From 1921e675233354a439840100f4679145db390c28 Mon Sep 17 00:00:00 2001 From: nohn Date: Tue, 10 May 2005 14:53:48 +0000 Subject: [PATCH] zero-tolerance --- include/admin/images.inc.php | 12 ++++++------ include/functions_images.inc.php | 9 +++++++++ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php index c4970a5..f781706 100644 --- a/include/admin/images.inc.php +++ b/include/admin/images.inc.php @@ -113,9 +113,9 @@ switch ($serendipity['GET']['adminAction']) { // First find out whether to fetch a file or accept an upload if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') { if (!empty($serendipity['POST']['target_filename'])) { - $tfile = trim($serendipity['POST']['target_filename']); + $tfile = serendipityNormalizeFilename($serendipity['POST']['target_filename']); } else { - $tfile = trim(basename($serendipity['POST']['imageurl'])); + $tfile = serendipityNormalizeFilename(basename($serendipity['POST']['imageurl'])); } if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)) { @@ -123,7 +123,7 @@ switch ($serendipity['GET']['adminAction']) { break; } - $tfile = trim(serendipity_uploadSecure($tfile)); + $tfile = serendipityNormalizeFilename(serendipity_uploadSecure($tfile)); $serendipity['POST']['target_directory'] = serendipity_uploadSecure($serendipity['POST']['target_directory'], true); $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'] . $tfile; @@ -166,9 +166,9 @@ switch ($serendipity['GET']['adminAction']) { } } else { if (!empty($serendipity['POST']['target_filename'])) { - $tfile = trim($serendipity['POST']['target_filename']); + $tfile = serendipityNormalizeFilename($serendipity['POST']['target_filename']); } else { - $tfile = trim($_FILES['userfile']['name']); + $tfile = serendipityNormalizeFilename($_FILES['userfile']['name']); } if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)) { @@ -176,7 +176,7 @@ switch ($serendipity['GET']['adminAction']) { break; } - $tfile = trim(serendipity_uploadSecure($tfile)); + $tfile = serendipityNormalizeFilename(serendipity_uploadSecure($tfile)); $serendipity['POST']['target_directory'] = serendipity_uploadSecure($serendipity['POST']['target_directory'], true); $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'] . $tfile; diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php index 222a111..3d38e9a 100644 --- a/include/functions_images.inc.php +++ b/include/functions_images.inc.php @@ -2,6 +2,15 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +/** +* Normalize a filename +**/ +function serendipityNormalizeFilename($in) { + $out = preg_replace('![^a-zA-Z0-9\._/-]!', '', $in); + return $out; +} + + /** * Get a list of images **/ -- 2.39.5