Skip to content

Commit

Permalink
security() Add more checks to script patterns
Browse files Browse the repository at this point in the history
  • Loading branch information
@george1806
george1806 committed Jun 7, 2022
1 parent f718179 commit fcf8fad
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions include/utils/CommonUtils.php
View file
Expand Up @@ -2374,7 +2374,7 @@ function validateImageFile($file_details) {
}
$filetype = strtolower($filetype);
}
if (in_array($filetype, ['jpeg', 'png', 'jpg', 'pjpeg', 'x-png', 'gif', 'bmp', 'svg', 'svg+xml', 'xml', 'text/xml'])) {
if (in_array($filetype, ['jpeg', 'png', 'jpg', 'pjpeg', 'x-png', 'gif', 'bmp', 'svg', 'svg+xml', 'xml', 'text/xml', 'pdf', 'octet-stream'])) {
// we add XML to the array in order to apply validation rules to that type as it can contain executable code
$saveimage = 'true';
} else {
Expand Down Expand Up @@ -2465,7 +2465,8 @@ function validateImageContents($filename) {
|| stripos($contents, '<%=') !== false
|| stripos($contents, '<? ') !== false
|| stripos($contents, '<?php ') !== false
|| stripos($contents, '<% ') !== false;
|| stripos($contents, '<% ') !== false
|| stripos($contents, '<</') !== false;
}
if ($check) {
return false;
Expand Down

0 comments on commit fcf8fad

Please sign in to comment.