Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Check if uploads are images

  • Loading branch information...
commit f05e0d695e2f7e58424f55c169fecabba67cbc07 1 parent 15f796f
@stefanneculai authored
View
2  .gitignore
@@ -6,4 +6,4 @@
*.swp
report/*
build/*
-www/uploads/*.jpg
+www/uploads/*
View
28 code/controller/v1/json/base/create.php
@@ -131,6 +131,28 @@ protected function getOptionalFields()
}
/**
+ * Check if the uploaded file is image
+ *
+ * @param string $path Path of the image
+ *
+ * @return boolean
+ *
+ * @since 1.0
+ */
+ protected function is_image($path)
+ {
+ $a = getimagesize($path);
+ $image_type = $a[2];
+
+ if (in_array($image_type, array(IMAGETYPE_GIF , IMAGETYPE_JPEG ,IMAGETYPE_PNG , IMAGETYPE_BMP)))
+ {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
* Save media fields to the upload folder
*
* @return string A string with the names of the uploaded files
@@ -145,6 +167,12 @@ protected function saveMedia()
foreach ($media['name'] as $key => $value)
{
+ if ($this->is_image($media['tmp_name'][$key]) == false)
+ {
+ $this->app->errors->addError("701");
+ return;
+ }
+
$ext = preg_replace('/^.*\.([^.]+)$/D', '$1', $value);
$newName = uniqid("", true) . '.' . $ext;
View
8 config/errors.dist.json
@@ -166,5 +166,13 @@
"message": "Invalid HTTP method for $1.",
"more_info": "",
"response_code": "400"
+ },
+
+ "701":
+ {
+ "code": "JWS701",
+ "message": "Invalid uploaded file type.",
+ "more_info": "",
+ "response_code": "400"
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.