KTS-2157

"bulk upload does not validate that file is a zip file." Fixed. Added a check on the file type. Committed By: Megan Watson Reviewed By: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7808 c91229c3-7414-0410-bfa2-8a42b809f60b

KTS-2157
"bulk upload does not validate that file is a zip file." Fixed. Added a check on the file type. Committed By: Megan Watson Reviewed By: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7808 c91229c3-7414-0410-bfa2-8a42b809f60b
Megan Watson
1 parent 1c2cc1a7
Showing 1 changed file with 11 additions and 1 deletions
plugins/ktcore/folder/BulkUpload.php
@@ -114,7 +114,16 @@ class KTBulkUploadFolderAction extends KTFolderAction {
         unset($aErrorOptions['message']);
         $aFile = $this->oValidator->validateFile($_FILES['file'], $aErrorOptions);
-
+        
+        // Ensure file is a zip file
+        $sMime = $aFile['type'];
+        $pos = strpos($sMime, 'x-zip-compressed');
+        if($pos === false){
+            $this->addErrorMessage(_kt("Bulk Upload failed: File is not a zip file."));
+            controllerRedirect("browse", 'fFolderId=' . $this->oFolder->getID());
+            exit(0);
+        }
+        
         $matches = array();
         $aFields = array();
         foreach ($_REQUEST as $k => $v) {
@@ -132,6 +141,7 @@ class KTBulkUploadFolderAction extends KTFolderAction {
         $bm =& new KTBulkImportManager($this->oFolder, $fs, $this->oUser, $aOptions);
         $this->startTransaction();
         $res = $bm->import();
+        
         $aErrorOptions['message'] = _kt("Bulk Upload failed");
         $this->oValidator->notError($res, $aErrorOptions);