tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 16:24:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

11878-Invalid extensions file repo

Browse Source
This commit is contained in:
Pablo Aragon 2023-08-25 13:19:23 +02:00
parent 699b170338
commit f221b83a9e
1 changed files with 45 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/extensions/files_repo/functions_files_repo.php
View File

@ -204,6 +204,12 @@ function files_repo_add_file($file_input_name='upfile', $description='', $groups
if ($upload_result === true) { if ($upload_result === true) {
$filename = $_FILES[$file_input_name]['name']; $filename = $_FILES[$file_input_name]['name'];
// Invalid extensions.
$extension = pathinfo($filename, PATHINFO_EXTENSION);
$invalid_extensions = '/^(php|php1|php2|php3|php4|php5|php7|php8|phar)$/i';
if (preg_match($invalid_extensions, $extension) === 0) {
// Replace conflictive characters // Replace conflictive characters
$filename = str_replace([' ', '=', '?', '&'], '_', $filename); $filename = str_replace([' ', '=', '?', '&'], '_', $filename);
$filename = filter_var($filename, FILTER_SANITIZE_URL); $filename = filter_var($filename, FILTER_SANITIZE_URL);
@ -250,6 +256,9 @@ function files_repo_add_file($file_input_name='upfile', $description='', $groups
} else { } else {
$result['message'] = __('There was an error creating the file'); $result['message'] = __('There was an error creating the file');
} }
} else {
$result['message'] = __('File has an invalid extension');
}
} else { } else {
$result['message'] = $upload_result; $result['message'] = $upload_result;
} }