Skip to content

Commit

Permalink
add validate on file extensions
Browse files Browse the repository at this point in the history
  • Loading branch information
@callcenter-magnus
callcenter-magnus committed Jan 2, 2024
1 parent 7335722 commit c157285
Show file tree
Hide file tree
Showing 9 changed files with 150 additions and 140 deletions.
Binary file modified build/MagnusBilling-current.tar.gz
View file
Binary file not shown.
16 changes: 16 additions & 0 deletions protected/components/Util.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,4 +294,20 @@ public static function calculation_price($buyrate, $duration, $initblock, $incre
$ratecost = $ratecost;
return $ratecost;
}

public static function valid_extension($filename, $allowed = [])
{
$ext = strtolower(CFileHelper::getExtension($filename));

if ( ! in_array($ext, $allowed)) {
echo json_encode([
'success' => false,
'errors' => 'File error',
]);
exit;
}

return $ext;

}
}
9 changes: 6 additions & 3 deletions protected/controllers/AuthenticationController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -436,6 +436,7 @@ public function actionImportLogo()
} else {
$uploadfile = $uploaddir . 'logo_custom.png';
}
$typefile = Util::valid_extension($_FILES["logo"]["name"], ['png']);

move_uploaded_file($_FILES["logo"]["tmp_name"], $uploadfile);
}
Expand All @@ -450,9 +451,9 @@ public function actionImportWallpapers()
{
if (isset($_FILES['wallpaper']['tmp_name']) && strlen($_FILES['wallpaper']['tmp_name']) > 3) {

$uploaddir = "resources/images/wallpapers/";
$data = explode('.', $_FILES["wallpaper"]["name"]);
$typefile = array_pop($data);
$uploaddir = "resources/images/wallpapers/";
$typefile = Util::valid_extension($_FILES["wallpaper"]["name"], ['jpg']);

$uploadfile = $uploaddir . 'Customization.jpg';
move_uploaded_file($_FILES["wallpaper"]["tmp_name"], $uploadfile);
}
Expand Down Expand Up @@ -480,6 +481,8 @@ public function actionImportLoginBackground()

if (isset($_FILES['loginbackground']['tmp_name']) && strlen($_FILES['loginbackground']['tmp_name']) > 3) {

$typefile = Util::valid_extension($_FILES["loginbackground"]["name"], ['jpg']);

$uploadfile = 'resources/images/lock-screen-background.jpg';
try {
move_uploaded_file($_FILES["loginbackground"]["tmp_name"], $uploadfile);
Expand Down
Loading

0 comments on commit c157285

Please sign in to comment.