summaryrefslogtreecommitdiff
path: root/src/attachment_writer.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/attachment_writer.php')
-rw-r--r--src/attachment_writer.php42
1 files changed, 41 insertions, 1 deletions
diff --git a/src/attachment_writer.php b/src/attachment_writer.php
index ee638c7..bd00b14 100644
--- a/src/attachment_writer.php
+++ b/src/attachment_writer.php
@@ -4,9 +4,49 @@ if (!array_key_exists('password', $_POST)) {
die('No password given');
}
-var_dump($_FILES);
+if ($_POST['password'] != 'foo') {
+ die('Incorrect password');
+}
+
+$attach_dir = '/var/www/forum/files';
+
+foreach ($_FILES as $file) {
+ # Check for errors
+ switch ($file['error']) {
+ case UPLOAD_ERR_OK:
+ break;
+ case UPLOAD_ERR_INI_SIZE:
+ die('Error UPLOAD_ERR_INI_SIZE: ' . $file['name']);
+ case UPLOAD_ERR_FORM_SIZE:
+ die('Error UPLOAD_ERR_FORM_SIZE: ' . $file['name']);
+ case UPLOAD_ERR_PARTIAL:
+ die('Error UPLOAD_ERR_PARTIAL: ' . $file['name']);
+ case UPLOAD_ERR_NO_FILE:
+ die('Error UPLOAD_ERR_NO_FILE: ' . $file['name']);
+ case UPLOAD_ERR_NO_TMP_DIR:
+ die('Error UPLOAD_ERR_NO_TMP_DIR: ' . $file['name']);
+ case UPLOAD_ERR_CANT_WRITE:
+ die('Error UPLOAD_ERR_CANT_WRITE: ' . $file['name']);
+ case UPLOAD_ERR_EXTENSION:
+ die('Error UPLOAD_ERR_EXTENSION: ' . $file['name']);
+ default:
+ die('Unrecognized error code: ' . $file['error'] . ' ' $file['name']);
+ }
+ # Don't continue if the name isn't what phpBB expects
+ if (preg_match('/^\d+_[0-9a-f]{32}$/', $file['name']) != 1) {
+ die('Bad destination filename: ' . $file['name']);
+ }
+ $src = $file['tmp_name'];
+ $dst = $attach_dir . '/' . $file['name'];
+
+ # Move temp file to attachments dir
+ if (!move_uploaded_file($src, $dst)) {
+ die("Failed to move $src to $dst.");
+ }
}
+return 1;
+
?>