[wp-cvs] wordpress/wp-admin upload.php,1.21,1.22

Thu Nov 18 23:55:10 UTC 2004

Update of /cvsroot/cafelog/wordpress/wp-admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21300/wp-admin

Modified Files:
	upload.php 
Log Message:
More name cleanups

Index: upload.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/upload.php,v
retrieving revision 1.21
retrieving revision 1.22
diff -C2 -d -r1.21 -r1.22
*** upload.php	18 Nov 2004 23:30:51 -0000	1.21
--- upload.php	18 Nov 2004 23:55:08 -0000	1.22
***************
*** 78,99 ****
  case 'upload':
  
! //Makes sure they choose a file
! 
! //print_r($_FILES);
! //die();
  
  
!     $imgalt = basename( (isset($_POST['imgalt'])) ? $_POST['imgalt'] : '' );
!   
!     $img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
!     $img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
!     $imgdesc = htmlentities2($imgdesc);
  
!     $pi = pathinfo($img1_name);
!     $imgtype = strtolower($pi['extension']);
  
!     if (in_array($imgtype, $allowed_types) == false) {
!         die(sprintf(__('File %1$s of type %2$s is not allowed.') , $img1_name, $imgtype));
!     }
  
      if (strlen($imgalt)) {
--- 78,94 ----
  case 'upload':
  
! 	$imgalt = basename( (isset($_POST['imgalt'])) ? $_POST['imgalt'] : '' );
  
+ 	$img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
+ 	$img1_name = preg_replace('/[^a-z0-9.]/i', '', $img1_name); 
  
! 	$img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
! 	$imgdesc = htmlentities2($imgdesc);
  
! 	$pi = pathinfo($img1_name);
! 	$imgtype = strtolower($pi['extension']);
  
! 	if (in_array($imgtype, $allowed_types) == false)
! 		die(sprintf(__('File %1$s of type %2$s is not allowed.') , $img1_name, $imgtype));
  
      if (strlen($imgalt)) {