Slash into input text and class.upload.php doesn't work

See all posts Reply

Slash into input text and class.upload.php doesn't work new!
# Reply
by Ogum, 10 years, 7 months ago
I have a simple form to upload products in a database: Name and image. For the name, i use the standard input text field and for the image i'm using the class class.upload.php to resize and rename it.

It would work fine, but if i use a product name with the slash inside, something like: article 6/10 - 10/10 - 20/10 sends me to crash the class for resizing image. Does not meet the dimensions given and I have always renamed it to 10.jpg instead as something like: 03110e1afaf5c168e83a0cf18eed368e.jpg

So, article: 610 - 1010 - 2010 works

article: 6/10 - 10/10 - 20/10 doesn't work

This is the script i use:
function addProduct() {
  include('class.upload.php'); 

  $catId       = $_POST['cboCategory'];
  $name        = $_POST["txtName"];
  $width = 800;

  $immagine = $_FILES['fleImage']['tmp_name'];
  $dimensioni = getimagesize($immagine);
  $larghezza = $dimensioni[0];
  $altezza = $dimensioni[1];

  if ($larghezza>$width) {         
    $db_name = str_replace(" ","_",$name);
    $image1 = md5(rand() * time()) . ".$db_name";  
    $fileName = pathinfo($image1, PATHINFO_FILENAME );

    $handle = new upload($_FILES['fleImage']);
    if ($handle->uploaded) {
      $handle->file_new_name_body   =    $fileName;
      $handle->image_resize     = true;
      $handle->image_x          = 800;
      $handle->image_ratio_y    = true;
      $handle->process('../../images/product/');

     // thumbnail
     $db_name = str_replace(" ","_",$name);
     $image2 = md5(rand() * time()) . ".$db_name";  
     $thumb = pathinfo($image2, PATHINFO_FILENAME );

     $handle->file_new_name_body   =   $thumb;
     $handle->image_resize     = true;
     $handle->image_ratio_crop = true;
     $handle->image_x          = 360;
     $handle->image_y          = 270;

     $handle->process('../../images/product/');   

     if ($handle->processed) {
       // header("Location: index.php"); 
       $handle->clean();
     } else {
       echo 'error : ' . $handle->error;
     }
   }

  $thumbnail = $thumb.'.jpg';
  $main_image = $fileName.'.jpg';

  $sql   = "INSERT INTO tbl_product (cat_id, pd_name, pd_image, pd_thumbnail, pd_date)
        VALUES ('$catId', '$name', '$main_image', '$thumbnail', NOW())";

  $result = dbQuery($sql);

  header("Location: index.php?catId=$catId");    
}
Reply
Re: Slash into input text and class.upload.php doesn't work new!
# Reply
by colin, 10 years, 7 months ago
Can you copy here the log produced by the class?

And what does it do if you set file_safe_name to false?Reply
Re: Slash into input text and class.upload.php doesn't work new!
# Reply
by Ogum, 10 years, 7 months ago
hi
thanks for your reply. I found where is the issue.

$image1 = md5(rand() * time()) . ".$db_name";
$image1 contains something like "03110e1afaf5c168e83a0cf18eed368earticle6/10_-10/10-_20/10"
$fileName = pathinfo($image1, PATHINFO_FILENAME );
pathinfo cuts everything but the file name, in this case $filename == "10" Later i concatenate the ending ".jpg"
Reply