Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Where to put code in upload.php to stop upload?  (Read 4471 times)

0 Members and 1 Guest are viewing this topic.

the_todd

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 42
    • JoomBla!
Where to put code in upload.php to stop upload?
« on: June 05, 2005, 11:33:30 pm »

Where exactly does coppermine initially upload the files after you first submit them in upload.php? I want to put some code in to not upload and report an error if the filetype matches that I have diasabled in a group. I can currently report an error once a file has been uploaded already and disallow the file, but I wan't it to do this before the file uploads.

Thanks,
Todd
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Where to put code in upload.php to stop upload?
« Reply #1 on: June 06, 2005, 12:13:59 am »

the files that are being uploaded by http are stored in http:// yoursite.tld/yourCoppermineFolder/albums/userpics/xxxxx/, where xxxxx is 10000 plus user id.
« Last Edit: June 06, 2005, 06:34:04 am by GauGau »
Logged

the_todd

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 42
    • JoomBla!
Re: Where to put code in upload.php to stop upload?
« Reply #2 on: June 06, 2005, 12:20:19 am »

I meant in the PHP code, I think I initially explained it weird. In what php file and where does it use $CONFIG['allowed_file_extensions'] to stop files that aren't allowed from being uploaded, i'm having a hard time finding things
Todd
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Where to put code in upload.php to stop upload?
« Reply #3 on: June 06, 2005, 06:38:18 am »

db_input.php, image_processor.php, xp_publish.php, include/media.functions.inc.php
Logged

Nibbler

  • Guest
Re: Where to put code in upload.php to stop upload?
« Reply #4 on: June 06, 2005, 09:27:53 pm »

All files go through the add_picture() function in picmgmnt.inc.php, the extension checking is actually done by is_known_filetype(), which is defined in media.functions.inc.php. It will return false if you give it a file with an extension that is not both a) in the filetypes table, and b) allowed by the config setting.
Logged

the_todd

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 42
    • JoomBla!
Re: Where to put code in upload.php to stop upload?
« Reply #5 on: June 07, 2005, 04:25:58 am »

Thanks Nibbler, still though, I cannot find anywhere that I could put code to check the filetype before it uploads the file. Even if you comment out the return in is_known_filetype() it still will upload the file then give you the error.
Code: [Select]
function is_known_filetype($file)
{
   //  return is_image($file) || is_movie($file) || is_audio($file) || is_document($file);  -this still uploads the file then returns error
}

 I am looking to report the error before the file uploads. Where does the script go to as soon as you click the first "submit" button. I am thinking to maybe modify the 'http post vars' before it sends them out. I already have the script set up well to report an error of invalid filetype after its uploaded, but I want to do it before.
Logged

Nibbler

  • Guest
Re: Where to put code in upload.php to stop upload?
« Reply #6 on: June 07, 2005, 11:49:30 am »

PHP can't know anything about the file until it is actually uploaded. If you want to do anything before upload it would need to be client side ie. javascript.
Logged
Pages: [1]   Go Up
 

Page created in 0.016 seconds with 20 queries.