Security fixes

This commit is contained in:
dignajar 2016-09-25 23:30:06 -03:00
parent 3843d3ab27
commit c24a10a0c8
4 changed files with 23 additions and 5 deletions

View File

@ -26,6 +26,9 @@ if( Sanitize::pathFile(PATH_UPLOADS.$filename) ) {
exit; exit;
} }
echo json_encode( array('status'=>0, 'msg'=>'The file does not exist.') ); exit(json_encode(array(
'status'=>0,
'msg'=>'The file does not exist.'
)));
?> ?>

View File

@ -21,6 +21,9 @@ elseif( $_POST['type']==='post' ) {
$slug = $dbPosts->generateKey($text, $key); $slug = $dbPosts->generateKey($text, $key);
} }
echo json_encode( array('status'=>1, 'slug'=>$slug) ); exit(json_encode(array(
'status'=>1,
'slug'=>$slug
)));
?> ?>

View File

@ -18,6 +18,15 @@ $filename = pathinfo($filename, PATHINFO_FILENAME);
$filename = Text::replace(' ', '', $filename); $filename = Text::replace(' ', '', $filename);
$filename = Text::replace('_', '', $filename); $filename = Text::replace('_', '', $filename);
// Check extension
$validExtension = array('tiff', 'gif', 'png', 'jpg', 'jpeg', 'bmp');
if( !in_array($fileExtension, $validExtension) ) {
exit(json_encode(array(
'status'=>1,
'msg'=>'Invalid extension file.'
)));
}
// Generate the next filename if the filename already exist. // Generate the next filename if the filename already exist.
$tmpName = $filename.'.'.$fileExtension; $tmpName = $filename.'.'.$fileExtension;
if( file_exists(PATH_UPLOADS.$tmpName) ) if( file_exists(PATH_UPLOADS.$tmpName) )

View File

@ -30,6 +30,9 @@ if( $layout['slug']==='ajax' )
// Check if the user is loggued. // Check if the user is loggued.
if($Login->isLogged()) if($Login->isLogged())
{ {
// Rules: Security check CSRF
include(PATH_RULES.'99.security.php');
// Load the ajax file. // Load the ajax file.
if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) { if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) {
include(PATH_AJAX.$layout['parameters'].'.php'); include(PATH_AJAX.$layout['parameters'].'.php');