From 4038063c37c926d944ec96d5020e6cbfb28c177e Mon Sep 17 00:00:00 2001
From: Fahad Abbas <adventivepk@gmail.com>
Date: Fri, 16 Feb 2018 13:09:13 +0500
Subject: [PATCH] modified : arbitrary files upload issue fixed

---
 upload/actions/beats_uploader.php |  9 +++++++++
 upload/actions/photo_uploader.php |  7 +++++++
 upload/edit_account.php           | 15 +++++++++++++++
 3 files changed, 31 insertions(+)

diff --git a/upload/actions/beats_uploader.php b/upload/actions/beats_uploader.php
index 5b81e209..c8e17a78 100755
--- a/upload/actions/beats_uploader.php
+++ b/upload/actions/beats_uploader.php
@@ -147,6 +147,15 @@ switch($mode)
             exit();
         }
 
+        $extension = getExt( $_FILES['file']['name']);
+        $types = strtolower(config('allowed_types'));
+        $supported_extensions = explode(',', $types);
+
+        if (!in_array($extension, $supported_extensions)) {
+            echo json_encode(array("status"=>"504","msg"=>"Invalid extension"));
+            exit();
+        }
+
         $targetDir = CB_BEATS_UPLOAD_DIR;
        # $directory = create_dated_folder( CB_BEATS_UPLOAD_DIR );
        # $targetDir .= '/'.$directory;
diff --git a/upload/actions/photo_uploader.php b/upload/actions/photo_uploader.php
index aefc2a85..b7d4224e 100644
--- a/upload/actions/photo_uploader.php
+++ b/upload/actions/photo_uploader.php
@@ -193,7 +193,14 @@ switch($mode)
             echo json_encode(array("status"=>"400","err"=>"Invalid Content"));
             exit();
         }
+        $extension = getExt( $_FILES['file']['name']);
+        $types = strtolower(config('allowed_types'));
+        $supported_extensions = explode(',', $types);
 
+        if (!in_array($extension, $supported_extensions)) {
+            echo json_encode(array("status"=>"504","msg"=>"Invalid extension"));
+            exit();
+        }
         //pr($_REQUEST);
         $targetDir = PHOTOS_DIR;
         $directory = create_dated_folder( PHOTOS_DIR );
diff --git a/upload/edit_account.php b/upload/edit_account.php
index 7bb2f7b6..9b5e48ee 100644
--- a/upload/edit_account.php
+++ b/upload/edit_account.php
@@ -36,6 +36,21 @@ if(isset($_POST['update_avatar_bg']))
 if(isset($_FILES["coverPhoto"])){
 	if(isset($_FILES["coverPhoto"]) && get_mime_type($_FILES["coverPhoto"]['tmp_name']) == 'image'){
 		$array = $_FILES;
+
+		$extension = getExt( $_FILES['coverPhoto']['name']);
+	   	$types = strtolower(config('allowed_types'));
+	    $supported_extensions = explode(',', $types);
+
+	    if (!in_array($extension, $supported_extensions)) {
+	        $response = array(
+				"status" => false,
+				"msg" => "Invalid extension provided",
+				"url" => false,
+				);
+			echo json_encode($response);
+			die();
+	    }
+
 		$array['userid'] = userid();
 		$coverUpload = $userquery->updateCover($array);
 		$timeStamp = time();