XOOPS /
XoopsCore
| @@ 136-140 (lines=5) @@ | ||
| 133 | if (is_array($val)) { |
|
| 134 | foreach ($val as $subkey => $subval) { |
|
| 135 | // check bad globals |
|
| 136 | if (in_array($subkey, $this->_bad_globals, true)) { |
|
| 137 | $this->message .= "Attempt to inject '$subkey' was found.\n"; |
|
| 138 | $this->_safe_contami = false; |
|
| 139 | $this->last_error_type = 'CONTAMI'; |
|
| 140 | } |
|
| 141 | $this->_initial_recursive($subval, $key . '_' . base64_encode($subkey)); |
|
| 142 | } |
|
| 143 | } else { |
|
| @@ 775-779 (lines=5) @@ | ||
| 772 | } |
|
| 773 | ||
| 774 | // anti dangerous extensions |
|
| 775 | if (in_array($ext, $bad_extensions)) { |
|
| 776 | $this->message .= "Attempt to upload {$_file['name']}.\n"; |
|
| 777 | $this->_safe_badext = false; |
|
| 778 | $this->last_error_type = 'UPLOAD'; |
|
| 779 | } |
|
| 780 | ||
| 781 | // anti camouflaged image file |
|
| 782 | if (in_array($ext, $image_extensions)) { |
|
