The following upload script seems to be working on PCs but not on
Macs. Can anyone imagine a reason why? Could there be something in the
form that turns in flawed data, or could IE on a Mac not pass along
certain data that Netscape and IE do on a PC?
function standardImageUp load() {
$controllerForA ll = & getController() ;
$insertObject = & $controllerForA ll->getObject("McT ransactions", " in
standardImageUp load().");
$formatTextObje ct = & $controllerForA ll->getObject("McF ormatText", "
in standardImageUp load().");
$resultsObject = & $controllerForA ll->getObject("McR esults", " in
standardImageUp load().");
$config = getConfig();
$pathToImageFol der = $config["pathToImageFol der"];
$imagesFolder = $config["imagesFold er"];
global $uploadedFile, $uploadedFile_s ize, $uploadedFile_n ame;
if (!$uploadedFile ) {
$uploadedFile = $controllerForA ll->getVar("$uploa dedFile");
$uploadedFile_s ize =
$controllerForA ll->getVar("$uploa dedFile_size");
$uploadedFile_s ize =
$controllerForA ll->getVar("$uploa dedFile_size");
}
$uploadedFile_n ame =
$formatTextObje ct->processFileNam e($uploadedFile _name);
$uploadedFile_n ame = htmlspecialchar s($uploadedFile _name);
// 04-20-04 - we need to keep hackers from uploading files with PHP,
or if they do, we need to keep those files
// from being sent to the PHP parser. So we look for typical PHP
extensions.
$fileSafe = true;
$ext = substr($uploade dFile_name, -4);
if ($ext == "php3") $fileSafe = false;
if ($ext == ".php") $fileSafe = false;
if ($ext == ".inc") $fileSafe = false;
if ($ext == "phtm") $fileSafe = false;
$ext = substr($uploade dFile_name, -5);
if ($ext == "phtml") $fileSafe = false;
if ($fileSafe) {
$absolutePath .= $pathToImageFol der.$uploadedFi le_name;
$urlPath .= $imagesFolder.$ uploadedFile_na me;
if (is_dir($pathTo ImageFolder)) {
if (!file_exists($ absolutePath)) {
if (copy($uploaded File, $absolutePath)) {
$resultsObject->addToResults(" Success: The image or file
'$uploadedFile_ name' has been uploaded. If you wish to reference it
this is the address: <a href='$urlPath' >$uploadedFile_ name</a>");
} else {
if ($uploadedFile_ size > 2000000) {
$resultsObject->addToResults(" Error: the upload failed. Your
file of '$uploadedFile_ name' is not uploaded. It is very large, with a
size of $uploadedFile_s ize. This may have been a factor in its
failure.");
} else {
$resultsObject->addToResults(" Error: the upload failed. Your
file of '$uploadedFile_ name' is not uploaded.");
}
}
} else {
$resultsObject->addToResults(" Error: a file with the same name as
the one you are uploading already exists. Please delete the old file
first, and then upload the new one.");
}
} else {
$resultsObject->error("We tried to copy the image to the image
folder that is specified in your site's configuration, yet the folder
doesn't seem to be there.", "standardImageU pload");
}
$controllerForA ll->import("standa rdInsert", " in
standardImageUp load().");
standardInsert( );
} else {
$resultsObject->addToResults(" <b>Error:</b> Terribly sorry, but it
looks like you're trying to upload a PHP file. For security reasons,
this is not allowed. The extension on your file was '$ext'.");
}
}