From bf0a84baa72302599fce1f0589a0e061925d10c1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 29 Mar 2016 15:33:48 +0200 Subject: [PATCH] Introduced isReadableFile() which encapsulates checking if the given file is really a file and if it is readable. --- index.php | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/index.php b/index.php index 3c2998b..ce813fe 100644 --- a/index.php +++ b/index.php @@ -75,7 +75,7 @@ // =============={ Configuration End }============== // Is the local config file there? - if (file_exists('config-local.php')) { + if (isReadableFile('config-local.php')) { // Load it then include('config-local.php'); } @@ -175,12 +175,12 @@ $file_data['target_file_name'] .= $settings['random_name_alphabet'][mt_rand(0, strlen($settings['random_name_alphabet']) - 1)]; if ($settings['random_name_keep_type']) $file_data['target_file_name'] .= '.' . pathinfo($file_data['uploaded_file_name'], PATHINFO_EXTENSION); - } while (file_exists($file_data['target_file_name'])); + } while (isReadableFile($file_data['target_file_name'])); } $file_data['upload_target_file'] = $data['uploaddir'] . DIRECTORY_SEPARATOR . $file_data['target_file_name']; // Do now allow to overwriting files - if (file_exists($file_data['upload_target_file'])) { + if (isReadableFile($file_data['upload_target_file'])) { echo 'File name already exists' . "\n"; return; } @@ -201,7 +201,7 @@ if (in_array(substr($file, 1), $_SESSION['upload_user_files']) || in_array($file, $_SESSION['upload_user_files'])) { $fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $file; - if (!in_array($file, $data['ignores']) && file_exists($fqfn)) { + if (!in_array($file, $data['ignores']) && isReadableFile($fqfn)) { unlink($fqfn); echo 'File has been removed'; exit; @@ -215,7 +215,7 @@ if (in_array(substr($file, 1), $_SESSION['upload_user_files']) || in_array($file, $_SESSION['upload_user_files'])) { $fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $file; - if (!in_array($file, $data['ignores']) && file_exists($fqfn)) { + if (!in_array($file, $data['ignores']) && isReadableFile($fqfn)) { if (substr($file, 0, 1) === '.') { rename($fqfn, substr($fqfn, 1)); echo 'File has been made visible'; @@ -228,6 +228,11 @@ } } + // Checks if the given file is a file and is readable + function isReadableFile ($file) { + return (is_file($file) && is_readable($file)); + } + // Files are being POSEed. Uploading them one by one. if (isset($_FILES['file'])) { header('Content-type: text/plain'); @@ -257,7 +262,7 @@ $dh = opendir($dir); while ($filename = readdir($dh)) { $fqfn = $dir . DIRECTORY_SEPARATOR . $filename; - if (is_file($fqfn) && !in_array($filename, $data['ignores'])) + if (isReadableFile($fqfn) && !in_array($filename, $data['ignores'])) $file_array[filemtime($fqfn)] = $filename; } -- 2.39.2