From 23237cb05dc7f231a7333dc8a44dea1b0d6a9f65 Mon Sep 17 00:00:00 2001 From: Diego Najar Date: Mon, 9 Sep 2019 19:29:35 +0200 Subject: [PATCH] Check file types uploaded and handle message error for the users --- bl-kernel/admin/views/edit-user.php | 10 +++++++--- bl-kernel/admin/views/settings.php | 10 +++++++--- bl-kernel/ajax/logo-upload.php | 9 ++++++++- bl-kernel/ajax/profile-picture-upload.php | 20 ++++++++++---------- bl-kernel/ajax/upload-images.php | 12 +++++++++++- 5 files changed, 43 insertions(+), 18 deletions(-) diff --git a/bl-kernel/admin/views/edit-user.php b/bl-kernel/admin/views/edit-user.php index 8f0060cf..b373a029 100644 --- a/bl-kernel/admin/views/edit-user.php +++ b/bl-kernel/admin/views/edit-user.php @@ -133,9 +133,13 @@ cache: false, contentType: false, processData: false - }).done(function(json) { - console.log(json); - $("#jsprofilePicturePreview").attr('src',json.absoluteURL+"?time="+Math.random()); + }).done(function(data) { + console.log(data); + if (data.status==0) { + $("#jsprofilePicturePreview").attr('src',json.absoluteURL+"?time="+Math.random()); + } else { + showAlert(data.message); + } }); }); diff --git a/bl-kernel/admin/views/settings.php b/bl-kernel/admin/views/settings.php index 1f40b631..ba224f48 100644 --- a/bl-kernel/admin/views/settings.php +++ b/bl-kernel/admin/views/settings.php @@ -579,9 +579,13 @@ cache: false, contentType: false, processData: false - }).done(function(json) { - console.log(json); - $("#jssiteLogoPreview").attr('src',json.absoluteURL+"?time="+Math.random()); + }).done(function(data) { + console.log(data); + if (data.status==0) { + $("#jssiteLogoPreview").attr('src',data.absoluteURL+"?time="+Math.random()); + } else { + showAlert(data.message); + } }); }); diff --git a/bl-kernel/ajax/logo-upload.php b/bl-kernel/ajax/logo-upload.php index 33c87a0a..84b4363f 100644 --- a/bl-kernel/ajax/logo-upload.php +++ b/bl-kernel/ajax/logo-upload.php @@ -14,11 +14,18 @@ if (!isset($_FILES['inputFile'])) { ajaxResponse(1, 'Error trying to upload the site logo.'); } +// Check path traversal on $filename +if (Text::stringContains($_FILES['inputFile']['name'], DS, false)) { + $message = 'Path traversal detected.'; + Log::set($message, LOG_TYPE_ERROR); + ajaxResponse(1, $message); +} + // File extension $fileExtension = Filesystem::extension($_FILES['inputFile']['name']); $fileExtension = Text::lowercase($fileExtension); if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) { - $message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']); + $message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']); Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message); } diff --git a/bl-kernel/ajax/profile-picture-upload.php b/bl-kernel/ajax/profile-picture-upload.php index b282cf71..a32e8362 100644 --- a/bl-kernel/ajax/profile-picture-upload.php +++ b/bl-kernel/ajax/profile-picture-upload.php @@ -15,18 +15,18 @@ if (!isset($_FILES['profilePictureInputFile'])) { ajaxResponse(1, 'Error trying to upload the profile picture.'); } -// Check file extension -$fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']); -$fileExtension = Text::lowercase($fileExtension); -if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) { - $message = 'File type is not supported. Allowed types: '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']); +// Check path traversal +if (Text::stringContains($username, DS, false)) { + $message = 'Path traversal detected.'; Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message); } -// Check path traversal -if (Text::stringContains($username, DS, false)) { - $message = 'Path traversal detected.'; +// Check file extension +$fileExtension = Filesystem::extension($_FILES['profilePictureInputFile']['name']); +$fileExtension = Text::lowercase($fileExtension); +if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) { + $message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']); Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message); } @@ -45,8 +45,8 @@ $image = new Image(); $image->setImage(PATH_TMP.$tmpFilename, PROFILE_IMG_WIDTH, PROFILE_IMG_HEIGHT, 'crop'); $image->saveImage(PATH_UPLOADS_PROFILES.$filename, PROFILE_IMG_QUALITY, false, true); -// Remove the tmp file -unlink(PATH_TMP.$tmpFilename); +// Delete temporary file +Filesystem::rmfile(PATH_TMP.$tmpFilename); // Permissions chmod(PATH_UPLOADS_PROFILES.$filename, 0644); diff --git a/bl-kernel/ajax/upload-images.php b/bl-kernel/ajax/upload-images.php index 3c5fc077..a9a82eb6 100644 --- a/bl-kernel/ajax/upload-images.php +++ b/bl-kernel/ajax/upload-images.php @@ -54,6 +54,15 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) { ajaxResponse(1, $message); } + // Check file extension + $fileExtension = Filesystem::extension($filename); + $fileExtension = Text::lowercase($fileExtension); + if (!in_array($fileExtension, $GLOBALS['ALLOWED_IMG_EXTENSION']) ) { + $message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']); + Log::set($message, LOG_TYPE_ERROR); + ajaxResponse(1, $message); + } + // Move from PHP tmp file to Bludit tmp directory Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP.$filename); @@ -64,10 +73,11 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) { Filesystem::rmfile(PATH_TMP.$filename); if ($image) { + chmod($image, 0644); $filename = Filesystem::filename($image); array_push($images, $filename); } else { - $message = $L->g('File type is not supported. Allowed types:').' '.implode(', ',$GLOBALS['ALLOWED_IMG_EXTENSION']); + $message = 'Error after transformImage() function.'; Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message); }