Skip to content

Commit

Permalink
Fixed issue [security] #15782: Remote Code Execution (RCE) in emplate…
Browse files Browse the repository at this point in the history 
… options file uploader. Thanks to ry.maxime@gmail.com
  • Loading branch information
lacrioque committed Jan 28, 2020
1 parent 3d961a4 commit 86acef0
Showing 1 changed file with 11 additions and 10 deletions.
21 changes: 11 additions & 10 deletions application/controllers/admin/themes.php
View file
Expand Up @@ -228,17 +228,18 @@ protected function uploadTemplateImageFile(string $sTemplateName)
// Redirect back at file size error.
$this->checkFileSizeError();

$checkImage = LSYii_ImageValidator::validateImage($_FILES["file"]);
if ($checkImage['check'] === false) {
return App()->getController()->renderPartial(
$checkImageContent = LSYii_ImageValidator::validateImage($_FILES["file"]);
$checkImageFilename = LSYii_ImageValidator::validateImage($_FILES["file"]['name']);
if ($checkImageContent['check'] === false || $checkImageFilename['check'] === false) {
$message = $checkImageContent['check'] === false
? $checkImageContent['uploadresult']
: $checkImageFilename['check'] === false ? $checkImageFilename['uploadresult']: null;
$debug = $checkImageContent['check'] === false
? $checkImageContent['debug']
: $checkImageFilename['check'] === false ? $checkImageFilename['debug']: null;
return Yii::app()->getController()->renderPartial(
'/admin/super/_renderJson',
array(
'data' => [
'success' => $success,
'message' => $checkImage['uploadresult'],
'debug' => $checkImage['debug']
]
),
array('data' => ['success' => $success, 'message' => $message, 'debug' => $debug]),
false,
false
);
Expand Down

0 comments on commit 86acef0

Please sign in to comment.