mirror of
https://github.com/slawkens/myaac.git
synced 2025-10-30 23:46:24 +01:00
54 lines
1.3 KiB
PHP
54 lines
1.3 KiB
PHP
<?php
|
|
define('MYAAC_ADMIN', true);
|
|
|
|
require '../../common.php';
|
|
require SYSTEM . 'functions.php';
|
|
require SYSTEM . 'init.php';
|
|
require SYSTEM . 'login.php';
|
|
|
|
if(!admin())
|
|
die('Access denied.');
|
|
|
|
// Don't attempt to process the upload on an OPTIONS request
|
|
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
|
|
header('Access-Control-Allow-Methods: POST, OPTIONS');
|
|
return;
|
|
}
|
|
|
|
$imageFolder = BASE . EDITOR_IMAGES_DIR;
|
|
|
|
reset ($_FILES);
|
|
$temp = current($_FILES);
|
|
if (is_uploaded_file($temp['tmp_name'])) {
|
|
header('Access-Control-Allow-Credentials: true');
|
|
header('P3P: CP="There is no P3P policy."');
|
|
|
|
// Sanitize input
|
|
if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
|
|
header('HTTP/1.1 400 Invalid file name.');
|
|
return;
|
|
}
|
|
|
|
// Verify extension
|
|
$ext = strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION));
|
|
if (!in_array($ext, ['gif', 'jpg', 'png'])) {
|
|
header('HTTP/1.1 400 Invalid extension.');
|
|
return;
|
|
}
|
|
|
|
do {
|
|
$randomName = generateRandomString(8). ".$ext";
|
|
$fileToWrite = $imageFolder . $randomName;
|
|
} while (file_exists($fileToWrite));
|
|
|
|
move_uploaded_file($temp['tmp_name'], $fileToWrite);
|
|
|
|
$returnPathToImage = BASE_URL . EDITOR_IMAGES_DIR . $randomName;
|
|
echo json_encode(['location' => $returnPathToImage]);
|
|
} else {
|
|
// Notify editor that the upload failed
|
|
header('HTTP/1.1 500 Server Error');
|
|
}
|
|
|
|
|