IMAGETYPE_BMP)))
+ {
+ return true;
+ }
+
+ return false;
+ }
+
/**
* Save media fields to the upload folder
*
@@ -145,6 +167,12 @@ protected function saveMedia()
foreach ($media['name'] as $key => $value)
{
+ if ($this->is_image($media['tmp_name'][$key]) == false)
+ {
+ $this->app->errors->addError("701");
+ return;
+ }
+
$ext = preg_replace('/^.*\.([^.]+)$/D', '$1', $value);
$newName = uniqid("", true) . '.' . $ext;
View
@@ -166,5 +166,13 @@
"message": "Invalid HTTP method for $1.",
"more_info": "",
"response_code": "400"
+ },
+
+ "701":
+ {
+ "code": "JWS701",
+ "message": "Invalid uploaded file type.",
+ "more_info": "",
+ "response_code": "400"
}
}

0 comments on commit f05e0d6

Please sign in to comment.