From 9988679d567a8bba9bade92dd9524bb012a1fe43 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 12 Mar 2006 23:19:55 +0000 Subject: - streamlined reports to consist of the feature set we decided upon (Nils, your turn now) - use getenv instead of $_ENV (with $_ENV the case could be wrong) - permission fixes (there was a bug arising with getting permission flags - re-added them and handled roles deletion differently) - implemented max login attempts - changed the expected return parameters for logins/sessions - added acp page for editing report/denial reasons - other fixes here and there git-svn-id: file:///svn/phpbb/trunk@5622 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_upload.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/functions_upload.php') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index a3109c0ef4..f24edb1dea 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -91,6 +91,12 @@ class filespec switch ($mode) { case 'real': + // Remove every extension from filename (to not let the mime bug being exposed) + if (strpos($this->realname, '.') !== false) + { + $this->realname = substr($this->realname, 0, strpos($this->realname, '.')); + } + // Replace any chars which may cause us problems with _ $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); @@ -575,7 +581,7 @@ class fileupload unset($url_ary); $tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache'; - $filename = tempnam($tmp_path, uniqid(rand()) . '-'); + $filename = tempnam($tmp_path, unique_id() . '-'); if (!($fp = @fopen($filename, 'wb'))) { -- cgit v1.2.1