fixed php upload filter to block anything containing php or phtml

This commit is contained in:
alopexc0de 2012-10-09 18:18:18 -04:00
parent 57793480da
commit 2a5ec015d1

View File

@ -39,7 +39,8 @@ if (($_FILES["file"]["size"] < 2000000))
} }
else else
{ {
if($_FILES["file"]["type"] == "application/x-php"){ if(preg_match('/php/i', $_FILES["file"]["name"]) && preg_match('/phtml/i', $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " is not allowed, sorry about that..."; echo $_FILES["file"]["name"] . " is not allowed, sorry about that...";
}else{ }else{
move_uploaded_file($_FILES["file"]["tmp_name"], move_uploaded_file($_FILES["file"]["tmp_name"],