Permalink
Browse files

fixed potential file upload issue so xss_clean will only check files …

…with image type extensions (e.g. png, gif, jpg)
  • Loading branch information...
David McReynolds
David McReynolds committed Mar 6, 2012
1 parent 8ffe68e commit b67aa656da4dd461f5e36e34b3a9c8f21aefc2fd
Showing with 1 addition and 1 deletion.
  1. +1 −1 fuel/modules/fuel/controllers/module.php
@@ -1440,7 +1440,7 @@ protected function _process_uploads($posted = NULL)
//$config['xss_clean'] = TRUE; // causes problem with image if true... so we use the below method
$tmp_file = file_get_contents($file_info['tmp_name']);
- if ($this->sanitize_images AND xss_clean($tmp_file, TRUE) === FALSE)
+ if ($this->sanitize_images AND is_image_file($config['file_name']) AND xss_clean($tmp_file, TRUE) === FALSE)
{
$errors = TRUE;
add_error(lang('upload_invalid_filetype'));

0 comments on commit b67aa65

Please sign in to comment.