Skip to content
Permalink
Browse files

Merge pull request kirillplatonov#35 from nokimaro/photo-upload-vuln

Уязвимость - заливка любого файла в фотоальбомы
  • Loading branch information
kirillplatonov committed Feb 28, 2020
2 parents 4c43d82 + 939e63a commit ebb8eda0709a1d92763c1ccd13c120e3eebc6d7b
Showing with 3 additions and 0 deletions.
  1. +3 −0 modules/photo/controllers/photo.php
@@ -523,7 +523,10 @@ public function action_edit_photos()
$file['filesize'] = filesize($_FILES['file_upload']['tmp_name']);

if (!strstr($_FILES['file_upload']['type'], 'image/'))
$this->error .= 'Неверный формат фотографии! Разрешены только gif, jpg и png<br />';
elseif ($file['file_ext'] != 'jpg' && $file['file_ext'] != 'jpeg' && $file['file_ext'] != 'gif' && $file['file_ext'] != 'png')
$this->error .= 'Неверный формат фотографии! Разрешены только gif, jpg и png<br />';

} else if (!empty($_POST['file_import']) && $_POST['file_import'] != 'http://') {
$type = 'import';
$file['real_name'] = main::detranslite(basename($_POST['file_import']));

0 comments on commit ebb8eda

Please sign in to comment.
You can’t perform that action at this time.