Sorry, but you do not have the capability to view this topic
-
- Topics: 5
- Replies: 23
- Total posts: 28
Quite a regularPost count: 46Please update testimonial/addnew.php after line 6
if ( $addtestmonial ) {and testimonials/admin/addnew.php after line 14if ( $addtestmonial ) {with the following code to avoid hacking attacks through uploading php files or other files than images. Please adapt the error messages to the correct variables. It already should work. Feel free to implement and adapt the code for the next release.if (isset($_FILES["photo"]) AND ! $_FILES["photo"]["error"] AND ($_FILES["photo"]["size"] < 300000 )) { $bildinfo = getimagesize($_FILES["photo"]["tmp_name"]); if ($bildinfo === false) { die("This file is not an image."); } else { $mime = $bildinfo["mime"]; $mimetypen = array ( "image/jpeg" => "jpg", "image/gif" => "gif", "image/png" => "png" ); if (!isset($mimetypen[$mime])) { die("This kind of file has not the right format."); } else { $endung = $mimetypen[$mime]; } $neuername = basename($_FILES["photo"]["name"]); $neuername = preg_replace("/\.(jpe?g|gif|png)$/i", "", $neuername); $neuername = preg_replace("/[^a-zA-Z0-9_-]/", "", $neuername); $neuername .= ".$endung"; $ziel = "upload/$neuername"; while (file_exists($ziel)) { $neuername = "kopie_$neuername"; $ziel = "upload/$neuername"; } if (@move_uploaded_file($_FILES["photo"]["tmp_name"], $ziel)) { echo "Upload works"; } else { echo "Upload did not work."; } } }
