diff options
Diffstat (limited to 'phpBB/includes/functions_upload.php')
| -rw-r--r-- | phpBB/includes/functions_upload.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 4411f28e5a..00dc67438b 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -263,10 +263,10 @@ class filespec * * @param string $destination_path Destination path, for example $config['avatar_path'] * @param bool $overwrite If set to true, an already existing file will be overwritten - * @param octal $chmod Permission mask for chmodding the file after a successful move + * @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here reflects the mode of {@inline phpbb_chmod()} * @access public */ - function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = 0666) + function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false) { global $user; @@ -275,6 +275,8 @@ class filespec return false; } + $chmod = ($chmod === false) ? CHMOD_READ | CHMOD_WRITE : $chmod; + // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... $this->destination_path = PHPBB_ROOT_PATH . $destination; @@ -345,7 +347,7 @@ class filespec break; } - @chmod($this->destination_file, $chmod); + phpbb_chmod($this->destination_file, $chmod); } // Try to get real filesize from destination folder |