Fixed bug #1778 - user should not be allowed to upload images bigger than 128x128 and should not be allowed to upload non-image files. Fixed warnings about undefined values, prettied up the code to Campware coding conventions.
This commit is contained in:
paul
parent
0895418753
commit
09fae2140f
1 changed files with 58 additions and 18 deletions
|
|
@ -477,6 +477,13 @@ class uiHandler extends uiBase {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Enter description here...
|
||||||
|
*
|
||||||
|
* @param unknown_type $formdata
|
||||||
|
* @param array $mask
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
function _validateForm($formdata, $mask)
|
function _validateForm($formdata, $mask)
|
||||||
{
|
{
|
||||||
$form = new HTML_QuickForm('validation', UI_STANDARD_FORM_METHOD, UI_HANDLER);
|
$form = new HTML_QuickForm('validation', UI_STANDARD_FORM_METHOD, UI_HANDLER);
|
||||||
|
|
@ -485,16 +492,31 @@ class uiHandler extends uiBase {
|
||||||
$_SESSION['retransferFormData'] = $_REQUEST;
|
$_SESSION['retransferFormData'] = $_REQUEST;
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
## test for uploadet files bacause HTMLQuickForm::validate() ignores them ####
|
// test for uploaded files bacause HTMLQuickForm::validate() ignores them
|
||||||
if (is_array($form->_submitFiles)) {
|
if (is_array($form->_submitFiles)) {
|
||||||
|
$was_error = FALSE;
|
||||||
foreach ($form->_submitFiles as $key => $val) {
|
foreach ($form->_submitFiles as $key => $val) {
|
||||||
if ($val['error']) {
|
if ($val['error']) {
|
||||||
|
|
||||||
switch ($val['error']) {
|
switch ($val['error']) {
|
||||||
case 1: $was_error = TRUE; $this->_retMsg('The uploaded filer is bigger than allowed in system settings. See "Help", chapter "Troubleshooting" for more information.'); break;
|
case 1:
|
||||||
case 2: $was_error = TRUE; $this->_retMsg('The uploaded filer is bigger than allowed in system settings. See "Help", chapter "Troubleshooting" for more information.'); break;
|
$was_error = TRUE;
|
||||||
case 3: $was_error = TRUE; $this->_retMsg('Upload of file "$1" was incomplete.', $mask[$key]['label']); break;
|
$this->_retMsg('The uploaded filer is bigger than allowed in system settings. See "Help", chapter "Troubleshooting" for more information.');
|
||||||
case 4: if ($mask[$key]['required']) {$was_error = TRUE; $this->_retMsg('File "$1" has not been uploaded.', $mask[$key]['label']);} break;
|
break;
|
||||||
|
case 2:
|
||||||
|
$was_error = TRUE;
|
||||||
|
$this->_retMsg('The uploaded filer is bigger than allowed in system settings. See "Help", chapter "Troubleshooting" for more information.');
|
||||||
|
break;
|
||||||
|
case 3:
|
||||||
|
$was_error = TRUE;
|
||||||
|
$this->_retMsg('Upload of file "$1" was incomplete.', $mask[$key]['label']);
|
||||||
|
break;
|
||||||
|
case 4:
|
||||||
|
if ($mask[$key]['required']) {
|
||||||
|
$was_error = TRUE;
|
||||||
|
$this->_retMsg('File "$1" has not been uploaded.', $mask[$key]['label']);
|
||||||
|
}
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -526,7 +548,7 @@ class uiHandler extends uiBase {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
foreach($mask as $key=>$val) {
|
foreach($mask as $key=>$val) {
|
||||||
if ($val['isPref']) {
|
if (isset($val['isPref']) && $val['isPref']) {
|
||||||
if (strlen($formdata[$val['element']])) {
|
if (strlen($formdata[$val['element']])) {
|
||||||
if (PEAR::isError($this->gb->saveGroupPref($this->sessid, 'StationPrefs', $val['element'], $formdata[$val['element']])))
|
if (PEAR::isError($this->gb->saveGroupPref($this->sessid, 'StationPrefs', $val['element'], $formdata[$val['element']])))
|
||||||
$this->_retMsg('Error while saving settings.');
|
$this->_retMsg('Error while saving settings.');
|
||||||
|
|
@ -534,16 +556,34 @@ class uiHandler extends uiBase {
|
||||||
$this->gb->delGroupPref($this->sessid, 'StationPrefs', $val['element']);
|
$this->gb->delGroupPref($this->sessid, 'StationPrefs', $val['element']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($val['type'] == 'file' && $formdata[$val['element']]['name']) {
|
if (isset($val['type']) && ($val['type'] == 'file') && $formdata[$val['element']]['name']) {
|
||||||
if (FALSE === @move_uploaded_file($formdata[$val['element']]['tmp_name'], $this->gb->loadGroupPref($this->sessid, 'StationPrefs', 'stationLogoPath')))
|
$stationLogoPath = $this->gb->loadGroupPref($this->sessid, 'StationPrefs', 'stationLogoPath');
|
||||||
$this->_retMsg('Error while uploading logo.');
|
$filePath = $formdata[$val['element']]['tmp_name'];
|
||||||
|
if (function_exists("getimagesize")) {
|
||||||
|
$size = @getimagesize($filePath);
|
||||||
|
if ($size === FALSE) {
|
||||||
|
$this->_retMsg('Error while uploading logo: the file uploaded is not an image.');
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
if ( ($size[0] > 128) || ($size[1] > 128) ) {
|
||||||
|
$this->_retMsg('Error uploading logo: the logo can be no larger than 128x128.');
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$success = @move_uploaded_file($filePath, $stationLogoPath);
|
||||||
|
if (!$success) {
|
||||||
|
$this->_retMsg('Error while uploading logo: could not move the file to the destination directory.');
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->loadStationPrefs($mask, TRUE);
|
$this->loadStationPrefs($mask, TRUE);
|
||||||
if (UI_VERBOSE) $this->_retMsg('Settings saved.');
|
if (UI_VERBOSE) {
|
||||||
|
$this->_retMsg('Settings saved.');
|
||||||
|
}
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
} // fn changeStationPrefs
|
||||||
}
|
|
||||||
|
} // class uiHandler
|
||||||
?>
|
?>
|
||||||
Loading…
Add table
Add a link
Reference in a new issue