mirror/php-tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager.git synced 2025-03-15 20:49:48 +01:00
Code Issues Releases Wiki Activity

Fix #25 Limit file uploads to certain file extensions

Browse Source
This commit is contained in:
Prasath Mani 2017-11-15 12:28:34 +05:30
parent 67037c8158
commit f002ba2168
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tinyfilemanager.php
View File

@ -60,6 +60,9 @@ $iconv_input_encoding = 'UTF-8';
// date() format for file modification date
$datetime_format = 'd.m.y H:i';
// allowed upload file extensions
$upload_extensions = ''; // 'gif,png,jpg'
// include user config php file
if (defined('FM_CONFIG') && is_file(FM_CONFIG) ) {
include(FM_CONFIG);
@ -160,6 +163,7 @@ if ($use_auth) {
}
defined('FM_LANG') || define('FM_LANG', $lang);
defined('FM_EXTENSION') || define('FM_EXTENSION', $upload_extensions);
define('FM_READONLY', $use_auth && !empty($readonly_users) && isset($_SESSION['logged']) && in_array($_SESSION['logged'], $readonly_users));
define('FM_IS_WIN', DIRECTORY_SEPARATOR == '\\');
@ -443,10 +447,14 @@ if (isset($_POST['upl']) && !FM_READONLY) {
$errors = 0;
$uploads = 0;
$total = count($_FILES['upload']['name']);
$allowed = (FM_EXTENSION) ? explode(',', FM_EXTENSION) : false;
for ($i = 0; $i < $total; $i++) {
$filename = $_FILES['upload']['name'][$i];
$tmp_name = $_FILES['upload']['tmp_name'][$i];
if (empty($_FILES['upload']['error'][$i]) && !empty($tmp_name) && $tmp_name != 'none') {
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$isFileAllowed = ($allowed) ? in_array($ext,$allowed) : true;
if (empty($_FILES['upload']['error'][$i]) && !empty($tmp_name) && $tmp_name != 'none' && $isFileAllowed) {
if (move_uploaded_file($tmp_name, $path . '/' . $_FILES['upload']['name'][$i])) {
$uploads++;
} else {
@ -462,7 +470,6 @@ if (isset($_POST['upl']) && !FM_READONLY) {
} else {
fm_set_msg(sprintf('Error while uploading files. Uploaded files: %s', $uploads), 'error');
}
fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH));
}