[geeklog-cvs] geeklog: Moved code to recreate $_FILES to SECINT_recreateFilesA...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Dec 29 08:00:34 EST 2009
changeset 7548:b6450e9f1681
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/b6450e9f1681
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 27 11:23:02 2009 +0100
description:
Moved code to recreate $_FILES to SECINT_recreateFilesArray()
diffstat:
public_html/admin/story.php | 18 +-----------------
system/lib-security.php | 30 ++++++++++++++++++++++++++++++
2 files changed, 31 insertions(+), 17 deletions(-)
diffs (75 lines):
diff -r aa96980fb72f -r b6450e9f1681 public_html/admin/story.php
--- a/public_html/admin/story.php Sat Dec 26 11:53:40 2009 +0100
+++ b/public_html/admin/story.php Sun Dec 27 11:23:02 2009 +0100
@@ -786,8 +786,6 @@
*/
function submitstory($type='')
{
- global $_CONF;
-
$output = '';
$args = &$_POST;
@@ -803,21 +801,7 @@
}
}
- if (empty($_FILES) && isset($_POST['_files_file1'])) {
- // recreate $_FILES array
- foreach ($_POST as $key => $value) {
- if (substr($key, 0, 7) == '_files_') {
- $file = substr($key, 7);
- foreach ($value as $kk => $kv) {
- if ($kk == 'tmp_name') {
- $filename = basename($kv);
- $kv = $_CONF['path_data'] . $filename;
- }
- $_FILES[$file][$kk] = $kv;
- }
- }
- }
- }
+ SECINT_recreateFilesArray();
/* ANY FURTHER PROCESSING on POST variables - COM_stripslashes etc.
* Do it HERE on $args */
diff -r aa96980fb72f -r b6450e9f1681 system/lib-security.php
--- a/system/lib-security.php Sat Dec 26 11:53:40 2009 +0100
+++ b/system/lib-security.php Sun Dec 27 11:23:02 2009 +0100
@@ -1318,6 +1318,36 @@
return $retval;
}
+
+/**
+* Helper function: Recreate $_FILES array after token re-authentication
+*
+* @return void
+* @access private
+*
+*/
+function SECINT_recreateFilesArray()
+{
+ global $_CONF;
+
+ if (empty($_FILES)) {
+ // recreate $_FILES array
+ foreach ($_POST as $key => $value) {
+ if (substr($key, 0, 7) == '_files_') {
+ $file = substr($key, 7);
+ foreach ($value as $kk => $kv) {
+ if ($kk == 'tmp_name') {
+ // fix path - uploaded files are in our data directory
+ $filename = basename($kv);
+ $kv = $_CONF['path_data'] . $filename;
+ }
+ $_FILES[$file][$kk] = $kv;
+ }
+ }
+ }
+ }
+}
+
/**
* Get a token's expiry time
*
More information about the geeklog-cvs
mailing list