Skip to content
Permalink
Browse files Browse the repository at this point in the history
* themes,extensions: secure "install_from_hash" functionality
  • Loading branch information
NavigateCMS committed Jun 11, 2020
1 parent d415db5 commit f1f4712
Show file tree
Hide file tree
Showing 6 changed files with 343 additions and 288 deletions.
8 changes: 6 additions & 2 deletions lib/packages/extensions/extension.class.php
Expand Up @@ -551,7 +551,7 @@ public static function check_upload($file_upload, $extension_name)
}

// check every php file included
$files = core_recursive_file_search($tempdir, '/.*\/*.php/');
$files = core_recursive_file_search($tempdir, '/.*\/*.(php|phtml)/');

$prohibited_functions = array(
'eval(',
Expand All @@ -566,8 +566,12 @@ public static function check_upload($file_upload, $extension_name)

foreach($files as $file)
{
// remove all spaces
if(!file_exists($file))
{
continue;
}
$file_content = file_get_contents($file);
// remove all spaces
$file_content = str_replace(array(' ', "\t", "\r", "\n"), '', $file_content);

foreach($prohibited_functions as $pf)
Expand Down

0 comments on commit f1f4712

Please sign in to comment.