From ddaf31ea42b38332a464a2c27d4378a0acc47110 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Mon, 2 Oct 2023 13:28:34 +0700 Subject: [PATCH] Added check up_allowed in Upload.php class (#924) --- library/language/source/main.php | 1 + src/Legacy/Common/Upload.php | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/library/language/source/main.php b/library/language/source/main.php index 220f87847..e88356fd0 100644 --- a/library/language/source/main.php +++ b/library/language/source/main.php @@ -2785,6 +2785,7 @@ $lang['NEW_POLL_M_EXPLAIN'] = 'Each row corresponds to one answer (max'; $lang['OLD_BROWSER'] = 'You are using an outdated browser. The website will not display correctly.'; $lang['GO_BACK'] = 'Go back'; +$lang['UPLOAD_ERROR_COMMON_DISABLED'] = 'File upload disabled'; $lang['UPLOAD_ERROR_COMMON'] = 'File upload error'; $lang['UPLOAD_ERROR_SIZE'] = 'The uploaded file exceeds the maximum size of %s'; $lang['UPLOAD_ERROR_FORMAT'] = 'Invalid file type of image'; diff --git a/src/Legacy/Common/Upload.php b/src/Legacy/Common/Upload.php index ec267f2fb..b1a772d33 100644 --- a/src/Legacy/Common/Upload.php +++ b/src/Legacy/Common/Upload.php @@ -21,6 +21,7 @@ class Upload 'max_height' => 0, 'allowed_ext' => [], 'upload_path' => '', + 'up_allowed' => false, ]; public $file = [ 'name' => '', @@ -58,6 +59,12 @@ class Upload $this->cfg = array_merge($this->cfg, $cfg); $this->file = $post_params; + // Check upload allowed + if (!$this->cfg['up_allowed']) { + $this->errors[] = $lang['UPLOAD_ERROR_COMMON_DISABLED']; + return false; + } + // upload errors from $_FILES if ($this->file['error']) { $msg = $lang['UPLOAD_ERROR_COMMON'];