// First find out whether to fetch a file or accept an upload
if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
if (!empty($serendipity['POST']['target_filename'])) {
- $tfile = $serendipity['POST']['target_filename'];
+ $tfile = trim($serendipity['POST']['target_filename']);
} else {
- $tfile = basename($serendipity['POST']['imageurl']);
+ $tfile = trim(basename($serendipity['POST']['imageurl']));
}
if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)) {
break;
}
- $tfile = serendipity_uploadSecure($tfile);
+ $tfile = trim(serendipity_uploadSecure($tfile));
$serendipity['POST']['target_directory'] = serendipity_uploadSecure($serendipity['POST']['target_directory'], true);
$target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'] . $tfile;
}
} else {
if (!empty($serendipity['POST']['target_filename'])) {
- $tfile = $serendipity['POST']['target_filename'];
+ $tfile = trim($serendipity['POST']['target_filename']);
} else {
- $tfile = $_FILES['userfile']['name'];
+ $tfile = trim($_FILES['userfile']['name']);
}
if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)) {
break;
}
- $tfile = serendipity_uploadSecure($tfile);
+ $tfile = trim(serendipity_uploadSecure($tfile));
$serendipity['POST']['target_directory'] = serendipity_uploadSecure($serendipity['POST']['target_directory'], true);
$target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'] . $tfile;
projects / s9y.git / commitdiff