mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 05:50:42 +02:00
Code Issues Releases Wiki Activity

[feature/attach-dl] Added a function for checking allowed extensions

Browse Source 
PHPBB3-11042
This commit is contained in:
Fyorl
2012-08-04 15:29:26 +01:00
parent 50af76da7d
commit 16ec660e76
2 changed files with 32 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
phpBB/download/file.php
View File

@@ -318,26 +318,20 @@ else
// disallowed?
$extensions = $cache->obtain_attach_extensions($row['forum_id']);
if ($attachments)
if ($attachment)
{
// Remove attachments with disallowed extensions
$new_ary = array();
foreach ($attachments as $attach)
{
if (isset($extensions['_allowed_'][$attach['extension']]))
{
$new_ary[] = $attach;
}
}
$attachments = $new_ary;
$ary = array($attachment);
}
else
{
$ary = &$attachments;
}
if (($attachments && empty($attachments)) || ($attachment && !isset($extensions['_allowed_'][$attachment['extension']])))
if (!phpbb_check_attach_extensions($extensions, $ary))
{
send_status_line(404, 'Forbidden');
trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
$ext = ($attachment) ? $attachment['extension'] : $attachments[0]['extension'];
trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $ext));
}
}