From c2d981233369a1fce22f57e728b2ee16a3c80db9 Mon Sep 17 00:00:00 2001 From: nohn Date: Tue, 10 May 2005 14:53:48 +0000 Subject: [PATCH] zero-tolerance --- include/admin/images.inc.php | 14 +++++++------- include/functions_images.inc.php | 9 +++++++++ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php index 95b43ae..bb3272a 100644 --- a/include/admin/images.inc.php +++ b/include/admin/images.inc.php @@ -114,14 +114,14 @@ switch ($serendipity['GET']['adminAction']) { if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') { if (!empty($serendipity['POST']['target_filename'][2])) { // Faked hidden form 2 when submitting with JavaScript - $tfile = trim($serendipity['POST']['target_filename'][2]); + $tfile = serendipityNormalizeFilename($serendipity['POST']['target_filename'][2]); $tindex = 2; } elseif (!empty($serendipity['POST']['target_filename'][1])) { // Fallback key when not using JavaScript - $tfile = trim($serendipity['POST']['target_filename'][1]); + $tfile = serendipityNormalizeFilename($serendipity['POST']['target_filename'][1]); $tindex = 1; } else { - $tfile = trim(basename($serendipity['POST']['imageurl'])); + $tfile = serendipityNormalizeFilename(basename($serendipity['POST']['imageurl'])); $tindex = 1; } @@ -130,7 +130,7 @@ switch ($serendipity['GET']['adminAction']) { break; } - $tfile = trim(serendipity_uploadSecure($tfile)); + $tfile = serendipityNormalizeFilename(serendipity_uploadSecure($tfile)); $serendipity['POST']['target_directory'][$tindex] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$tindex], true); $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$tindex] . $tfile; @@ -180,9 +180,9 @@ switch ($serendipity['GET']['adminAction']) { $uploadfile = &$_FILES['serendipity']['name']['userfile'][$idx]; $uploadtmp = &$_FILES['serendipity']['tmp_name']['userfile'][$idx]; if (!empty($target_filename)) { - $tfile = trim($target_filename); + $tfile = serendipityNormalizeFilename($target_filename); } elseif (!empty($uploadfile)) { - $tfile = trim($uploadfile); + $tfile = serendipityNormalizeFilename($uploadfile); } else { // skip empty array continue; @@ -194,7 +194,7 @@ switch ($serendipity['GET']['adminAction']) { continue; } - $tfile = trim(serendipity_uploadSecure($tfile)); + $tfile = serendipityNormalizeFilename(serendipity_uploadSecure($tfile)); $serendipity['POST']['target_directory'][$idx] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$idx], true); $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$idx] . $tfile; diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php index 222a111..3d38e9a 100644 --- a/include/functions_images.inc.php +++ b/include/functions_images.inc.php @@ -2,6 +2,15 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +/** +* Normalize a filename +**/ +function serendipityNormalizeFilename($in) { + $out = preg_replace('![^a-zA-Z0-9\._/-]!', '', $in); + return $out; +} + + /** * Get a list of images **/ -- 2.39.5