mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-09 03:32:00 +09:00
Remove all calls to checkUploadedFile()
This commit is contained in:
Kijin Sung
parent
37c07f7b6e
commit
5d7853645a
9 changed files with 15 additions and 51 deletions
|
|
@ -868,7 +868,7 @@ function blockWidgetCode($content)
|
||||||
*/
|
*/
|
||||||
function checkUploadedFile($file)
|
function checkUploadedFile($file)
|
||||||
{
|
{
|
||||||
return UploadFileFilter::check($file);
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -763,12 +763,10 @@ class fileController extends file
|
||||||
$filename = $path.$random->createSecureSalt(32, 'hex');
|
$filename = $path.$random->createSecureSalt(32, 'hex');
|
||||||
$direct_download = 'N';
|
$direct_download = 'N';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create a directory
|
// Create a directory
|
||||||
if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
|
if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
|
||||||
|
|
||||||
// Check uploaded file
|
|
||||||
if(!checkUploadedFile($file_info['tmp_name'])) return new Object(-1,'msg_file_upload_error');
|
|
||||||
|
|
||||||
// Get random number generator
|
// Get random number generator
|
||||||
$random = new Password();
|
$random = new Password();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -85,7 +85,7 @@ class integration_searchAdminController extends integration_search
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
// Ignore if the file is not successfully uploaded, and check uploaded file
|
// Ignore if the file is not successfully uploaded, and check uploaded file
|
||||||
if(!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name']))
|
if(!is_uploaded_file($image_obj['tmp_name']))
|
||||||
{
|
{
|
||||||
unset($obj->{$vars->name});
|
unset($obj->{$vars->name});
|
||||||
continue;
|
continue;
|
||||||
|
|
|
||||||
|
|
@ -436,9 +436,6 @@ class layoutAdminController extends layout
|
||||||
$filename = sprintf('%s.%s', md5($filename), $ext);
|
$filename = sprintf('%s.%s', md5($filename), $ext);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check uploaded file
|
|
||||||
if(!checkUploadedFile($source['tmp_name'])) return false;
|
|
||||||
|
|
||||||
if(file_exists($path .'/'. $filename)) @unlink($path . $filename);
|
if(file_exists($path .'/'. $filename)) @unlink($path . $filename);
|
||||||
if(!move_uploaded_file($source['tmp_name'], $path . $filename )) return false;
|
if(!move_uploaded_file($source['tmp_name'], $path . $filename )) return false;
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -690,7 +687,7 @@ class layoutAdminController extends layout
|
||||||
// check upload
|
// check upload
|
||||||
if(!Context::isUploaded()) exit();
|
if(!Context::isUploaded()) exit();
|
||||||
$file = Context::get('file');
|
$file = Context::get('file');
|
||||||
if(!is_uploaded_file($file['tmp_name']) || !checkUploadedFile($file['tmp_name'])) exit();
|
if(!is_uploaded_file($file['tmp_name'])) exit();
|
||||||
|
|
||||||
if(substr_compare($file['name'], '.tar', -4) !== 0) exit();
|
if(substr_compare($file['name'], '.tar', -4) !== 0) exit();
|
||||||
|
|
||||||
|
|
@ -925,7 +922,7 @@ class layoutAdminController extends layout
|
||||||
$this->setTemplatePath($this->module_path.'tpl');
|
$this->setTemplatePath($this->module_path.'tpl');
|
||||||
$this->setTemplateFile("after_upload_config_image.html");
|
$this->setTemplateFile("after_upload_config_image.html");
|
||||||
|
|
||||||
if(!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']) || !checkUploadedFile($img['tmp_name']))
|
if(!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']))
|
||||||
{
|
{
|
||||||
Context::set('msg', lang('upload failed'));
|
Context::set('msg', lang('upload failed'));
|
||||||
return;
|
return;
|
||||||
|
|
|
||||||
|
|
@ -729,10 +729,6 @@ class memberController extends member
