diff --git a/inc/config.php b/inc/config.php index b2bfa3fe..86d36feb 100644 --- a/inc/config.php +++ b/inc/config.php @@ -40,7 +40,8 @@ define('ERROR_NOMOVE', 'The server failed to handle your upload.'); define('ERROR_FILEEXT', 'Unsupported image format.'); define('ERR_INVALIDIMG','Invalid image.'); - define('ERR_FILSIZE','The file was too large.'); + define('ERR_FILSIZE', 'The file was too large.'); + define('ERR_MAXSIZE', 'The file was too big.'); // For resizing, max values define('THUMB_WIDTH', 200); @@ -48,6 +49,9 @@ // Maximum image upload size in bytes define('MAX_FILESIZE', 1048576); // 10MB + // Maximum image dimensions + define('MAX_WIDTH', 1000); + define('MAX_HEIGHT', MAX_WIDTH); define('DIR_IMG', 'src/'); define('DIR_THUMB', 'thumb/'); diff --git a/post.php b/post.php index 23eb0453..22aba6af 100644 --- a/post.php +++ b/post.php @@ -121,6 +121,11 @@ error(ERR_INVALIDIMG); } + if($post['width'] > MAX_WIDTH || $post['height'] > MAX_HEIGHT) { + unlink($post['file']); + error(ERR_MAXSIZE); + } + $post['filesize'] = filesize($post['file']); $thumb = resize($post['extension'], $post['file'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); $post['thumbwidth'] = $thumb['width'];