Add checks for upload

i2bc · Mar 23, 2024 · b2c7499 · b2c7499
1 parent ddbcf22
commit b2c7499
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 23 deletions.
diff --git a/lib_db.php b/lib_db.php
@@ -5,6 +5,9 @@
 require_once("common.php");
 $dbdir = get_setting("db_dir");
 
+
+class DbException extends Exception {}
+
 /**********************************************************/
 // Check variable type (convert if necessary)
 function parseVal($dat) {
@@ -71,13 +74,16 @@ function get_db($version = null) {
 function get_db_connection($db) {
 	global $dbdir;
 	$dbh;
-        $dbpath = $db;
-        if (! preg_match("/\.sqlite$/i", $dbpath)) {
-            $dbpath = "$dbpath.sqlite";
-        }
-        error_log('['.date('YYYY-MM-dd HH:mm:ss').']'."Get db connection to $dbpath in $dbdir");
+	$dbpath = $db;
+	if (! preg_match("/\.sqlite$/i", $dbpath)) {
+		$dbpath = "$dbpath.sqlite";
+	}
+	if (!str_starts_with($db, "/")) {
+		$dbpath = "$dbdir/$dbpath";
+	}
+	error_log('['.date('YYYY-MM-dd HH:mm:ss').']'."Get db connection to $dbpath in $dbdir");
 	try {
-		$dbh = new PDO("sqlite:$dbdir/" . $dbpath, '', '', array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+		$dbh = new PDO("sqlite:$dbpath", '', '', array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
 	}
 	catch(PDOException $ex) {
 		die_msg('Unable to connect to database.', $ex->getMessage());

diff --git a/upload_db_add.php b/upload_db_add.php
@@ -3,6 +3,7 @@
 <?php if(!isset($_SESSION["blast_ids"])){$_SESSION["blast_ids"]=array();} ?>
 <?php
 require_once("upload_db_lib.php");
+require_once("lib_db.php");
 $uploaded_array = array();
 $errormsg = "";
 $nerrors = 0;
@@ -35,26 +36,40 @@
 			$errormsg .= "<li>File is empty</li>";
 			$nerrors++;
 		} else {
-			# Just in case, to avoid collisions
-			$num = 1;
-			$new_id = $id;
-			$new_db_path = $final_db_path;
-			while(file_exists($final_db_path)) {
-				$new_id = $id . "_" . $num;
-				$new_db_path = str_replace("$id.sqlite", "$new_id.sqlite", $final_db_path);
-				$num++;
-				if ($num > 10) {
-					$errormsg .= "<li>ID collision detected.<li>";
-					$nerrors++;
-					break;
+			# Check there is data in the database
+			try {
+				$dbh = get_db_connection($tmp_name);
+				$info = get_database_data($dbh);
+				if (count($info) == 0) {
+					throw new DbException("Content of the db doesn't look right");
 				}
+			} catch(Exception $e) {
+				$errormsg .= "<li>Exception: ".$e->getMessage()."</li>";
+				$nerrors++;
 			}
+
 			if ($nerrors == 0) {
-				if ( move_uploaded_file($tmp_name, $new_db_path) ) {
-					$uploaded_array[] .= "Uploaded file '".$name."'.<br/>\n";
-				} else {
-					$errormsg .= "<li>Could not move uploaded file '".$tmp_name."' to '".$name."'<li>";
-					$nerrors++;
+				# Just in case, to avoid collisions
+				$num = 1;
+				$new_id = $id;
+				$new_db_path = $final_db_path;
+				while(file_exists($new_db_path)) {
+					$new_id = $id . "_" . $num;
+					$new_db_path = str_replace("$id.sqlite", "$new_id.sqlite", $final_db_path);
+					$num++;
+					if ($num > 10) {
+						$errormsg .= "<li>ID collision detected with $new_id in $new_db_path.<li>";
+						$nerrors++;
+						break;
+					}
+				}
+				if ($nerrors == 0) {
+					if ( move_uploaded_file($tmp_name, $new_db_path) ) {
+						$uploaded_array[] .= "Uploaded file '".$name."'.<br/>\n";
+					} else {
+						$errormsg .= "<li>Could not move uploaded file '".$tmp_name."' to '".$name."'<li>";
+						$nerrors++;
+					}
 				}
 			}
 		}