Added a check to verify if .ZIP files are infact archives.

14 years ago · f6abfa61c6
2 changed files with 7 additions and 1 deletions
--- a/inc/config.php
+++ b/inc/config.php
@ -51,6 +51,7 @@
 	define('ERR_INVALIDIMG','Invalid image.', true);
 	define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
 	define('ERR_MAXSIZE', 'The file was too big.', true);
+	define('ERR_INVALIDZIP', 'Invalid archive!', true);

 	// For resizing, max values
 	define('THUMB_WIDTH',	200, true);
--- a/post.php
+++ b/post.php
@ -121,6 +121,12 @@
 			if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE);
 			
 			if($post['zip']) {
+				// Validate ZIP file
+				if(is_resource($zip = zip_open($post['zip'])))
+					zip_close($zip);
+				else
+					error(ERR_INVALIDZIP);
+				
 				$post['file'] = ZIP_IMAGE;
 				$post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1));
 			}
@ -191,7 +197,6 @@
 				
 				if(in_array($extension, $allowed_ext)) {
 					  if (zip_entry_open($zip, $entry, 'r')) {
-						
 						// Fake post
 						$dump_post = Array(
 							'subject' => $post['subject'],