scratch
/quickload/upload.php |
@@ -25,7 +25,8 @@ |
|
#### If the extension is not allowed then change it to a text extension. |
if (!isset($fileExtension) || |
!in_array(strtoupper($fileExtension), $ALLOWED_FILE_EXTENSIONS)) |
!in_array(strtoupper($fileExtension), |
array_map('strtoupper', $ALLOWED_FILE_EXTENSIONS))) |
$fileExtension = 'txt'; |
|
#### Hash filename. |
@@ -54,7 +55,7 @@ |
|
#### Check for path traversals |
$pathPart = pathinfo($userPath); |
if (realpath($pathPart['dirname']) != realpath($STORE_FOLDER)) |
if (strcasecmp(realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
return; |
|
#### Store the file. |