upload.php | searchcode

/vendor/ckeditor/plugins/_inactive/cyberim/includes/tasks/upload.php

https://bitbucket.org/seyar/ari100krat.local · PHP · 20 lines · 16 code · 1 blank · 3 comment · 2 complexity · e635025a5dab5d8a97bb2d4cae13cffa MD5 · raw file


<?php
	/*
  		Защита от прямой загрузки
	*/
	defined('ACCESS') or die();
	
	if (!empty($_FILES)) {
		$tempFile = $_FILES['Filedata']['tmp_name'];
		$targetPath =  FileManager::clear_path(Manager::$conf['filesystem.files_abs_path'].$_REQUEST['folder']);
		echo $_REQUEST['folder']."\n";
		$targetFile =  $targetPath.$_FILES['Filedata']['name'];
		$fileTypes = explode('|', strtolower(Manager::$conf['filesystem.allowed_extensions']));
		$ext = FileManager::get_ext($_FILES['Filedata']['name']);							
		if (in_array(strtolower($ext), $fileTypes)) {
			move_uploaded_file(FileManager::convertToFileSystem($tempFile), FileManager::convertToFileSystem($targetFile));
			chmod(FileManager::convertToFileSystem($targetFile), Manager::$conf['filesystem.file_chmod']);
			echo "1";
		}
	}
?>

Alerts (4)

'die(' Abrupt termination detected; use try-catch or custom error handlers for better control
5
'$_REQUEST[' Unbounded request input detected; limit size (e.g., check Content-Length or use max input vars) to prevent memory exhaustion
9 10
'echo $_REQUEST[' Unsanitized output from user input; use htmlspecialchars() to prevent XSS
10