From: garvinhicking <garvinhicking>
Date: Wed, 11 May 2005 09:56:00 +0000 (+0000)
Subject: Actually this makes more sense, also backport the dotfile patch from trunk to branch
X-Git-Tag: 0.9~468
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=de5704e286e026f8935678b83dd98fb2791a47aa;p=s9y.git

Actually this makes more sense, also backport the dotfile patch from trunk to branch
---

diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php
index 86166a2..5903746 100644
--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@@ -60,7 +60,7 @@ switch ($serendipity['GET']['adminAction']) {
             return;
         }
 
-        if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && !serendipity_isSafeFile($serendipity['GET']['newname'])) {
+        if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && serendipity_isActiveFile($serendipity['GET']['newname'])) {
             printf(ERROR_FILE_FORBIDDEN, $serendipity['GET']['newname']);
             return;
         }
@@ -130,7 +130,7 @@ switch ($serendipity['GET']['adminAction']) {
             $tindex  = 1;
         }
 
-        if (preg_match('@^\.@', $tfile) || ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && (preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)))) {
+        if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && serendipity_isActiveFile($tfile)) {
             printf(ERROR_FILE_FORBIDDEN, $tfile);
             break;
         }
diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php
index d069ecb..fdb7506 100644
--- a/include/functions_images.inc.php
+++ b/include/functions_images.inc.php
@@ -10,7 +10,11 @@ function serendipityNormalizeFilename($in) {
     return $out;
 }
 
-function serendipity_isSafeFile($file) {
+function serendipity_isActiveFile($file) {
+    if (preg_match('@^\.@', $file)) {
+        return true;
+    }
+
     return preg_match('@\.(php[34]?|[psj]html?|aspx?|cgi|jsp|py|pl)$@i', $file);
 }