scratch – Diff between revs 14 and 16
?pathlinks?
Rev 14 | Rev 16 | |||
---|---|---|---|---|
Line 23... | Line 23... | |||
23 | #### Grab the file extension. |
23 | #### Grab the file extension. |
|
24 | $fileExtension = pathinfo($name, PATHINFO_EXTENSION); |
24 | $fileExtension = pathinfo($name, PATHINFO_EXTENSION); |
|
Line 25... | Line 25... | |||
25 | |
25 | |
|
26 | #### If the extension is not allowed then change it to a text extension. |
26 | #### If the extension is not allowed then change it to a text extension. |
|
- | 27 | if (!isset($fileExtension) || |
||
27 | if (!isset($fileExtension) || |
28 | !in_array(strtoupper($fileExtension), |
|
28 | !in_array(strtoupper($fileExtension), $ALLOWED_FILE_EXTENSIONS)) |
29 | array_map('strtoupper', $ALLOWED_FILE_EXTENSIONS))) |
|
Line 29... | Line 30... | |||
29 | $fileExtension = 'txt'; |
30 | $fileExtension = 'txt'; |
|
30 | |
31 | |
|
31 | #### Hash filename. |
32 | #### Hash filename. |
|
Line 52... | Line 53... | |||
52 | ) |
53 | ) |
|
53 | ); |
54 | ); |
|
Line 54... | Line 55... | |||
54 | |
55 | |
|
55 | #### Check for path traversals |
56 | #### Check for path traversals |
|
56 | $pathPart = pathinfo($userPath); |
57 | $pathPart = pathinfo($userPath); |
|
57 | if (realpath($pathPart['dirname']) != realpath($STORE_FOLDER)) |
58 | if (strcasecmp(realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
|
Line 58... | Line 59... | |||
58 | return; |
59 | return; |
|
59 | |
60 | |