Refactor error handling in file upload process to suppress error display in browser and enhance server-side logging

2026-01-25 23:05:38 +01:00 · 2026-01-25 23:05:38 +01:00 · 3a17a957cb
commit 3a17a957cb
parent 60cc9322cf
1 changed files with 7 additions and 5 deletions
--- a/upload.php
+++ b/upload.php
@ -1,7 +1,8 @@
 <?php

-ini_set('display_errors', 1);
-ini_set('display_startup_errors', 1);
+// Produktion: keine PHP-Fehler im Browser ausgeben (Logs bleiben serverseitig)
+ini_set('display_errors', 0);
+ini_set('display_startup_errors', 0);
 error_reporting(E_ALL);

 session_start();
@ -31,6 +32,7 @@ $file = $_FILES['uploadFile'];
 $fileError = isset($file['error']) ? (int)$file['error'] : UPLOAD_ERR_NO_FILE;
 if ($fileError !== UPLOAD_ERR_OK)
 {
+    // Serverseitiges Log ist ok, aber kein Pfad/Interna im Browser
    error_log('Upload: PHP upload error=' . $fileError);
    header('Location: account.php?upload=err&code=php_' . $fileError);
    exit();
@ -40,7 +42,8 @@ if ($fileError !== UPLOAD_ERR_OK)
 $tmp = isset($file['tmp_name']) ? (string)$file['tmp_name'] : '';
 if ($tmp === '' || !is_uploaded_file($tmp))
 {
-    error_log('Upload: tmp invalid. tmp=' . $tmp);
+    // Debug-Detail (tmp-Pfad) nicht loggen
+    error_log('Upload: tmp invalid');
    header('Location: account.php?upload=err&code=tmp');
    exit();
 }
@ -56,6 +59,7 @@ $mime = $finfo->file($tmp);

 if (!$mime || !isset($allowedMimeToExt[$mime]))
 {
+    // Mime loggen ist ok (kein Secret), hilft bei Support
    error_log('Upload: invalid mime=' . (string)$mime);
    header('Location: account.php?upload=err&code=mime');
    exit();
@ -83,8 +87,6 @@ if ($docTargetDir !== '' && !is_dir($dirTargetDir) && is_dir($docTargetDir))
    $targetDir = $docTargetDir;
 }

-error_log('Upload: resolved targetDir=' . $targetDir . ' (DOCUMENT_ROOT=' . $documentRoot . ', __DIR__=' . __DIR__ . ')');
-
 if (!is_dir($targetDir))
 {
    $mkOk = @mkdir($targetDir, 0755, true);