AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated the checkFileUpload fucntion to use SHA256 instead of MD5 for file reference and check file ext before checking size, also adding some error returns

This commit is contained in:
johnnyq 2023-08-23 15:59:10 -04:00
parent 30a6b3dadf
commit 4ec7c686c3
1 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
functions.php
View File

@ -620,23 +620,27 @@ function checkFileUpload($file, $allowed_extensions) {
$extension = strtolower(end($extarr));
// Check a file is actually attached/uploaded
if ($tmp == '') {
return false;
}
// Check the size is under 500 MB
if ($size > 500 * 1024 * 1024) {
return false;
if ($tmp === '') {
return "No file was uploaded.";
}
// Check the extension is allowed
if (in_array($extension, $allowed_extensions) === false){
return false;
if (!in_array($extension, $allowed_extensions)) {
return "File extension not allowed.";
}
// Sanitize & return name
return md5(time() . $name) . '.' . $extension;
// Check the size is under 500 MB
$maxSizeBytes = 500 * 1024 * 1024; // 500 MB
if ($size > $maxSizeBytes) {
return "File size exceeds the limit.";
}
// Perform additional content-based validation here, if needed
// Generate a secure filename using SHA-256
$secureFilename = hash('sha256', time() . $name) . '.' . $extension;
return $secureFilename;
}
function sanitizeInput($input) {