Changeset View
Changeset View
Standalone View
Standalone View
src/applications/files/storage/PhabricatorFile.php
| Show First 20 Lines • Show All 172 Lines • ▼ Show 20 Lines | public static function readUploadedFileData($spec) { | ||||
| } | } | ||||
| $err = idx($spec, 'error'); | $err = idx($spec, 'error'); | ||||
| if ($err) { | if ($err) { | ||||
| throw new PhabricatorFileUploadException($err); | throw new PhabricatorFileUploadException($err); | ||||
| } | } | ||||
| $tmp_name = idx($spec, 'tmp_name'); | $tmp_name = idx($spec, 'tmp_name'); | ||||
| // NOTE: If we parsed the request body ourselves, the files we wrote will | |||||
| // not be registered in the `is_uploaded_file()` list. It's fine to skip | |||||
| // this check: it just protects against sloppy code from the long ago era | |||||
| // of "register_globals". | |||||
| if (ini_get('enable_post_data_reading')) { | |||||
| $is_valid = @is_uploaded_file($tmp_name); | $is_valid = @is_uploaded_file($tmp_name); | ||||
| if (!$is_valid) { | if (!$is_valid) { | ||||
| throw new Exception(pht('File is not an uploaded file.')); | throw new Exception(pht('File is not an uploaded file.')); | ||||
| } | } | ||||
| } | |||||
| $file_data = Filesystem::readFile($tmp_name); | $file_data = Filesystem::readFile($tmp_name); | ||||
| $file_size = idx($spec, 'size'); | $file_size = idx($spec, 'size'); | ||||
| if (strlen($file_data) != $file_size) { | if (strlen($file_data) != $file_size) { | ||||
| throw new Exception(pht('File size disagrees with uploaded size.')); | throw new Exception(pht('File size disagrees with uploaded size.')); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 1,420 Lines • Show Last 20 Lines | |||||