[geeklog-cvs] geeklog: Set a special flag in the recreated $_FILES array inste...

[geeklog-cvs at lists.geeklog.net]

changeset 7549:3bd0cc4f97b8
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/3bd0cc4f97b8
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 27 11:39:51 2009 +0100
description:
Set a special flag in the recreated $_FILES array instead of relying on $_CONF['path_data']

diffstat:

 system/classes/upload.class.php |  9 ++++++---
 system/lib-security.php         |  2 ++
 2 files changed, 8 insertions(+), 3 deletions(-)

diffs (42 lines):

diff -r b6450e9f1681 -r 3bd0cc4f97b8 system/classes/upload.class.php
--- a/system/classes/upload.class.php	Sun Dec 27 11:23:02 2009 +0100
+++ b/system/classes/upload.class.php	Sun Dec 27 11:39:51 2009 +0100
@@ -509,8 +509,6 @@
     */
     function _copyFile()
     {
-        global $_CONF;
-
         if (!is_writable($this->_fileUploadDirectory)) {
             // Developer didn't check return value of setPath() method which would
             // have told them the upload directory was not writable.  Error out now
@@ -528,11 +526,16 @@
                 $sizeOK = false;
             }
         }
-        if (substr($this->_currentFile['tmp_name'], 0, strlen($_CONF['path_data'])) == $_CONF['path_data']) {
+
+        if (isset($this->_currentFile['_gl_data_dir']) &&
+                $this->_currentFile['_gl_data_dir']) {
+            // uploaded file was involved in a recreated POST after an expired
+            // token - can't use move_uploaded_file() here
             $returnMove = rename($this->_currentFile['tmp_name'], $this->_fileUploadDirectory . '/' . $this->_getDestinationName());
         } else {
             $returnMove = move_uploaded_file($this->_currentFile['tmp_name'], $this->_fileUploadDirectory . '/' . $this->_getDestinationName());
         }
+
         if (!($sizeOK)) {
             // OK, resize
             $sizefactor = $this->_calcSizefactor ($imageInfo['width'],
diff -r b6450e9f1681 -r 3bd0cc4f97b8 system/lib-security.php
--- a/system/lib-security.php	Sun Dec 27 11:23:02 2009 +0100
+++ b/system/lib-security.php	Sun Dec 27 11:39:51 2009 +0100
@@ -1340,6 +1340,8 @@
                         // fix path - uploaded files are in our data directory
                         $filename = basename($kv);
                         $kv = $_CONF['path_data'] . $filename;
+                        // set a flag so we know where it's coming from
+                        $_FILES[$file]['_gl_data_dir'] = true;
                     }
                     $_FILES[$file][$kk] = $kv;
                 }