ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add isset check on file upload

Browse Source
This commit is contained in:
johnnyq
2024-11-19 11:59:52 -05:00
parent c181954960
commit b7163dad6d
7 changed files with 121 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files
post/admin/admin_settings_company.php
+2
View File
@@ -19,6 +19,7 @@ if (isset($_POST['edit_company'])) {
$existing_file_name = sanitizeInput($row['company_logo']);
// Company logo
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'png'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
@@ -35,6 +36,7 @@ if (isset($_POST['edit_company'])) {
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1");
}
}
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website' WHERE company_id = 1");
post/admin/admin_user.php
+4
View File
@@ -31,6 +31,7 @@ if (isset($_POST['add_user'])) {
// Check for and process image/photo
$extended_alert_description = '';
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
@@ -44,6 +45,7 @@ if (isset($_POST['add_user'])) {
mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
$extended_alert_description = '. File successfully uploaded.';
}
}
// Create Settings
mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_role = $role, user_config_force_mfa = $force_mfa");
@@ -129,6 +131,7 @@ if (isset($_POST['edit_user'])) {
// Check for and process image/photo
$extended_alert_description = '';
if (isset($_FILES['file']['tmp_name'])) {\
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
@@ -146,6 +149,7 @@ if (isset($_POST['edit_user'])) {
$extended_alert_description = '. File successfully uploaded.';
}
}
mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
post/user/asset.php
+2
View File
@@ -19,6 +19,7 @@ if (isset($_POST['add_asset'])) {
$asset_id = mysqli_insert_id($mysqli);
// Add Photo
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
@@ -33,6 +34,7 @@ if (isset($_POST['add_asset'])) {
mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id");
}
}
// Add Primary Interface
mysqli_query($mysqli,"INSERT INTO asset_interfaces SET interface_name = 'Primary', interface_mac = '$mac', interface_ip = '$ip', interface_nat_ip = '$nat_ip', interface_ipv6 = '$ipv6', interface_port = 'eth0', interface_primary = 1, interface_network_id = $network, interface_asset_id = $asset_id");
post/user/contact.php
+5 -1
View File
@@ -46,6 +46,7 @@ if (isset($_POST['add_contact'])) {
}
// Check for and process image/photo
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
@@ -61,13 +62,14 @@ if (isset($_POST['add_contact'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
}
}
// Logging
logAction("Contact", "Create", "$session_name created contact $name", $client_id, $contact_id);
customAction('contact_create', $contact_id);
$_SESSION['alert_message'] = "Contact <strong>$name</strong> created";
//$_SESSION['alert_message'] = "Contact <strong>$name</strong> created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -121,6 +123,7 @@ if (isset($_POST['edit_contact'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_department = '$department', contact_location_id = $location_id, contact_user_id = $contact_user_id WHERE contact_id = $contact_id");
// Upload Photo
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
// Set directory in which the uploaded file will be moved
@@ -136,6 +139,7 @@ if (isset($_POST['edit_contact'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
}
}
// Tags
// Delete existing tags
post/user/expense.php
+5
View File
@@ -15,6 +15,8 @@ if (isset($_POST['add_expense'])) {
// Check for and process attachment
$extended_alert_description = '';
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
@@ -27,6 +29,7 @@ if (isset($_POST['add_expense'])) {
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$extended_alert_description = '. File successfully uploaded.';
}
}
//Logging
logAction("Expense", "Create", "$session_name created expense $description", $client, $expense_id);
@@ -51,6 +54,7 @@ if (isset($_POST['edit_expense'])) {
// Check for and process attachment
$extended_alert_description = '';
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
@@ -66,6 +70,7 @@ if (isset($_POST['edit_expense'])) {
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$extended_alert_description = '. File successfully uploaded.';
}
}
mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = $amount, expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference' WHERE expense_id = $expense_id");
post/user/location.php
+2
View File
@@ -33,6 +33,7 @@ if(isset($_POST['add_location'])){
mysqli_query($mysqli,"UPDATE locations SET location_primary = 1 WHERE location_id = $location_id");
}
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
$file_tmp_path = $_FILES['file']['tmp_name'];
@@ -46,6 +47,7 @@ if(isset($_POST['add_location'])){
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
}
}
// Logging
logAction("Location", "Create", "$session_name created location $name", $client_id, $location_id);
post/user/profile.php
+2
View File
@@ -49,6 +49,7 @@ if (isset($_POST['edit_your_user_details'])) {
}
// Photo
if (isset($_FILES['file']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['avatar'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
$file_tmp_path = $_FILES['avatar']['tmp_name'];
@@ -68,6 +69,7 @@ if (isset($_POST['edit_your_user_details'])) {
$extended_log_description .= ", avatar updated";
}
}
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $session_user_id");