diff options
| author | ilotterytea <iltsu@alright.party> | 2025-03-20 02:59:53 +0500 |
|---|---|---|
| committer | ilotterytea <iltsu@alright.party> | 2025-03-20 02:59:53 +0500 |
| commit | 3eff0dc4b39dc2f0d5bb5b0b13417fe9aa876c48 (patch) | |
| tree | e2cbd8669b292a88998b14db5fa6f68e38d1d573 | |
| parent | f3e0c1a833fac6982d524df172ee61f220492d42 (diff) | |
feat: check file size
| -rw-r--r-- | lib/utils.php | 2 | ||||
| -rw-r--r-- | public/upload.php | 61 |
2 files changed, 45 insertions, 18 deletions
diff --git a/lib/utils.php b/lib/utils.php index af8cc2f..2dab763 100644 --- a/lib/utils.php +++ b/lib/utils.php @@ -9,7 +9,7 @@ function json_response(mixed $data, string|null $message, int $code = 200) 'status_code' => $code, 'message' => $message, 'data' => $data - ]); + ], JSON_UNESCAPED_SLASHES); } function generate_random_char_sequence(array $chars, int $length): string diff --git a/public/upload.php b/public/upload.php index 1ca5559..d73a975 100644 --- a/public/upload.php +++ b/public/upload.php @@ -2,6 +2,11 @@ include_once $_SERVER['DOCUMENT_ROOT'] . '/../config.php'; include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/utils.php'; +if ($_SERVER['REQUEST_METHOD'] != 'POST') { + json_response(null, 'Method not allowed', 405); + exit; +} + if (!isset($_FILES['file'])) { json_response(null, "No 'file' specified!", 400); exit(); @@ -12,24 +17,46 @@ if (!is_dir(FILE_DIRECTORY) && !mkdir(FILE_DIRECTORY, 0777, true)) { exit(); } -$file = $_FILES['file']; +try { + $file = $_FILES['file']; -// checking file mimetype -$finfo = new finfo(FILEINFO_MIME_TYPE); -if (false === $file_ext = array_search($finfo->file($file['tmp_name']), FILE_ACCEPTED_MIME_TYPES, true)) { - json_response(null, 'Invalid file format', 400); - exit(); -} + if ( + !isset($file['error']) || + is_array($file['error']) + ) { + throw new RuntimeException('Invalid parameters.'); + } -$file_id = generate_random_char_sequence(FILE_ID_CHARACTERS, FILE_ID_LENGTH); + // checking file size + switch ($file['error']) { + case UPLOAD_ERR_OK: + break; + case UPLOAD_ERR_NO_FILE: + throw new RuntimeException('No file sent.'); + case UPLOAD_ERR_INI_SIZE: + case UPLOAD_ERR_FORM_SIZE: + throw new RuntimeException('Exceeded filesize limit.'); + default: + throw new RuntimeException('Unknown errors.'); + } -if (!move_uploaded_file($file['tmp_name'], FILE_DIRECTORY . sprintf('/%s.%s', $file_id, $file_ext))) { - json_response(null, 'Failed to save the file. Try again later.', 500); - exit(); -} + // checking file mimetype + $finfo = new finfo(FILEINFO_MIME_TYPE); + if (false === $file_ext = array_search($finfo->file($file['tmp_name']), FILE_ACCEPTED_MIME_TYPES, true)) { + throw new RuntimeException("Invalid file format."); + } + + $file_id = generate_random_char_sequence(FILE_ID_CHARACTERS, FILE_ID_LENGTH); + + if (!move_uploaded_file($file['tmp_name'], FILE_DIRECTORY . sprintf('/%s.%s', $file_id, $file_ext))) { + throw new RuntimeException("Failed to save the file. Try again later."); + } -json_response([ - 'id' => $file_id, - 'ext' => $file_ext, - 'mime' => FILE_ACCEPTED_MIME_TYPES[$file_ext] -], null, 201);
\ No newline at end of file + json_response([ + 'id' => $file_id, + 'ext' => $file_ext, + 'mime' => FILE_ACCEPTED_MIME_TYPES[$file_ext] + ], null, 201); +} catch (RuntimeException $e) { + json_response(null, $e->getMessage(), 400); +}
\ No newline at end of file |