fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Remove all calls to checkUploadedFile()

Browse source
This commit is contained in:
Kijin Sung 2016-03-12 21:03:26 +09:00
parent 37c07f7b6e
commit 5d7853645a
9 changed files with 15 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/legacy.php
View file

@ -868,7 +868,7 @@ function blockWidgetCode($content)
*/
function checkUploadedFile($file)
{
return UploadFileFilter::check($file);
return true;
}
/**

4
modules/file/file.controller.php
View file

@ -763,12 +763,10 @@ class fileController extends file
$filename = $path.$random->createSecureSalt(32, 'hex');
$direct_download = 'N';
}
// Create a directory
if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
// Check uploaded file
if(!checkUploadedFile($file_info['tmp_name'])) return new Object(-1,'msg_file_upload_error');
// Get random number generator
$random = new Password();

2
modules/integration_search/integration_search.admin.controller.php
View file

@ -85,7 +85,7 @@ class integration_searchAdminController extends integration_search
continue;
}
// Ignore if the file is not successfully uploaded, and check uploaded file
if(!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name']))
if(!is_uploaded_file($image_obj['tmp_name']))
{
unset($obj->{$vars->name});
continue;

7
modules/layout/layout.admin.controller.php
View file

@ -435,9 +435,6 @@ class layoutAdminController extends layout
$ext = substr(strrchr($filename,'.'),1);
$filename = sprintf('%s.%s', md5($filename), $ext);
}
// Check uploaded file
if(!checkUploadedFile($source['tmp_name'])) return false;
if(file_exists($path .'/'. $filename)) @unlink($path . $filename);
if(!move_uploaded_file($source['tmp_name'], $path . $filename )) return false;
@ -690,7 +687,7 @@ class layoutAdminController extends layout
// check upload
if(!Context::isUploaded()) exit();
$file = Context::get('file');
if(!is_uploaded_file($file['tmp_name']) || !checkUploadedFile($file['tmp_name'])) exit();
if(!is_uploaded_file($file['tmp_name'])) exit();
if(substr_compare($file['name'], '.tar', -4) !== 0) exit();
@ -925,7 +922,7 @@ class layoutAdminController extends layout
$this->setTemplatePath($this->module_path.'tpl');
$this->setTemplateFile("after_upload_config_image.html");
if(!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']) || !checkUploadedFile($img['tmp_name']))
if(!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']))
{
Context::set('msg', lang('upload failed'));
return;

10
modules/member/member.controller.php
View file

@ -729,10 +729,6 @@ class memberController extends member
*/
function insertProfileImage($member_srl, $target_file)
{
// Check uploaded file
if(!checkUploadedFile($target_file)) return;
$oMemberModel = getModel('member');
$config = $oMemberModel->getMemberConfig();
@ -808,9 +804,6 @@ class memberController extends member
*/
function insertImageName($member_srl, $target_file)
{
// Check uploaded file
if(!checkUploadedFile($target_file)) return;
$oModuleModel = getModel('module');
$config = $oModuleModel->getModuleConfig('member');
// Get an image size
@ -917,9 +910,6 @@ class memberController extends member
*/
function insertImageMark($member_srl, $target_file)
{
// Check uploaded file
if(!checkUploadedFile($target_file)) return;
$oModuleModel = getModel('module');
$config = $oModuleModel->getModuleConfig('member');
// Get an image size

31
modules/menu/menu.admin.controller.php
View file

@ -1520,7 +1520,7 @@ class menuAdminController extends menu
Context::set('error_messge', lang('msg_invalid_request'));
}
else if(!$target_file || !is_uploaded_file($target_file['tmp_name']) || !preg_match('/\.(gif|jpeg|jpg|png)$/i',$target_file['name']) || !checkUploadedFile($target_file['tmp_name']))
else if(!$target_file || !is_uploaded_file($target_file['tmp_name']) || !preg_match('/\.(gif|jpeg|jpg|png)$/i',$target_file['name']))
{
Context::set('error_messge', lang('msg_invalid_request'));
}
@ -2132,19 +2132,15 @@ class menuAdminController extends menu
$returnArray = array();
$date = date('YmdHis');
// normal button
if($args->menu_normal_btn)
{
$tmp_arr = explode('.',$args->menu_normal_btn['name']);
$ext = $tmp_arr[count($tmp_arr)-1];
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_normal_btn', $ext);
if(checkUploadedFile($args->menu_normal_btn['tmp_name']))
{
move_uploaded_file ( $args->menu_normal_btn ['tmp_name'], $filename );
$returnArray ['normal_btn'] = $filename;
}
move_uploaded_file($args->menu_normal_btn['tmp_name'], $filename);
$returnArray['normal_btn'] = $filename;
}
// hover button
@ -2152,14 +2148,9 @@ class menuAdminController extends menu
{
$tmp_arr = explode('.',$args->menu_hover_btn['name']);
$ext = $tmp_arr[count($tmp_arr)-1];
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_hover_btn', $ext);
if(checkUploadedFile($args->menu_hover_btn['tmp_name']))
{
move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename);
$returnArray['hover_btn'] = $filename;
}
move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename);
$returnArray['hover_btn'] = $filename;
}
// active button
@ -2167,15 +2158,9 @@ class menuAdminController extends menu
{
$tmp_arr = explode('.',$args->menu_active_btn['name']);
$ext = $tmp_arr[count($tmp_arr)-1];
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_active_btn', $ext);
if(checkUploadedFile($args->menu_active_btn['tmp_name']))
{
move_uploaded_file($args->menu_active_btn['tmp_name'], $filename);
$returnArray['active_btn'] = $filename;
}
move_uploaded_file($args->menu_active_btn['tmp_name'], $filename);
$returnArray['active_btn'] = $filename;
}
return $returnArray;
}

2
modules/module/module.admin.controller.php
View file

@ -439,7 +439,7 @@ class moduleAdminController extends module
continue;
}
// Ignore if the file is not successfully uploaded
if(!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name']))
if(!is_uploaded_file($image_obj['tmp_name']))
{
unset($obj->{$vars->name});
continue;

6
modules/module/module.controller.php
View file

@ -1303,9 +1303,6 @@ class moduleController extends module
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $ext);
$tmp = $vars->addfile['tmp_name'];
// Check uploaded file
if(!checkUploadedFile($tmp)) return false;
if(!@move_uploaded_file($tmp, $save_filename))
{
return false;
@ -1340,9 +1337,6 @@ class moduleController extends module
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $vars->ext);
$tmp = $vars->addfile['tmp_name'];
// Check uploaded file
if(!checkUploadedFile($tmp)) return false;
// upload
if(!@move_uploaded_file($tmp, $save_filename))
{

2
modules/rss/rss.admin.controller.php
View file

@ -44,7 +44,7 @@ class rssAdminController extends rss
$total_config->image = '';
}
// Ignore if the file is not the one which has been successfully uploaded
if($image_obj['tmp_name'] && is_uploaded_file($image_obj['tmp_name']) && checkUploadedFile($image_obj['tmp_name']))
if($image_obj['tmp_name'] && is_uploaded_file($image_obj['tmp_name']))
{
// Ignore if the file is not an image (swf is accepted ~)
$image_obj['name'] = Context::convertEncodingStr($image_obj['name']);