summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorWes Baker <wes@wesbaker.com>2012-05-05 00:44:24 +0200
committerWes Baker <wes@wesbaker.com>2012-05-05 00:44:24 +0200
commitbb2c83bddbf51c42815be3de60eab24fd87ae392 (patch)
treeead796d441ef3e9d70347f98a48fda8478a0a867 /system
parent5335bc317f07f12c0f0bae5ac9189f75fcad0f1c (diff)
Added a return false if an image doesn't pass XSS cleaning to prevent file_get_contents from returning a NULL and passing through unscathed.
Diffstat (limited to 'system')
-rw-r--r--system/libraries/Upload.php6
1 files changed, 5 insertions, 1 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 8ad67050d..4a4a66f73 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -850,6 +850,10 @@ class CI_Upload {
{
return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
}
+ else
+ {
+ return FALSE;
+ }
}
if (($data = @file_get_contents($file)) === FALSE)
@@ -1099,4 +1103,4 @@ class CI_Upload {
}
/* End of file Upload.php */
-/* Location: ./system/libraries/Upload.php */ \ No newline at end of file
+/* Location: ./system/libraries/Upload.php */