Skip to content

Commit 5c3e4f9

Browse files
committed
Prevent users to upload HTML files as attachments
1 parent 09ae17f commit 5c3e4f9

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

Diff for: phpmyfaq/admin/attachment.php

+5-1
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,11 @@
139139
<strong><?php echo $PMF_LANG['ad_att_addto'].' '.$PMF_LANG['ad_att_addto_2'] ?></strong>
140140
</p>
141141
<?php
142-
if (is_uploaded_file($_FILES['userfile']['tmp_name']) && !($_FILES['userfile']['size'] > $faqConfig->get('records.maxAttachmentSize'))) {
142+
if (
143+
is_uploaded_file($_FILES['userfile']['tmp_name']) &&
144+
!($_FILES['userfile']['size'] > $faqConfig->get('records.maxAttachmentSize')) &&
145+
$_FILES['userfile']['type'] !== "text/html"
146+
) {
143147
$att = PMF_Attachment_Factory::create();
144148
$att->setRecordId($recordId);
145149
$att->setRecordLang($recordLang);

0 commit comments

Comments
 (0)