Modified:
development/4.0/textpattern/include/txp_file.php
development/4.0/textpattern/lib/txplib_misc.php
Log:
sanitize filename when uploading new file
Modified: development/4.0/textpattern/include/txp_file.php
==============================================================================
--- development/4.0/textpattern/include/txp_file.php (original)
+++ development/4.0/textpattern/include/txp_file.php Mon Sep 15 14:37:09
2008
@@ -532,16 +532,18 @@
return;
}
- if (!is_file(build_file_path($file_base_path,$name))) {
+ $newname = sanitizeForFile($name);
+ $newpath = build_file_path($file_base_path, $newname);
- $id = file_db_add($name,$category,$permissions,$description,$size);
+ if (!is_file($newname)) {
+
+ $id = file_db_add($newname,$category,$permissions,$description,$size);
if(!$id){
file_list(gTxt('file_upload_failed').' (db_add)');
} else {
$id = assert_int($id);
- $newpath = build_file_path($file_base_path,trim($name));
if(!shift_uploaded_file($file, $newpath)) {
safe_delete("txp_file","id = $id");
@@ -552,7 +554,7 @@
} else {
file_set_perm($newpath);
- $message = gTxt('file_uploaded', array('{name}' =>
htmlspecialchars($name)));
+ $message = gTxt('file_uploaded', array('{name}' =>
htmlspecialchars($newname)));
file_edit($message, $id);
}
@@ -561,7 +563,7 @@
else
{
- $message = gTxt('file_already_exists', array('{name}' => $name));
+ $message = gTxt('file_already_exists', array('{name}' => $newname));
file_list($message);
}
Modified: development/4.0/textpattern/lib/txplib_misc.php
==============================================================================
--- development/4.0/textpattern/lib/txplib_misc.php (original)
+++ development/4.0/textpattern/lib/txplib_misc.php Mon Sep 15 14:37:09 2008
@@ -693,6 +693,16 @@
}
// -------------------------------------------------------------
+ function sanitizeForFile($text)
+ {
+ // Remove anything but alphanumeric, dot, dash and underscore
+ $text = preg_replace('/[^a-zA-Z0-9._-]/', '', $text);
+ // Remove duplicate dots and any leading or trailing dots
+ $text = preg_replace('/[.]{2,}/', '.', trim($text, '.'));
+ return $text;
+ }
+
+// -------------------------------------------------------------
function dumbDown($str, $lang=LANG)
{
static $array;