66 */
77
88 /************************************************************************/
9- /* ajaxCRUD.class.php v8.82 */
9+ /* ajaxCRUD.class.php v8.9 */
1010 /* =========================== */
1111 /* Copyright (c) 2013 by Loud Canvas Media (arts@loudcanvas.com) */
1212 /* http://www.ajaxcrud.com by http://www.loudcanvas.com */
@@ -262,7 +262,7 @@ class ajaxCRUD{
262262
263263 //destination folder to be set for a particular field that allows uploading of files. the array is set as $field_name => $destination_folder
264264 var $ file_uploadsarray ();
265- var $ file_upload_infoarray (); //array[$field_name]['destination_folder'] and array[$field_name]['relative_folder ']
265+ var $ file_upload_infoarray (); //array[$field_name]['destination_folder'], array[$field_name]['relative_folder'], and array[$field_name]['permittedFileExts ']
266266 var $ filename_append_field"" ;
267267
268268 //array dictating that "dropdown" fields do not show dropdown (but text editor) on edit (format: array[field] = true/false);
@@ -727,12 +727,18 @@ function primaryKeyNotAutoIncrement(){
727727 $ this primaryKeyAutoIncrement = false ;
728728 }
729729
730- function setFileUpload ($ field_name$ destination_folder$ relative_folder"" ){
730+ //the forth optional param (permittedFileExts) was added in v8.9; it is an ARRAY of permitted file extensions allowed for upload; e.g. array("png", "jpg")
731+ function setFileUpload ($ field_name$ destination_folder$ relative_folder"" , $ permittedFileExts"" ){
731732 //put values into array
732733 $ this file_uploads [] = $ field_name
733734 $ this file_upload_info [$ field_name'destination_folder ' ] = $ destination_folder
734735 $ this file_upload_info [$ field_name'relative_folder ' ] = $ relative_folder
735736
737+ //added in v8.9
738+ if (is_array ($ permittedFileExts
739+ $ this file_upload_info [$ field_name'permittedFileExts ' ] = $ permittedFileExts
740+ }
741+
736742 //the filenames that are saved are not editable
737743 $ this disallowEdit ($ field_name
738744
@@ -1014,10 +1020,15 @@ function doAction($action){
10141020
10151021 if ($ uploads_on
10161022 foreach ($ this file_uploads as $ field_name
1017- $ file_dest$ this file_upload_info [$ field_name
1023+ $ file_dest$ this file_upload_info [$ field_name'destination_folder ' ];
1024+
1025+ $ allowedExts"" ;
1026+ if (isset ($ this file_upload_info [$ field_name'permittedFileExts ' ])){
1027+ $ allowedExts$ this file_upload_info [$ field_name'permittedFileExts ' ];
1028+ }
10181029
10191030 if ($ _FILES $ field_name'name ' ] != '' ){
1020- $ this uploadFile ($ insert_id$ field_name$ file_dest
1031+ $ this uploadFile ($ insert_id$ field_name$ file_dest, $ allowedExts
10211032 }
10221033 }
10231034 }
@@ -1070,15 +1081,20 @@ function doAction($action){
10701081 if ($ action'upload ' && $ _REQUEST 'field_name ' ] && $ _REQUEST 'id ' ] != '' && is_array ($ this file_uploads ) && in_array ($ _REQUEST 'field_name ' ],$ this file_uploads )){
10711082 $ update_id$ _REQUEST 'id ' ];
10721083 $ file_field$ _REQUEST 'field_name ' ];
1073- $ upload_folder$ this file_upload_info [$ file_field
1084+ $ upload_folder$ this file_upload_info [$ file_field' destination_folder '
10741085
1075- $ success$ this uploadFile ($ update_id$ file_field$ upload_folder
1086+ $ allowedExts"" ;
1087+ if (isset ($ this file_upload_info [$ file_field'permittedFileExts ' ])){
1088+ $ allowedExts$ this file_upload_info [$ file_field'permittedFileExts ' ];
1089+ }
1090+
1091+ $ success$ this uploadFile ($ update_id$ file_field$ upload_folder$ allowedExts
10761092
10771093 if ($ success
10781094 $ report_msg"File Uploaded Sucessfully. " ;
10791095 }
10801096 else {
1081- $ error_msg"There was an error uploading your file. Check permissions of the destination directory (make sure is set to 777) . " ;
1097+ // $error_msg[] = "There was an error uploading your file.";
10821098 }
10831099
10841100 }//action = upload
@@ -1092,7 +1108,7 @@ function doAction($action){
10921108 $ successqr ("UPDATE $ this db_table SET $ file_field = \"\" WHERE $ this db_table_pk = $ delete_id );
10931109
10941110 if ($ success
1095- $ file_dest$ this file_upload_info [$ file_field
1111+ $ file_dest$ this file_upload_info [$ file_field' destination_folder '
10961112
10971113 unlink ($ file_dest$ filename
10981114 $ report_msg"File Deleted Sucessfully. " ;
@@ -1191,12 +1207,22 @@ function createCSVOutput() {
11911207 }
11921208
11931209 //a file must have been "sent"/posted for this to work
1194- function uploadFile ($ row_id$ file_field$ upload_folder
1210+ function uploadFile ($ row_id$ file_field$ upload_folder$ allowedExts"" ){
1211+ global $ report_msg$ error_msg
1212+
11951213 @$ fileName$ _FILES $ file_field'name ' ];
11961214 @$ tmpName$ _FILES $ file_field'tmp_name ' ];
11971215 @$ fileSize$ _FILES $ file_field'size ' ];
11981216 @$ fileType$ _FILES $ file_field'type ' ];
11991217
1218+ if (is_array ($ allowedExts
1219+ $ fileExtstrtolower (pathinfo ($ fileNamePATHINFO_EXTENSION )); //gets file ext (lowercase)
1220+ if ( !in_array ($ fileExt$ allowedExts
1221+ $ error_msg"Upload failed. Selected file was extention <b>. {$ fileExt</b> but this is not an permitted file extension. " ;
1222+ return false ;
1223+ }
1224+ }
1225+
12001226 $ new_filenamemake_filename_safe ($ fileName
12011227 if ($ this filename_append_field != "" ){
12021228 if ($ _REQUEST $ this filename_append_field ] != '' ){
@@ -1233,16 +1259,13 @@ function uploadFile($row_id, $file_field, $upload_folder){
12331259 call_user_func ($ this onFileUploadExecuteCallBackFunction , $ file_info_array
12341260 }
12351261
1236- }
1237-
1238- if ($ update_success
1239- return true ;
1240- //$report_msg[] = "File Uploaded.";
1262+ if ($ update_successreturn true ;
12411263 }
12421264 else {
1243- return false ;
1244- //$error_msg[] = "There was an error uploading your file (or none was selected).";
1245- }
1265+ $ error_msg"There was an error uploading your file. Check permissions of the destination directory (make sure is set to 777). " ;
1266+ }
1267+
1268+ return false ;
12461269 }
12471270
12481271 function showTable (){
0 commit comments