fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 11:44:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

add check filename

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/sandbox@6758 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ngleader 2009-08-27 05:25:19 +00:00
parent 2bdb19225e
commit 60968aa428
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/file/file.controller.php
View file

@ -389,7 +389,8 @@
// 이미지인지 기타 파일인지 체크하여 upload path 지정
if(preg_match("/\.(jpg|jpeg|gif|png|wmv|wma|mpg|mpeg|avi|swf|flv|mp1|mp2|mp3|asaf|wav|asx|mid|midi|asf|mov|moov|qt|rm|ram|ra|rmm|m4v)$/i", $file_info['name'])) {
// direct 파일에 해킹을 의심할 수 있는 확장자가 포함되어 있으면 바로 삭제함
$file_info['name'] = preg_replace('/\.(php|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i', '$0-x',$file_info['name']);
$file_info['name'] = preg_replace('/\.(php|phtm|html|htm|cgi|pl|exe|jsp|asp|inc)/i', '$0-x',$file_info['name']);
$file_info['name'] = str_replace(array('<','>'),array('%3C','%3E'),$file_info['name']);
$path = sprintf("./files/attach/images/%s/%s", $module_srl,getNumberingPath($upload_target_srl,3));
$filename = $path.$file_info['name'];