[wp-cvs] wordpress/wp-admin upload.php,1.17,1.18

Ernest MacDougal Campbell III emc3 at users.sourceforge.net
Sat Oct 2 00:46:33 UTC 2004 

Update of /cvsroot/cafelog/wordpress/wp-admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12240/wp-admin

Modified Files:
	upload.php 
Log Message:
Security: Clean up user inputs before using.

Index: upload.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/upload.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** upload.php	30 Aug 2004 08:16:55 -0000	1.17
--- upload.php	2 Oct 2004 00:46:30 -0000	1.18
***************
*** 81,93 ****
  <?php //Makes sure they choose a file
  
! //print_r($HTTP_POST_FILES);
  //die();
  
  
!     $imgalt = (isset($_POST['imgalt'])) ? $_POST['imgalt'] : $imgalt;
  
!     $img1_name = (strlen($imgalt)) ? $_POST['imgalt'] : $HTTP_POST_FILES['img1']['name'];
!     $img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $HTTP_POST_FILES['img1']['type'];
!     $imgdesc = str_replace('"', '&amp;quot;', $_POST['imgdesc']);
  
      $imgtype = explode(".",$img1_name);
--- 81,93 ----
  <?php //Makes sure they choose a file
  
! //print_r($_FILES);
  //die();
  
  
!     $imgalt = basename( (isset($_POST['imgalt'])) ? $_POST['imgalt'] : '' );
  
!     $img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
!     $img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
!     $imgdesc = htmlentities2($imgdesc);
  
      $imgtype = explode(".",$img1_name);
***************
*** 100,107 ****
      if (strlen($imgalt)) {
          $pathtofile = get_settings('fileupload_realpath')."/".$imgalt;
!         $img1 = $_POST['img1'];
      } else {
          $pathtofile = get_settings('fileupload_realpath')."/".$img1_name;
!         $img1 = $HTTP_POST_FILES['img1']['tmp_name'];
      }
  
--- 100,107 ----
      if (strlen($imgalt)) {
          $pathtofile = get_settings('fileupload_realpath')."/".$imgalt;
!         $img1 = $_POST['img1']['tmp_name'];
      } else {
          $pathtofile = get_settings('fileupload_realpath')."/".$img1_name;
!         $img1 = $_FILES['img1']['tmp_name'];
      }
  
***************
*** 192,196 ****
          }
          elseif($_POST['thumbsize'] == 'custom') {
!             $max_side = $_POST['imgthumbsizecustom'];
          }
          
--- 192,196 ----
          }
          elseif($_POST['thumbsize'] == 'custom') {
!             $max_side = intval($_POST['imgthumbsizecustom']);
          }

More information about the cvs mailing list