From: garvinhicking Date: Mon, 9 May 2005 13:01:39 +0000 (+0000) Subject: backport Sebastian Nohn's fix X-Git-Tag: 0.8.1~19 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=0475af78e10d2da98d5a17f7a60151733559ae6c;p=s9y.git backport Sebastian Nohn's fix --- diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php index 12e57d1..c4970a5 100644 --- a/include/admin/images.inc.php +++ b/include/admin/images.inc.php @@ -113,9 +113,9 @@ switch ($serendipity['GET']['adminAction']) { // First find out whether to fetch a file or accept an upload if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') { if (!empty($serendipity['POST']['target_filename'])) { - $tfile = $serendipity['POST']['target_filename']; + $tfile = trim($serendipity['POST']['target_filename']); } else { - $tfile = basename($serendipity['POST']['imageurl']); + $tfile = trim(basename($serendipity['POST']['imageurl'])); } if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)) { @@ -123,7 +123,7 @@ switch ($serendipity['GET']['adminAction']) { break; } - $tfile = serendipity_uploadSecure($tfile); + $tfile = trim(serendipity_uploadSecure($tfile)); $serendipity['POST']['target_directory'] = serendipity_uploadSecure($serendipity['POST']['target_directory'], true); $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'] . $tfile; @@ -166,9 +166,9 @@ switch ($serendipity['GET']['adminAction']) { } } else { if (!empty($serendipity['POST']['target_filename'])) { - $tfile = $serendipity['POST']['target_filename']; + $tfile = trim($serendipity['POST']['target_filename']); } else { - $tfile = $_FILES['userfile']['name']; + $tfile = trim($_FILES['userfile']['name']); } if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)) { @@ -176,7 +176,7 @@ switch ($serendipity['GET']['adminAction']) { break; } - $tfile = serendipity_uploadSecure($tfile); + $tfile = trim(serendipity_uploadSecure($tfile)); $serendipity['POST']['target_directory'] = serendipity_uploadSecure($serendipity['POST']['target_directory'], true); $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'] . $tfile;