Fix swf exploit

src/main/java/org/krews/apollyon/ftp/FTPUploadService.java

@@ -7,21 +7,26 @@ import java.io.OutputStream;
 import java.net.URL;
 import java.net.URLConnection;
 import java.net.URLEncoder;
+import java.util.Arrays;
 
 public class FTPUploadService {
     private static final String ftpUrl = "ftp://%s:%s@%s/%s;type=i";
 
     public static void uploadImage(byte[] image, String uploadPath) throws IOException{
-        String host = Emulator.getConfig().getValue("ftp.host");
+        byte[] pngSignature = new byte[] { -119, 80, 78, 71, 13, 10, 26, 10 };
-        String user = Emulator.getConfig().getValue("ftp.user");
-        String pass = Emulator.getConfig().getValue("ftp.password");
 
-        String uploadURL = String.format(ftpUrl, URLEncoder.encode(user, "UTF-8"), URLEncoder.encode(pass, "UTF-8"), host, uploadPath);
+        if (Arrays.equals(Arrays.copyOfRange(image, 0, 8), pngSignature)) {
+            String host = Emulator.getConfig().getValue("ftp.host");
+            String user = Emulator.getConfig().getValue("ftp.user");
+            String pass = Emulator.getConfig().getValue("ftp.password");
 
-        URL url = new URL(uploadURL);
+            String uploadURL = String.format(ftpUrl, URLEncoder.encode(user, "UTF-8"), URLEncoder.encode(pass, "UTF-8"), host, uploadPath);
-        URLConnection conn = url.openConnection();
+
-        OutputStream outputStream = conn.getOutputStream();
+            URL url = new URL(uploadURL);
-        outputStream.write(image, 0, image.length);
+            URLConnection conn = url.openConnection();
-        outputStream.close();
+            OutputStream outputStream = conn.getOutputStream();
+            outputStream.write(image, 0, image.length);
+            outputStream.close();
+        }
     }
 }