Merge branch 'Fix#9'

2026-01-17 19:22:03 +01:00 · 2018-04-30 17:24:30 +03:00
parent 7df4923d9a f54b52665a
commit 4c64755be6
2 changed files with 24 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,4 @@
+admin/tmp/
+tmp/
+uploads/
+inc/data/database.sdb
--- a/inc/modules/settings/Admin.php
+++ b/inc/modules/settings/Admin.php
@@ -267,31 +267,38 @@ class Admin extends AdminModule
            
        if (isset($_POST['upload']) && FILE_LOCK === false) {
            $zip = new ZipArchive();
-            $error = false;
+            $allowedDest = '/(.*?inc\/)((jscripts|lang|modules).*$)/';
+            $count = 0;
            $file = !empty($_FILES['lang_package']['tmp_name']) ? $_FILES['lang_package']['tmp_name'] : '/';
            $open = $zip->open($file);
            if ($open === true) {
                for ($i = 0; $i < $zip->numFiles; $i++) {
                    $filename = pathinfo($zip->getNameIndex($i));
+                    if (isset($filename['extension'])
+                            && ($filename['extension'] == 'ini' || $filename['extension'] == 'js')
+                        ) {
+                        preg_match($allowedDest, $filename['dirname'], $matches);
+                        $dest = realpath(BASE_DIR) . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . $matches[2];
+                        if (!file_exists($dest)) {
+                            mkdir($dest, 0755, true);
+                        }

-                    if (strpos($filename['dirname'].'/', '/lang/') === false) {
-                        $error = true;
-                        break;
-                    }
-
-                    if ($filename['extension'] != 'ini') {
-                        $error = true;
-                        break;
+                        copy(
+                            'zip://' . $file . '#' . $filename['dirname']
+                                . DIRECTORY_SEPARATOR . $filename['basename'],
+                            $dest . DIRECTORY_SEPARATOR . $filename['basename']
+                        );
+                        $count++;
                    }
                }
-
-                if (!$error) {
-                    $zip->extractTo(BASE_DIR);
-                    $zip->close();
+                
+                if ($count > 0) {
                    $this->notify('success', $this->lang('lang_import_success'));
                } else {
                    $this->notify('failure', $this->lang('lang_import_error'));
                }
+                
+                $zip->close();
            }
        }