Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent users to upload HTML files as attachments
  • Loading branch information
thorsten committed Oct 2, 2017
1 parent 09ae17f commit 5c3e4f9
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion phpmyfaq/admin/attachment.php
Expand Up @@ -139,7 +139,11 @@
<strong><?php echo $PMF_LANG['ad_att_addto'].' '.$PMF_LANG['ad_att_addto_2'] ?></strong>
</p>
<?php
if (is_uploaded_file($_FILES['userfile']['tmp_name']) && !($_FILES['userfile']['size'] > $faqConfig->get('records.maxAttachmentSize'))) {
if (
is_uploaded_file($_FILES['userfile']['tmp_name']) &&
!($_FILES['userfile']['size'] > $faqConfig->get('records.maxAttachmentSize')) &&
$_FILES['userfile']['type'] !== "text/html"
) {
$att = PMF_Attachment_Factory::create();
$att->setRecordId($recordId);
$att->setRecordLang($recordLang);
Expand Down

0 comments on commit 5c3e4f9

Please sign in to comment.