Check file extension, bug fix #1011

This commit is contained in:
Diego Najar 2019-05-27 19:24:11 +02:00
parent f317d8cff7
commit 0dc9904d62

View File

@ -6,7 +6,11 @@ if (!isset($_FILES['inputFile'])) {
}
// File extension
$fileExtension = pathinfo($_FILES['inputFile']['name'], PATHINFO_EXTENSION);
$fileExtension = Filesystem::extension($_FILES['inputFile']['name']);
$fileExtension = Text::lowercase($fileExtension);
if (!in_array($fileExtension, ALLOWED_IMG_EXTENSION) ) {
return false;
}
// Final filename
$filename = 'logo.'.$fileExtension;
@ -21,7 +25,7 @@ if ($oldFilename) {
}
// Move from temporary directory to uploads
rename($_FILES['inputFile']['tmp_name'], PATH_UPLOADS.$filename);
Filesystem::mv($_FILES['inputFile']['tmp_name'], PATH_UPLOADS.$filename);
// Permissions
chmod(PATH_UPLOADS.$filename, 0644);