fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-14 07:52:13 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue 3633, protect from file upload hacking

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@13182 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
khongchi 2013-11-08 03:44:04 +00:00
parent f010a2ce7f
commit acd89ccd9a
10 changed files with 111 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/module/module.controller.php
View file

@ -1134,7 +1134,8 @@ class moduleController extends module
}
else
{
$this->add('save_filename', $output->get('save_filename'));
if($output) $this->add('save_filename', $output->get('save_filename'));
else $this->add('save_filename', '');
}
}
@ -1156,6 +1157,9 @@ class moduleController extends module
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $ext);
$tmp = $vars->addfile['tmp_name'];
// Check uploaded file
if(!checkUploadedFile($tmp)) return false;
if(!@move_uploaded_file($tmp, $save_filename))
{
return false;
@ -1188,6 +1192,9 @@ class moduleController extends module
$save_filename = sprintf('%s%s.%s',$path, $vars->module_filebox_srl, $vars->ext);
$tmp = $vars->addfile['tmp_name'];
// Check uploaded file
if(!checkUploadedFile($tmp)) return false;
// upload
if(!@move_uploaded_file($tmp, $save_filename))
{