From: nohn <nohn>
Date: Mon, 9 May 2005 08:33:50 +0000 (+0000)
Subject: NO ONE should be able to upload dot-files
X-Git-Tag: 0.9~478
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=baa904eaa889c4368c00e6005cf7520ec1dcb985;p=s9y.git

NO ONE should be able to upload dot-files
---

diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php
index fdedb81..b2a3c6c 100644
--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@@ -125,7 +125,7 @@ switch ($serendipity['GET']['adminAction']) {
             $tindex  = 1;
         }
 
-        if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && (preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile) || preg_match('@^\.@', $tfile)) {
+        if (preg_match('@^\.@', $tfile) || ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && (preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)))) {
             printf(ERROR_FILE_FORBIDDEN, $tfile);
             break;
         }
@@ -188,7 +188,7 @@ switch ($serendipity['GET']['adminAction']) {
                 continue;
             }
             
-            if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)) {
+	    if (preg_match('@^\.@', $tfile) || ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && (preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)))) {
                 printf(ERROR_FILE_FORBIDDEN, $tfile);
                 echo '<br />';
                 continue;