if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
if (!empty($serendipity['POST']['target_filename'][2])) {
// Faked hidden form 2 when submitting with JavaScript
- $tfile = trim($serendipity['POST']['target_filename'][2]);
+ $tfile = serendipityNormalizeFilename($serendipity['POST']['target_filename'][2]);
$tindex = 2;
} elseif (!empty($serendipity['POST']['target_filename'][1])) {
// Fallback key when not using JavaScript
- $tfile = trim($serendipity['POST']['target_filename'][1]);
+ $tfile = serendipityNormalizeFilename($serendipity['POST']['target_filename'][1]);
$tindex = 1;
} else {
- $tfile = trim(basename($serendipity['POST']['imageurl']));
+ $tfile = serendipityNormalizeFilename(basename($serendipity['POST']['imageurl']));
$tindex = 1;
}
break;
}
- $tfile = trim(serendipity_uploadSecure($tfile));
+ $tfile = serendipityNormalizeFilename(serendipity_uploadSecure($tfile));
$serendipity['POST']['target_directory'][$tindex] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$tindex], true);
$target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$tindex] . $tfile;
$uploadfile = &$_FILES['serendipity']['name']['userfile'][$idx];
$uploadtmp = &$_FILES['serendipity']['tmp_name']['userfile'][$idx];
if (!empty($target_filename)) {
- $tfile = trim($target_filename);
+ $tfile = serendipityNormalizeFilename($target_filename);
} elseif (!empty($uploadfile)) {
- $tfile = trim($uploadfile);
+ $tfile = serendipityNormalizeFilename($uploadfile);
} else {
// skip empty array
continue;
continue;
}
- $tfile = trim(serendipity_uploadSecure($tfile));
+ $tfile = serendipityNormalizeFilename(serendipity_uploadSecure($tfile));
$serendipity['POST']['target_directory'][$idx] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$idx], true);
$target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$idx] . $tfile;
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
+/**
+* Normalize a filename
+**/
+function serendipityNormalizeFilename($in) {
+ $out = preg_replace('![^a-zA-Z0-9\._/-]!', '', $in);
+ return $out;
+}
+
+
/**
* Get a list of images
**/