j'ai un petit probleme avec un script php,
voila c'est un script d'agenda que j'ai recuéré sur internet, mais seulement j'ai subi des attaques , à cause de ce script
car l'upload de fichier permet toute upload de type de fichier,
et moi je voudrais restreindre l'upload à un image jog
je ne comprend pas trop ce type de language , pouvez vous m'aider à securiser ce code
merci d'avance pour votre aide
function upload_image($idevent , $uploadedfile , $uploadedfile_name)
{
// upload an image for the event
global $CFG;
debug("image upload : $uploadedfile_name");
$uploadedfilename = "";
if(isset($uploadedfile) && $uploadedfile<>"none" && $uploadedfile_name != "")
{
$path = basename($uploadedfile_name); // does not use pathinfo function for compatibility with PHP3
$pathex = explode("." , $path);
$uploadedfilename = generate_filename("../".$CFG->image_event_dir , $pathex[1]);
if($uploadedfilename["filename"] <> "")
{
debug("uploadedfilename = ".$uploadedfilename["path"]);
if(!copy($uploadedfile,$uploadedfilename["path"]))//"$CFG->image_event_dir/".$uploadedfilename))
{
echo("Sorry, Your file failed to upload.<br>");
echo("Either your file doesn't exist or it was too large.");
return "";
}
else
db_query("UPDATE $CFG->table_event SET image = '$uploadedfilename[filename]' WHERE id=$idevent");
}
else
echo("Sorry, Your file failed to upload.(filename generation failed)<br>");
}
return $uploadedfilename;
}
