ALERT - uploaded file contains binary data - file dropped

[ftpangel]

Hi,

By the title of this thread, I believe you know what I'm about to ask. I have been able to upload images through php before. But now, I get this error in the Error Log and don't know why. Could you please help me figure this out?

I also get an accompanying error:
File does not exist: /home/ftpangel/public_html/404.shtml, referer: http://flight.elementfx.com/index.php?action=edit&module=imagemanagermodule&src=@random482f4666ea440

domain: flight.elementfx.com
parked domain: angelflight.ab.ca

Thank you.

 

[Fedlerner]

What script are you using?
Please link me to the script so I can test it. PM me if you don't want it to be public.

 

[ftpangel]

Hi, no secrets here...i'm using the following page to save my images to the website that is using Exponent CMS

<?php

if (!defined('EXPONENT')) exit('');
$item = null;
if (isset($_POST['id'])) {
$item = $db->selectObject('imagemanageritem','id='.intval($_POST['id']));
if ($item) {
$loc = unserialize($item->location_data);
}
}
if ( ($item == null && exponent_permissions_check('post',$loc)) ||
($item != null && exponent_permissions_check('edit',$loc))
) {
// unset the image cache
exponent_sessions_clearAllUsersSessionCache('imagemanagermodule');
$item = imagemanageritem::update($_POST,$item);
$item->location_data = serialize($loc);

if (!isset($item->id)) {
// check for real images.
$filenew = $_FILES['file']['tmp_name'];
$fileup = getimagesize ( $filenew );

if (
$fileup[2] > 0 &&
$fileup[1] > 0) {
if (!defined('SYS_FILES')) include_once(BASE.'subsystems/files.php');

$directory = 'files/imagemanagermodule/'.$loc->src;
$fname = null;

if (exponent_files_uploadDestinationFileExists($directory,'file')) {
// Auto-uniqify Logic here
$fileinfo = pathinfo($_FILES['file']['name']);
$fileinfo['extension'] = '.'.$fileinfo['extension'];
do {
$fname = basename($fileinfo['basename'],$fileinfo['extension']).uniqid('').$fileinfo['extension'];
} while (file_exists(BASE.$directory.'/'.$fname));
}

$file = file::update('file',$directory,null,$fname);
if (is_object($file)) {
$item->file_id = $db->insertObject($file,'file');
// Make thumbnail?
$db->insertObject($item,'imagemanageritem');

exponent_flow_redirect();
} else {
// If file::update() returns a non-object, it should be a string. That string is the error message.
$post = $_POST;
$post['_formError'] = $file;
exponent_sessions_set('last_POST',$post);
header('Location: ' . $_SERVER['HTTP_REFERER']);
}
}
} else {
$db->updateObject($item,'imagemanageritem');
exponent_flow_redirect();
}
} else {
echo SITE_403_HTML;
}
?>

 

[Corey]

Login to your account panel here: http://x10hosting.com/account and upgrade your PHP version to intermediate.

-Corey

 

[ftpangel]

Awesome, Corey, thank you for the prompt reply! I honestly appreciate it. I have done what you asked. I guess I'll see if they grant my request. Nice avatar, by the way!

 

[Corey]

Thanks

We grant all requests for intermediate. Let us know if it isn't working tomorrow still.

-Corey

 

[ftpangel]

:happysad::biggrin: YOU ARE AWESOME...it works!!!!!!! Thanks so much Corey! You're the MAN!