Fixed upload vulnerability

git-svn-id: https://plugins.svn.wordpress.org/reciply/trunk@428303 b8457f37-d9ea-0310-8a92-e5e31aec5664
wp-plugins · Aug 24, 2011 · e3ff616 · e3ff616
1 parent daa1bdb
commit e3ff616
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 37 deletions.
diff --git a/editor_plugin.js b/editor_plugin.js
@@ -37,7 +37,7 @@ function reciply() {
                 author : 'The Recip.ly Integration team',
                 authorurl : 'http://integration.recip.ly',
                 infourl : '',
-                version : "1.1.7"
+                version : "1.1.8"
             };
         }
     });

diff --git a/index.php b/index.php
@@ -4,7 +4,7 @@
 Plugin URI: 
 Description: The recip.ly plugin allows you to easily add the recip.ly checkout process to your recipes.
 Author: The Recip.ly Integration team
-Version: 1.1.7
+Version: 1.1.8
 Author URI: http://integration.recip.ly
 */
 

diff --git a/uploadImage.php b/uploadImage.php
@@ -1,41 +1,58 @@
 <?php
+//add_action('plugins_loaded','pluginInit');
 
-// File version 1.1.7
-$ref = $_SERVER['HTTP_REFERER'];
-
-// Taille maximum 
-$MAX_FILE_SIZE = 400000;
-
-// Dossier de destination du fichier
-$serverpath = "images/";// Path to where images should be uploaded to on the server.
-
-foreach ($_FILES as $file) {
-$allowed_types = array("image/bmp", "image/gif", "image/pjpeg", "image/jpeg", "image/jpg", "image/png");
-$fname = $file['name'];
-$ftype = $file['type'];
-$fsize = $file['size'];
-$ftmp =$file['tmp_name'];
-$path = "$serverpath$fname";
+if ( !function_exists( 'add_action' ) ) {
+	echo "<strong>404.1 Error</strong>";
+	exit;
 }
-
-// Diverses test afin de savoir si :
-// Le format de fichier correspond à notre tableau array
-if(!in_array($ftype, $allowed_types)){$error = 1;}
-
-// La taille du fichier n'est pas dépassée
-if($fize > $MAX_FILE_SIZE){$error = 2;}
-
-// Le fichier n'existe pas déjà
-if(file_exists($serverpath."m_".$fname)){$error = 3;}
-
-// Si tout va bien, c'est bien déroulé
-if(move_uploaded_file($ftmp,''.$serverpath.''.$fname.'')) {$error = 0;}
-
-if($fname!="") {
-				header('refresh: 0; url='.$ref.'&img='.$path.'&f='.$fname.'&target="_blank"');
-				}
-else {
-		header('refresh: 0; url='.$ref);
+pluginInit();
+function pluginInit()
+{
+	// File version 1.1.7
+	$ref = $_SERVER['HTTP_REFERER'];
+
+	// Taille maximum 
+	$MAX_FILE_SIZE = 400000;
+	$error = 0;
+
+	// Dossier de destination du fichier
+	$serverpath = ABSPATH . 'wp-content/plugins/reciply/images/';
+	//$serverpath = "images/";// Path to where images should be uploaded to on the server.
+
+	foreach ($_FILES as $file) {
+	$allowed_types = array("image/bmp", "image/gif", "image/pjpeg", "image/jpeg", "image/jpg", "image/png");
+	$fname = $file['name'];
+	$ftype = $file['type'];
+	$fsize = $file['size'];
+	$ftmp =$file['tmp_name'];
+	$path = "$serverpath$fname";
 	}
+
+	// Diverses test afin de savoir si :
+	// Le format de fichier correspond à notre tableau array
+	if(!in_array($ftype, $allowed_types)){$error = 1;}
+
+	// La taille du fichier n'est pas dépassée
+	if($fize > $MAX_FILE_SIZE){$error = 2;}
+
+
+	// Le fichier n'existe pas déjà
+	if(file_exists($serverpath."m_".$fname)){$error = 3;}
+	if ( $error != 0 ) {
+		echo "<strong>404.2 Error Code = ".$error."</strong>";
+		exit(0);
+	}
+
+
+	// Si tout va bien, c'est bien déroulé
+	if(move_uploaded_file($ftmp,''.$serverpath.''.$fname.'')) {$error = 4;}
+
+	if($fname!="") {
+					header('refresh: 0; url='.$ref.'&img='.$path.'&f='.$fname.'&target="_blank"');
+					}
+	else {
+			header('refresh: 0; url='.$ref);
+		}
+}
 
 ?>