Fix check for upload size

This commit is contained in:
Joshua Ramon Enslin 2020-11-08 14:30:14 +01:00 committed by Stefan Rohde-Enslin
parent 8347a8a77b
commit a8cb46848b
Signed by: jrenslin
GPG Key ID: 46016F84501B70AE
3 changed files with 11 additions and 3 deletions

View File

@ -8,6 +8,8 @@
*/
declare(strict_types = 1);
const CACHE_DIR_PERMS = 0775;
const TL_FILE_DIRS = [
__DIR__ . "/../l10n/musdb/",
__DIR__ . "/../l10n/importer/",

View File

@ -27,7 +27,7 @@ if (empty($filename = trim($_GET['fnam'], " ,./"))) {
$csv_datei = MD_STD::realpath(__DIR__ . '/../csv/' . $filename);
if (is_dir(__DIR__ . "/../xml")) rrmdir(__DIR__ . '/../xml');
mkdir(__DIR__ . "/../xml", 0755);
mkdir(__DIR__ . "/../xml", CACHE_DIR_PERMS);
if (!($fp = fopen($csv_datei, 'r'))) {
throw new MDmainEntityNotExistentException("Failed opening file");

View File

@ -2,8 +2,14 @@
declare(strict_types = 1);
require_once __DIR__ . "/../functions/functions.php";
$target = __DIR__ . "/../csv/" . basename($_FILES['uploaded']['name']);
if (empty($_FILES)) {
throw new MDFileDoesNotExist("No file uploaded");
}
$targetpart = basename($_FILES['uploaded']['name']);
$target = __DIR__ . "/../csv/" . $targetpart;
// TODO: File name needs to be sanitized, or tmp name used
if (session_status() != PHP_SESSION_ACTIVE) {
session_start();
@ -14,7 +20,7 @@ if (validateAntiCsrfToken() === false) {
}
//This is our size condition
if ($uploaded_size > 40000000) {
if ($_FILES['uploaded']['size'] > 40000000) {
echo "Your file is too large.<br>";
return;
}