fix for issue #98

pluck-cms · Mar 3, 2021 · 6865aca · 6865aca
1 parent f152394
commit 6865aca
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 25 deletions.
diff --git a/data/inc/deletefile.php b/data/inc/deletefile.php
@@ -18,7 +18,7 @@
 //Check if image exists.
 if (file_exists('files/'.$var1)) {
 
-	if ($var1 == ".htaccess"){
+	if (strtolower($var1) == ".htaccess"){
 		show_error($lang['trashcan']['notallowed'], 1);
 	} else {
 		//First check if there isn't an item with the same name in the trashcan.
@@ -40,4 +40,3 @@
 		}
 	}
 }
-?>
diff --git a/data/inc/files.php b/data/inc/files.php
@@ -36,32 +36,27 @@
 	if ($filenamestr == '.htaccess' or strtolower(substr($filenamestr, 0, 9)) == '.htaccess'){
 		show_error($lang['general']['upload_failed'], 1);
 	} else {
-		if (!copy($_FILES['filefile']['tmp_name'], 'files/'.latinOnlyInput(latinOnlyInput($_FILES['filefile']['name']))))
+		$lastfour = substr($filenamestr, -4);
+		$lastfive = substr($filenamestr, -5);
+		$blockedExtentions = array('.php','php3','php4','php5','php6','php7','phtml','.phtm','.pht','.ph3','.ph4','.ph5','.asp','.cgi','.phar');
+		if (in_array($lastfour, $blockedExtentions) or in_array($lastfive, $blockedExtentions) ){
+			$filenamestr = $filenamestr.'.txt';
+		}
+		if (!copy($_FILES['filefile']['tmp_name'], 'files/'.$filenamestr)){
 			show_error($lang['general']['upload_failed'], 1);
-		else {
-			$lastfour = substr($filenamestr, -4);
-			$lastfive = substr($filenamestr, -5);
-			$blockedExtentions = array('.php','php3','php4','php5','php6','php7','phtml','.phtm','.pht','.ph3','.ph4','.ph5','.asp','.cgi','.phar');
-			if (in_array($lastfour, $blockedExtentions) or in_array($lastfive, $blockedExtentions) ){
-				if (!rename('files/'.latinOnlyInput($_FILES['filefile']['name']), 'files/'.latinOnlyInput($_FILES['filefile']['name']).'.txt')){
-					show_error($lang['general']['upload_failed'], 1);
-				}
-				chmod('files/'.latinOnlyInput($_FILES['filefile']['name']).'.txt', 0775);
-			}else{
-				chmod('files/'.latinOnlyInput($_FILES['filefile']['name']), 0775);
-			}
+		} else {
+			chmod('files/'.$filenamestr, 0775);
+			show_error($lang['files']['success'], 3);
 			?>
-				<div class="menudiv">
-					<strong><?php echo $lang['files']['name']; ?></strong> <?php echo latinOnlyInput($_FILES['filefile']['name']); ?>
-					<br />
-					<strong><?php echo $lang['files']['size']; ?></strong> <?php echo latinOnlyInput($_FILES['filefile']['size']).' '.$lang['images']['bytes']; ?>
-					<br />
-					<strong><?php echo $lang['files']['type']; ?></strong> <?php echo latinOnlyInput($_FILES['filefile']['type']); ?>
-					<br />
-					<strong><?php echo $lang['files']['success']; //TODO: Need to show this message another place, and with show_error(). ?></strong>
-				</div>
+			<div class="menudiv">
+				<strong><?php echo $lang['files']['name']; ?></strong> <?php echo $filenamestr; ?>
+				<br />
+				<strong><?php echo $lang['files']['size']; ?></strong> <?php echo latinOnlyInput($_FILES['filefile']['size']).' '.$lang['images']['bytes']; ?>
+				<br />
+				<strong><?php echo $lang['files']['type']; ?></strong> <?php echo latinOnlyInput($_FILES['filefile']['type']); ?>
+			</div>
 			<?php
-			}
+		}
 	}
 }