Skip to content

Commit

Permalink
Added Filetype check for uploading surveys
Browse files Browse the repository at this point in the history
  • Loading branch information
@Epd02
Epd02 committed Nov 22, 2023
1 parent d8328c0 commit 18f39f6
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions application/Controller/AdminSurveyController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,16 @@ protected function validateUploadedFile($file, $editing = false) {
if (empty($file['name'])) {
return false;
}

// Define the list of allowed extensions
$allowedExtensions = array('xls', 'xlsx', 'ods', 'xml', 'txt', 'csv');
// Get the file extension

This comment has been minimized.

Sign in to view

Copy link
@rubenarslan

rubenarslan Feb 19, 2024

Owner

JSON fehlt.
$fileExtension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
// Check if the extension is in the allowed list
if(!in_array($fileExtension, $allowedExtensions)){
alert("<strong>Error:</strong> The format must be one of .xls, .xlsx, .ods, .xml, .txt, or .csv.", 'alert-danger');
return false;
}

$name = preg_filter("/^([a-zA-Z][a-zA-Z0-9_]{2,64})(-[a-z0-9A-Z]+)?\.[a-z]{3,4}$/", "$1", basename($file['name']));
if (!preg_match("/[a-zA-Z][a-zA-Z0-9_]{2,64}/", (string)$name)) {
Expand Down

0 comments on commit 18f39f6

Please sign in to comment.