zip files check, x-frame-options added
This commit is contained in:
parent
94b1578f21
commit
c5c7de9832
3 changed files with 20 additions and 1 deletions
|
@ -30,6 +30,8 @@ class Blocktext extends Model {
|
||||||
$block->content = str_replace("\r\n","\n",$content);
|
$block->content = str_replace("\r\n","\n",$content);
|
||||||
$block->save();
|
$block->save();
|
||||||
|
|
||||||
|
Zira\Cache::clear();
|
||||||
|
|
||||||
return array('message' => Zira\Locale::t('Successfully saved'));
|
return array('message' => Zira\Locale::t('Successfully saved'));
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -522,8 +522,21 @@ class Files extends Model {
|
||||||
if ($zip->open($path, \ZipArchive::CREATE)!==TRUE) {
|
if ($zip->open($path, \ZipArchive::CREATE)!==TRUE) {
|
||||||
return array('error' => Zira\Locale::t('An error occurred'));
|
return array('error' => Zira\Locale::t('An error occurred'));
|
||||||
}
|
}
|
||||||
$zip->extractTo(ROOT_DIR . DIRECTORY_SEPARATOR . $root);
|
$denied = false;
|
||||||
|
for ($i=0; $i<$zip->numFiles; $i++) {
|
||||||
|
$st = $zip->statIndex($i);
|
||||||
|
if ($st === false) continue;
|
||||||
|
$p = strrpos($st['name'], '.');
|
||||||
|
if ($p === false) continue;
|
||||||
|
$ext = substr($st['name'], $p+1);
|
||||||
|
if (strtolower($ext) == 'php') {
|
||||||
|
$denied = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!$denied) $zip->extractTo(ROOT_DIR . DIRECTORY_SEPARATOR . $root);
|
||||||
$zip->close();
|
$zip->close();
|
||||||
|
if ($denied) return array('error'=>Zira\Locale::t('Permission denied'));
|
||||||
return array('reload'=>$this->getJSClassName());
|
return array('reload'=>$this->getJSClassName());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -51,3 +51,7 @@ ExpiresByType application/x-shockwave-flash "access 1 month"
|
||||||
ExpiresByType image/x-icon "access 1 year"
|
ExpiresByType image/x-icon "access 1 year"
|
||||||
ExpiresDefault "access 1 month"
|
ExpiresDefault "access 1 month"
|
||||||
</IfModule>
|
</IfModule>
|
||||||
|
|
||||||
|
<IfModule mod_headers.c>
|
||||||
|
Header always append X-Frame-Options SAMEORIGIN
|
||||||
|
</IfModule>
|
||||||
|
|
Loading…
Reference in a new issue