diff options
| author | Wes Baker <wes@wesbaker.com> | 2012-05-05 00:44:24 +0200 |
|---|---|---|
| committer | Phil Sturgeon <email@philsturgeon.co.uk> | 2012-05-07 23:13:30 +0200 |
| commit | e463c4d71c2fdcc224e70f7576582220ae64e3d7 (patch) | |
| tree | 75f353a61582d4779a97b78ab0bb920c7ac94596 /system | |
| parent | 55ac2138482154c3aed7d6a6a2b6f196d0a04d9e (diff) | |
Added a return false if an image doesn't pass XSS cleaning to prevent file_get_contents from returning a NULL and passing through unscathed.
Diffstat (limited to 'system')
| -rw-r--r-- | system/libraries/Upload.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index b0490de30..0e5d73b19 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -868,6 +868,10 @@ class CI_Upload { { return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good } + else + { + return FALSE; + } } if (($data = @file_get_contents($file)) === FALSE) |