r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Bug fix for PHP 5.6 when upload images

This commit is contained in:
Diego Najar 2019-05-29 19:28:11 +02:00
parent febd7256e4
commit 600345ee57
8 changed files with 23 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bl-kernel/admin/themes/booty/html/media.php
View File

@ -178,7 +178,7 @@ function uploadImages() {
// Check file type/extension // Check file type/extension
const validImageTypes = ['image/gif', 'image/jpeg', 'image/png', 'image/svg+xml']; const validImageTypes = ['image/gif', 'image/jpeg', 'image/png', 'image/svg+xml'];
if (!validImageTypes.includes(images[i].type)) { if (!validImageTypes.includes(images[i].type)) {
showMediaAlert("<?php echo $L->g('File type is not supported. Allowed types:').' '.implode(', ',ALLOWED_IMG_EXTENSION) ?>"); showMediaAlert("<?php echo $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']) ?>");
return false; return false;
} }

4
bl-kernel/ajax/logo-upload.php
View File

@ -17,8 +17,8 @@ if (!isset($_FILES['inputFile'])) {
// File extension // File extension
$fileExtension = Filesystem::extension($_FILES['inputFile']['name']); $fileExtension = Filesystem::extension($_FILES['inputFile']['name']);
$fileExtension = Text::lowercase($fileExtension); $fileExtension = Text::lowercase($fileExtension);
if (!in_array($fileExtension, ALLOWED_IMG_EXTENSION) ) { if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
$message = 'File type is not supported. Allowed types: '.implode(', ',ALLOWED_IMG_EXTENSION); $message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
Log::set($message, LOG_TYPE_ERROR); Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message); ajaxResponse(1, $message);
} }

18
bl-kernel/ajax/profile-picture-upload.php
View File

@ -15,21 +15,15 @@ if (!isset($_FILES['profilePictureInputFile'])) {
ajaxResponse(1, 'Error trying to upload the profile picture.'); ajaxResponse(1, 'Error trying to upload the profile picture.');
} }
// File extension // Check file extension
$fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']); $fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']);
$fileExtension = Text::lowercase($fileExtension); $fileExtension = Text::lowercase($fileExtension);
if (!in_array($fileExtension, ALLOWED_IMG_EXTENSION) ) { if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
$message = 'File type is not supported. Allowed types: '.implode(', ',ALLOWED_IMG_EXTENSION); $message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
Log::set($message, LOG_TYPE_ERROR); Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message); ajaxResponse(1, $message);
} }
// Tmp filename
$tmpFilename = $username.'.'.$fileExtension;
// Final filename
$filename = $username.'.png';
// Check path traversal // Check path traversal
if (Text::stringContains($username, DS, false)) { if (Text::stringContains($username, DS, false)) {
$message = 'Path traversal detected.'; $message = 'Path traversal detected.';
@ -37,6 +31,9 @@ if (Text::stringContains($username, DS, false)) {
ajaxResponse(1, $message); ajaxResponse(1, $message);
} }
// Tmp filename
$tmpFilename = $username.'.'.$fileExtension;
// Move from temporary directory to uploads folder // Move from temporary directory to uploads folder
rename($_FILES['profilePictureInputFile']['tmp_name'], PATH_TMP.$tmpFilename); rename($_FILES['profilePictureInputFile']['tmp_name'], PATH_TMP.$tmpFilename);
@ -48,6 +45,9 @@ $image->saveImage(PATH_UPLOADS_PROFILES.$filename, PROFILE_IMG_QUALITY, false, t
// Remove the tmp file // Remove the tmp file
unlink(PATH_TMP.$tmpFilename); unlink(PATH_TMP.$tmpFilename);
// Final filename
$filename = $username.'.png';
// Permissions // Permissions
chmod(PATH_UPLOADS_PROFILES.$filename, 0644); chmod(PATH_UPLOADS_PROFILES.$filename, 0644);

2
bl-kernel/ajax/upload-images.php
View File

@ -47,7 +47,7 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) {
$filename = Filesystem::filename($image); $filename = Filesystem::filename($image);
array_push($images, $filename); array_push($images, $filename);
} else { } else {
$message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',ALLOWED_IMG_EXTENSION); $message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']);
Log::set($message, LOG_TYPE_ERROR); Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message); ajaxResponse(1, $message);
} }

13
bl-kernel/boot/variables.php
View File

@ -92,12 +92,6 @@ define('SESSION_GC_MAXLIFETIME', 3600);
// The value 0 means until the browser is closed // The value 0 means until the browser is closed
define('SESSION_COOKIE_LIFE_TIME', 0); define('SESSION_COOKIE_LIFE_TIME', 0);
// Tags, type of pages included in the tag database
define('DB_TAGS_TYPES', array('published','static','sticky'));
// Allowed image extensions
define('ALLOWED_IMG_EXTENSION', array('gif', 'png', 'jpg', 'jpeg', 'svg'));
// Alert notification dissappear in X seconds // Alert notification dissappear in X seconds
define('ALERT_DISSAPEAR_IN', 3); define('ALERT_DISSAPEAR_IN', 3);
@ -107,3 +101,10 @@ define('MEDIA_MANAGER_NUMBER_OF_FILES', 5);
// Sort the image by date // Sort the image by date
define('MEDIA_MANAGER_SORT_BY_DATE', true); define('MEDIA_MANAGER_SORT_BY_DATE', true);
// Constant arrays using define are not allowed in PHP 5.6 or earlier
// Type of pages included in the tag database
$GLOBALS['DB_TAGS_TYPES'] = array('published','static','sticky');
// Allowed image extensions
$GLOBALS['ALLOWED_IMG_EXTENSION'] = array('gif', 'png', 'jpg', 'jpeg', 'svg');

2
bl-kernel/functions.php
View File

@ -827,7 +827,7 @@ function transformImage($file, $imageDir, $thumbnailDir=false) {
// Check image extension // Check image extension
$fileExtension = Filesystem::extension($file); $fileExtension = Filesystem::extension($file);
$fileExtension = Text::lowercase($fileExtension); $fileExtension = Text::lowercase($fileExtension);
if (!in_array($fileExtension, ALLOWED_IMG_EXTENSION) ) { if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) {
return false; return false;
} }

2
bl-kernel/tags.class.php
View File

@ -18,7 +18,7 @@ class Tags extends dbList {
$db = $pages->getDB($onlyKeys=false); $db = $pages->getDB($onlyKeys=false);
$tagsIndex = array(); $tagsIndex = array();
foreach ($db as $pageKey=>$pageFields) { foreach ($db as $pageKey=>$pageFields) {
if (in_array($pageFields['type'], DB_TAGS_TYPES)) { if (in_array($pageFields['type'], $GLOBALS['DB_TAGS_TYPES'])) {
$tags = $pageFields['tags']; $tags = $pageFields['tags'];
foreach ($tags as $tagKey=>$tagName) { foreach ($tags as $tagKey=>$tagName) {
if (isset($tagsIndex[$tagKey])) { if (isset($tagsIndex[$tagKey])) {

2
bl-plugins/disqus/plugin.php
View File

@ -58,7 +58,7 @@ class pluginDisqus extends Plugin {
global $url; global $url;
global $WHERE_AM_I; global $WHERE_AM_I;
// Do not shows // Do not shows disqus on page not found
if ($url->notFound()) { if ($url->notFound()) {
return false; return false;
} }