zero-tolerance

diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php
index 95b43ae18014cc059d74e51eb5a3ab1936a8c23c..bb3272a374f1b73b2bdd3027c1caba70f688d68f 100644 (file)
--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@@ -114,14 +114,14 @@ switch ($serendipity['GET']['adminAction']) {
     if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
         if (!empty($serendipity['POST']['target_filename'][2])) {
             // Faked hidden form 2 when submitting with JavaScript
-            $tfile   = trim($serendipity['POST']['target_filename'][2]);
+            $tfile   = serendipityNormalizeFilename($serendipity['POST']['target_filename'][2]);
             $tindex  = 2;
         } elseif (!empty($serendipity['POST']['target_filename'][1])) {
             // Fallback key when not using JavaScript
-            $tfile   = trim($serendipity['POST']['target_filename'][1]);
+            $tfile   = serendipityNormalizeFilename($serendipity['POST']['target_filename'][1]);
             $tindex  = 1;
         } else {
-            $tfile   = trim(basename($serendipity['POST']['imageurl']));
+            $tfile   = serendipityNormalizeFilename(basename($serendipity['POST']['imageurl']));
             $tindex  = 1;
         }
 
@@ -130,7 +130,7 @@ switch ($serendipity['GET']['adminAction']) {
             break;
         }
 
-        $tfile = trim(serendipity_uploadSecure($tfile));
+        $tfile = serendipityNormalizeFilename(serendipity_uploadSecure($tfile));
         $serendipity['POST']['target_directory'][$tindex] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$tindex], true);
         $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$tindex] . $tfile;
 
@@ -180,9 +180,9 @@ switch ($serendipity['GET']['adminAction']) {
             $uploadfile = &$_FILES['serendipity']['name']['userfile'][$idx];
             $uploadtmp  = &$_FILES['serendipity']['tmp_name']['userfile'][$idx];
             if (!empty($target_filename)) {
-                $tfile   = trim($target_filename);
+                $tfile   = serendipityNormalizeFilename($target_filename);
             } elseif (!empty($uploadfile)) {
-                $tfile   = trim($uploadfile);
+                $tfile   = serendipityNormalizeFilename($uploadfile);
             } else {
                 // skip empty array
                 continue;
@@ -194,7 +194,7 @@ switch ($serendipity['GET']['adminAction']) {
                 continue;
             }
     
-            $tfile = trim(serendipity_uploadSecure($tfile));
+            $tfile = serendipityNormalizeFilename(serendipity_uploadSecure($tfile));
             $serendipity['POST']['target_directory'][$idx] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$idx], true);
             $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$idx] . $tfile;
     

diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php
index 222a111800beb653ca0c5f7f8a01dad3c3a42d48..3d38e9a498357e64f90f9e5379f82147e6c0f56c 100644 (file)
--- a/include/functions_images.inc.php
+++ b/include/functions_images.inc.php
@@ -2,6 +2,15 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+/**
+* Normalize a filename
+**/
+function serendipityNormalizeFilename($in) {
+    $out = preg_replace('![^a-zA-Z0-9\._/-]!', '', $in);
+    return $out;
+}
+
+
 /**
 * Get a list of images
 **/