scratch – Diff between revs 14 and 16
?pathlinks?
| Rev 14 | Rev 16 | |||
|---|---|---|---|---|
| Line 23... | Line 23... | |||
| 23 | #### Grab the file extension. |
23 | #### Grab the file extension. |
|
| 24 | $fileExtension = pathinfo($name, PATHINFO_EXTENSION); |
24 | $fileExtension = pathinfo($name, PATHINFO_EXTENSION); |
|
| Line 25... | Line 25... | |||
| 25 | |
25 | |
|
| 26 | #### If the extension is not allowed then change it to a text extension. |
26 | #### If the extension is not allowed then change it to a text extension. |
|
| - | 27 | if (!isset($fileExtension) || |
||
| 27 | if (!isset($fileExtension) || |
28 | !in_array(strtoupper($fileExtension), |
|
| 28 | !in_array(strtoupper($fileExtension), $ALLOWED_FILE_EXTENSIONS)) |
29 | array_map('strtoupper', $ALLOWED_FILE_EXTENSIONS))) |
|
| Line 29... | Line 30... | |||
| 29 | $fileExtension = 'txt'; |
30 | $fileExtension = 'txt'; |
|
| 30 | |
31 | |
|
| 31 | #### Hash filename. |
32 | #### Hash filename. |
|
| Line 52... | Line 53... | |||
| 52 | ) |
53 | ) |
|
| 53 | ); |
54 | ); |
|
| Line 54... | Line 55... | |||
| 54 | |
55 | |
|
| 55 | #### Check for path traversals |
56 | #### Check for path traversals |
|
| 56 | $pathPart = pathinfo($userPath); |
57 | $pathPart = pathinfo($userPath); |
|
| 57 | if (realpath($pathPart['dirname']) != realpath($STORE_FOLDER)) |
58 | if (strcasecmp(realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
|
| Line 58... | Line 59... | |||
| 58 | return; |
59 | return; |
|
| 59 | |
60 | |
|