Menu

[1.6.0] Manual fix for image upload

Open Discussion
greatstone
2009-11-28
2012-11-15

  • greatstone

    greatstone - 2009-11-28

    First, thanks a lot for this brilliant release 1.6.0.
    Good and appreciated job!

    Then, I was obliged to tweak (very minor tweak: 4 lines added) the image upload code to be able to work on my ISP (which is full of security restrictions).
    If it is possible, can you include a similar fix in the next release?

    Best regards,
    Greatstone.

    item.php:
    <pre><code>

    if ($_REQUEST == "upload" || $_REQUEST == "replace") {
    /* TODO: verify that it's an image using $_FILES */
    // what's the extension?
    $parts = pathinfo($_FILES);
    $uploaded_file_ext = $parts;
    // greatstone
    // store user filename for future usage
    // only available for PHP >=5.2
    $uploaded_file_filename = $parts;
    // what is full path to store images?  get it from the currently executing script.
    $parts = pathinfo($_SERVER);
    $upload_dir = $parts;
    // generate a temporary file in the configured directory.
    $temp_name = tempnam($upload_dir . "/" . $OPT,"");
    // greatstone
    // avoid tempnam as it seems to be bugged for my ISP
    // a generic way to include it in phpgiftreg official release can be:
    //      run standard tempnam
    //      if tempnam result doesn't include "upload_dir/image_subdir", then it means that tempnam has failed, so compute not-so-temporary-name using userid and original filename
    $temp_name = $upload_dir . "/" . $OPT ."/" .$userid ."." .$uploaded_file_filename;
    // unlink it, we really want an extension on that.
    // greatstone
    // avoid unlink as it seems to be forbidden for my ISP
    if (file_exists($temp_name)) {
                      unlink($temp_name);
    // greatstone
    }
    // here's the name we really want to use.  full path is included.
    $image_filename = $temp_name . "." . $uploaded_file_ext;
    // move the PHP temporary file to that filename.
                move_uploaded_file($_FILES,$image_filename);
    // the name we're going to record in the DB is the filename without the path.
    $image_base_filename = basename($image_filename);
    }

    </pre></code>

     

  • greatstone

    greatstone - 2009-11-28

    I fix myself my own fix :)

    <pre><code>
    // greatstone
    // store user filename for future usage
    // only available for PHP >=5.2
    $uploadedfilefilename = $parts;
    </pre></code>

    should be

    <pre><code>
    // greatstone
    // store user filename for future usage
    $uploadedfilefilename = $parts;
    </pre></code>

    and then do not add the extension after that as basename already include it.

    'filename' index for pathinfo function doesn't seem to work in all cases.

     

  • Ryan Walberg

    Ryan Walberg - 2009-11-28

    Absolutely, thanks for the fix!

     

Log in to post a comment.