git.mjollnir.org Git - s9y.git/commit

]> git.mjollnir.org Git - s9y.git/commit

author	garvinhicking <garvinhicking>
	Fri, 13 May 2005 11:04:42 +0000 (11:04 +0000)
committer	garvinhicking <garvinhicking>
	Fri, 13 May 2005 11:04:42 +0000 (11:04 +0000)
commit	fe82d382684966dcb1442b96731eb7d03d1aaafe
tree	3cdde65fa10dd465235a02a304529ffdc2cab9a5	tree \| snapshot
parent	031a77203927cc9341500c66c007c8b0469232f6	commit \| diff

This should fix the image upload bug for good. Uses basename() and upload verification before any checks are done.
Also admins can no longer upload active content files.

Tricking the upload by making the directory "evil.ph" and the filename "p" does not work because trailing slashes are appended to directory names.

include/admin/images.inc.php		diff \| blob \| history
include/functions_images.inc.php		diff \| blob \| history

import of upstream's svn repo, along with my own branches

RSS Atom