|
||||||
*/
|
*/
|
||||||
function insertProfileImage($member_srl, $target_file)
|
function insertProfileImage($member_srl, $target_file)
|
||||||
{
|
{
|
||||||
|
|
||||||
// Check uploaded file
|
|
||||||
if(!checkUploadedFile($target_file)) return;
|
|
||||||
|
|
||||||
$oMemberModel = getModel('member');
|
$oMemberModel = getModel('member');
|
||||||
$config = $oMemberModel->getMemberConfig();
|
$config = $oMemberModel->getMemberConfig();
|
||||||
|
|
||||||
|
|
@ -808,9 +804,6 @@ class memberController extends member
|
||||||
*/
|
*/
|
||||||
function insertImageName($member_srl, $target_file)
|
function insertImageName($member_srl, $target_file)
|
||||||
{
|
{
|
||||||
// Check uploaded file
|
|
||||||
if(!checkUploadedFile($target_file)) return;
|
|
||||||
|
|
||||||
$oModuleModel = getModel('module');
|
$oModuleModel = getModel('module');
|
||||||
$config = $oModuleModel->getModuleConfig('member');
|
$config = $oModuleModel->getModuleConfig('member');
|
||||||
// Get an image size
|
// Get an image size
|
||||||
|
|
@ -917,9 +910,6 @@ class memberController extends member
|
||||||
*/
|
*/
|
||||||
function insertImageMark($member_srl, $target_file)
|
function insertImageMark($member_srl, $target_file)
|
||||||
{
|
{
|
||||||
// Check uploaded file
|
|
||||||
if(!checkUploadedFile($target_file)) return;
|
|
||||||
|
|
||||||
$oModuleModel = getModel('module');
|
$oModuleModel = getModel('module');
|
||||||
$config = $oModuleModel->getModuleConfig('member');
|
$config = $oModuleModel->getModuleConfig('member');
|
||||||
// Get an image size
|
// Get an image size
|
||||||
|
|
|
||||||
|
|
@ -1520,7 +1520,7 @@ class menuAdminController extends menu
|
||||||
Context::set('error_messge', lang('msg_invalid_request'));
|
Context::set('error_messge', lang('msg_invalid_request'));
|
||||||
|
|
||||||
}
|
}
|
||||||
else if(!$target_file || !is_uploaded_file($target_file['tmp_name']) || !preg_match('/\.(gif|jpeg|jpg|png)$/i',$target_file['name']) || !checkUploadedFile($target_file['tmp_name']))
|
else if(!$target_file || !is_uploaded_file($target_file['tmp_name']) || !preg_match('/\.(gif|jpeg|jpg|png)$/i',$target_file['name']))
|
||||||
{
|
{
|
||||||
Context::set('error_messge', lang('msg_invalid_request'));
|
Context::set('error_messge', lang('msg_invalid_request'));
|
||||||
}
|
}
|
||||||
|
|
@ -2132,51 +2132,36 @@ class menuAdminController extends menu
|
||||||
|
|
||||||
$returnArray = array();
|
$returnArray = array();
|
||||||
$date = date('YmdHis');
|
$date = date('YmdHis');
|
||||||
|
|
||||||
// normal button
|
// normal button
|
||||||
if($args->menu_normal_btn)
|
if($args->menu_normal_btn)
|
||||||
{
|
{
|
||||||
$tmp_arr = explode('.',$args->menu_normal_btn['name']);
|
$tmp_arr = explode('.',$args->menu_normal_btn['name']);
|
||||||
$ext = $tmp_arr[count($tmp_arr)-1];
|
$ext = $tmp_arr[count($tmp_arr)-1];
|
||||||
|
|
||||||
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_normal_btn', $ext);
|
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_normal_btn', $ext);
|
||||||
|
|
||||||
if(checkUploadedFile($args->menu_normal_btn['tmp_name']))
|
|
||||||
{
|
|
||||||
move_uploaded_file($args->menu_normal_btn['tmp_name'], $filename);
|
move_uploaded_file($args->menu_normal_btn['tmp_name'], $filename);
|
||||||
$returnArray['normal_btn'] = $filename;
|
$returnArray['normal_btn'] = $filename;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// hover button
|
// hover button
|
||||||
if($args->menu_hover_btn)
|
if($args->menu_hover_btn)
|
||||||
{
|
{
|
||||||
$tmp_arr = explode('.',$args->menu_hover_btn['name']);
|
$tmp_arr = explode('.',$args->menu_hover_btn['name']);
|
||||||
$ext = $tmp_arr[count($tmp_arr)-1];
|
$ext = $tmp_arr[count($tmp_arr)-1];
|
||||||
|
|
||||||
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_hover_btn', $ext);
|
