diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2005-04-30 14:24:13 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2005-04-30 14:24:13 +0000 |
| commit | 0dec4135c54085caf9fd31f40ad4ff1fe94ba071 (patch) | |
| tree | 8c4949c654d6d244f59d98a76b456fe334205581 /phpBB/includes/functions_upload.php | |
| parent | 7eee98f316bc587fe7e73eaf5aa0aff3e1809ffb (diff) | |
| download | forums-0dec4135c54085caf9fd31f40ad4ff1fe94ba071.tar forums-0dec4135c54085caf9fd31f40ad4ff1fe94ba071.tar.gz forums-0dec4135c54085caf9fd31f40ad4ff1fe94ba071.tar.bz2 forums-0dec4135c54085caf9fd31f40ad4ff1fe94ba071.tar.xz forums-0dec4135c54085caf9fd31f40ad4ff1fe94ba071.zip | |
- test slightly modified topic tracking code
- some bugfixes
git-svn-id: file:///svn/phpbb/trunk@5135 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions_upload.php')
| -rw-r--r-- | phpBB/includes/functions_upload.php | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 0fd772377b..250b948c7d 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -51,7 +51,7 @@ class filespec $this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size']; - $this->realname = $this->uploadname = trim(basename($upload_ary['name'])); + $this->realname = $this->uploadname = trim(htmlspecialchars(basename($upload_ary['name']))); $this->mimetype = $upload_ary['type']; // Opera adds the name to the mime type @@ -87,12 +87,16 @@ class filespec case 'real': // Replace any chars which may cause us problems with _ $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); - $this->realname = $prefix . str_replace($bad_chars, '_', strtolower($this->realname)) . '_.' . $this->extension; + + $this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname))); + $this->realname = preg_replace("/%(\w{2})/", '_', $this->realname); + + $this->realname = $prefix . $this->realname . '_.' . $this->extension; break; case 'unique': default: - $this->realname = $prefix . uniqid(rand()) . '.' . $this->extension; + $this->realname = $prefix . md5(unique_id()) . '.' . $this->extension; } } @@ -557,11 +561,15 @@ class fileupload function valid_dimensions(&$file) { + if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height) + { + return true; + } + if (($file->get('width') > $this->max_width && $this->max_width) || ($file->get('height') > $this->max_height && $this->max_height) || ($file->get('width') < $this->min_width && $this->min_width) || - ($file->get('height') < $this->min_height && $this->min_height) || - !$file->get('width') || !$file->get('height')) + ($file->get('height') < $this->min_height && $this->min_height)) { return false; } |