forked from leftypol/leftypol
Added a check to verify if .ZIP files are infact archives.
This commit is contained in:
Savetheinternet
parent
6fc9db8087
commit
f6abfa61c6
2 changed files with 7 additions and 1 deletions
7
post.php
7
post.php
|
|
@ -121,6 +121,12 @@
|
|||
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE);
|
||||
|
||||
if($post['zip']) {
|
||||
// Validate ZIP file
|
||||
if(is_resource($zip = zip_open($post['zip'])))
|
||||
zip_close($zip);
|
||||
else
|
||||
error(ERR_INVALIDZIP);
|
||||
|
||||
$post['file'] = ZIP_IMAGE;
|
||||
$post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1));
|
||||
}
|
||||
|
|
@ -191,7 +197,6 @@
|
|||
|
||||
if(in_array($extension, $allowed_ext)) {
|
||||
if (zip_entry_open($zip, $entry, 'r')) {
|
||||
|
||||
// Fake post
|
||||
$dump_post = Array(
|
||||
'subject' => $post['subject'],
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue