HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/cms.naniguide.com/admin/includes/uploadifive/uploader/uploadifive.php
<?php
/**
 * Script called (Ajax) to upload media files using Uplaodifive plugin
 */
session_start();
if(!isset($_SESSION['user'])) exit();

if(defined('PMS_DEMO') && PMS_DEMO == 1) exit();

if(isset($_POST['uniqid']) && isset($_POST['timestamp']) && isset($_POST['dir']) && isset($_POST['root_bo']) && isset($_POST['lang']) && isset($_POST['exts'])){

    $verifyToken = md5('sessid_'.$_POST['uniqid'].$_POST['timestamp']);
                
    if(!empty($_FILES) && $_POST['token'] == $verifyToken){
        
        $dir = $_POST['dir'];
        $path = '../../../../medias/'.$dir.'/tmp';
        $root_bo = $_POST['root_bo'];
        $lang = $_POST['lang'];
        
        $uniqid = uniqid();
        
        // upload folder for a session
        if(!is_dir($path.'/'.$verifyToken)) mkdir($path.'/'.$verifyToken, 0777);
        chmod($path.'/'.$verifyToken, 0777);
        if(!is_dir($path.'/'.$verifyToken.'/'.$lang)) mkdir($path.'/'.$verifyToken.'/'.$lang, 0777);
        chmod($path.'/'.$verifyToken.'/'.$lang, 0777);
        if(!is_dir($path.'/'.$verifyToken.'/'.$lang.'/'.$uniqid)) mkdir($path.'/'.$verifyToken.'/'.$lang.'/'.$uniqid, 0777);
        chmod($path.'/'.$verifyToken.'/'.$lang.'/'.$uniqid, 0777);

        $tempFile = $_FILES['Filedata']['tmp_name'];
        
        $ext = mb_strtolower(strrchr($_FILES['Filedata']['name'], '.'), 'UTF-8');
        $filename = str_replace($ext, '', mb_strtolower($_FILES['Filedata']['name'], 'UTF-8'));
        
        $patern_from = 'ÀÁÂÃÄÅàáâãäåÒÓÔÕÖØòóôõöøÈÉÊËèéêëÇçÌÍÎÏìíîïÙÚÛÜùúûüýÿÑñ';
        $patern_to = 'aaaaaaaaaaaaooooooooooooeeeeeeeecciiiiiiiiuuuuuuuuyynn';
        
        $filename = utf8_decode($filename);
        $patern_from = utf8_decode($patern_from);
        $patern_to = utf8_decode($patern_to);
        
        $filename = strtr($filename, $patern_from, $patern_to);
        $filename = preg_replace('/([^a-z0-9]+)/i', '-', $filename);
        $filename = preg_replace('/-[-]+/', '-', $filename);
        $filename = trim($filename, '-');
        $filename = strtolower($filename);
        $filename = utf8_encode($filename).$ext;
            
        $targetFile = $path.'/'.$verifyToken.'/'.$lang.'/'.$uniqid.'/'.$filename;
        
        // file type checking
        $fileTypes = unserialize(stripslashes($_POST['exts'])); // files extensions
        $fileParts = pathinfo($_FILES['Filedata']['name']);
        
        if(in_array(mb_strtolower($fileParts['extension'], 'UTF-8'), $fileTypes)){
                        
            move_uploaded_file($tempFile, $targetFile);
            
            $dim = @getimagesize($targetFile);
            if(is_array($dim)){
                $w = $dim[0];
                $h = $dim[1];
            }else{
                $w = 0;
                $h = 0;
            }
            
            $bytes = floatval(filesize($targetFile));
            
            $arBytes = array(
                0 => array(
                    'UNIT' => 'To',
                    'VALUE' => pow(1024, 4)
                ),
                1 => array(
                    'UNIT' => 'Go',
                    'VALUE' => pow(1024, 3)
                ),
                2 => array(
                    'UNIT' => 'Mo',
                    'VALUE' => pow(1024, 2)
                ),
                3 => array(
                    'UNIT' => 'Ko',
                    'VALUE' => 1024
                ),
                4 => array(
                    'UNIT' => 'octets',
                    'VALUE' => 1
                ),
            );
            $result = '';
            foreach($arBytes as $arItem){
                if($bytes >= $arItem['VALUE']){
                    $result = $bytes / $arItem['VALUE'];
                    $result = str_replace('.', ',' , strval(round($result, 2))).' '.$arItem['UNIT'];
                    break;
                }
            }
            
            echo $root_bo.'../'.str_replace('../', '', $targetFile).'|'.$result.'|'.$w.'|'.$h;    
        }
    }
}