diff options
author | Andrey Andreev <narf@bofh.bg> | 2011-12-02 13:28:54 +0100 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2011-12-02 13:28:54 +0100 |
commit | 59654319d20a7ec406e7d6f15cf6804e94897d14 (patch) | |
tree | afeb3649d924777d6ed0e4cf9e86b7716b4c5605 | |
parent | cceb2063ae42eaee5a1ae7fd07e7054f6c239ae5 (diff) |
Hotfix for a file type detection bug in the Upload library
-rw-r--r-- | system/libraries/Upload.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index fe5907ab2..ff3461586 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1042,14 +1042,17 @@ class CI_Upload { if (function_exists('mime_content_type')) { $this->file_type = @mime_content_type($file['tmp_name']); - return; + if (strlen($this->file_type) > 0) // Turned out it's possible ... + { + return; + } } /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type, * which is still more secure than depending on the value of $_FILES[$field]['type']. * * Notes: - * - a 'W' in the substr() expression bellow, would mean that we're using Windows + * - the DIRECTORY_SEPARATOR comparison ensures that we're not on a Windows system * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check */ if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec')) |