$max_size) { header('Access-Control-Allow-Origin: *'); header('Content-type: application/json'); $data = ['message' => 'File size exceeds the maximum allowed size of ' . $max_size . '.']; http_response_code(400); echo json_encode($data); exit; } // Sanitize file name to prevent directory traversal attacks $file_name = preg_replace('/[^a-zA-Z0-9._-]/', '', $file_name); $target_file = $target_dir . DIRECTORY_SEPARATOR . $file_name; try { if (move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) { header('Access-Control-Allow-Origin: *'); header('Content-type: application/json'); $data = ['url' => $target_file, 'message' => 'The file ' . $file_name . ' has been uploaded.']; http_response_code(201); echo json_encode($data); } else { throw new Exception('Unable to move the uploaded file to its final location:' . $target_file); } } catch (\Throwable $th) { header('Access-Control-Allow-Origin: *'); header('Content-type: application/json'); $data = ['message' => 'Sorry, there was an error uploading your file.', 'error' => $th->getMessage()]; http_response_code(400); echo json_encode($data); } } else { header('Access-Control-Allow-Origin: *'); header('Content-type: application/json'); $data = ['message' => 'Please upload a file.']; http_response_code(400); echo json_encode($data); }