[geeklog-cvs] geeklog: Moved code to recreate $_FILES to SECINT_recreateFilesA...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Tue Dec 29 08:00:34 EST 2009 

changeset 7548:b6450e9f1681
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/b6450e9f1681
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 27 11:23:02 2009 +0100
description:
Moved code to recreate $_FILES to SECINT_recreateFilesArray()

diffstat:

 public_html/admin/story.php |  18 +-----------------
 system/lib-security.php     |  30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 17 deletions(-)

diffs (75 lines):

diff -r aa96980fb72f -r b6450e9f1681 public_html/admin/story.php
--- a/public_html/admin/story.php	Sat Dec 26 11:53:40 2009 +0100
+++ b/public_html/admin/story.php	Sun Dec 27 11:23:02 2009 +0100
@@ -786,8 +786,6 @@
 */
 function submitstory($type='')
 {
-    global $_CONF;
-
     $output = '';
 
     $args = &$_POST;
@@ -803,21 +801,7 @@
         }
     }
 
-    if (empty($_FILES) && isset($_POST['_files_file1'])) {
-        // recreate $_FILES array
-        foreach ($_POST as $key => $value) {
-            if (substr($key, 0, 7) == '_files_') {
-                $file = substr($key, 7);
-                foreach ($value as $kk => $kv) {
-                    if ($kk == 'tmp_name') {
-                        $filename = basename($kv);
-                        $kv = $_CONF['path_data'] . $filename;
-                    }
-                    $_FILES[$file][$kk] = $kv;
-                }
-            }
-        }
-    }
+    SECINT_recreateFilesArray();
 
     /* ANY FURTHER PROCESSING on POST variables - COM_stripslashes etc.
      * Do it HERE on $args */
diff -r aa96980fb72f -r b6450e9f1681 system/lib-security.php
--- a/system/lib-security.php	Sat Dec 26 11:53:40 2009 +0100
+++ b/system/lib-security.php	Sun Dec 27 11:23:02 2009 +0100
@@ -1318,6 +1318,36 @@
     return $retval;
 }
 
+
+/**
+* Helper function: Recreate $_FILES array after token re-authentication
+*
+* @return void
+* @access private
+*
+*/
+function SECINT_recreateFilesArray()
+{
+    global $_CONF;
+
+    if (empty($_FILES)) {
+        // recreate $_FILES array
+        foreach ($_POST as $key => $value) {
+            if (substr($key, 0, 7) == '_files_') {
+                $file = substr($key, 7);
+                foreach ($value as $kk => $kv) {
+                    if ($kk == 'tmp_name') {
+                        // fix path - uploaded files are in our data directory
+                        $filename = basename($kv);
+                        $kv = $_CONF['path_data'] . $filename;
+                    }
+                    $_FILES[$file][$kk] = $kv;
+                }
+            }
+        }
+    }
+}
+
 /**
 * Get a token's expiry time
 *

More information about the geeklog-cvs mailing list