From 24a4ffd52cff3fc2118483f08b6469ad7c68e81d Mon Sep 17 00:00:00 2001
From: tohe <tobias.herre@wikimedia.de>
Date: Fri, 18 Sep 2020 14:18:08 +0000
Subject: [PATCH] Check that uploaded file is an PDF

---
 upload.php | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/upload.php b/upload.php
index f98c46f..1d11b8f 100644
--- a/upload.php
+++ b/upload.php
@@ -14,12 +14,21 @@ foreach ($_FILES as $key=>$files){
 	for ($i=0; $i < count($files['name']); $i++){
 		$tmpname = $files['tmp_name'][$i];
 
-		$jo ["file-$key-$i"] = array(
-			"url" => "url.txt",
-			"name" => $files['name'][$i],
-			"id" => $tmpname,
-			"size" => sprintf("%0.1fK",$files['size'][$i]/1024.0)
-		);
+		$ft = mime_content_type($tmpname);
+		if ($ft != "application/pdf"){
+			$jo = array(
+				"type" => "error" 
+			);
+
+		} else {
+
+			$jo ["file-$key-$i"] = array(
+				"url" => "url.txt",
+				"name" => $files['name'][$i],
+				"id" => $tmpname,
+				"size" => sprintf("%0.1fK",$files['size'][$i]/1024.0)
+			);
+		}
 
 		$_SESSION['files'][$tmpname]['content']=
 			file_get_contents($tmpname);
@@ -39,8 +48,7 @@ foreach ($_SESSION['files'] as $key => $val) {
 $j = json_encode ($jo);
 echo $j;
 
-error_log("\n\n ----- files ----- \n\n$files\n\n\n");
-$xp = xvar_dump($_FILES);
-
-error_log("\n\n ----- FILES ----- \n\n$$xp\n\n\n");
+#error_log("\n\n ----- files ----- \n\n$files\n\n\n");
+#$xp = xvar_dump($_FILES);
+#error_log("\n\n ----- FILES ----- \n\n$$xp\n\n\n");