Indefero

View rm_securitypatch.diff

1index 241fd08..7542718 100644
2--- a/src/IDF/Form/Upload.php
3+++ b/src/IDF/Form/Upload.php
4@@ -80,10 +80,10 @@ class IDF_Form_Upload extends Pluf_Form
5 public function clean_file()
6 {
7 $extra = strtolower(implode('|', explode(' ', Pluf::f('idf_extra_upload_ext'))));
8- if (strlen($extra)) $extra .= '|';
9- if (!preg_match('/\.('.$extra.'png|jpg|jpeg|gif|bmp|psd|tif|aiff|asf|avi|bz2|css|doc|eps|gz|jar|mdtext|mid|mov|mp3|mpg|ogg|pdf|ppt|ps|qt|ra|ram|rm|rtf|sdd|sdw|sit|sxi|sxw|swf|tgz|txt|wav|xls|xml|war|wmv|zip)$/i', $this->cleaned_data['file'])) {
10- @unlink(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file']);
11- throw new Pluf_Form_Invalid(__('For security reason, you cannot upload a file with this extension.'));
12+// if (strlen($extra)) $extra .= '|';
13+// if (!preg_match('/\.('.$extra.'png|jpg|jpeg|gif|bmp|psd|tif|aiff|asf|avi|bz2|css|doc|eps|gz|jar|mdtext|mid|mov|mp3|mpg|ogg|pdf|ppt|ps|qt|ra|ram|rm|rtf|sdd|sdw|sit|sxi|sxw|swf|tgz|txt|wav|xls|xml|war|wmv|zip)$/i', $this->cleaned_data['file'])) {
14+// @unlink(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file']);
15+// throw new Pluf_Form_Invalid(__('For security reason, you cannot upload a file with this extension.'));
16 }
17 return $this->cleaned_data['file'];
18 }
19@@ -106,7 +106,7 @@ class IDF_Form_Upload extends Pluf_Form
20 $this->cleaned_data['label'.$i] = trim($this->cleaned_data['label'.$i]);
21 if (strpos($this->cleaned_data['label'.$i], ':') !== false) {
22 list($class, $name) = explode(':', $this->cleaned_data['label'.$i], 2);
23- list($class, $name) = array(mb_strtolower(trim($class)),
24+ list($class, $name) = array(mb_strtolower(trim($class)),
25 trim($name));
26 } else {
27 $class = 'other';
28@@ -129,7 +129,7 @@ class IDF_Form_Upload extends Pluf_Form
29 */
30 function failed()
31 {
32- if (!empty($this->cleaned_data['file'])
33+ if (!empty($this->cleaned_data['file'])
34 and file_exists(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file'])) {
35 @unlink(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file']);
36 }

Archive Download this file

Attachment to issue 537

Created: 3 years 8 months ago by Sindre Myren