PDA

View Full Version : File Sanitize / cleaning via Vbulletin

Mickie D
06-16-2015, 07:14 AM
How do I convert this for VBulletin Sanitize (cleaning).


$_FILES["fileToUpload"]["size"]


I tried this but it breaks the page


$vbulletin->input->clean_gpc('f', 'fileToUpload', 'size', TYPE_FILE);


Thank you.
cellarius
06-16-2015, 07:39 AM
it breaks the page
Be specific, please.


$vbulletin->input->clean_gpc('f', 'fileToUpload', 'size', TYPE_FILE);

You did replace 'fileToUpload' and 'size' with the variables that contain the actual values, did you?
Mickie D
06-16-2015, 08:00 AM
Be specific, please.


You did replace 'fileToUpload' and 'size' with the variables that contain the actual values, did you?


thanks for the reply, yes those values are the values from the form.

What happens is nothing, it does not upload at all nothing gets moved into the directory.
The strangest thing also is I have another part of the script that outputs the files from foreach loop using DIV'S and the vbulletin form code breaks this when I change it , makes everything huge (which I cannot explain).

But as soon as I change it back to the $_FILE method it works perfectly?

I am just trying for good practice and security to use the built in vbulletin cleaning functions...
kh99
06-16-2015, 03:12 PM
The clean_gpc function only takes 3 arguments. I've never used the vbulletin functions to do file uploads, but I think you want something like:
$vbulletin->input->clean_gpc('f', 'fileToUpload', TYPE_FILE);

$vbulletin->GPC['fileToUpload']['size']


That is, after calling clean_gpc, the size value would be in $vbulletin->GPC['fileToUpload']['size'].
Mickie D
06-16-2015, 04:43 PM
The clean_gpc function only takes 3 arguments. I've never used the vbulletin functions to do file uploads, but I think you want something like:
$vbulletin->input->clean_gpc('f', 'fileToUpload', TYPE_FILE);

$vbulletin->GPC['fileToUpload']['size']


That is, after calling clean_gpc, the size value would be in $vbulletin->GPC['fileToUpload']['size'].


I will give that a go once my kids get off the PC...

Also when you say 3 arguments, are you talking about GET, POST, FILE ?

Or the SIZE, TYPE, ERROR, NAME, etc

Thanks again
kh99
06-16-2015, 04:50 PM
I mean parameters, values you pass to the function, like 'f', 'fileToUpload', TYPE_FILE. In your first post you have 4.
Mickie D
06-16-2015, 04:53 PM
Ah, I see the second code I posted only has 3 arguments allowed :)

Cheers