FSST/Geizkragen
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor error handling in file upload process to suppress error display in browser and enhance server-side logging

Browse Source
This commit is contained in:
Fabian Schieder 2026-01-25 23:05:38 +01:00
parent 60cc9322cf
commit 3a17a957cb
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
upload.php
View File

@ -1,7 +1,8 @@
<?php <?php
ini_set('display_errors', 1); // Produktion: keine PHP-Fehler im Browser ausgeben (Logs bleiben serverseitig)
ini_set('display_startup_errors', 1); ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
error_reporting(E_ALL); error_reporting(E_ALL);
session_start(); session_start();
@ -31,6 +32,7 @@ $file = $_FILES['uploadFile'];
$fileError = isset($file['error']) ? (int)$file['error'] : UPLOAD_ERR_NO_FILE; $fileError = isset($file['error']) ? (int)$file['error'] : UPLOAD_ERR_NO_FILE;
if ($fileError !== UPLOAD_ERR_OK) if ($fileError !== UPLOAD_ERR_OK)
{ {
// Serverseitiges Log ist ok, aber kein Pfad/Interna im Browser
error_log('Upload: PHP upload error=' . $fileError); error_log('Upload: PHP upload error=' . $fileError);
header('Location: account.php?upload=err&code=php_' . $fileError); header('Location: account.php?upload=err&code=php_' . $fileError);
exit(); exit();
@ -40,7 +42,8 @@ if ($fileError !== UPLOAD_ERR_OK)
$tmp = isset($file['tmp_name']) ? (string)$file['tmp_name'] : ''; $tmp = isset($file['tmp_name']) ? (string)$file['tmp_name'] : '';
if ($tmp === '' || !is_uploaded_file($tmp)) if ($tmp === '' || !is_uploaded_file($tmp))
{ {
error_log('Upload: tmp invalid. tmp=' . $tmp); // Debug-Detail (tmp-Pfad) nicht loggen
error_log('Upload: tmp invalid');
header('Location: account.php?upload=err&code=tmp'); header('Location: account.php?upload=err&code=tmp');
exit(); exit();
} }
@ -56,6 +59,7 @@ $mime = $finfo->file($tmp);
if (!$mime || !isset($allowedMimeToExt[$mime])) if (!$mime || !isset($allowedMimeToExt[$mime]))
{ {
// Mime loggen ist ok (kein Secret), hilft bei Support
error_log('Upload: invalid mime=' . (string)$mime); error_log('Upload: invalid mime=' . (string)$mime);
header('Location: account.php?upload=err&code=mime'); header('Location: account.php?upload=err&code=mime');
exit(); exit();
@ -83,8 +87,6 @@ if ($docTargetDir !== '' && !is_dir($dirTargetDir) && is_dir($docTargetDir))
$targetDir = $docTargetDir; $targetDir = $docTargetDir;
} }
error_log('Upload: resolved targetDir=' . $targetDir . ' (DOCUMENT_ROOT=' . $documentRoot . ', __DIR__=' . __DIR__ . ')');
if (!is_dir($targetDir)) if (!is_dir($targetDir))
{ {
$mkOk = @mkdir($targetDir, 0755, true); $mkOk = @mkdir($targetDir, 0755, true);