From: nohn <nohn>
Date: Mon, 9 May 2005 09:25:13 +0000 (+0000)
Subject: killing null-bytes
X-Git-Tag: 0.9~477
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=192c93701d821821ed899ad66a1d217757819f37;p=s9y.git

killing null-bytes
---

diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php
index b2a3c6c..95b43ae 100644
--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@@ -114,14 +114,14 @@ switch ($serendipity['GET']['adminAction']) {
     if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
         if (!empty($serendipity['POST']['target_filename'][2])) {
             // Faked hidden form 2 when submitting with JavaScript
-            $tfile   = $serendipity['POST']['target_filename'][2];
+            $tfile   = trim($serendipity['POST']['target_filename'][2]);
             $tindex  = 2;
         } elseif (!empty($serendipity['POST']['target_filename'][1])) {
             // Fallback key when not using JavaScript
-            $tfile   = $serendipity['POST']['target_filename'][1];
+            $tfile   = trim($serendipity['POST']['target_filename'][1]);
             $tindex  = 1;
         } else {
-            $tfile   = basename($serendipity['POST']['imageurl']);
+            $tfile   = trim(basename($serendipity['POST']['imageurl']));
             $tindex  = 1;
         }
 
@@ -130,7 +130,7 @@ switch ($serendipity['GET']['adminAction']) {
             break;
         }
 
-        $tfile = serendipity_uploadSecure($tfile);
+        $tfile = trim(serendipity_uploadSecure($tfile));
         $serendipity['POST']['target_directory'][$tindex] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$tindex], true);
         $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$tindex] . $tfile;
 
@@ -180,9 +180,9 @@ switch ($serendipity['GET']['adminAction']) {
             $uploadfile = &$_FILES['serendipity']['name']['userfile'][$idx];
             $uploadtmp  = &$_FILES['serendipity']['tmp_name']['userfile'][$idx];
             if (!empty($target_filename)) {
-                $tfile   = $target_filename;
+                $tfile   = trim($target_filename);
             } elseif (!empty($uploadfile)) {
-                $tfile   = $uploadfile;
+                $tfile   = trim($uploadfile);
             } else {
                 // skip empty array
                 continue;
@@ -194,7 +194,7 @@ switch ($serendipity['GET']['adminAction']) {
                 continue;
             }
     
-            $tfile = serendipity_uploadSecure($tfile);
+            $tfile = trim(serendipity_uploadSecure($tfile));
             $serendipity['POST']['target_directory'][$idx] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$idx], true);
             $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$idx] . $tfile;