diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-03-12 23:19:55 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-03-12 23:19:55 +0000 |
| commit | 9988679d567a8bba9bade92dd9524bb012a1fe43 (patch) | |
| tree | 72da21e7465fed3ca99f20bd809a3df9c020530d /phpBB/includes/functions_upload.php | |
| parent | f4cfd3665f7cf1ed96ce4c2eca03ac6854aae258 (diff) | |
| download | forums-9988679d567a8bba9bade92dd9524bb012a1fe43.tar forums-9988679d567a8bba9bade92dd9524bb012a1fe43.tar.gz forums-9988679d567a8bba9bade92dd9524bb012a1fe43.tar.bz2 forums-9988679d567a8bba9bade92dd9524bb012a1fe43.tar.xz forums-9988679d567a8bba9bade92dd9524bb012a1fe43.zip | |
- streamlined reports to consist of the feature set we decided upon (Nils, your turn now)
- use getenv instead of $_ENV (with $_ENV the case could be wrong)
- permission fixes (there was a bug arising with getting permission flags - re-added them and handled roles deletion differently)
- implemented max login attempts
- changed the expected return parameters for logins/sessions
- added acp page for editing report/denial reasons
- other fixes here and there
git-svn-id: file:///svn/phpbb/trunk@5622 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions_upload.php')
| -rw-r--r-- | phpBB/includes/functions_upload.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index a3109c0ef4..f24edb1dea 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -91,6 +91,12 @@ class filespec switch ($mode) { case 'real': + // Remove every extension from filename (to not let the mime bug being exposed) + if (strpos($this->realname, '.') !== false) + { + $this->realname = substr($this->realname, 0, strpos($this->realname, '.')); + } + // Replace any chars which may cause us problems with _ $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); @@ -575,7 +581,7 @@ class fileupload unset($url_ary); $tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache'; - $filename = tempnam($tmp_path, uniqid(rand()) . '-'); + $filename = tempnam($tmp_path, unique_id() . '-'); if (!($fp = @fopen($filename, 'wb'))) { |