From: Go Johansson <redacted>
Date: Sat, 22 Jan 2022 18:50:06 +0000 (+0100)
Subject: no more double dots
X-Git-Tag: v1.4.0~6
X-Git-Url: https://jfr.im/git/uguu.git/commitdiff_plain/8fa8e4d3623d284e3d8a60f463982a26eccc44be?ds=sidebyside

no more double dots
---

diff --git a/dist.json b/dist.json
index 3de5377..125b32d 100644
--- a/dist.json
+++ b/dist.json
@@ -65,12 +65,5 @@
     "application/x-executable",
     "application/x-mach-binary",
     "image/svg+xml"
-  ],
-  "DOUBLE_DOTS": [
-    "tar.gz",
-    "tar.bz",
-    "tar.bz2",
-    "tar.xz",
-    "user.js"
   ]
 }
\ No newline at end of file
diff --git a/static/php/includes/Core.namespace.php b/static/php/includes/Core.namespace.php
index b4b9c2c..e183a01 100644
--- a/static/php/includes/Core.namespace.php
+++ b/static/php/includes/Core.namespace.php
@@ -85,7 +85,6 @@ namespace Core {
                 self::$ID_CHARSET = $settings_array['ID_CHARSET'];
                 self::$BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS'];
                 self::$BLOCKED_MIME = $settings_array['BLOCKED_MIME'];
-                self::$DOUBLE_DOTS = $settings_array['DOUBLE_DOTS'];
             } catch (Exception) {
                 throw new Exception('Cant populate settings.', 500);
             }
diff --git a/static/php/includes/Upload.class.php b/static/php/includes/Upload.class.php
index 15ba8f6..9d5d8e5 100644
--- a/static/php/includes/Upload.class.php
+++ b/static/php/includes/Upload.class.php
@@ -106,7 +106,23 @@ class Upload
             'size' => self::$FILE_SIZE
         ];
     }
+    public function fileInfo()
+    {
+        if (isset($_FILES['files'])) {
+            self::$SHA1 = sha1_file(self::$TEMP_FILE);
+            $finfo = finfo_open(FILEINFO_MIME_TYPE);
+            self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE);
+            $extension = explode('.',self::$FILE_NAME,2);
+            self::$FILE_EXTENSION = $extension['1'];
+            finfo_close($finfo);
 
+            if (Settings::$LOG_IP) {
+                self::$IP = $_SERVER['REMOTE_ADDR'];
+            } else {
+                self::$IP = '0';
+            }
+        }
+    }
     /**
      * @throws Exception
      */
@@ -124,8 +140,9 @@ class Upload
                 self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
             }
 
-            if (isset(self::$FILE_EXTENSION) && self::$FILE_EXTENSION !== '') {
-                self::$NEW_NAME_FULL = self::$NEW_NAME . '.' . self::$FILE_EXTENSION;
+            if(isset(self::$FILE_EXTENSION)){
+                self::$NEW_NAME_FULL = self::$NEW_NAME;
+                self::$NEW_NAME_FULL .= '.'.self::$FILE_EXTENSION;
             }
 
             if (Settings::$BLACKLIST_DB) {
@@ -141,30 +158,6 @@ class Upload
         return self::$NEW_NAME_FULL;
     }
 
-    public function fileInfo()
-    {
-        if (isset($_FILES['files'])) {
-            self::$SHA1 = sha1_file(self::$TEMP_FILE);
-            $finfo = finfo_open(FILEINFO_MIME_TYPE);
-            self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE);
-            finfo_close($finfo);
-
-            if (Settings::$LOG_IP) {
-                self::$IP = $_SERVER['REMOTE_ADDR'];
-            } else {
-                self::$IP = '0';
-            }
-
-            foreach (Settings::$DOUBLE_DOTS as $DDOT) {
-                if (stripos(strrev(self::$FILE_NAME), $DDOT) === 0) {
-                    self::$FILE_EXTENSION = strrev($DDOT);
-                } else {
-                    self::$FILE_EXTENSION = pathinfo(self::$FILE_NAME, PATHINFO_EXTENSION);
-                }
-            }
-        }
-    }
-
     /**
      * @throws Exception
      */