I’m sorry my existence is not very noble or sublime.
-Keanu Reeves
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | <?php //Makes sure they choose a file //print_r($HTTP_POST_FILES); //die(); $imgalt = (isset($_POST['imgalt'])) ? $_POST['imgalt'] : $imgalt; $img1_name = (strlen($imgalt)) ? $_POST['imgalt'] : $HTTP_POST_FILES['img1']['name']; $img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $HTTP_POST_FILES['img1']['type']; $imgdesc = str_replace('"', '&quot;', $_POST['imgdesc']); $imgtype = explode(".",$img1_name); $imgtype = strtolower($imgtype[count($imgtype)-1]); if (in_array($imgtype, $allowed_types) == false) { die(sprintf(__('File %1$s of type %2$s is not allowed.') , $img1_name, $imgtype)); } if (strlen($imgalt)) { $pathtofile = get_settings('fileupload_realpath')."/".$imgalt; $img1 = $_POST['img1']; } else { $pathtofile = get_settings('fileupload_realpath')."/".$img1_name; $img1 = $HTTP_POST_FILES['img1']['tmp_name']; } // makes sure not to upload duplicates,rename duplicates $i = 1; $pathtofile2 = $pathtofile; $tmppathtofile = $pathtofile2; $img2_name = $img1_name; while (file_exists($pathtofile2)) { $pos = strpos($tmppathtofile, '.'.trim($imgtype)); $pathtofile_start = substr($tmppathtofile, 0, $pos); $pathtofile2 = $pathtofile_start.'_'.zeroise($i++, 2).'.'.trim($imgtype); $img2_name = explode('/', $pathtofile2); $img2_name = $img2_name[count($img2_name)-1]; } if (file_exists($pathtofile) && !strlen($imgalt)) { $i = explode(' ', get_settings('fileupload_allowedtypes')); $i = implode(',',array_slice($i, 1, count($i)-2)); $moved = move_uploaded_file($img1, $pathtofile2); // if move_uploaded_file() fails,try copy() if (!$moved) { $moved = copy($img1, $pathtofile2); } if (!$moved) { die(sprintf(__("Couldn't upload your file to %s."), $pathtofile2)); } else { chmod($pathtofile2, 0666); @unlink($img1); } // // duplicate-renaming function contributed by Gary Lawrence Murphy ?> <p><strong><?php __('Duplicate File?') ?></strong></p> <p><b><em><?php printf(__("The filename '%s' already exists!"), $img1_name); ?></em></b></p> <p><?php printf(__("Filename '%1\$s' moved to '%2\$s'"), $img1, "$pathtofile2 - $img2_name") ?></p> <p><?php _e('Confirm or rename:') ?></p> <form action="upload.php"method="post"enctype="multipart/form-data"> <input type="hidden"name="MAX_FILE_SIZE"value="<?php echo get_settings('fileupload_maxk') *1024 ?>"/> <input type="hidden"name="img1_type"value="<?php echo $img1_type;?>"/> <input type="hidden"name="img1_name"value="<?php echo $img2_name;?>"/> <input type="hidden"name="img1_size"value="<?php echo $img1_size;?>"/> <input type="hidden"name="img1"value="<?php echo $pathtofile2;?>"/> <input type="hidden"name="thumbsize"value="<?php echo $_REQUEST['thumbsize'];?>"/> <input type="hidden"name="imgthumbsizecustom"value="<?php echo $_REQUEST['imgthumbsizecustom'];?>"/> <?php _e('Alternate name:') ?><br /><input type="text"name="imgalt"size="30"value="<?php echo $img2_name;?>"/><br /> <br /> <?php _e('Description:') ?><br /><input type="text"name="imgdesc"size="30"value="<?php echo $imgdesc;?>"/> <br /> <input type="submit"name="submit"value="<?php _e('Rename') ?>"/> </form> </div> |
If you enjoyed this post,make sure you subscribe to my RSS feed!
[...] This post was mentioned on Twitter by Ryan Dewhurst,Spot The Vuln. Spot The Vuln said:New Post:Noble http://bit.ly/cFmZD0 #secure #code #dev [...]
[...] Noble [...]