XOOPS /
XoopsCore25
| @@ 124-128 (lines=5) @@ | ||
| 121 | if (is_array($val)) { |
|
| 122 | foreach ($val as $subkey => $subval) { |
|
| 123 | // check bad globals |
|
| 124 | if (in_array($subkey, $this->_bad_globals, true)) { |
|
| 125 | $this->message .= "Attempt to inject '$subkey' was found.\n"; |
|
| 126 | $this->_safe_contami = false; |
|
| 127 | $this->last_error_type = 'CONTAMI'; |
|
| 128 | } |
|
| 129 | $this->_initial_recursive($subval, $key . '_' . base64_encode($subkey)); |
|
| 130 | } |
|
| 131 | } else { |
|
| @@ 914-918 (lines=5) @@ | ||
| 911 | } |
|
| 912 | ||
| 913 | // anti dangerous extensions |
|
| 914 | if (in_array($ext, $bad_extensions)) { |
|
| 915 | $this->message .= "Attempt to upload {$_file['name']}.\n"; |
|
| 916 | $this->_safe_badext = false; |
|
| 917 | $this->last_error_type = 'UPLOAD'; |
|
| 918 | } |
|
| 919 | ||
| 920 | // anti camouflaged image file |
|
| 921 | if (in_array($ext, $image_extensions)) { |
|
