AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add isset check on file upload

Browse Source
This commit is contained in:
johnnyq
2024-11-19 11:59:52 -05:00
parent c181954960
commit b7163dad6d
7 changed files with 121 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
post/user/expense.php
View File

@@ -15,17 +15,20 @@ if (isset($_POST['add_expense'])) {
// Check for and process attachment
$extended_alert_description = '';
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf'))) {
if (isset($_FILES['file']['tmp_name'])) {
$file_tmp_path = $_FILES['file']['tmp_name'];
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf'))) {
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
$file_tmp_path = $_FILES['file']['tmp_name'];
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$extended_alert_description = '. File successfully uploaded.';
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$extended_alert_description = '. File successfully uploaded.';
}
}
//Logging
@@ -51,20 +54,22 @@ if (isset($_POST['edit_expense'])) {
// Check for and process attachment
$extended_alert_description = '';
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf'))) {
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/expenses/$existing_file_name");
//Delete old file
unlink("uploads/expenses/$existing_file_name");
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$extended_alert_description = '. File successfully uploaded.';
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$extended_alert_description = '. File successfully uploaded.';
}
}
mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = $amount, expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference' WHERE expense_id = $expense_id");