mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-06-01 02:05:27 +09:00
issue 3633, protect from file upload hacking
git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@13182 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
khongchi
parent
f010a2ce7f
commit
acd89ccd9a
10 changed files with 111 additions and 15 deletions
|
|
@ -663,6 +663,10 @@ class fileController extends file
|
|||
}
|
||||
// Create a directory
|
||||
if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
|
||||
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($file_info['tmp_name'])) return new Object(-1,'msg_file_upload_error');
|
||||
|
||||
// Move the file
|
||||
if($manual_insert)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -81,8 +81,8 @@ class integration_searchAdminController extends integration_search
|
|||
$obj->{$vars->name} = $module_info->{$vars->name};
|
||||
continue;
|
||||
}
|
||||
// Ignore if the file is not successfully uploaded
|
||||
if(!is_uploaded_file($image_obj['tmp_name']))
|
||||
// Ignore if the file is not successfully uploaded, and check uploaded file
|
||||
if(!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name']))
|
||||
{
|
||||
unset($obj->{$vars->name});
|
||||
continue;
|
||||
|
|
|
|||
|
|
@ -440,6 +440,9 @@ class layoutAdminController extends layout
|
|||
$filename = sprintf('%s.%s', md5($filename), $ext);
|
||||
}
|
||||
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($source['tmp_name'])) return false;
|
||||
|
||||
if(file_exists($path .'/'. $filename)) @unlink($path . $filename);
|
||||
if(!move_uploaded_file($source['tmp_name'], $path . $filename )) return false;
|
||||
return true;
|
||||
|
|
@ -692,7 +695,7 @@ class layoutAdminController extends layout
|
|||
// check upload
|
||||
if(!Context::isUploaded()) exit();
|
||||
$file = Context::get('file');
|
||||
if(!is_uploaded_file($file['tmp_name'])) exit();
|
||||
if(!is_uploaded_file($file['tmp_name']) || !checkUploadedFile($file['tmp_name'])) exit();
|
||||
if(!preg_match('/\.(tar)$/i', $file['name'])) exit();
|
||||
|
||||
$layout_srl = Context::get('layout_srl');
|
||||
|
|
@ -927,7 +930,7 @@ class layoutAdminController extends layout
|
|||
$this->setTemplatePath($this->module_path.'tpl');
|
||||
$this->setTemplateFile("after_upload_config_image.html");
|
||||
|
||||
if(!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']))
|
||||
if(!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']) || !checkUploadedFile($img['tmp_name']))
|
||||
{
|
||||
Context::set('msg', Context::getLang('upload failed'));
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -645,6 +645,10 @@ class memberController extends member
|
|||
*/
|
||||
function insertProfileImage($member_srl, $target_file)
|
||||
{
|
||||
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($target_file)) return;
|
||||
|
||||
$oModuleModel = &getModel('module');
|
||||
$config = $oModuleModel->getModuleConfig('member');
|
||||
// Get an image size
|
||||
|
|
@ -706,6 +710,9 @@ class memberController extends member
|
|||
*/
|
||||
function insertImageName($member_srl, $target_file)
|
||||
{
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($target_file)) return;
|
||||
|
||||
$oModuleModel = &getModel('module');
|
||||
$config = $oModuleModel->getModuleConfig('member');
|
||||
// Get an image size
|
||||
|
|
@ -812,6 +819,9 @@ class memberController extends member
|
|||
*/
|
||||
function insertImageMark($member_srl, $target_file)
|
||||
{
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($target_file)) return;
|
||||
|
||||
$oModuleModel = &getModel('module');
|
||||
$config = $oModuleModel->getModuleConfig('member');
|
||||
// Get an image size
|
||||
|
|
|
|||
|
|
@ -1361,11 +1361,17 @@ class menuAdminController extends menu
|
|||
$target = Context::get('target');
|
||||
$target_file = Context::get($target);
|
||||
// Error occurs when the target is neither a uploaded file nor a valid file
|
||||
if(!$menu_srl || !$menu_item_srl || !$target_file || !is_uploaded_file($target_file['tmp_name']) || !preg_match('/\.(gif|jpeg|jpg|png)/i',$target_file['name']))
|
||||
if(!$menu_srl || !$menu_item_srl)
|
||||
{
|
||||
Context::set('error_messge', Context::getLang('msg_invalid_request'));
|
||||
// Move the file to a specific director if the uploaded file meets requirement
|
||||
|
||||
}
|
||||
