Skip to content
Permalink
Browse files Browse the repository at this point in the history
! Verify that uploads have valid xml and vqmod content
  • Loading branch information
timint committed Jun 14, 2018
1 parent e20e306 commit 2305368
Showing 1 changed file with 18 additions and 3 deletions.
21 changes: 18 additions & 3 deletions public_html/admin/vqmods.app/vqmods.inc.php
Expand Up @@ -49,11 +49,25 @@
throw new Exception(language::translate('error_must_select_file_to_upload', 'You must select a file to upload'));
}

if (!in_array($_FILES['vqmod']['type'], array('text/xml', 'application/xml'))) {
throw new Exception(language::translate('error_must_provide_vqmod', 'You must provide a valid vQmod file'));
$dom = new DOMDocument('1.0', 'UTF-8');

$xml = file_get_contents($_FILES['vqmod']['tmp_name']); // DOMDocument::load() does not support Windows paths so we use DOMDocument::loadXML()

if (!@$dom->loadXML($xml)) {
throw new Exception(language::translate('error_invalid_xml_file', 'Invalid XML file'));
}

if (!$dom->getElementsByTagName('modification')) {
throw new Exception(language::translate('error_xml_file_is_not_valid_vqmod', 'XML file is not a valid vQmod file'));
}

move_uploaded_file($_FILES['vqmod']['tmp_name'], FS_DIR_HTTP_ROOT . WS_DIR_HTTP_HOME .'vqmod/xml/'. $_FILES['vqmod']['name']);
$filename = FS_DIR_HTTP_ROOT . WS_DIR_HTTP_HOME .'vqmod/xml/'. pathinfo($_FILES['vqmod']['name'], PATHINFO_FILENAME) .'.xml';

if (is_file($filename)) {
unlink($filename);
}

move_uploaded_file($_FILES['vqmod']['tmp_name'], $filename);

notices::add('success', language::translate('success_changes_saved', 'Changes saved successfully'));
header('Location: '. document::ilink());
Expand All @@ -63,6 +77,7 @@
notices::add('errors', $e->getMessage());
}
}

?>
<h1><?php echo $app_icon; ?> <?php echo language::translate('title_vqmods', 'vQmods'); ?></h1>

Expand Down

0 comments on commit 2305368

Please sign in to comment.