Fixed security bug in FileField: NEED TESTING
This commit is contained in:
Antonio de la Rosa
parent
4cc0f6b19f
commit
83392e732e
1 changed files with 37 additions and 19 deletions
|
|
@ -4,7 +4,7 @@ namespace PhangoApp\PhaModels\CoreFields;
|
||||||
use PhangoApp\PhaUtils\Utils;
|
use PhangoApp\PhaUtils\Utils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
* NEED TESTING, PROBABLY BROKEN
|
||||||
*/
|
*/
|
||||||
|
|
||||||
class FileField extends PhangoField {
|
class FileField extends PhangoField {
|
||||||
|
|
@ -20,6 +20,8 @@ class FileField extends PhangoField {
|
||||||
public $quot_open='\'';
|
public $quot_open='\'';
|
||||||
public $quot_close='\'';
|
public $quot_close='\'';
|
||||||
public $std_error='';
|
public $std_error='';
|
||||||
|
public $func_token='PhangoApp\PhaUtils\Utils::get_token';
|
||||||
|
public $prefix_id=1;
|
||||||
|
|
||||||
function __construct($name_file, $path, $url_path)
|
function __construct($name_file, $path, $url_path)
|
||||||
{
|
{
|
||||||
|
|
@ -40,21 +42,18 @@ class FileField extends PhangoField {
|
||||||
|
|
||||||
settype($_POST['delete_'.$file_field], 'integer');
|
settype($_POST['delete_'.$file_field], 'integer');
|
||||||
|
|
||||||
if($_POST['delete_'.$file_field]==1)
|
if($this->update)
|
||||||
{
|
{
|
||||||
|
|
||||||
$file_delete=Utils::form_text($_POST[$file_field]);
|
//Check the image for delete.
|
||||||
|
//This field is used only for a row
|
||||||
|
//echo $this->model_instance->conditions; die;
|
||||||
|
$old_reset=Webmodel::$model[$this->name_model]->reset_conditions;
|
||||||
|
Webmodel::$model[$this->name_model]->reset_conditions=0;
|
||||||
|
$old_file=Webmodel::$model[$this->name_model]->select_a_row_where(array($this->name_component), 1)[$this->name_component];
|
||||||
|
Webmodel::$model[$this->name_model]->reset_conditions=$old_reset;
|
||||||
|
|
||||||
if($file_delete!='')
|
}
|
||||||
{
|
|
||||||
|
|
||||||
@unlink($this->path.'/'.$file_delete);
|
|
||||||
|
|
||||||
$file='';
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if(isset($_FILES[$file_field]['tmp_name']))
|
if(isset($_FILES[$file_field]['tmp_name']))
|
||||||
{
|
{
|
||||||
|
|
@ -62,10 +61,29 @@ class FileField extends PhangoField {
|
||||||
if($_FILES[$file_field]['tmp_name']!='')
|
if($_FILES[$file_field]['tmp_name']!='')
|
||||||
{
|
{
|
||||||
|
|
||||||
if( move_uploaded_file ( $_FILES[$file_field]['tmp_name'] , $this->path.'/'.$_FILES[$file_field]['name'] ) )
|
$name_file=basename($_FILES[$file_field]['tmp_name']);
|
||||||
|
|
||||||
|
if($this->prefix_id)
|
||||||
|
{
|
||||||
|
|
||||||
|
$name_file=hash('sha256', (call_user_func_array($this->func_token, array(25)))).'_'.$name_file;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if( move_uploaded_file ( $_FILES[$file_field]['tmp_name'] , $this->path.'/'.$name_file ) )
|
||||||
{
|
{
|
||||||
|
|
||||||
return $_FILES[$file_field]['name'];
|
if($old_file!='')
|
||||||
|
{
|
||||||
|
|
||||||
|
if(!@unlink($this->path.'/'.$old_file))
|
||||||
|
{
|
||||||
|
$this->std_error=I18n::lang('common', 'cannot_delete_old_file', 'Cannot delete old files, please, check permissions');
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return $name_file;
|
||||||
|
|
||||||
//return $this->path.'/'.$_FILES[$file]['name'];
|
//return $this->path.'/'.$_FILES[$file]['name'];
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue