Modified:
/development/4.x/textpattern/include/txp_file.php
=======================================
--- /development/4.x/textpattern/include/txp_file.php Tue May 19 05:00:28
2009
+++ /development/4.x/textpattern/include/txp_file.php Mon Nov 16 22:19:39
2009
@@ -618,7 +618,7 @@
if (!is_file($newname)) {
- $id = file_db_add($newname,$category,$permissions,$description,$size);
+ $id =
file_db_add(doSlash($newname),$category,$permissions,$description,$size);
if(!$id){
file_list(array(gTxt('file_upload_failed').' (db_add)', E_ERROR));
@@ -738,7 +738,8 @@
{
global $file_base_path, $txp_user;
-
extract(doSlash(gpsa(array('id', 'filename', 'category', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second'))));
+
extract(doSlash(gpsa(array('id', 'category', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second'))));
+ $filename = gps('filename');
$id = assert_int($id);
@@ -786,7 +787,7 @@
$size = filesize(build_file_path($file_base_path,$filename));
$rs = safe_update('txp_file', "
- filename = '$filename',
+ filename = '".doSlash($filename)."',
category = '$category',
permissions = '$perms',
description = '$description',