else if(!$target_file || !is_uploaded_file($target_file['tmp_name']) || !preg_match('/\.(gif|jpeg|jpg|png)/i',$target_file['name']) || !checkUploadedFile($target_file['tmp_name']))
|
||||
{
|
||||
Context::set('error_messge', Context::getLang('msg_invalid_request'));
|
||||
}
|
||||
|
||||
// Move the file to a specific director if the uploaded file meets requirement
|
||||
else
|
||||
{
|
||||
$tmp_arr = explode('.',$target_file['name']);
|
||||
|
|
@ -1977,8 +1983,12 @@ class menuAdminController extends menu
|
|||
$ext = $tmp_arr[count($tmp_arr)-1];
|
||||
|
||||
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_normal_btn', $ext);
|
||||
move_uploaded_file($args->menu_normal_btn['tmp_name'], $filename);
|
||||
$returnArray['normal_btn'] = $filename;
|
||||
|
||||
if(checkUploadedFile($args->menu_normal_btn['tmp_name']))
|
||||
{
|
||||
move_uploaded_file ( $args->menu_normal_btn ['tmp_name'], $filename );
|
||||
$returnArray ['normal_btn'] = $filename;
|
||||
}
|
||||
}
|
||||
|
||||
// hover button
|
||||
|
|
@ -1988,8 +1998,12 @@ class menuAdminController extends menu
|
|||
$ext = $tmp_arr[count($tmp_arr)-1];
|
||||
|
||||
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_hover_btn', $ext);
|
||||
move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename);
|
||||
$returnArray['hover_btn'] = $filename;
|
||||
|
||||
if(checkUploadedFile($args->menu_hover_btn['tmp_name']))
|
||||
{
|
||||
move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename);
|
||||
$returnArray['hover_btn'] = $filename;
|
||||
}
|
||||
}
|
||||
|
||||
// active button
|
||||
|
|
@ -1999,8 +2013,13 @@ class menuAdminController extends menu
|
|||
$ext = $tmp_arr[count($tmp_arr)-1];
|
||||
|
||||
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_active_btn', $ext);
|
||||
move_uploaded_file($args->menu_active_btn['tmp_name'], $filename);
|
||||
$returnArray['active_btn'] = $filename;
|
||||
|
||||
if(checkUploadedFile($args->menu_active_btn['tmp_name']))
|
||||
{
|
||||
move_uploaded_file($args->menu_active_btn['tmp_name'], $filename);
|
||||
$returnArray['active_btn'] = $filename;
|
||||
}
|
||||
|
||||
}
|
||||
return $returnArray;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -436,7 +436,7 @@ class moduleAdminController extends module
|
|||
continue;
|
||||
}
|
||||
// Ignore if the file is not successfully uploaded
|
||||
if(!is_uploaded_file($image_obj['tmp_name']))
|
||||
if(!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name']))
|
||||
{
|
||||
unset($obj->{$vars->name});
|
||||
continue;
|
||||
|
|
|
|||
|
|
@ -1134,7 +1134,8 @@ class moduleController extends module
|
|||
}
|
||||
else
|
||||
{
|
||||
$this->add('save_filename', $output->get('save_filename'));
|
||||
if($output) $this->add('save_filename', $output->get('save_filename'));
|
||||
else $this->add('save_filename', '');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1156,6 +1157,9 @@ class moduleController extends module
|
|||
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $ext);
|
||||
$tmp = $vars->addfile['tmp_name'];
|
||||
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($tmp)) return false;
|
||||
|
||||
if(!@move_uploaded_file($tmp, $save_filename))
|
||||
{
|
||||
return false;
|
||||
|
|
@ -1188,6 +1192,9 @@ class moduleController extends module
|
|||
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $vars->ext);
|
||||
$tmp = $vars->addfile['tmp_name'];
|
||||
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($tmp)) return false;
|
||||
|
||||
// upload
|
||||
if(!@move_uploaded_file($tmp, $save_filename))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ class rssAdminController extends rss
|
|||
$total_config->image = '';
|
||||
}
|
||||
// Ignore if the file is not the one which has been successfully uploaded
|
||||
if($image_obj['tmp_name'] && is_uploaded_file($image_obj['tmp_name']))
|
||||
if($image_obj['tmp_name'] && is_uploaded_file($image_obj['tmp_name']) && checkUploadedFile($image_obj['tmp_name']))
|
||||
{
|
||||
// Ignore if the file is not an image (swf is accepted ~)
|
||||
$image_obj['name'] = Context::convertEncodingStr($image_obj['name']);
|
||||
|
|
@ -59,6 +59,7 @@ class rssAdminController extends rss
|
|||
else
|
||||
{
|
||||
$filename = $path.$image_obj['name'];
|
||||
|
||||
// Move the file
|
||||
if(!move_uploaded_file($image_obj['tmp_name'], $filename)) $alt_message = 'msg_error_occured';
|
||||
else
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue