/[docman2]/docman.php

This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!

Diff of /docman.php

Parent Directory | Revision Log | View Patch Patch

-revision 1.6 by dpavlin,
Sat Jul 27 19:27:22 2002 UTC
+revision 1.7 by dpavlin,
Sat Jul 27 19:45:28 2002 UTC
 Line 1606 
 function readMime() {
          switch ($HTTP_POST_VARS["POSTACTION"]) {
          case "UPLOAD" :
                  $FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]);
+                 $FN=stripSlashes($HTTP_POST_FILES["FN"]["name"]);
                  if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
-                 if (strstr($FN_name,"/"))
-                         Error("Non-conforming filename") ;
-                 // TODO : should rather check for escapeshellcmds
-                 // but maybe RFC 18xx asserts safe filenames ....
                  $source = $FN_name ;
                  if (! file_exists($source)) {
                          Error("You must select file with browse to upload it!");
                  }
                  $FILENAME = $HTTP_POST_VARS["FILENAME"];
+                 if (strstr($FILENAME,"/"))
+                         Error("Upload error","Non-conforming filename. Filename <tt>$FILENAME</tt> has slashes (<tt>/</tt>) in it.") ;
                  if (! isset($FILENAME)) {       // from update file
-                         $target = "$fsDir/$FN_name" ;
+                         $target = "$fsDir/".basename($FN_name);
                  } else {
                          $target = "$fsDir/$FILENAME";
                  }

 Legend:



Removed from v.1.6
 


changed lines


 
Added in v.1.7
 Legend:



Removed from v.1.6
 


changed lines


 
Added in v.1.7
-Removed from v.1.6
+Added in v.1.7

	ViewVC Help
Powered by ViewVC 1.1.26