[textpattern commit] r2975 - in development/4.0/textpattern: include lib

0 views
Skip to first unread message

codesite...@google.com

unread,
Sep 15, 2008, 5:37:29 PM9/15/08
to txp...@googlegroups.com
Author: ru...@vanmelick.com
Date: Mon Sep 15 14:37:09 2008
New Revision: 2975

Modified:
development/4.0/textpattern/include/txp_file.php
development/4.0/textpattern/lib/txplib_misc.php

Log:
sanitize filename when uploading new file

Modified: development/4.0/textpattern/include/txp_file.php
==============================================================================
--- development/4.0/textpattern/include/txp_file.php (original)
+++ development/4.0/textpattern/include/txp_file.php Mon Sep 15 14:37:09
2008
@@ -532,16 +532,18 @@
return;
}

- if (!is_file(build_file_path($file_base_path,$name))) {
+ $newname = sanitizeForFile($name);
+ $newpath = build_file_path($file_base_path, $newname);

- $id = file_db_add($name,$category,$permissions,$description,$size);
+ if (!is_file($newname)) {
+
+ $id = file_db_add($newname,$category,$permissions,$description,$size);

if(!$id){
file_list(gTxt('file_upload_failed').' (db_add)');
} else {

$id = assert_int($id);
- $newpath = build_file_path($file_base_path,trim($name));

if(!shift_uploaded_file($file, $newpath)) {
safe_delete("txp_file","id = $id");
@@ -552,7 +554,7 @@
} else {
file_set_perm($newpath);

- $message = gTxt('file_uploaded', array('{name}' =>
htmlspecialchars($name)));
+ $message = gTxt('file_uploaded', array('{name}' =>
htmlspecialchars($newname)));

file_edit($message, $id);
}
@@ -561,7 +563,7 @@

else
{
- $message = gTxt('file_already_exists', array('{name}' => $name));
+ $message = gTxt('file_already_exists', array('{name}' => $newname));

file_list($message);
}

Modified: development/4.0/textpattern/lib/txplib_misc.php
==============================================================================
--- development/4.0/textpattern/lib/txplib_misc.php (original)
+++ development/4.0/textpattern/lib/txplib_misc.php Mon Sep 15 14:37:09 2008
@@ -693,6 +693,16 @@
}

// -------------------------------------------------------------
+ function sanitizeForFile($text)
+ {
+ // Remove anything but alphanumeric, dot, dash and underscore
+ $text = preg_replace('/[^a-zA-Z0-9._-]/', '', $text);
+ // Remove duplicate dots and any leading or trailing dots
+ $text = preg_replace('/[.]{2,}/', '.', trim($text, '.'));
+ return $text;
+ }
+
+// -------------------------------------------------------------
function dumbDown($str, $lang=LANG)
{
static $array;

Reply all
Reply to author
Forward
0 new messages