mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-06-24 08:20:11 +02:00
Validate file in upload.
This commit is contained in:
parent
e5677be971
commit
ed65fd4aa1
|
@ -958,6 +958,14 @@ if (!empty($_FILES) && !FM_READONLY) {
|
|||
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
||||
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
||||
|
||||
if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) {
|
||||
$response = array (
|
||||
'status' => 'error',
|
||||
'info' => "Invalid File name!",
|
||||
);
|
||||
echo json_encode($response); exit();
|
||||
}
|
||||
|
||||
$targetPath = $path . $ds;
|
||||
if ( is_writable($targetPath) ) {
|
||||
$fullPath = os_path_join($path, $_REQUEST['fullpath']);
|
||||
|
|
Loading…
Reference in a new issue