4 changed files with 40 additions and 15 deletions
@ -411,15 +411,14 @@ |
|||
if(!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files'])) |
|||
error($config['error']['unknownext']); |
|||
|
|||
if(in_array($post['extension'], $config['allowed_ext_files'])) |
|||
$__file = true; |
|||
$is_an_image = !in_array($post['extension'], $config['allowed_ext_files']); |
|||
|
|||
// Just trim the filename if it's too long |
|||
if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; |
|||
// Move the uploaded file |
|||
if([email protected]_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']); |
|||
|
|||
if(!isset($__file)) { |
|||
if($is_an_image) { |
|||
// Check IE MIME type detection XSS exploit |
|||
$buffer = file_get_contents($post['file'], null, null, null, 255); |
|||
if(preg_match($config['ie_mime_type_detection'], $buffer)) { |
|||
@ -494,9 +493,12 @@ |
|||
} |
|||
$image->destroy(); |
|||
} else { |
|||
copy($config['file_thumb'], $post['thumb']); |
|||
// not an image |
|||
|
|||
$size = @getimagesize($post['thumb']); |
|||
//copy($config['file_thumb'], $post['thumb']); |
|||
$post['thumb'] = 'file'; |
|||
|
|||
$size = @getimagesize($config['file_thumb']); |
|||
$post['thumbwidth'] = $size[0]; |
|||
$post['thumbheight'] = $size[1]; |
|||
} |
|||
@ -530,7 +532,8 @@ |
|||
// Remove DIR_* before inserting them into the database. |
|||
if($post['has_file']) { |
|||
$post['file'] = substr_replace($post['file'], '', 0, strlen($board['dir'] . $config['dir']['img'])); |
|||
$post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . $config['dir']['thumb'])); |
|||
if($is_an_image) |
|||
$post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . $config['dir']['thumb'])); |
|||
} |
|||
|
|||
// Todo: Validate some more, remove messy code, allow more specific configuration |
|||
|
Loading…
Reference in new issue