Se adiciona validacion en Files manager

2014-06-24 10:57:07 -04:00
parent 058ad6e2b2
commit 20338f2876
1 changed files with 6 additions and 3 deletions
--- a/workflow/engine/src/ProcessMaker/BusinessModel/FilesManager.php
+++ b/workflow/engine/src/ProcessMaker/BusinessModel/FilesManager.php
@@ -173,11 +173,17 @@ class FilesManager
                case 'templates':
                    $sDirectory = PATH_DATA_MAILTEMPLATES . $sProcessUID . PATH_SEP . $sSubDirectory . $aData['prf_filename'];
                    $sCheckDirectory = PATH_DATA_MAILTEMPLATES . $sProcessUID . PATH_SEP . $sSubDirectory;
+                    if ($extention != '.html') {
+                        throw new \Exception(\G::LoadTranslation('ID_FILE_UPLOAD_INCORRECT_EXTENSION'));
+                    }
                    break;
                case 'public':
                    $sDirectory = PATH_DATA_PUBLIC . $sProcessUID . PATH_SEP . $sSubDirectory . $aData['prf_filename'];
                    $sCheckDirectory = PATH_DATA_PUBLIC . $sProcessUID . PATH_SEP . $sSubDirectory;
                    $sEditable = false;
+                    if ($extention == '.exe') {
+                        throw new \Exception(\G::LoadTranslation('ID_FILE_UPLOAD_INCORRECT_EXTENSION'));
+                    }
                    break;
                default:
                    $sDirectory = PATH_DATA_MAILTEMPLATES . $sProcessUID . PATH_SEP . $sSubDirectory . $aData['prf_filename'];
@@ -268,9 +274,6 @@ class FilesManager
                $extention = '.html';
                $_FILES['prf_file']['name'] = $_FILES['prf_file']['name'].$extention;
            }
-            if ($extention == 'exe') {
-                throw new \Exception(\G::LoadTranslation('ID_FILE_UPLOAD_INCORRECT_EXTENSION'));
-            }
            $file = end(explode("/",$path));
            $path = str_replace($file,'',$path);
            if ($file == $_FILES['prf_file']['name']) {