diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-09-13 16:08:36 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-09-13 16:08:36 +0000 |
| commit | b76222cb6e9ed69ee8ed0c09f0196eaaafd33fad (patch) | |
| tree | 59f81d4c51e82ef1df7994444681731d9920b0c6 /phpBB/includes/functions_upload.php | |
| parent | 35c5fe21cb45e4ec69109745b5e8ca6c529f57ac (diff) | |
| download | forums-b76222cb6e9ed69ee8ed0c09f0196eaaafd33fad.tar forums-b76222cb6e9ed69ee8ed0c09f0196eaaafd33fad.tar.gz forums-b76222cb6e9ed69ee8ed0c09f0196eaaafd33fad.tar.bz2 forums-b76222cb6e9ed69ee8ed0c09f0196eaaafd33fad.tar.xz forums-b76222cb6e9ed69ee8ed0c09f0196eaaafd33fad.zip | |
- fixed some bugs
- changed attachment handling a bit
- tried to remove target tags out of the code
- do not add session ids to urls for bots as well as not creating a new session on each page view for them
I bet i introduced some bugs too. ;)
git-svn-id: file:///svn/phpbb/trunk@6364 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions_upload.php')
| -rw-r--r-- | phpBB/includes/functions_upload.php | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 9f02c5f74e..cd35254b28 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -221,6 +221,8 @@ class filespec return false; } + +/* // Adjust destination path (no trailing slash) if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\') { @@ -232,13 +234,29 @@ class filespec { $destination = ''; } +*/ + // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... $this->destination_path = $phpbb_root_path . $destination; + // Check if the destination path exist... + if (!file_exists($this->destination_path)) + { + @unlink($this->filename); + return false; + } + $upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy'; $upload_mode = ($this->local) ? 'local' : $upload_mode; $this->destination_file = $this->destination_path . '/' . basename($this->realname); + // Check if the file already exist, else there is something wrong... + if (file_exists($this->destination_file)) + { + @unlink($this->filename); + return false; + } + switch ($upload_mode) { case 'copy': |