tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 08:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

11878-Invalid extensions file repo

Browse Source
This commit is contained in:
Pablo Aragon 2023-08-25 13:19:23 +02:00
parent 699b170338
commit f221b83a9e
1 changed files with 45 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
pandora_console/extensions/files_repo/functions_files_repo.php
View File

@ -204,51 +204,60 @@ function files_repo_add_file($file_input_name='upfile', $description='', $groups
if ($upload_result === true) { if ($upload_result === true) {
$filename = $_FILES[$file_input_name]['name']; $filename = $_FILES[$file_input_name]['name'];
// Replace conflictive characters
$filename = str_replace([' ', '=', '?', '&'], '_', $filename);
$filename = filter_var($filename, FILTER_SANITIZE_URL);
// The filename should not be larger than 200 characters
if (mb_strlen($filename, 'UTF-8') > 200) {
$filename = mb_substr($filename, 0, 200, 'UTF-8');
}
$hash = ''; // Invalid extensions.
if ($public) { $extension = pathinfo($filename, PATHINFO_EXTENSION);
$hash = md5(time().$config['dbpass']); $invalid_extensions = '/^(php|php1|php2|php3|php4|php5|php7|php8|phar)$/i';
$hash = mb_substr($hash, 0, 8, 'UTF-8');
}
$values = [ if (preg_match($invalid_extensions, $extension) === 0) {
'name' => $filename, // Replace conflictive characters
'description' => $description, $filename = str_replace([' ', '=', '?', '&'], '_', $filename);
'hash' => $hash, $filename = filter_var($filename, FILTER_SANITIZE_URL);
]; // The filename should not be larger than 200 characters
$file_id = db_process_sql_insert('tfiles_repo', $values); if (mb_strlen($filename, 'UTF-8') > 200) {
$filename = mb_substr($filename, 0, 200, 'UTF-8');
}
if ($file_id) { $hash = '';
$file_tmp = $_FILES[$file_input_name]['tmp_name']; if ($public) {
$destination = $files_repo_path.'/'.$file_id.'_'.$filename; $hash = md5(time().$config['dbpass']);
$hash = mb_substr($hash, 0, 8, 'UTF-8');
}
if (move_uploaded_file($file_tmp, $destination)) { $values = [
if (is_array($groups) && !empty($groups)) { 'name' => $filename,
db_process_sql_delete('tfiles_repo_group', ['id_file' => $file_id]); 'description' => $description,
foreach ($groups as $group) { 'hash' => $hash,
$values = [ ];
'id_file' => $file_id, $file_id = db_process_sql_insert('tfiles_repo', $values);
'id_group' => $group,
]; if ($file_id) {
db_process_sql_insert('tfiles_repo_group', $values); $file_tmp = $_FILES[$file_input_name]['tmp_name'];
$destination = $files_repo_path.'/'.$file_id.'_'.$filename;
if (move_uploaded_file($file_tmp, $destination)) {
if (is_array($groups) && !empty($groups)) {
db_process_sql_delete('tfiles_repo_group', ['id_file' => $file_id]);
foreach ($groups as $group) {
$values = [
'id_file' => $file_id,
'id_group' => $group,
];
db_process_sql_insert('tfiles_repo_group', $values);
}
} }
}
$result['status'] = true; $result['status'] = true;
} else {
db_process_sql_delete('tfiles_repo', ['id' => $file_id]);
unlink($file_tmp);
$result['message'] = __('The file could not be copied');
}
} else { } else {
db_process_sql_delete('tfiles_repo', ['id' => $file_id]); $result['message'] = __('There was an error creating the file');
unlink($file_tmp);
$result['message'] = __('The file could not be copied');
} }
} else { } else {
$result['message'] = __('There was an error creating the file'); $result['message'] = __('File has an invalid extension');
} }
} else { } else {
$result['message'] = $upload_result; $result['message'] = $upload_result;