Added a check to verify if .ZIP files are infact archives.
This commit is contained in:
parent
6fc9db8087
commit
f6abfa61c6
@ -51,6 +51,7 @@
|
|||||||
define('ERR_INVALIDIMG','Invalid image.', true);
|
define('ERR_INVALIDIMG','Invalid image.', true);
|
||||||
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
|
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
|
||||||
define('ERR_MAXSIZE', 'The file was too big.', true);
|
define('ERR_MAXSIZE', 'The file was too big.', true);
|
||||||
|
define('ERR_INVALIDZIP', 'Invalid archive!', true);
|
||||||
|
|
||||||
// For resizing, max values
|
// For resizing, max values
|
||||||
define('THUMB_WIDTH', 200, true);
|
define('THUMB_WIDTH', 200, true);
|
||||||
|
7
post.php
7
post.php
@ -121,6 +121,12 @@
|
|||||||
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE);
|
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE);
|
||||||
|
|
||||||
if($post['zip']) {
|
if($post['zip']) {
|
||||||
|
// Validate ZIP file
|
||||||
|
if(is_resource($zip = zip_open($post['zip'])))
|
||||||
|
zip_close($zip);
|
||||||
|
else
|
||||||
|
error(ERR_INVALIDZIP);
|
||||||
|
|
||||||
$post['file'] = ZIP_IMAGE;
|
$post['file'] = ZIP_IMAGE;
|
||||||
$post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1));
|
$post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1));
|
||||||
}
|
}
|
||||||
@ -191,7 +197,6 @@
|
|||||||
|
|
||||||
if(in_array($extension, $allowed_ext)) {
|
if(in_array($extension, $allowed_ext)) {
|
||||||
if (zip_entry_open($zip, $entry, 'r')) {
|
if (zip_entry_open($zip, $entry, 'r')) {
|
||||||
|
|
||||||
// Fake post
|
// Fake post
|
||||||
$dump_post = Array(
|
$dump_post = Array(
|
||||||
'subject' => $post['subject'],
|
'subject' => $post['subject'],
|
||||||
|
Loading…
Reference in New Issue
Block a user