dont allow these filetypes

This commit is contained in:
owen 2020-12-01 21:16:50 -05:00 committed by GitHub
parent 9848769ac6
commit d4ecd636ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

3
u.php
View file

@ -38,9 +38,10 @@ if ($handle = opendir($target_dir)) {
$target_file = $target_dir . basename($_FILES["file"]["name"]); $target_file = $target_dir . basename($_FILES["file"]["name"]);
$uploadOk = 0; $uploadOk = 0;
$fileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION)); $fileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
if ($fileType == '') { if ($fileType == '' || $fileType == 'php' || $fileType == 'html' || $fileType == 'htm') {
$fileType = 'txt'; $fileType = 'txt';
} }
$target_file = $target_dir . substr(md5_file($_FILES['file']['tmp_name']), 1, 6) . "." . $fileType; $target_file = $target_dir . substr(md5_file($_FILES['file']['tmp_name']), 1, 6) . "." . $fileType;
if (file_exists($_FILES["file"]['tmp_name'])) { if (file_exists($_FILES["file"]['tmp_name'])) {