| 1 | index 241fd08..7542718 100644␊ |
| 2 | --- a/src/IDF/Form/Upload.php␊ |
| 3 | +++ b/src/IDF/Form/Upload.php␊ |
| 4 | @@ -80,10 +80,10 @@ class IDF_Form_Upload extends Pluf_Form␊ |
| 5 | public function clean_file()␊ |
| 6 | {␊ |
| 7 | $extra = strtolower(implode('|', explode(' ', Pluf::f('idf_extra_upload_ext'))));␊ |
| 8 | - if (strlen($extra)) $extra .= '|';␊ |
| 9 | - if (!preg_match('/\.('.$extra.'png|jpg|jpeg|gif|bmp|psd|tif|aiff|asf|avi|bz2|css|doc|eps|gz|jar|mdtext|mid|mov|mp3|mpg|ogg|pdf|ppt|ps|qt|ra|ram|rm|rtf|sdd|sdw|sit|sxi|sxw|swf|tgz|txt|wav|xls|xml|war|wmv|zip)$/i', $this->cleaned_data['file'])) {␊ |
| 10 | - @unlink(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file']);␊ |
| 11 | - throw new Pluf_Form_Invalid(__('For security reason, you cannot upload a file with this extension.'));␊ |
| 12 | +// if (strlen($extra)) $extra .= '|';␊ |
| 13 | +// if (!preg_match('/\.('.$extra.'png|jpg|jpeg|gif|bmp|psd|tif|aiff|asf|avi|bz2|css|doc|eps|gz|jar|mdtext|mid|mov|mp3|mpg|ogg|pdf|ppt|ps|qt|ra|ram|rm|rtf|sdd|sdw|sit|sxi|sxw|swf|tgz|txt|wav|xls|xml|war|wmv|zip)$/i', $this->cleaned_data['file'])) {␊ |
| 14 | +// @unlink(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file']);␊ |
| 15 | +// throw new Pluf_Form_Invalid(__('For security reason, you cannot upload a file with this extension.'));␊ |
| 16 | }␊ |
| 17 | return $this->cleaned_data['file'];␊ |
| 18 | }␊ |
| 19 | @@ -106,7 +106,7 @@ class IDF_Form_Upload extends Pluf_Form␊ |
| 20 | $this->cleaned_data['label'.$i] = trim($this->cleaned_data['label'.$i]);␊ |
| 21 | if (strpos($this->cleaned_data['label'.$i], ':') !== false) {␊ |
| 22 | list($class, $name) = explode(':', $this->cleaned_data['label'.$i], 2);␊ |
| 23 | - list($class, $name) = array(mb_strtolower(trim($class)), ␊ |
| 24 | + list($class, $name) = array(mb_strtolower(trim($class)),␊ |
| 25 | trim($name));␊ |
| 26 | } else {␊ |
| 27 | $class = 'other';␊ |
| 28 | @@ -129,7 +129,7 @@ class IDF_Form_Upload extends Pluf_Form␊ |
| 29 | */␊ |
| 30 | function failed()␊ |
| 31 | {␊ |
| 32 | - if (!empty($this->cleaned_data['file']) ␊ |
| 33 | + if (!empty($this->cleaned_data['file'])␊ |
| 34 | and file_exists(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file'])) {␊ |
| 35 | @unlink(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file']);␊ |
| 36 | } |
Indefero
Summary
| Open Issues
|
|
Back to the issue
| Sign in or create your account to create issues or add comments
View rm_securitypatch.diff
Attachment to issue 537
Created: 2 years 3 months ago by Sindre Myren