Skip to content
Snippets Groups Projects
Commit 9cb69445 authored by Peter Rotich's avatar Peter Rotich
Browse files

Improve file upload validation - ignore empty uploads + add error checking b4 validation

parent 949754dc
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
include/class.osticket.php
+ 11
6
View file @ 9cb69445
...@@ -136,14 +136,19 @@ class osTicket { ...@@ -136,14 +136,19 @@ class osTicket {
$errors=0; $errors=0;
foreach($files as &$file) { foreach($files as &$file) {
if(!$this->isFileTypeAllowed($file)) //skip no file upload "error" - why PHP calls it an error is beyond me.
$file['error']='Invalid file type for '.$file['name']; if($file['error'] && $file['error']==UPLOAD_ERR_NO_FILE) continue;
if($file['error']) //PHP defined error!
$file['error'] = 'File upload error #'.$file['error'];
elseif(!$file['tmp_name'] || !is_uploaded_file($file['tmp_name']))
$file['error'] = 'Invalid or bad upload POST';
elseif(!$this->isFileTypeAllowed($file))
$file['error'] = 'Invalid file type for '.$file['name'];
elseif($file['size']>$this->getConfig()->getMaxFileSize()) elseif($file['size']>$this->getConfig()->getMaxFileSize())
$file['error']=sprintf('File (%s) is too big. Maximum of %s allowed', $file['error'] = sprintf('File (%s) is too big. Maximum of %s allowed',
$file['name'], Format::file_size($this->getConfig()->getMaxFileSize())); $file['name'], Format::file_size($this->getConfig()->getMaxFileSize()));
elseif(!$file['error'] && !is_uploaded_file($file['tmp_name']))
$file['error']='Invalid or bad upload POST';
if($file['error']) $errors++; if($file['error']) $errors++;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment