summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/themeuploader.php11
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/themeuploader.php b/lib/themeuploader.php
index b5ef92e7b..5a48e884e 100644
--- a/lib/themeuploader.php
+++ b/lib/themeuploader.php
@@ -192,6 +192,15 @@ class ThemeUploader
if (in_array(strtolower($ext), $skip)) {
return true;
}
+ if ($filename == '' || substr($filename, 0, 1) == '.') {
+ // Skip Unix-style hidden files
+ return true;
+ }
+ if ($filename == '__MACOSX') {
+ // Skip awful metadata files Mac OS X slips in for you.
+ // Thanks Apple!
+ return true;
+ }
return false;
}
@@ -205,11 +214,13 @@ class ThemeUploader
protected function validateFileOrFolder($name)
{
if (!preg_match('/^[a-z0-9_\.-]+$/i', $name)) {
+ common_log(LOG_ERR, "Bad theme filename: $name");
$msg = _("Theme contains invalid file or folder name. " .
"Stick with ASCII letters, digits, underscore, and minus sign.");
throw new ClientException($msg);
}
if (preg_match('/\.(php|cgi|asp|aspx|js|vb)\w/i', $name)) {
+ common_log(LOG_ERR, "Unsafe theme filename: $name");
$msg = _("Theme contains unsafe file extension names; may be unsafe.");
throw new ClientException($msg);
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-09 20:35:24 +0000