switch($filemode) {
case 'path':
$file->file_path = $formData['filepath'];
if(strpos($file->file_path, '..') !== false)
return false;
$firstChar = substr($file->file_path,0,1);
if(substr($file->file_path, 0, 7) != 'http://' && substr($file->file_path, 0, 8) != 'https://' && !in_array($firstChar, array('#','@'))) {
$config =& hikashop_config();
$clean_filename = JPath::clean($file->file_path);
$secure_path = $config->get('uploadsecurefolder');
if((JPATH_ROOT != '') && strpos($clean_filename, JPath::clean(JPATH_ROOT)) !== 0 && strpos($clean_filename, JPath::clean($secure_path)) !== 0)
return false;
}
break;
HIKASHOP ESSENTIAL 60€The basic version. With the main features for a little shop.
HIKAMARKETAdd-on Create a multivendor platform. Enable many vendors on your website.
HIKASERIALAdd-on Sale e-tickets, vouchers, gift certificates, serial numbers and more!
MARKETPLACEPlugins, modules and other kinds of integrations for HikaShop
