Where to put code in upload.php to stop upload? Where to put code in upload.php to stop upload?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Where to put code in upload.php to stop upload?

Started by the_todd, June 05, 2005, 11:33:30 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

the_todd

June 05, 2005, 11:33:30 PM
Where exactly does coppermine initially upload the files after you first submit them in upload.php? I want to put some code in to not upload and report an error if the filetype matches that I have diasabled in a group. I can currently report an error once a file has been uploaded already and disallow the file, but I wan't it to do this before the file uploads.

Thanks,
Todd

Joachim Müller

#1
June 06, 2005, 12:13:59 AM Last Edit: June 06, 2005, 06:34:04 AM by GauGau
the files that are being uploaded by http are stored in http:// yoursite.tld/yourCoppermineFolder/albums/userpics/xxxxx/, where xxxxx is 10000 plus user id.

the_todd

#2
June 06, 2005, 12:20:19 AM
I meant in the PHP code, I think I initially explained it weird. In what php file and where does it use $CONFIG['allowed_file_extensions'] to stop files that aren't allowed from being uploaded, i'm having a hard time finding things
Todd

Joachim Müller

#3
June 06, 2005, 06:38:18 AM
db_input.php, image_processor.php, xp_publish.php, include/media.functions.inc.php

Nibbler

#4
June 06, 2005, 09:27:53 PM
All files go through the add_picture() function in picmgmnt.inc.php, the extension checking is actually done by is_known_filetype(), which is defined in media.functions.inc.php. It will return false if you give it a file with an extension that is not both a) in the filetypes table, and b) allowed by the config setting.

the_todd

#5
June 07, 2005, 04:25:58 AM
Thanks Nibbler, still though, I cannot find anywhere that I could put code to check the filetype before it uploads the file. Even if you comment out the return in is_known_filetype() it still will upload the file then give you the error.
Code Select
function is_known_filetype($file)
{
   //  return is_image($file) || is_movie($file) || is_audio($file) || is_document($file);  -this still uploads the file then returns error
}


I am looking to report the error before the file uploads. Where does the script go to as soon as you click the first "submit" button. I am thinking to maybe modify the 'http post vars' before it sends them out. I already have the script set up well to report an error of invalid filetype after its uploaded, but I want to do it before.

Nibbler

#6
June 07, 2005, 11:49:30 AM
PHP can't know anything about the file until it is actually uploaded. If you want to do anything before upload it would need to be client side ie. javascript.
Print
Go Up Pages1
User actions