Added a check to verify if .ZIP files are infact archives.

This commit is contained in:
Savetheinternet 2010-11-05 20:32:40 +11:00
parent 6fc9db8087
commit f6abfa61c6
2 changed files with 7 additions and 1 deletions

View File

@ -51,6 +51,7 @@
define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_INVALIDIMG','Invalid image.', true);
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
define('ERR_MAXSIZE', 'The file was too big.', true); define('ERR_MAXSIZE', 'The file was too big.', true);
define('ERR_INVALIDZIP', 'Invalid archive!', true);
// For resizing, max values // For resizing, max values
define('THUMB_WIDTH', 200, true); define('THUMB_WIDTH', 200, true);

View File

@ -121,6 +121,12 @@
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE);
if($post['zip']) { if($post['zip']) {
// Validate ZIP file
if(is_resource($zip = zip_open($post['zip'])))
zip_close($zip);
else
error(ERR_INVALIDZIP);
$post['file'] = ZIP_IMAGE; $post['file'] = ZIP_IMAGE;
$post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); $post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1));
} }
@ -191,7 +197,6 @@
if(in_array($extension, $allowed_ext)) { if(in_array($extension, $allowed_ext)) {
if (zip_entry_open($zip, $entry, 'r')) { if (zip_entry_open($zip, $entry, 'r')) {
// Fake post // Fake post
$dump_post = Array( $dump_post = Array(
'subject' => $post['subject'], 'subject' => $post['subject'],