From c20719759377248a5b3b67151ee9cfe3eb606b51 Mon Sep 17 00:00:00 2001
From: Fahad Abbas <adventivepk@gmail.com>
Date: Thu, 2 Nov 2017 12:23:43 +0500
Subject: [PATCH] modified : file writing and mysql vulnerabilities removed

---
 upload/actions/file_uploader.php | 14 ++++++++++++--
 upload/view_collection.php       |  2 +-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/upload/actions/file_uploader.php b/upload/actions/file_uploader.php
index 9e9d3d80..b42e5594 100644
--- a/upload/actions/file_uploader.php
+++ b/upload/actions/file_uploader.php
@@ -136,8 +136,18 @@ switch($mode)
 		$config_for_mp4 = $Cbucket->configs['stay_mp4'];
 		$ffmpegpath = $Cbucket->configs['ffmpegpath'];
 		$extension = getExt( $_FILES['Filedata']['name']);
-		/*$raw_content_type = mime_content_type($_FILES['Filedata']['tmp_name']);
-		$content_type = substr($raw_content_type, 0,strpos($raw_content_type, '/'));*/
+		
+
+		$raw_content_type = mime_content_type($_FILES['Filedata']['tmp_name']);
+		$content_type = substr($raw_content_type, 0,strpos($raw_content_type, '/'));
+
+		if ( $content_type != 'video')  {
+			echo json_encode(array("status"=>"400","err"=>"Invalid Content"));
+			exit();
+		}
+
+		pex($content_type,true);
+
 		$types = strtolower(config('allowed_types'));
 		$supported_extensions = explode(',', $types);
 
diff --git a/upload/view_collection.php b/upload/view_collection.php
index 8c1ea677..972c92a3 100644
--- a/upload/view_collection.php
+++ b/upload/view_collection.php
@@ -12,7 +12,7 @@ define("PARENT_PAGE",'collections');
 require 'includes/config.inc.php';
 $pages->page_redir();
 
-$c = mysql_clean($_GET['cid']);
+$c = mysql_clean((int)$_GET['cid']);
 $type = mysql_clean($_GET['type']);
 
 $page = mysql_clean($_GET['page']);