vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   File Sanitize / cleaning via Vbulletin (https://vborg.vbsupport.ru/showthread.php?t=319092)

Mickie D 06-16-2015 07:14 AM
File Sanitize / cleaning via Vbulletin
 
How do I convert this for VBulletin Sanitize (cleaning).

PHP Code:
$_FILES["fileToUpload"]["size"
I tried this but it breaks the page

PHP Code:
$vbulletin->input->clean_gpc('f''fileToUpload''size'TYPE_FILE); 
Thank you.

cellarius 06-16-2015 07:39 AM
Quote:
Originally Posted by Mickie D (Post 2547923)
it breaks the page
Be specific, please.

Quote:
PHP Code:
$vbulletin->input->clean_gpc('f''fileToUpload''size'TYPE_FILE); 
You did replace 'fileToUpload' and 'size' with the variables that contain the actual values, did you?

Mickie D 06-16-2015 08:00 AM
Quote:
Originally Posted by cellarius (Post 2547926)
Be specific, please.


You did replace 'fileToUpload' and 'size' with the variables that contain the actual values, did you?

thanks for the reply, yes those values are the values from the form.

What happens is nothing, it does not upload at all nothing gets moved into the directory.
The strangest thing also is I have another part of the script that outputs the files from foreach loop using DIV'S and the vbulletin form code breaks this when I change it , makes everything huge (which I cannot explain).

But as soon as I change it back to the $_FILE method it works perfectly?

I am just trying for good practice and security to use the built in vbulletin cleaning functions...

kh99 06-16-2015 03:12 PM
The clean_gpc function only takes 3 arguments. I've never used the vbulletin functions to do file uploads, but I think you want something like:
Code:
$vbulletin->input->clean_gpc('f', 'fileToUpload', TYPE_FILE); 

$vbulletin->GPC['fileToUpload']['size']

That is, after calling clean_gpc, the size value would be in $vbulletin->GPC['fileToUpload']['size'].

Mickie D 06-16-2015 04:43 PM
Quote:
Originally Posted by kh99 (Post 2547962)
The clean_gpc function only takes 3 arguments. I've never used the vbulletin functions to do file uploads, but I think you want something like:
Code:
$vbulletin->input->clean_gpc('f', 'fileToUpload', TYPE_FILE); 

$vbulletin->GPC['fileToUpload']['size']

That is, after calling clean_gpc, the size value would be in $vbulletin->GPC['fileToUpload']['size'].

I will give that a go once my kids get off the PC...

Also when you say 3 arguments, are you talking about GET, POST, FILE ?

Or the SIZE, TYPE, ERROR, NAME, etc

Thanks again

kh99 06-16-2015 04:50 PM
I mean parameters, values you pass to the function, like 'f', 'fileToUpload', TYPE_FILE. In your first post you have 4.

Mickie D 06-16-2015 04:53 PM
Ah, I see the second code I posted only has 3 arguments allowed :)

Cheers


All times are GMT. The time now is 11:34 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01051 seconds
  • Memory Usage 1,731KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (3)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete