fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue 3633, protect from file upload hacking

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@13182 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
khongchi 2013-11-08 03:44:04 +00:00
parent f010a2ce7f
commit acd89ccd9a
10 changed files with 111 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

35
modules/menu/menu.admin.controller.php
View file

@ -1361,11 +1361,17 @@ class menuAdminController extends menu
$target = Context::get('target');
$target_file = Context::get($target);
// Error occurs when the target is neither a uploaded file nor a valid file
if(!$menu_srl || !$menu_item_srl || !$target_file || !is_uploaded_file($target_file['tmp_name']) || !preg_match('/\.(gif|jpeg|jpg|png)/i',$target_file['name']))
if(!$menu_srl || !$menu_item_srl)
{
Context::set('error_messge', Context::getLang('msg_invalid_request'));
// Move the file to a specific director if the uploaded file meets requirement
}
else if(!$target_file || !is_uploaded_file($target_file['tmp_name']) || !preg_match('/\.(gif|jpeg|jpg|png)/i',$target_file['name']) || !checkUploadedFile($target_file['tmp_name']))
{
Context::set('error_messge', Context::getLang('msg_invalid_request'));
}
// Move the file to a specific director if the uploaded file meets requirement
else
{
$tmp_arr = explode('.',$target_file['name']);
@ -1977,8 +1983,12 @@ class menuAdminController extends menu
$ext = $tmp_arr[count($tmp_arr)-1];
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_normal_btn', $ext);
move_uploaded_file($args->menu_normal_btn['tmp_name'], $filename);
$returnArray['normal_btn'] = $filename;
if(checkUploadedFile($args->menu_normal_btn['tmp_name']))
{
move_uploaded_file ( $args->menu_normal_btn ['tmp_name'], $filename );
$returnArray ['normal_btn'] = $filename;
}
}
// hover button
@ -1988,8 +1998,12 @@ class menuAdminController extends menu
$ext = $tmp_arr[count($tmp_arr)-1];
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_hover_btn', $ext);
move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename);
$returnArray['hover_btn'] = $filename;
if(checkUploadedFile($args->menu_hover_btn['tmp_name']))
{
move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename);
$returnArray['hover_btn'] = $filename;
}
}
// active button
@ -1999,8 +2013,13 @@ class menuAdminController extends menu
$ext = $tmp_arr[count($tmp_arr)-1];
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_active_btn', $ext);
move_uploaded_file($args->menu_active_btn['tmp_name'], $filename);
$returnArray['active_btn'] = $filename;
if(checkUploadedFile($args->menu_active_btn['tmp_name']))
{
move_uploaded_file($args->menu_active_btn['tmp_name'], $filename);
$returnArray['active_btn'] = $filename;
}
}
return $returnArray;
}