removing upload functions for security reasons

dweeves · Oct 20, 2014 · 8758932 · 8758932 · neilborromeo · Apr 10, 2015
1 parent 425c2fd
commit 8758932
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/magmi/web/magmi_config_setup.php b/magmi/web/magmi_config_setup.php
@@ -32,15 +32,15 @@
     $conf_ok = 0;
 }
 ?>
-<!-- MAGMI UPLOADER -->
+<!-- MAGMI UPLOADER DISABLED FOR SECURITY REASONS -->
 <?php $zipok=class_exists("ZipArchive");?>
 <div class="container_12">
 	<div class="grid_12 subtitle">
 		<span>Update Magmi</span>
 	</div>
 </div>
 <div class="container_12">
-<?php if($zipok){?>
+<?php if(false){?>
 <form method="post" enctype="multipart/form-data"
 		action="magmi_upload.php">
 		<div class="grid_12 col">
@@ -89,8 +89,8 @@
 <?php } else {?>
 <div class="grid_12 col">
 		<h3>Update Disabled</h3>
-		<div class="error">Zip library not available, Upgrade/Upload function
-			are not enabled</div>
+		<div class="error">Upgrade/Upload function
+			are disabled for security reasons</div>
 	</div>
 <?php }?>
 </div>

diff --git a/magmi/web/magmi_upload.php b/magmi/web/magmi_upload.php
@@ -1,5 +1,5 @@
 <?php
-session_start();
+/*session_start();
 
 function extractZipDir($zip, $bdir, $zdir)
 {
@@ -62,5 +62,5 @@ function extractZipDir($zip, $bdir, $zdir)
 {
     session_write_close();
     die($e->getMessage());
-}
+}*/
 header("Location: ./magmi.php");
diff --git a/magmi/web/plugin_upload.php b/magmi/web/plugin_upload.php
@@ -1,5 +1,5 @@
 <?php
-session_start();
+/*session_start();
 unset($_SESSION["plugin_install_error"]);
 require_once ("../inc/magmi_pluginhelper.php");
 $ph = Magmi_PluginHelper::getInstance();
@@ -12,5 +12,5 @@
 {
     $_SESSION["plugin_install"] = array("info","Plugin packaged installed");
 }
-session_write_close();
+session_write_close();*/
 header("Location: ./magmi.php");