vanzhiganov/clipbucket
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modified : file writing and mysql vulnerabilities removed

Browse source
This commit is contained in:
Fahad Abbas 2017-11-02 12:23:43 +05:00
parent 88eeb41e3f
commit c207197593
2 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
upload/actions/file_uploader.php
View file

@ -136,8 +136,18 @@ switch($mode)
$config_for_mp4 = $Cbucket->configs['stay_mp4'];
$ffmpegpath = $Cbucket->configs['ffmpegpath'];
$extension = getExt( $_FILES['Filedata']['name']);
/*$raw_content_type = mime_content_type($_FILES['Filedata']['tmp_name']);
$content_type = substr($raw_content_type, 0,strpos($raw_content_type, '/'));*/
$raw_content_type = mime_content_type($_FILES['Filedata']['tmp_name']);
$content_type = substr($raw_content_type, 0,strpos($raw_content_type, '/'));
if ( $content_type != 'video') {
echo json_encode(array("status"=>"400","err"=>"Invalid Content"));
exit();
}
pex($content_type,true);
$types = strtolower(config('allowed_types'));
$supported_extensions = explode(',', $types);

2
upload/view_collection.php
View file

@ -12,7 +12,7 @@ define("PARENT_PAGE",'collections');
require 'includes/config.inc.php';
$pages->page_redir();
$c = mysql_clean($_GET['cid']);
$c = mysql_clean((int)$_GET['cid']);
$type = mysql_clean($_GET['type']);
$page = mysql_clean($_GET['page']);