+24
-1
@@ -666,6 +666,14 @@ function handleDocuments($method, $id, $db) {
|
||||
function handleAttachments($method, $id, $db) {
|
||||
$username = $_SESSION['neptune_username'] ?? 'Unknown';
|
||||
$uploadDir = '/var/www/uploads/';
|
||||
$allowedExtensions = ['pdf', 'md', 'txt', 'xlsx', 'csv', 'pptx', 'evidence'];
|
||||
$allowedMimes = [
|
||||
'application/pdf',
|
||||
'text/markdown', 'text/x-markdown', 'text/plain',
|
||||
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
|
||||
'text/csv', 'application/csv',
|
||||
'application/vnd.openxmlformats-officedocument.presentationml.presentation',
|
||||
];
|
||||
|
||||
switch ($method) {
|
||||
case 'GET':
|
||||
@@ -693,7 +701,22 @@ function handleAttachments($method, $id, $db) {
|
||||
return;
|
||||
}
|
||||
$file = $_FILES['file'];
|
||||
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
|
||||
$ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
|
||||
|
||||
if (!in_array($ext, $allowedExtensions)) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'File type not allowed. Allowed: ' . implode(', ', $allowedExtensions)]);
|
||||
return;
|
||||
}
|
||||
|
||||
$mime = $file['type'] ?: '';
|
||||
$mimeAllowed = empty($mime) || in_array($mime, $allowedMimes);
|
||||
if (!$mimeAllowed && $ext !== 'evidence') {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Invalid file content']);
|
||||
return;
|
||||
}
|
||||
|
||||
$storedName = uniqid('att_', true) . '.' . $ext;
|
||||
$dest = $uploadDir . $storedName;
|
||||
|
||||
|
||||
@@ -167,11 +167,24 @@ function initApp() {
|
||||
document.getElementById('opacityVal').textContent = parseFloat(e.target.value).toFixed(2);
|
||||
});
|
||||
|
||||
const ALLOWED_EXTENSIONS = ['pdf', 'md', 'txt', 'docx', 'xlsx', 'csv', 'pptx', 'evidence'];
|
||||
|
||||
document.getElementById('eventFileInput').addEventListener('change', (e) => {
|
||||
const preview = document.getElementById('eventFilePreview');
|
||||
const files = e.target.files;
|
||||
const files = Array.from(e.target.files);
|
||||
const invalid = files.filter(f => {
|
||||
const ext = f.name.split('.').pop().toLowerCase();
|
||||
return !ALLOWED_EXTENSIONS.includes(ext);
|
||||
});
|
||||
if (invalid.length) {
|
||||
preview.innerHTML = '<div class="text-danger small"><i class="fas fa-exclamation-circle me-1"></i>Invalid type(s): ' +
|
||||
invalid.map(f => f.name).join(', ') +
|
||||
'. Allowed: ' + ALLOWED_EXTENSIONS.join(', ') + '</div>';
|
||||
e.target.value = '';
|
||||
return;
|
||||
}
|
||||
if (!files.length) { preview.innerHTML = ''; return; }
|
||||
preview.innerHTML = Array.from(files).map(f =>
|
||||
preview.innerHTML = files.map(f =>
|
||||
`<div class="small text-secondary"><i class="fas ${getFileIcon(f.type, f.name)} me-1"></i>${esc(f.name)} (${formatFileSize(f.size)})</div>`
|
||||
).join('');
|
||||
});
|
||||
|
||||
+1
-1
@@ -253,7 +253,7 @@
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<label class="form-label small">File Attachments</label>
|
||||
<input type="file" class="form-control form-control-sm" id="eventFileInput" multiple>
|
||||
<input type="file" class="form-control form-control-sm" id="eventFileInput" multiple accept=".pdf,.md,.txt,.docx,.xlsx,.csv,.pptx,.evidence">
|
||||
<div id="eventFilePreview" class="mt-1"></div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
Reference in New Issue
Block a user