phangoapp/phamodels
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security fixes in filedfield and imagefield

Browse source
This commit is contained in:
Antonio de la Rosa 2016-12-08 04:42:29 +01:00
parent 83392e732e
commit 001ee79c2a
2 changed files with 179 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/CoreFields/FileField.php
View file

@ -60,6 +60,8 @@ class FileField extends PhangoField {
if($_FILES[$file_field]['tmp_name']!='') if($_FILES[$file_field]['tmp_name']!='')
{ {
if(is_uploaded_file($_FILES[$file_field]['tmp_name']))
{
$name_file=basename($_FILES[$file_field]['tmp_name']); $name_file=basename($_FILES[$file_field]['tmp_name']);
@ -97,6 +99,18 @@ class FileField extends PhangoField {
return ''; return '';
}
}
else
{
$this->std_error=I18n::lang('common', 'error_cannot_upload_this_file_to_the_server', 'Error: Cannot upload this file to the server');
$this->error=1;
return '';
} }

13
src/CoreFields/ImageField.php
View file

@ -78,6 +78,8 @@ class ImageField extends PhangoField {
if(trim($_FILES[$file_name]['tmp_name'])!=='') if(trim($_FILES[$file_name]['tmp_name'])!=='')
{ {
if(is_uploaded_file($_FILES[$file_name]['tmp_name']))
{
$name_image=$_FILES[$file_name]['name']; $name_image=$_FILES[$file_name]['name'];
@ -209,6 +211,17 @@ class ImageField extends PhangoField {
} }
} }
else else
{
$this->std_error=I18n::lang('common', 'no_valid_image', 'This image is not upload');
$this->error=1;
return '';
}
}
else
{ {
return $old_image; return $old_image;