Upload not working with - files.gallery

F

fabiosistemi

New member
I’m creating a gallery with the files.gallery product, but the file upload function doesn’t work.

It always gives me a file size error and nothing is uploaded to me.

The files.gallery support tells me that this is a problem with ExeOutput for PHP.

Loading the same files.gallery script into XAMP everything works without problems.

you can download the script from Files Gallery check system and config.
 
The files are loaded into the Data folder
specified in the various settings of the ExeOutput for PHP software
C:\output\Data

From the script, if I try to create a folder or a .txt file, the operation happens without problems.

What gets knocked out is file uploading

This is the code section of the php file used. ( you can download the script from https://cdn.jsdelivr.net/npm/files.photo.gallery/index.php)
Code: 
 // UPLOAD
    if($task === 'upload'){
      // upload path must be dir
      if(!$is_dir) json_error('invalid dir ' . $post_path);
      // upload path must be writeable
      if(!is_writable($path)) json_error('upload dir ' . $post_path . ' is not writeable');
      // get $_FILES['file']
      $file = isset($_FILES) && isset($_FILES['file']) && is_array($_FILES['file']) ? $_FILES['file'] : false;
      // invalid $_FILES['file']
      if(empty($file) || !isset($file['error']) || is_array($file['error'])) json_error('invalid $_FILES[]');
      // PHP meaningful file upload errors / https://www.php.net/manual/en/features.file-upload.errors.php
      if($file['error'] !== 0) {
        $upload_errors = array(
          1 => 'Uploaded file exceeds upload_max_filesize directive in php.ini',
          2 => 'Uploaded file exceeds MAX_FILE_SIZE directive specified in the HTML form',
          3 => 'The uploaded file was only partially uploaded',
          4 => 'No file was uploaded',
          6 => 'Missing a temporary folder',
          7 => 'Failed to write file to disk.',
          8 => 'A PHP extension stopped the file upload.'
        );
        json_error(isset($upload_errors[$file['error']]) ? $upload_errors[$file['error']] : 'unknown error');
      }
      // invalid $file['size']
      if(!isset($file['size']) || empty($file['size'])) json_error('invalid file size');
      // $file['size'] must not exceed $config['upload_max_filesize']
      if(config::$config['upload_max_filesize'] && $file['size'] > config::$config['upload_max_filesize']) json_error('File size [' . $file['size'] . '] exceeds upload_max_filesize option [' . config::$config['upload_max_filesize'] . ']');
      // filename
      $filename = $file['name'];
      // security: slashes are never ever allowed in filenames / always basenamed() but just in case
      if(strpos($filename, '/') !== false || strpos($filename, '\\') !== false) json_error('Illegal \slash/ in filename ' . $filename);
      // allow only valid file types from config::$config['upload_allowed_file_types'] / 'image/*, .pdf, .mp4'
      $allowed_file_types = !empty(config::$config['upload_allowed_file_types']) ? array_filter(array_map('trim', explode(',', config::$config['upload_allowed_file_types']))) : false;
      if(!empty($allowed_file_types)){
        $mime = get_mime($file['tmp_name']) ?: $file['type']; // mime from PHP or upload[type]
        $ext = strrchr(strtolower($filename), '.');
        $is_valid = false;
        // check if extension match || wildcard match mime type image/*
        foreach ($allowed_file_types as $allowed_file_type) if($ext === ('.'.ltrim($allowed_file_type, '.')) || fnmatch($allowed_file_type, $mime)) {
          $is_valid = true;
          break;
        }
        if(!$is_valid) json_error('invalid file type ' . $filename);
        // extra security: check if image is image
        if(function_exists('exif_imagetype') && in_array($ext, ['.gif', '.jpeg', '.jpg', '.png', '.swf', '.psd', '.bmp', '.tif', '.tiff', 'webp', 'avif']) && !@exif_imagetype($file['tmp_name'])) json_error('invalid image type ' . $filename);
      }

      // file naming if !overwrite and file exists
      if(config::$config['upload_exists'] !== 'overwrite' && file_exists("$path/$filename")){

        // fail if !increment / 'upload_exists' => 'fail' || false || '' empty
        if(config::$config['upload_exists'] !== 'increment') json_error("$filename already exists");

        // increment filename / 'upload_exists' => 'increment'
        $name = pathinfo($filename, PATHINFO_FILENAME);
        $ext = pathinfo($filename, PATHINFO_EXTENSION);
        $inc = 1;
        while(file_exists($path . '/' . $name . '-' . $inc . '.' . $ext)) $inc ++;
        $filename = $name . '-' . $inc . '.' . $ext;
      }

      // all is well! attempt to move_uploaded_file()
      if(@move_uploaded_file($file['tmp_name'], "$path/$filename")) fm_json_exit(true, array(
        'success' => true,
        'filename' => $filename, // return filename in case it was incremented or renamed
        'url' => get_url_path("$path/$filename") // for usage with showLinkToFileUploadResult
      ));

      // error if failed to move uploaded file
      json_error('failed to move_uploaded_file()');
This is what the script developer wrote to me when I pointed out the error to him.

As noted, I see the “invalid file size” in your screenshot, and there is only one place in Files Gallery index.php that outputs that. Line 1401 in version 0.8.4:
Code: 
if(!isset($file['size']) || empty($file['size'])) json_error('invalid file size');
Thus your $_FILES['file']['size'] is empty or missing. This always needs to be set, because for example we need to check if it exceeds your selected max file size. It should never be omitted. There are examples for $_FILES["fileToUpload"]["size"] in the upload script link I provided in my last post
 
Last edited:
Could it be due to the Chromium engine currently used?

I’m using the latest one available for the 2021 version of ExeOutput for PHP
 
By commenting the lines below, the error: invalid file size disappears, the file is loaded in the correct folder, but its size is always 0 bytes

// if(!isset($file[‘size’]) || empty($file[‘size’])) json_error(‘invalid file size’);
// if(config::$config[‘upload_max_filesize’] && $file[‘size’] > config::$config[‘upload_max_filesize’]) json_error(‘File size [’ . $file[‘size’] . ‘] exceeds upload_max_filesize option [’ . config::$config[‘upload_max_filesize’] . ‘]’);

The script developer adds:
Maybe phpExec doesn’t like the default server TEMP upload path?

I hope that with this information, we can solve the problem.

For me it would be great to be able to solve it. Otherwise, I will have to find other alternatives for managing file uploads.
 
Last edited:
And do you see some error in the PHP error log?
File upload usually works fine. For instance, in the WordPress demo, you can upload files such as images, etc.
What is the default server TEMP upload path?
 
No I didn’t solve the problem.
I can’t find the cause.

I encountered the problem with the files.gallery project

if I test with a simple PHP upload page, I can upload the file without problems.

It may depend on the browser engine version, I’m waiting for a new version to be released. maybe this will solve it.

If anyone has any other suggestions, please write.
 
For me, it’s working with base64, but not for blobs.
In all explorers works with blobs.
 
Last edited:
You must log in or register to reply here.
Back
Top