Subversion Repositories taios

Compare Revisions

Ignore whitespace Rev 519 → Rev 521

/blog/add-post-img.php
30,7 → 30,7
if (isset($_POST['id'])) {
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
 
$lname = ROOT_PATH . "blog/" . $page->acceptFile("file");
$lname = $page->acceptFile("file");
 
if ($lname == false)
die();
/_taios.php
227,7 → 227,7
{
if (!ALLOW_FILES)
{
$page->drawError("This system doesn't allow file uploading.");
$this->drawError("This system doesn't allow file uploading.");
return false;
}
234,7 → 234,7
$this->checkLoggedIn();
if ($this->getLoggedInUser()->accessID >= 2)
{
$page->drawError('You do not have permission to access this page.');
$this->drawError('You do not have permission to access this page.');
}
$allowedExts = array("gif", "jpeg", "jpg", "png", "tga");
246,13 → 246,14
|| ($_FILES[$fname]["type"] == "image/pjpeg")
|| ($_FILES[$fname]["type"] == "image/x-png")
|| ($_FILES[$fname]["type"] == "image/png")
|| ($_FILES[$fname]["type"] == "image/tga"))
|| ($_FILES[$fname]["type"] == "image/x-targa")
|| ($_FILES[$fname]["type"] == "image/x-tga"))
&& ($_FILES[$fname]["size"] < 200000) // file size limit (bytes)
&& in_array($extension, $allowedExts))
{
if ($_FILES[$fname]["error"] > 0)
{
$page->drawError("File Upload Error: " . $_FILES[$fname]["error"]);
$this->drawError("File Upload Error: " . $_FILES[$fname]["error"]);
}
else
{
263,13 → 264,13
$lname = "upload/" . $this->rndString(12) . "." . $extension;
}
move_uploaded_file($_FILES[$fname]["tmp_name"], $lname);
return $lname;
move_uploaded_file($_FILES[$fname]["tmp_name"], $this->url . $lname);
return ROOT_PATH . $lname;
}
}
else
{
$page->drawError("Invalid file");
$this->drawError("Invalid file");
}
return false;