Merge pull request #137 from CraftMyWebsite/guedesite-patch-1

Update uploadImg.php

admin/actions/uploadImg.php

@@ -3,24 +3,37 @@
 	$dossier = './theme/upload/panel/';
 	$taille_maxi = 10000000;
 
-	$fichier = basename($_FILES['img']['name']);
-	$taille = filesize($_FILES['img']['tmp_name']);
-	$extensions = array('.ico', '.bmp', '.png', '.gif', '.jpg', '.jpeg');
-	$extension = strrchr($_FILES['img']['name'], '.'); 
-	if(!in_array($extension, $extensions))
-		header ("Refresh: ?page=upload&erreur=1");
+	$fichier = $_FILES['img']['name'];
+	$taille = $_FILES['img']['size'];
+	$extensions = array('ico', 'bmp', 'png', 'gif', 'jpg', 'jpeg');
+	$extension = pathinfo($_FILES['img']['name'], PATHINFO_EXTENSION); 
+	if(!in_array(strtolower($extension), $extensions))
+	{
+		header ("location: admin.php?page=upload&erreur=0");
+		exit();
+	}
 	if($taille > $taille_maxi)
-		header ("Refresh: ?page=upload&erreur=1");
+	{
+		header ("location: admin.php?page=upload&erreur=1");
+		exit();
+	}
 	if (file_exists($dossier.$fichier))
-		header ("Refresh: ?page=upload&erreur=2");
+	{
+		header ("location: admin.php?page=upload&erreur=2");
+		exit();
+	}
 
 
 	$fichier = strtr($fichier, 
 		'ÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÒÓÔÕÖÙÚÛÜÝàáâãäåçèéêëìíîïðòóôõöùúûüýÿ', 
 		'AAAAAACEEEEIIIIOOOOOUUUUYaaaaaaceeeeiiiioooooouuuuyy');
 	$fichier = preg_replace('/([^.a-z0-9]+)/i', '-', $fichier);
 	if(!move_uploaded_file($_FILES['img']['tmp_name'], $dossier . $fichier))
-		header ("Refresh: ?page=upload&erreur=3");
+	{
+		header ("location: admin.php?page=upload&erreur=3");
+		exit();
+	}
 
-	header ("Refresh: ?page=upload");
+	header ("location: admin.php?page=upload&success");
+	exit();
 }?>