fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-02 00:32:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #366 from kijin/pr/security-refactor

Browse source 
보안관련 클래스 전반적 정리 및 기능 개선 프로젝트
This commit is contained in:
Kijin Sung 2016-03-14 22:19:59 +09:00
commit 4f015f7bbc
78 changed files with 3860 additions and 3336 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/layout/layout.admin.controller.php
View file

@ -435,9 +435,6 @@ class layoutAdminController extends layout
$ext = substr(strrchr($filename,'.'),1);
$filename = sprintf('%s.%s', md5($filename), $ext);
}
// Check uploaded file
if(!checkUploadedFile($source['tmp_name'])) return false;
if(file_exists($path .'/'. $filename)) @unlink($path . $filename);
if(!move_uploaded_file($source['tmp_name'], $path . $filename )) return false;
@ -690,7 +687,7 @@ class layoutAdminController extends layout
// check upload
if(!Context::isUploaded()) exit();
$file = Context::get('file');
if(!is_uploaded_file($file['tmp_name']) || !checkUploadedFile($file['tmp_name'])) exit();
if(!is_uploaded_file($file['tmp_name'])) exit();
if(substr_compare($file['name'], '.tar', -4) !== 0) exit();
@ -925,7 +922,7 @@ class layoutAdminController extends layout
$this->setTemplatePath($this->module_path.'tpl');
$this->setTemplateFile("after_upload_config_image.html");
if(!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']) || !checkUploadedFile($img['tmp_name']))
if(!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']))
{
Context::set('msg', lang('upload failed'));
return;