mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-02 12:48:26 +02:00
Code Issues Releases Wiki Activity

plupload fix.

Browse Source
This commit is contained in:
Cameron
2018-08-10 14:11:28 -07:00
parent cc6155a226
commit e5bb5297f6
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
e107_web/js/plupload/upload.php
View File

@@ -46,13 +46,9 @@
$chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0; $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : ''; $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
// Clean the fileName for security reasons // Clean the fileName for security reasons
$fileName = preg_replace('/[^\w\._]+/', '_', $fileName); $fileName = preg_replace('/[^\w\._]+/', '_', $fileName);
$fileName= 'hello.jpg';
if(!empty($_FILES['file']['name'])) // dropzone support v2.1.9 if(!empty($_FILES['file']['name'])) // dropzone support v2.1.9
{ {
$fileName = $_FILES['file']['name']; $fileName = $_FILES['file']['name'];
@@ -195,6 +191,14 @@
$filePath = str_replace('//','/',$filePath); // cleanup . $filePath = str_replace('//','/',$filePath); // cleanup .
if(e107::getFile()->isClean($filePath) !== true)
{
@unlink($filePath);
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Bad File Detected."}, "id" : "id"}');
}
$convertToJpeg = e107::getPref('convert_to_jpeg', 0); $convertToJpeg = e107::getPref('convert_to_jpeg', 0);
$fileSize = filesize($filePath); $fileSize = filesize($filePath);
@@ -209,6 +213,9 @@
} }
if($_GET['for'] != '') // leave in upload directory if no category given. if($_GET['for'] != '') // leave in upload directory if no category given.
{ {
$uploadPath = varset($_GET['path'],null); $uploadPath = varset($_GET['path'],null);