Sync.

Author: Maikuolan

Changelog.md

@@ -48,4 +48,8 @@ __*Why "v3.0.0" instead of "v1.0.0?"*__ Prior to phpMussel v3, the "phpMussel Co
 
 ### v3.3.0
 
-[2022.09.26; New Feature; Maikuolan]: Custom headers/footers for front-end pages and the upload denied page now be set directly via configuration.
+[2022.09.26; New Feature; Maikuolan]: Custom headers/footers for front-end pages and the upload denied page can now be set directly via configuration.
+
+[2022.10.12; BaseMax]: Improved L10N for Persian/Farsi.
+
+[2022.10.13; Bug-fix; ben-mckenzie]: The scan function was incorrectly detecting file spoofing when associative or nested structures were present in `$_FILES` (e.g. `foo['bar'][]`); Fixed.

src/Web.php

@@ -150,20 +150,25 @@ public function scan()
 
         /** Normalise the structure of the files array. */
         foreach ($_FILES as $fileData) {
-            if (is_array ($fileData['name'])) {
-                array_walk_recursive($fileData['name'], function($item, $key) use (&$FilesData) {
+            /** Guard. */
+            if (!isset($fileData['error'])) {
+                continue;
+            }
+
+            if (is_array($fileData['name'])) {
+                array_walk_recursive($fileData['name'], function ($item, $key) use (&$FilesData) {
                     $FilesData['name'][] = $item;
                 });
-                array_walk_recursive($fileData['type'], function($item, $key) use (&$FilesData) {
+                array_walk_recursive($fileData['type'], function ($item, $key) use (&$FilesData) {
                     $FilesData['type'][] = $item;
                 });
-                array_walk_recursive($fileData['tmp_name'], function($item, $key) use (&$FilesData) {
+                array_walk_recursive($fileData['tmp_name'], function ($item, $key) use (&$FilesData) {
                     $FilesData['tmp_name'][] = $item;
                 });
-                array_walk_recursive($fileData['error'], function($item, $key) use (&$FilesData) {
+                array_walk_recursive($fileData['error'], function ($item, $key) use (&$FilesData) {
                     $FilesData['error'][] = $item;
                 });
-                array_walk_recursive($fileData['size'], function($item, $key) use (&$FilesData) {
+                array_walk_recursive($fileData['size'], function ($item, $key) use (&$FilesData) {
                     $FilesData['size'][] = $item;
                 });
             } else {
@@ -176,10 +181,9 @@ public function scan()
         }
 
         $FilesCount = count($FilesData['error']);
-        
+
         /** Iterate through normalised array and scan as necessary. */
         for ($Iterator = 0; $Iterator < $FilesCount; $Iterator++) {
-
             if (!isset($FilesData['name'][$Iterator])) {
                 $FilesData['name'][$Iterator] = '';
             }
@@ -219,7 +223,6 @@ public function scan()
                 continue;
             }
 
-
             /** Protection against upload spoofing (1/2). */
             if (
                 !$FilesData['name'][$Iterator] ||
@@ -268,7 +271,7 @@ public function scan()
             /** Designate as scan target. */
             $FilesToScan[$FilesData['name'][$Iterator]] = $FilesData['tmp_name'][$Iterator];
         }
-        
+
         /** Check these first, because they'll reset otherwise, then execute the scan. */
         if (!count($this->Loader->ScanResultsText) && count($FilesToScan)) {
             $this->Scanner->scan($FilesToScan, 4);