r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Security fixes

This commit is contained in:
dignajar 2016-09-25 23:30:06 -03:00
parent 3843d3ab27
commit c24a10a0c8
4 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bl-kernel/ajax/delete-file.php
View File

@ -26,6 +26,9 @@ if( Sanitize::pathFile(PATH_UPLOADS.$filename) ) {
exit; exit;
} }
echo json_encode( array('status'=>0, 'msg'=>'The file does not exist.') ); exit(json_encode(array(
'status'=>0,
'msg'=>'The file does not exist.'
)));
?> ?>

5
bl-kernel/ajax/slug.php
View File

@ -21,6 +21,9 @@ elseif( $_POST['type']==='post' ) {
$slug = $dbPosts->generateKey($text, $key); $slug = $dbPosts->generateKey($text, $key);
} }
echo json_encode( array('status'=>1, 'slug'=>$slug) ); exit(json_encode(array(
'status'=>1,
'slug'=>$slug
)));
?> ?>

15
bl-kernel/ajax/uploader.php
View File

@ -18,6 +18,15 @@ $filename = pathinfo($filename, PATHINFO_FILENAME);
$filename = Text::replace(' ', '', $filename); $filename = Text::replace(' ', '', $filename);
$filename = Text::replace('_', '', $filename); $filename = Text::replace('_', '', $filename);
// Check extension
$validExtension = array('tiff', 'gif', 'png', 'jpg', 'jpeg', 'bmp');
if( !in_array($fileExtension, $validExtension) ) {
exit(json_encode(array(
'status'=>1,
'msg'=>'Invalid extension file.'
)));
}
// Generate the next filename if the filename already exist. // Generate the next filename if the filename already exist.
$tmpName = $filename.'.'.$fileExtension; $tmpName = $filename.'.'.$fileExtension;
if( file_exists(PATH_UPLOADS.$tmpName) ) if( file_exists(PATH_UPLOADS.$tmpName) )
@ -47,7 +56,7 @@ if($type=='profilePicture')
else { else {
// Generate the thumbnail // Generate the thumbnail
$Image = new Image(); $Image = new Image();
//Handling all other formats than svg //Handling all other formats than svg
if (strcasecmp($fileExtension, 'svg') != 0) { if (strcasecmp($fileExtension, 'svg') != 0) {
$Image->setImage(PATH_TMP.'original'.'.'.$fileExtension, THUMBNAILS_WIDTH, THUMBNAILS_HEIGHT, 'crop'); $Image->setImage(PATH_TMP.'original'.'.'.$fileExtension, THUMBNAILS_WIDTH, THUMBNAILS_HEIGHT, 'crop');
@ -56,7 +65,7 @@ else {
// Move the original to the upload folder. // Move the original to the upload folder.
rename(PATH_TMP.'original'.'.'.$fileExtension, PATH_UPLOADS.$tmpName); rename(PATH_TMP.'original'.'.'.$fileExtension, PATH_UPLOADS.$tmpName);
//If it is a svg file, just save a copy in thumbnail-folder //If it is a svg file, just save a copy in thumbnail-folder
if (strcasecmp($fileExtension, 'svg') == 0) { if (strcasecmp($fileExtension, 'svg') == 0) {
symlink(PATH_UPLOADS.$tmpName, PATH_UPLOADS_THUMBNAILS.$tmpName); symlink(PATH_UPLOADS.$tmpName, PATH_UPLOADS_THUMBNAILS.$tmpName);
@ -73,4 +82,4 @@ exit(json_encode(array(
'filename'=>$tmpName 'filename'=>$tmpName
))); )));
?> ?>

3
bl-kernel/boot/admin.php
View File

@ -30,6 +30,9 @@ if( $layout['slug']==='ajax' )
// Check if the user is loggued. // Check if the user is loggued.
if($Login->isLogged()) if($Login->isLogged())
{ {
// Rules: Security check CSRF
include(PATH_RULES.'99.security.php');
// Load the ajax file. // Load the ajax file.
if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) { if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) {
include(PATH_AJAX.$layout['parameters'].'.php'); include(PATH_AJAX.$layout['parameters'].'.php');