issue 3633, protect from file upload hacking

git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@13182 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-04-02 01:52:10 +09:00 · 2013-11-08 03:44:04 +00:00 · 2013-11-08 03:44:04 +00:00 · acd89ccd9a
commit acd89ccd9a
parent f010a2ce7f
10 changed files with 111 additions and 15 deletions
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@ -663,6 +663,10 @@ class fileController extends file
 		}
 		// Create a directory
 		if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
+		
+		// Check uploaded file
+		if(!checkUploadedFile($file_info['tmp_name']))  return new Object(-1,'msg_file_upload_error');
+		
 		// Move the file
 		if($manual_insert)
 		{