mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-06-08 08:52:23 +02:00
Fixed upload url limitations.
This commit is contained in:
parent
f36877b74c
commit
0eb6ea219e
|
@ -551,7 +551,29 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
|
||||||
if(isset($_POST['type']) && $_POST['type'] == "upload" && !empty($_REQUEST["uploadurl"])) {
|
if(isset($_POST['type']) && $_POST['type'] == "upload" && !empty($_REQUEST["uploadurl"])) {
|
||||||
$path = os_path_join(FM_ROOT_PATH, FM_PATH);
|
$path = os_path_join(FM_ROOT_PATH, FM_PATH);
|
||||||
|
|
||||||
|
function event_callback ($message) {
|
||||||
|
global $callback;
|
||||||
|
echo json_encode($message);
|
||||||
|
}
|
||||||
|
|
||||||
|
function get_file_path () {
|
||||||
|
global $path, $fileinfo, $temp_file;
|
||||||
|
return $path."/".basename($fileinfo->name);
|
||||||
|
}
|
||||||
|
|
||||||
$url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null;
|
$url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null;
|
||||||
|
|
||||||
|
//prevent 127.* domain and known ports
|
||||||
|
$domain = parse_url($url, PHP_URL_HOST);
|
||||||
|
$port = parse_url($url, PHP_URL_PORT);
|
||||||
|
$knownPorts = [22, 23, 25, 3306];
|
||||||
|
|
||||||
|
if (preg_match("/^localhost$|^127(?:\.[0-9]+){0,2}\.[0-9]+$|^(?:0*\:)*?:?0*1$/i", $domain) || in_array($port, $knownPorts)) {
|
||||||
|
$err = array("message" => "URL is not allowed");
|
||||||
|
event_callback(array("fail" => $err));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$use_curl = false;
|
$use_curl = false;
|
||||||
$temp_file = tempnam(sys_get_temp_dir(), "upload-");
|
$temp_file = tempnam(sys_get_temp_dir(), "upload-");
|
||||||
$fileinfo = new stdClass();
|
$fileinfo = new stdClass();
|
||||||
|
@ -561,16 +583,6 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
|
||||||
$ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION));
|
$ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION));
|
||||||
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
||||||
|
|
||||||
function event_callback ($message) {
|
|
||||||
global $callback;
|
|
||||||
echo json_encode($message);
|
|
||||||
}
|
|
||||||
|
|
||||||
function get_file_path () {
|
|
||||||
global $path, $fileinfo, $temp_file;
|
|
||||||
return os_path_join($path, basename($fileinfo->name));
|
|
||||||
}
|
|
||||||
|
|
||||||
$err = false;
|
$err = false;
|
||||||
|
|
||||||
if(!$isFileAllowed) {
|
if(!$isFileAllowed) {
|
||||||
|
|
Loading…
Reference in a new issue