diff --git a/admin.html b/admin.html
index de82c2d..8027898 100644
--- a/admin.html
+++ b/admin.html
@@ -498,7 +498,9 @@
formData.append('file', resized, resized.name || 'image.jpg');
try {
const res = await fetch('upload.php', { method: 'POST', body: formData });
- const data = await res.json();
+ const text = await res.text();
+ let data;
+ try { data = JSON.parse(text); } catch(e) { throw new Error('Palvelin vastasi (HTTP ' + res.status + '): ' + (text.slice(0, 200) || '(tyhjä)')); }
if (data.error) throw new Error(data.error);
document.getElementById(hiddenId).value = data.url;
const prev = document.getElementById(previewId);
diff --git a/script.js b/script.js
index e0353fb..6dd6b94 100644
--- a/script.js
+++ b/script.js
@@ -434,7 +434,9 @@ async function uploadImg(input, hiddenId, previewId, labelId) {
formData.append('file', resized, resized.name || 'image.jpg');
try {
const res = await fetch('upload.php', { method: 'POST', body: formData });
- const data = await res.json();
+ const text = await res.text();
+ let data;
+ try { data = JSON.parse(text); } catch(e) { throw new Error('Palvelin vastasi (HTTP ' + res.status + '): ' + (text.slice(0, 200) || '(tyhjä)')); }
if (data.error) throw new Error(data.error);
document.getElementById(hiddenId).value = data.url;
const prev = document.getElementById(previewId);
diff --git a/upload.php b/upload.php
index 9c62bc9..4256a9b 100644
--- a/upload.php
+++ b/upload.php
@@ -3,6 +3,8 @@
* tykkää.fi — kuvaupload-käsittelijä
* Tallentaa kuvat images/-kansioon.
*/
+ob_start();
+error_reporting(0);
$allowed_mime = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
$max_bytes = 20 * 1024 * 1024; // 20 Mt
@@ -10,12 +12,14 @@ $max_bytes = 20 * 1024 * 1024; // 20 Mt
header('Content-Type: application/json');
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+ ob_clean();
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
exit;
}
if (empty($_FILES['file'])) {
+ ob_clean();
http_response_code(400);
echo json_encode(['error' => 'No file']);
exit;
@@ -25,12 +29,14 @@ $f = $_FILES['file'];
if ($f['error'] !== UPLOAD_ERR_OK) {
$codes = [1=>'Tiedosto ylittää php.ini upload_max_filesize',2=>'Tiedosto ylittää MAX_FILE_SIZE',3=>'Tiedosto tuli vain osittain',6=>'Ei temp-kansiota',7=>'Levylle kirjoitus epäonnistui'];
+ ob_clean();
http_response_code(400);
echo json_encode(['error' => 'Lähetysvirhe: ' . ($codes[$f['error']] ?? 'koodi '.$f['error'])]);
exit;
}
if ($f['size'] > $max_bytes) {
+ ob_clean();
http_response_code(413);
echo json_encode(['error' => 'Tiedosto liian suuri (max 20 Mt)']);
exit;
@@ -38,6 +44,7 @@ if ($f['size'] > $max_bytes) {
$mime = mime_content_type($f['tmp_name']);
if (!in_array($mime, $allowed_mime, true)) {
+ ob_clean();
http_response_code(415);
echo json_encode(['error' => 'Only images (jpeg/png/gif/webp) allowed']);
exit;
@@ -56,10 +63,12 @@ $fname = round(microtime(true) * 1000) . $ext;
$dest = $dir . $fname;
if (!move_uploaded_file($f['tmp_name'], $dest)) {
+ ob_clean();
http_response_code(500);
$writable = is_writable($dir) ? 'kirjoitusoikeus ok' : 'EI kirjoitusoikeutta';
echo json_encode(['error' => "Tiedoston tallennus epäonnistui. Kansio images/: $writable"]);
exit;
}
+ob_clean();
echo json_encode(['url' => 'images/' . $fname]);