Indefero

View rm_securitypatch.diff

1index 241fd08..a4d9d2e 100644
2--- a/src/IDF/Form/Upload.php
3+++ b/src/IDF/Form/Upload.php
4@@ -79,12 +79,6 @@ class IDF_Form_Upload extends Pluf_Form
5
6 public function clean_file()
7 {
8- $extra = strtolower(implode('|', explode(' ', Pluf::f('idf_extra_upload_ext'))));
9- if (strlen($extra)) $extra .= '|';
10- if (!preg_match('/\.('.$extra.'png|jpg|jpeg|gif|bmp|psd|tif|aiff|asf|avi|bz2|css|doc|eps|gz|jar|mdtext|mid|mov|mp3|mpg|ogg|pdf|ppt|ps|qt|ra|ram|rm|rtf|sdd|sdw|sit|sxi|sxw|swf|tgz|txt|wav|xls|xml|war|wmv|zip)$/i', $this->cleaned_data['file'])) {
11- @unlink(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file']);
12- throw new Pluf_Form_Invalid(__('For security reason, you cannot upload a file with this extension.'));
13- }
14 return $this->cleaned_data['file'];
15 }
16
17@@ -106,7 +100,7 @@ class IDF_Form_Upload extends Pluf_Form
18 $this->cleaned_data['label'.$i] = trim($this->cleaned_data['label'.$i]);
19 if (strpos($this->cleaned_data['label'.$i], ':') !== false) {
20 list($class, $name) = explode(':', $this->cleaned_data['label'.$i], 2);
21- list($class, $name) = array(mb_strtolower(trim($class)),
22+ list($class, $name) = array(mb_strtolower(trim($class)),
23 trim($name));
24 } else {
25 $class = 'other';
26@@ -129,7 +123,7 @@ class IDF_Form_Upload extends Pluf_Form
27 */
28 function failed()
29 {
30- if (!empty($this->cleaned_data['file'])
31+ if (!empty($this->cleaned_data['file'])
32 and file_exists(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file'])) {
33 @unlink(Pluf::f('upload_path').'/'.$this->project->shortname.'/files/'.$this->cleaned_data['file']);
34 }
35

Archive Download this file

Attachment to issue 537

Created: 3 years 9 months ago by Sindre Myren