mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-03-14 01:19:44 +01:00
Code Issues Releases Wiki Activity

Fixes #3460 - Zip upload issue.

Browse Source
This commit is contained in:
Cameron 2018-10-02 12:29:16 -07:00
parent 7eeb23d5c2
commit bf49853f67
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
e107_handlers/file_class.php
View File

@ -1964,13 +1964,15 @@ class e_file
return false;
}
if(stripos($tstr, '<?php') !== false)
$archives = array('zip', 'gzip', 'gz', 'tar', 'bzip', '7z', 'rar');
if(!in_array($file_ext,$archives) && stripos($tstr, '<?php') !== false)
{
$this->setErrorNum(3); // Pretty certain exploit
return false;
}
if(strpos($tstr, '<?') !== false) // Bit more tricky - can sometimes be OK
if(!in_array($file_ext,$archives) && strpos($tstr, '<?') !== false) // Bit more tricky - can sometimes be OK
{
if(stripos($tstr, '<?xpacket') === false && stripos($tstr, '<?xml ') === false) // Allow the XMP header produced by CS4 and xml files.
{