NFOmation - Your Ultimate NFO Upload Resource!

0) { $iserror = true; $err_append = 'Return Code: ' . $_FILES['nfofile']['error']; } else { /* echo 'Upload: ' . $_FILES['nfofile']['name'] . '
'; echo 'Type: ' . $_FILES['nfofile']['type'] . '
'; echo 'Size: ' . ($_FILES['nfofile']['size'] / 1024) . ' Kb
'; echo 'Temp file: ' . $_FILES['nfofile']['tmp_name'] . '
'; */ if ($_FILES['nfofile']['size'] > 307200) { $iserror = true; $err_append = ': file too big'; } else { if ( strtolower(substr($_FILES['nfofile']['name'], -4, 4)) == '.nfo' || strtolower(substr($_FILES['nfofile']['name'], -4, 4)) == '.txt') { $file_good = false; $file_type = get_file_type($_FILES['nfofile']['tmp_name']); if (strpos($file_type, 'text/') !== false) { // file type is questionable, lets read first few bytes to check for some patterns // right now we are only checking 7-zip $fh = fopen($_FILES['nfofile']['tmp_name'], 'r'); $file_header = strtolower(fread($fh, 50)); fclose($fh); if ( strpos($file_header, '.nfo is unavailable') === false && strpos($file_header, '') === false ) { $file_good = true; } // $file_good = true; } else { if (strpos($file_type, 'application/octet-stream') !== false) { // file type is questionable, lets read first few bytes to check for some patterns // right now we are only checking 7-zip $fh = fopen($_FILES['nfofile']['tmp_name'], 'r'); $file_header = strtolower(fread($fh, 15)); fclose($fh); if ( strpos($file_header, '7z') === false && strpos($file_header, 'mz') === false && strpos($file_header, '') === false && strpos($file_header, '.nfo is unavailable') === false ) { $file_good = true; } } } if ($file_good) { $_FILES['nfofile']['name'] = str_replace(' ','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = preg_replace('/(?:\.|[\.]){2,}/', "\._", $_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('\\','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('/','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('\'','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('`','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('!','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('@','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('#','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('$','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('%','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('^','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('&','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('*','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('(','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace(')','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('_','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('"','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('+','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace(',','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('<','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('>','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace(';','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace(':','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('{','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('}','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('|','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('?','_',$_FILES['nfofile']['name']); $_FILES['nfofile']['name'] = str_replace('~','_',$_FILES['nfofile']['name']); if (file_exists($base . '/' . $ts . '.' . $_FILES['nfofile']['name'])) { echo $ts . '.' . $_FILES['nfofile']['name'] . ' already exists. '; } else { move_uploaded_file($_FILES['nfofile']['tmp_name'], $base . '/' . $ts . '.' . $_FILES['nfofile']['name']); header('Location: ' . 'info/' . urlencode($ts . '.' . $_FILES['nfofile']['name']), true, 303); die(); } } else { $iserror = true; $err_append = ': bad file, looks like your trying to pull a fast one on us by renaming a file or uploading a blacklisted file signature.'; } } else { $iserror = true; $err_append = ': bad file extension'; } } } } mb_language('uni'); mb_internal_encoding('UTF-8'); header('Content-Type: text/html; charset=utf-8'); if ($iserror === true) { $mode = 'error'; } else { $mode = 'home'; if (isset($_GET['error'])) { $iserror = true; $mode = 'error'; if (isset($_GET['error-type'])) { $err_append = ' ('.nl2br(htmlspecialchars(addslashes($_GET['error-type']))).')'; } } } // have to use this since mime-magic is depricated and did not work function get_file_type($file) { if(function_exists('shell_exec') === TRUE) { $dump = shell_exec(sprintf('file -bi %s', $file)); $info = explode(';', $dump); return $info[0]; } return FALSE; } ?> NFOmation - Your Ultimate NFO Upload Resource!

NFOmation say you fail