aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNils Adermann <naderman@naderman.de>2006-06-17 09:30:59 +0000
committerNils Adermann <naderman@naderman.de>2006-06-17 09:30:59 +0000
commitf04a3349e66984506ab71f0506d718188022e03f (patch)
tree16ba858ef305c630891326b7d44cbc4a962f0718
parent3562bc5580d189566a2dcf4a85ea319fa1bd5e81 (diff)
downloadforums-f04a3349e66984506ab71f0506d718188022e03f.tar
forums-f04a3349e66984506ab71f0506d718188022e03f.tar.gz
forums-f04a3349e66984506ab71f0506d718188022e03f.tar.bz2
forums-f04a3349e66984506ab71f0506d718188022e03f.tar.xz
forums-f04a3349e66984506ab71f0506d718188022e03f.zip
- fix some bugs in imageset editing, includes [Bug #2269]
git-svn-id: file:///svn/phpbb/trunk@6080 89ea8834-ac86-4346-8a33-228a782c2dd0
-rw-r--r--phpBB/includes/acp/acp_styles.php15
1 files changed, 9 insertions, 6 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index a46f160a10..b11145a6b2 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -1232,11 +1232,14 @@ pagination_sep = \'{PAGINATION_SEP}\'
global $db, $user, $phpbb_root_path, $cache, $template;
$this->page_title = 'EDIT_IMAGESET';
- $update = (isset($_POST['update'])) ? true : false;
- $imgname = (!empty($_POST['imgname'])) ? htmlspecialchars($_POST['imgname']) : '';
- $imgpath = (isset($_POST['imgpath'])) ? htmlspecialchars($_POST['imgpath']) : '';
- $imgsize = (!empty($_POST['imgsize'])) ? true : false;
- $imgwidth = (isset($_POST['imgwidth'])) ? intval($_POST['imgwidth']) : '';
+ $update = (isset($_POST['update'])) ? true : false;
+ $imgname = request_var('imgname', '');
+ $imgpath = request_var('imgpath', '');
+ $imgsize = request_var('imgsize', false);
+ $imgwidth = request_var('imgwidth', 0);
+
+ $imgname = preg_replace('#[^a-z0-9\-+_]#i', '', $imgname);
+ $imgpath = str_replace('..', '.', $imgpath);
if ($imageset_id)
{
@@ -1383,7 +1386,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$imgsize_bool = (!empty($imgname) && ($imgsize || preg_match('#\*\d+#', $$imgname))) ? true : false;
- $img_info = explode('*', $imgname);
+ $img_info = (!empty($imgname)) ? explode('*', $$imgname) : array();
$template->assign_vars(array(
'S_EDIT_IMAGESET' => true,