From 2b67d7072ce14e5e640c2d20d47dbd1140fb83d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Gaillard?= Date: Tue, 29 Oct 2013 10:18:29 +0100 Subject: [PATCH] // type of logger field --- .../ajaxfilemanager/ajax_file_upload.php | 20 ++++++------------- .../ajaxfilemanager/ajax_get_file_listing.php | 3 ++- classes/Logger.php | 2 +- 3 files changed, 9 insertions(+), 16 deletions(-) diff --git a/admin-dev/ajaxfilemanager/ajax_file_upload.php b/admin-dev/ajaxfilemanager/ajax_file_upload.php index b21a39c13..c942991ed 100755 --- a/admin-dev/ajaxfilemanager/ajax_file_upload.php +++ b/admin-dev/ajaxfilemanager/ajax_file_upload.php @@ -22,26 +22,18 @@ $upload->setInvalidFileExt(explode(",", CONFIG_UPLOAD_INVALID_EXTS)); if(CONFIG_SYS_VIEW_ONLY || !CONFIG_OPTIONS_UPLOAD) - { $error = SYS_DISABLED; - } elseif(empty($_GET['folder']) || !isUnderRoot($_GET['folder'])) - { $error = ERR_FOLDER_PATH_NOT_ALLOWED; - }else if(!$upload->isFileUploaded('file')) - { + elseif (!$upload->isFileUploaded('file')) $error = ERR_FILE_NOT_UPLOADED; - }else if(!$upload->moveUploadedFile($_GET['folder'])) - { - $error = ERR_FILE_MOVE_FAILED; - } - elseif(!$upload->isPermittedFileExt(explode(",", CONFIG_UPLOAD_VALID_EXTS))) - { + elseif (!$upload->isPermittedFileExt(explode(",", CONFIG_UPLOAD_VALID_EXTS))) $error = ERR_FILE_TYPE_NOT_ALLOWED; - }elseif(defined('CONFIG_UPLOAD_MAXSIZE') && CONFIG_UPLOAD_MAXSIZE && $upload->isSizeTooBig(CONFIG_UPLOAD_MAXSIZE)) - { + elseif (defined('CONFIG_UPLOAD_MAXSIZE') && CONFIG_UPLOAD_MAXSIZE && $upload->isSizeTooBig(CONFIG_UPLOAD_MAXSIZE)) $error = sprintf(ERROR_FILE_TOO_BID, transformFileSize(CONFIG_UPLOAD_MAXSIZE)); - }else + elseif (!$upload->moveUploadedFile($_GET['folder'])) + $error = ERR_FILE_MOVE_FAILED; + else { include_once(CLASS_FILE); $path = $upload->getFilePath(); diff --git a/admin-dev/ajaxfilemanager/ajax_get_file_listing.php b/admin-dev/ajaxfilemanager/ajax_get_file_listing.php index c72110344..bb85caada 100755 --- a/admin-dev/ajaxfilemanager/ajax_get_file_listing.php +++ b/admin-dev/ajaxfilemanager/ajax_get_file_listing.php @@ -24,7 +24,8 @@ if(!empty($_GET['search'])) { include_once(CLASS_SEARCH); - + if (!preg_match('/^'.Tools::pRegexp(realpath(dirname(__FILE__).'/'.$_GET['search_folder']), '/').'/i', _PS_ROOT_DIR_.'/img/cms')) + exit; $search = new Search($_GET['search_folder']); $search->addSearchKeyword('recursive', @$_GET['search_recursively']); $search->addSearchKeyword('mtime_from', @$_GET['search_mtime_from']); diff --git a/classes/Logger.php b/classes/Logger.php index ff7fb994d..f6dc77a3d 100644 --- a/classes/Logger.php +++ b/classes/Logger.php @@ -62,7 +62,7 @@ class LoggerCore extends ObjectModel 'fields' => array( 'severity' => array('type' => self::TYPE_INT, 'validate' => 'isInt', 'required' => true), 'error_code' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedInt'), - 'message' => array('type' => self::TYPE_STRING, 'validate' => 'isMessage', 'required' => true), + 'message' => array('type' => self::TYPE_STRING, 'validate' => 'isString', 'required' => true), 'object_id' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedInt'), 'id_employee' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedInt'), 'object_type' => array('type' => self::TYPE_STRING, 'validate' => 'isName'),