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_hover_btn', $ext);
|
||||||
|
|
||||||
if(checkUploadedFile($args->menu_hover_btn['tmp_name']))
|
|
||||||
{
|
|
||||||
move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename);
|
move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename);
|
||||||
$returnArray['hover_btn'] = $filename;
|
$returnArray['hover_btn'] = $filename;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// active button
|
// active button
|
||||||
if($args->menu_active_btn)
|
if($args->menu_active_btn)
|
||||||
{
|
{
|
||||||
$tmp_arr = explode('.',$args->menu_active_btn['name']);
|
$tmp_arr = explode('.',$args->menu_active_btn['name']);
|
||||||
$ext = $tmp_arr[count($tmp_arr)-1];
|
$ext = $tmp_arr[count($tmp_arr)-1];
|
||||||
|
|
||||||
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_active_btn', $ext);
|
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_active_btn', $ext);
|
||||||
|
|
||||||
if(checkUploadedFile($args->menu_active_btn['tmp_name']))
|
|
||||||
{
|
|
||||||
move_uploaded_file($args->menu_active_btn['tmp_name'], $filename);
|
move_uploaded_file($args->menu_active_btn['tmp_name'], $filename);
|
||||||
$returnArray['active_btn'] = $filename;
|
$returnArray['active_btn'] = $filename;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
|
||||||
return $returnArray;
|
return $returnArray;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -439,7 +439,7 @@ class moduleAdminController extends module
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
// Ignore if the file is not successfully uploaded
|
// Ignore if the file is not successfully uploaded
|
||||||
if(!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name']))
|
if(!is_uploaded_file($image_obj['tmp_name']))
|
||||||
{
|
{
|
||||||
unset($obj->{$vars->name});
|
unset($obj->{$vars->name});
|
||||||
continue;
|
continue;
|
||||||
|
|
|
||||||
|
|
@ -1303,9 +1303,6 @@ class moduleController extends module
|
||||||
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $ext);
|
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $ext);
|
||||||
$tmp = $vars->addfile['tmp_name'];
|
$tmp = $vars->addfile['tmp_name'];
|
||||||
|
|
||||||
// Check uploaded file
|
|
||||||
if(!checkUploadedFile($tmp)) return false;
|
|
||||||
|
|
||||||
if(!@move_uploaded_file($tmp, $save_filename))
|
if(!@move_uploaded_file($tmp, $save_filename))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -1340,9 +1337,6 @@ class moduleController extends module
|
||||||
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $vars->ext);
|
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $vars->ext);
|
||||||
$tmp = $vars->addfile['tmp_name'];
|
$tmp = $vars->addfile['tmp_name'];
|
||||||
|
|
||||||
// Check uploaded file
|
|
||||||
if(!checkUploadedFile($tmp)) return false;
|
|
||||||
|
|
||||||
// upload
|
// upload
|
||||||
if(!@move_uploaded_file($tmp, $save_filename))
|
if(!@move_uploaded_file($tmp, $save_filename))
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,7 @@ class rssAdminController extends rss
|
||||||
$total_config->image = '';
|
$total_config->image = '';
|
||||||
}
|
}
|
||||||
// Ignore if the file is not the one which has been successfully uploaded
|
// Ignore if the file is not the one which has been successfully uploaded
|
||||||
if($image_obj['tmp_name'] && is_uploaded_file($image_obj['tmp_name']) && checkUploadedFile($image_obj['tmp_name']))
|
if($image_obj['tmp_name'] && is_uploaded_file($image_obj['tmp_name']))
|
||||||
{
|
{
|
||||||
// Ignore if the file is not an image (swf is accepted ~)
|
// Ignore if the file is not an image (swf is accepted ~)
|
||||||
$image_obj['name'] = Context::convertEncodingStr($image_obj['name']);
|
$image_obj['name'] = Context::convertEncodingStr($image_obj['name']);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue