[wp-cvs] wordpress/wp-admin upload.php,1.14,1.14.4.1

Ernest MacDougal Campbell III emc3 at users.sourceforge.net
Sat Oct 2 00:47:50 UTC 2004 

Update of /cvsroot/cafelog/wordpress/wp-admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12419/wp-admin

Modified Files:
      Tag: WordPress-Ver-1_2-Branch
	upload.php 
Log Message:
Security: Clean up user inputs before using.

Index: upload.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/upload.php,v
retrieving revision 1.14
retrieving revision 1.14.4.1
diff -C2 -d -r1.14 -r1.14.4.1
*** upload.php	24 Apr 2004 00:16:27 -0000	1.14
--- upload.php	2 Oct 2004 00:47:42 -0000	1.14.4.1
***************
*** 81,93 ****
  <?php //Makes sure they choose a file
  
! //print_r($HTTP_POST_FILES);
  //die();
  
  
!     $imgalt = (isset($_POST['imgalt'])) ? $_POST['imgalt'] : $imgalt;
  
!     $img1_name = (strlen($imgalt)) ? $_POST['imgalt'] : $HTTP_POST_FILES['img1']['name'];
!     $img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $HTTP_POST_FILES['img1']['type'];
!     $imgdesc = str_replace('"', '&amp;quot;', $_POST['imgdesc']);
  
      $imgtype = explode(".",$img1_name);
--- 81,93 ----
  <?php //Makes sure they choose a file
  
! //print_r($_FILES);
  //die();
  
  
!     $imgalt = basename( (isset($_POST['imgalt'])) ? $_POST['imgalt'] : '' );
  
!     $img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
!     $img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
!     $imgdesc = htmlentities2($imgdesc);
  
      $imgtype = explode(".",$img1_name);
***************
*** 100,107 ****
      if (strlen($imgalt)) {
          $pathtofile = get_settings('fileupload_realpath')."/".$imgalt;
!         $img1 = $_POST['img1'];
      } else {
          $pathtofile = get_settings('fileupload_realpath')."/".$img1_name;
!         $img1 = $HTTP_POST_FILES['img1']['tmp_name'];
      }
  
--- 100,107 ----
      if (strlen($imgalt)) {
          $pathtofile = get_settings('fileupload_realpath')."/".$imgalt;
!         $img1 = $_POST['img1']['tmp_name'];
      } else {
          $pathtofile = get_settings('fileupload_realpath')."/".$img1_name;
!         $img1 = $_FILES['img1']['tmp_name'];
      }
  
***************
*** 172,176 ****
          }
          // Still couldn't get it. Give up.
!         if (!moved) {
              die(sprintf(__("Couldn't upload your file to %s."), $pathtofile));
          } else {
--- 172,176 ----
          }
          // Still couldn't get it. Give up.
!         if (!$moved) {
              die(sprintf(__("Couldn't upload your file to %s."), $pathtofile));
          } else {
***************
*** 192,196 ****
          }
          elseif($_POST['thumbsize'] == 'custom') {
!             $max_side = $_POST['imgthumbsizecustom'];
          }
          
--- 192,196 ----
          }
          elseif($_POST['thumbsize'] == 'custom') {
!             $max_side = intval($_POST['imgthumbsizecustom']);
          }

More information about the cvs mailing list