Fixed issue: Security problems with file upload question type

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey@10497 b72ed6b6-b9f8-46b5-92b4-906544132732
LimeSurvey · Jul 12, 2011 · 9e3d13d · 9e3d13d
1 parent f80029e
commit 9e3d13d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/admin/html.php b/admin/html.php
@@ -2069,7 +2069,7 @@ function showadminmenu()
     if($_SESSION['USER_RIGHT_CONFIGURATOR'] == 1)
     {
         $adminmenu .= "<a href=\"#\" onclick=\"window.open('{$scriptname}?action=checkintegrity', '_top')\" title=\"".$clang->gTview("Check Data Integrity")."\">".
-                      "<img src='{$imageurl}/checkdb.png' name='CheckDataIntegrity' alt='".$clang->gT("Check Data Integrity")."' /></a>\n";
+                      "<img src='{$imageurl}/checkdb.png' name='CheckDataIntegrity' width='40' height='40' alt='".$clang->gT("Check Data Integrity")."' /></a>\n";
     }
 
     // list surveys

diff --git a/upload.php b/upload.php
@@ -65,14 +65,15 @@
     $filename = $_FILES['uploadfile']['name'];
     $size = 0.001 * $_FILES['uploadfile']['size'];
     $valid_extensions = strtolower($_POST['valid_extensions']);
-    $maxfilesize = $_POST['max_filesize'];
+    $maxfilesize = (int) $_POST['max_filesize'];
     $preview = $_POST['preview'];
     $fieldname = $_POST['fieldname'];
+    $aFieldMap=createFieldMap($surveyid);
+    if (!isset($aFieldMap[$fieldname])) die();
+    $aAttributes=getQuestionAttributes($aFieldMap[$fieldname]['qid'],$aFieldMap[$fieldname]['type']);
 
-    $valid_extensions_array = explode(",", $valid_extensions);
-
-    for ($i = 0; $i < count($valid_extensions_array); $i++)
-        $valid_extensions_array[$i] = trim($valid_extensions_array[$i]);
+    $valid_extensions_array = explode(",", $aAttributes['allowed_filetypes']);
+    $valid_extensions_array = array_map('trim',$valid_extensions_array);
 
     $pathinfo = pathinfo($_FILES['uploadfile']['name']);
     $ext = $pathinfo['extension'];