natto1784/aslichan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Block files exploiting IE's mime-sniffing 'feature'

Browse Source
This commit is contained in:
Savetheinternet
2011-04-10 22:31:08 +10:00
parent 406d287cd1
commit c544ad9bb8
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
post.php
View File

@@ -407,6 +407,13 @@
error($config['error']['maxsize']);
}
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($post['file'], null, null, null, 255);
if(preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
error($config['error']['mime_exploit']);
}
$post['filehash'] = $config['file_hash']($post['file']);
$post['filesize'] = filesize($post['file']);