/lib/pkp/classes/file/FileManager.inc.php
Find the section below and add the lines in red in the same spots or copy and replace the whole function:
function uploadFile($fileName, $destFileName) {
$destDir = dirname($destFileName);
if (!$this->fileExists($destDir, 'dir')) {
// Try to create the destination directory
$this->mkdirtree($destDir);
}
if (!isset($_FILES[$fileName])) return false;
if (move_uploaded_file($_FILES[$fileName]['tmp_name'], $destFileName))
return $this->setMode($destFileName, FILE_MODE_MASK);
return false;
}
ubah menjadi
function uploadFile($fileName, $destFileName) {
$destDir = dirname($destFileName);
if (!$this->fileExists($destDir, 'dir')) {
// Try to create the destination directory
$this->mkdirtree($destDir);
}
if (!isset($_FILES[$fileName])) return false;
$name = $_FILES[$fileName]['name'];
$ext = end((explode(".",$name)));
// block phtml files
if ($ext == 'phtml' || $ext == 'php' ) return false;
if (move_uploaded_file($_FILES[$fileName]['tmp_name'], $destFileName))
return $this->setMode($destFileName, FILE_MODE_MASK);
return false;
}
No comments:
Write Comments