From 19471a6f274420b5b3b4ad6839d48caa5251e19c Mon Sep 17 00:00:00 2001
From: root <root@server1.ispc.lan>
Date: Wed, 22 Mar 2023 22:16:47 +0000
Subject: [PATCH] Erlaube nur png/jpg/jpeg in upload.php

---
 upload.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/upload.php b/upload.php
index 3d4170f..3ad8018 100644
--- a/upload.php
+++ b/upload.php
@@ -4,10 +4,11 @@ include('config.php');
 
 if(isset($_FILES['upload'])) {
 	$extension = pathinfo($_FILES['upload']['name'], PATHINFO_EXTENSION);
-	$filename = generate_hash($hashlen) . '.' . $extension;
-	move_uploaded_file($_FILES['upload']['tmp_name'], $datadir . '/' . $filename);
-
-	echo json_encode(['datadir' => $datadir, 'filename' => $filename]);
+	if($extension == 'jpg' || $extension == 'jpeg' || $extension == 'png') {
+		$filename = generate_hash($hashlen) . '.' . $extension;
+		move_uploaded_file($_FILES['upload']['tmp_name'], $datadir . '/' . $filename);
+		echo json_encode(['datadir' => $datadir, 'filename' => $filename]);
+	}
 }
 
 function generate_hash(int $length) {