Skip to content

Commit

Permalink
deploy: 32e9fbc
Browse files Browse the repository at this point in the history
  • Loading branch information
kodiakhq committed Feb 8, 2025
1 parent 9089343 commit 4369909
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 9 deletions.
12 changes: 6 additions & 6 deletions classes/rex-mediapool.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -316,9 +316,9 @@ <h4 class="phpdocumentor-element__name" id="method_getAllowedExtensions">
<aside class="phpdocumentor-element-found-in">
<abbr class="phpdocumentor-element-found-in__file" title="redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php"><a href="files/redaxo-main-redaxo-src-addons-mediapool-lib-mediapool.html"><abbr title="redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php">mediapool.php</abbr></a></abbr>
:
<span class="phpdocumentor-element-found-in__line">167</span>
<span class="phpdocumentor-element-found-in__line">169</span>

<a href="classes/rex-mediapool.html#source-view.167" class="phpdocumentor-element-found-in__source" data-line="167" data-modal="source-view" data-src="files/redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php.txt"></a>
<a href="classes/rex-mediapool.html#source-view.169" class="phpdocumentor-element-found-in__source" data-line="169" data-modal="source-view" data-src="files/redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php.txt"></a>
</aside>

<p class="phpdocumentor-summary">Get allowed mediatype extensions given via media widget &quot;types&quot; param.</p>
Expand Down Expand Up @@ -369,9 +369,9 @@ <h4 class="phpdocumentor-element__name" id="method_getBlockedExtensions">
<aside class="phpdocumentor-element-found-in">
<abbr class="phpdocumentor-element-found-in__file" title="redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php"><a href="files/redaxo-main-redaxo-src-addons-mediapool-lib-mediapool.html"><abbr title="redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php">mediapool.php</abbr></a></abbr>
:
<span class="phpdocumentor-element-found-in__line">189</span>
<span class="phpdocumentor-element-found-in__line">191</span>

<a href="classes/rex-mediapool.html#source-view.189" class="phpdocumentor-element-found-in__source" data-line="189" data-modal="source-view" data-src="files/redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php.txt"></a>
<a href="classes/rex-mediapool.html#source-view.191" class="phpdocumentor-element-found-in__source" data-line="191" data-modal="source-view" data-src="files/redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php.txt"></a>
</aside>

<p class="phpdocumentor-summary">Get global blocked mediatype extensions.</p>
Expand Down Expand Up @@ -464,9 +464,9 @@ <h4 class="phpdocumentor-element__name" id="method_isAllowedMimeType">
<aside class="phpdocumentor-element-found-in">
<abbr class="phpdocumentor-element-found-in__file" title="redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php"><a href="files/redaxo-main-redaxo-src-addons-mediapool-lib-mediapool.html"><abbr title="redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php">mediapool.php</abbr></a></abbr>
:
<span class="phpdocumentor-element-found-in__line">141</span>
<span class="phpdocumentor-element-found-in__line">143</span>

<a href="classes/rex-mediapool.html#source-view.141" class="phpdocumentor-element-found-in__source" data-line="141" data-modal="source-view" data-src="files/redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php.txt"></a>
<a href="classes/rex-mediapool.html#source-view.143" class="phpdocumentor-element-found-in__source" data-line="143" data-modal="source-view" data-src="files/redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php.txt"></a>
</aside>

<p class="phpdocumentor-summary">Checks file against optional property `allowed_mime_types`.</p>
Expand Down
4 changes: 3 additions & 1 deletion files/redaxo-main/redaxo/src/addons/mediapool/lib/mediapool.php.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,9 @@ final class rex_mediapool
foreach ($blockedExtensions as $blockedExtension) {
// $blockedExtensions extensions are not allowed within filenames, to prevent double extension vulnerabilities:
// -> some webspaces execute files named file.php.txt as php
if (str_contains($filename, '.' . $blockedExtension)) {
if (str_ends_with($filename, '.' . $blockedExtension) // Prüfe ob der String mit der verbotenen Endung endet
|| str_ends_with($filename, '.' . $blockedExtension . '.' . $fileExt) // prüfe ob es keine doppelte Endung der Form *.php.ext gibt
) {
return false;
}
}
Expand Down
6 changes: 4 additions & 2 deletions files/redaxo-main/redaxo/src/addons/metainfo/lib/table_manager.php.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,8 @@ class rex_metainfo_table_manager
throw new InvalidArgumentException('Invalid column type "' . $type . '"');
}
/** @psalm-taint-escape sql */
$qry .= ' ' . $type;
$type = ' ' . $type;
$qry .= $type;

if (0 != $length) {
$qry .= '(' . (int) $length . ')';
Expand Down Expand Up @@ -103,7 +104,8 @@ class rex_metainfo_table_manager
throw new InvalidArgumentException('Invalid column type "' . $type . '"');
}
/** @psalm-taint-escape sql */
$qry .= ' ' . $type;
$type = ' ' . $type;
$qry .= $type;

if (0 != $length) {
$qry .= '(' . (int) $length . ')';
Expand Down

0 comments on commit 4369909

Please sign in to comment.