mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 03:40:37 +02:00
Code Issues Releases Wiki Activity

Bugtracker #4872 - allow XMP headers in uploads

Browse Source
This commit is contained in:
e107steved
2009-12-18 21:35:15 +00:00
parent 716ddc3c58
commit eee9a2dbf0
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
e107_handlers/upload_handler.php
View File

@@ -9,9 +9,9 @@
* File Upload Handler * File Upload Handler
* *
* $Source: /cvs_backup/e107_0.8/e107_handlers/upload_handler.php,v $ * $Source: /cvs_backup/e107_0.8/e107_handlers/upload_handler.php,v $
* $Revision: 1.26 $ * $Revision: 1.27 $
* $Date: 2009-11-18 01:04:43 $ * $Date: 2009-12-18 21:34:58 $
* $Author: e107coders $ * $Author: e107steved $
*/ */
if (!defined('e107_INIT')) if (!defined('e107_INIT'))
@@ -545,11 +545,20 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
$tstr = fread($res, 100); $tstr = fread($res, 100);
fclose($res); fclose($res);
if ($tstr === FALSE) if ($tstr === FALSE)
{
return 2; // If can't read file, not much use carrying on! return 2; // If can't read file, not much use carrying on!
}
if (stristr($tstr, '<?php') !== FALSE) if (stristr($tstr, '<?php') !== FALSE)
{
return 3; // Pretty certain exploit return 3; // Pretty certain exploit
if (stristr($tstr, '<?') !== FALSE) }
return 7; // Possible exploit - maybe allowable? if (stristr($tstr,'<?') !== FALSE) // Bit more tricky - can sometimes be OK
{
if (stristr($tstr, '<?xpacket') === FALSE) // Allow the XMP header produced by CS4
{
return 7;
}
}
// 3. Now do what we can based on file extension // 3. Now do what we can based on file extension
switch ($file_ext) switch ($file_ext)