diff options
| author | Nils Adermann <naderman@naderman.de> | 2010-03-02 01:05:34 +0100 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2010-03-02 01:05:34 +0100 |
| commit | 07633a66e8c9bbb2b288a286bfbea6f562eeca4d (patch) | |
| tree | a255efa70ed6f202542649148c0445445504d181 /phpBB/includes/functions_upload.php | |
| parent | ee82970d96e0a6772b24c48aab8ebd1888ec5216 (diff) | |
| parent | 5cfa0ec0c32ddc424f9651d8766db3e4ced59f96 (diff) | |
| download | forums-07633a66e8c9bbb2b288a286bfbea6f562eeca4d.tar forums-07633a66e8c9bbb2b288a286bfbea6f562eeca4d.tar.gz forums-07633a66e8c9bbb2b288a286bfbea6f562eeca4d.tar.bz2 forums-07633a66e8c9bbb2b288a286bfbea6f562eeca4d.tar.xz forums-07633a66e8c9bbb2b288a286bfbea6f562eeca4d.zip | |
Merge commit 'release-3.0-B3'
Diffstat (limited to 'phpBB/includes/functions_upload.php')
| -rw-r--r-- | phpBB/includes/functions_upload.php | 78 |
1 files changed, 65 insertions, 13 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 28701339e4..a7a76cf526 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -38,7 +38,7 @@ class filespec /** * File Class - * @access: private + * @access private */ function filespec($upload_ary, $upload_namespace) { @@ -138,7 +138,7 @@ class filespec /** * Check if the file got correctly uploaded * - * @return true if it is a valid upload and the file exist, false if not + * @return true if it is a valid upload, false if not */ function is_uploaded() { @@ -147,7 +147,12 @@ class filespec return false; } - return (file_exists($this->filename)) ? true : false; + if ($this->local && !file_exists($this->filename)) + { + return false; + } + + return true; } /** @@ -221,24 +226,27 @@ class filespec return false; } - // Adjust destination path (no trailing slash) - if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\') - { - $destination = substr($destination, 0, sizeof($destination)-2); - } + // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... + $this->destination_path = $phpbb_root_path . $destination; - $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); - if ($destination && ($destination{0} == '/' || $destination{0} == "\\")) + // Check if the destination path exist... + if (!file_exists($this->destination_path)) { - $destination = ''; + @unlink($this->filename); + return false; } - $this->destination_path = $phpbb_root_path . $destination; - $upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy'; $upload_mode = ($this->local) ? 'local' : $upload_mode; $this->destination_file = $this->destination_path . '/' . basename($this->realname); + // Check if the file already exist, else there is something wrong... + if (file_exists($this->destination_file)) + { + @unlink($this->filename); + return false; + } + switch ($upload_mode) { case 'copy': @@ -305,6 +313,25 @@ class filespec { $this->mimetype = $this->image_info['mime']; } + + // Check image type + $types = $this->upload->image_types(); + + if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]])) + { + if (!isset($types[$this->image_info[2]])) + { + $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype); + } + else + { + $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension); + } + } + } + else + { + $this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; } } @@ -790,6 +817,31 @@ class fileupload { return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false; } + + /** + * Return image type/extension mapping + */ + function image_types() + { + return array( + 1 => array('gif'), + 2 => array('jpg', 'jpeg'), + 3 => array('png'), + 4 => array('swf'), + 5 => array('psd'), + 6 => array('bmp'), + 7 => array('tif', 'tiff'), + 8 => array('tif', 'tiff'), + 9 => array('jpg', 'jpeg'), + 10 => array('jpg', 'jpeg'), + 11 => array('jpg', 'jpeg'), + 12 => array('jpg', 'jpeg'), + 13 => array('swc'), + 14 => array('iff'), + 15 => array('wbmp'), + 16 => array('xbm'), + ); + } } ?>
\ No newline at end of file |