if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
if (!empty($serendipity['POST']['target_filename'][2])) {
// Faked hidden form 2 when submitting with JavaScript
- $tfile = $serendipity['POST']['target_filename'][2];
+ $tfile = trim($serendipity['POST']['target_filename'][2]);
$tindex = 2;
} elseif (!empty($serendipity['POST']['target_filename'][1])) {
// Fallback key when not using JavaScript
- $tfile = $serendipity['POST']['target_filename'][1];
+ $tfile = trim($serendipity['POST']['target_filename'][1]);
$tindex = 1;
} else {
- $tfile = basename($serendipity['POST']['imageurl']);
+ $tfile = trim(basename($serendipity['POST']['imageurl']));
$tindex = 1;
}
break;
}
- $tfile = serendipity_uploadSecure($tfile);
+ $tfile = trim(serendipity_uploadSecure($tfile));
$serendipity['POST']['target_directory'][$tindex] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$tindex], true);
$target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$tindex] . $tfile;
$uploadfile = &$_FILES['serendipity']['name']['userfile'][$idx];
$uploadtmp = &$_FILES['serendipity']['tmp_name']['userfile'][$idx];
if (!empty($target_filename)) {
- $tfile = $target_filename;
+ $tfile = trim($target_filename);
} elseif (!empty($uploadfile)) {
- $tfile = $uploadfile;
+ $tfile = trim($uploadfile);
} else {
// skip empty array
continue;
continue;
}
- $tfile = serendipity_uploadSecure($tfile);
+ $tfile = trim(serendipity_uploadSecure($tfile));
$serendipity['POST']['target_directory'][$idx] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$idx], true);
$target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$idx] . $tfile;
projects / s9y.git / commitdiff