Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-h4cc-fxpp-pgw9
  • Loading branch information
gondoh committed Mar 23, 2023
2 parents 58ee1fc + 002886b commit 08247f0
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions lib/Baser/Model/BcAppModel.php
Expand Up @@ -932,14 +932,22 @@ public function fileCheck($check, $size)
public function fileExt($check, $exts)
{
$file = $check[key($check)];
if (!is_array($exts)) {
$exts = explode(',', $exts);
}

// FILES形式のチェック
if (!empty($file['name'])) {
if (!is_array($exts)) {
$exts = explode(',', $exts);
}
$ext = decodeContent($file['type'], $file['name']);
if (in_array($ext, $exts)) {
return true;
} else {
if (!in_array($ext, $exts)) {
return false;
}
}

// 更新時の文字列チェック
if (!empty($file) && is_string($file)) {
$ext = pathinfo($file, PATHINFO_EXTENSION);
if (!in_array($ext, $exts)) {
return false;
}
}
Expand Down

0 comments on commit 08247f0

Please sign in to comment.